diff options
Diffstat (limited to 'puppet/hiera')
| -rw-r--r-- | puppet/hiera/common.yaml | 5 | ||||
| -rw-r--r-- | puppet/hiera/hiera.yaml | 28 | ||||
| -rw-r--r-- | puppet/hiera/node/puppet-bootstrap.example.org.yaml | 14 |
3 files changed, 39 insertions, 8 deletions
diff --git a/puppet/hiera/common.yaml b/puppet/hiera/common.yaml index d7e35a1..8a04a26 100644 --- a/puppet/hiera/common.yaml +++ b/puppet/hiera/common.yaml @@ -48,3 +48,8 @@ ntp::servers: nodo::subsystem::resolver::nameservers: - '208.67.222.222' - '208.67.220.220' + +# +# Puppet config +# +nodo::base::puppet_mode: 'apply' diff --git a/puppet/hiera/hiera.yaml b/puppet/hiera/hiera.yaml index 33acc9e..a8ae792 100644 --- a/puppet/hiera/hiera.yaml +++ b/puppet/hiera/hiera.yaml @@ -8,14 +8,26 @@ # reconsidered in the future. # # See http://docs.vagrantup.com/v2/provisioning/puppet_apply.html - :datadir: hiera + :datadir: '%{settings::confdir}/hiera' :hierarchy: - - '%{::environment}/domain/%{::domain}/node/%{::clientcert}' - - '%{::environment}/domain/%{::domain}/role/%{::role}' - - '%{::environment}/domain/%{::domain}/location/%{::location}' - - '%{::environment}/domain/%{::domain}/%{::domain}' - - '%{::environment}/location/%{::location}' - - '%{::environment}/virtual/%{::virtual}' - - '%{::environment}/role/%{::role}' + # + # Put in the secrets folder all sensitive information that + # wont be spread into every system if you're using the Hydra Suite. + # + # We also recommend to leave only encrypted data in your hiera config. + # + - 'secrets/node/%{::clientcert}' + - 'secrets/role/%{::nodo::role}' + - 'secrets/location/%{::nodo::location}' + - 'secrets/domain/%{::domain}' + + # + # All other stuff goes in regular YAML files. + # + - 'node/%{::clientcert}' + - 'role/%{::nodo::role}' + - 'virtual/%{::virtual}' + - 'location/%{::nodo::location}' + - 'domain/%{::domain}' - bootstrap - common diff --git a/puppet/hiera/node/puppet-bootstrap.example.org.yaml b/puppet/hiera/node/puppet-bootstrap.example.org.yaml new file mode 100644 index 0000000..c108e7d --- /dev/null +++ b/puppet/hiera/node/puppet-bootstrap.example.org.yaml @@ -0,0 +1,14 @@ +--- +# +# MySQL +# +# The following password is public information and therefore +# shall not be user on production. +mysql::server::rootpw: '9pRfteNbSFFyrHhackme' + +# +# Backup +# +nodo::subsystem::backup::localhost: false +nodo::subsystem::backup::encryptkey: 'none' +nodo::subsystem::backup::password: 'hacked' |