diff options
| author | Silvio Rhatto <rhatto@riseup.net> | 2020-05-07 22:01:30 -0300 |
|---|---|---|
| committer | Silvio Rhatto <rhatto@riseup.net> | 2020-05-07 22:01:30 -0300 |
| commit | a21dbd1b1273b3bd51eb339887579bb076792e6c (patch) | |
| tree | f5f941d6ffe52deda3459a4cb77344d0a9b9e10c | |
| parent | 0dc7009118d1d83c510dd8ee9764f936f244224f (diff) | |
| download | puppet-bootstrap-develop.tar.gz puppet-bootstrap-develop.tar.bz2 | |
Hiera 5 migrationdevelop
| -rw-r--r-- | config/hiera.yaml | 59 |
1 files changed, 28 insertions, 31 deletions
diff --git a/config/hiera.yaml b/config/hiera.yaml index c39c8e7..c52eeb3 100644 --- a/config/hiera.yaml +++ b/config/hiera.yaml @@ -1,41 +1,38 @@ --- -:backends: - - eyaml - - yaml -:yaml: - # Right now vagrant and puppet are not fully supporting - # a relative datadir. For it to work, we were forced to - # create a manifests/hiera symlink. This should be - # reconsidered in the future. - # - # See http://docs.vagrantup.com/v2/provisioning/puppet_apply.html - :datadir: '%{settings::confdir}/config' -:eyaml: - :datadir: '%{settings::confdir}/config' - :extension: 'yaml' - - # If using the pkcs7 encryptor (default) - :pkcs7_private_key: '%{settings::confdir}/keys/private_key.pkcs7.pem' - :pkcs7_public_key: '%{settings::confdir}/keys/public_key.pkcs7.pem' -:hierarchy: +version: 5 +defaults: + datadir: "config" + data_hash: "yaml_data" +hierarchy: # # Put in the secrets folder all sensitive information that - # wont be spread into every system if you're using the Hydra Suite. + # wont be spread into every system if you"re using the Hydra Suite. # # We also recommend to leave only encrypted data in your hiera config. # - - 'secrets/node/%{::clientcert}' - - 'secrets/role/%{::nodo::role}' - - 'secrets/location/%{::nodo::location}' - - 'secrets/domain/%{::domain}' + - name: "encrypted secrets" + path: "secrets/node/%{::fqdn}.yaml" + lookup_key: eyaml_lookup_key + options: + # If using the pkcs7 encryptor (default) + pkcs7_private_key: "%{settings::confdir}/keys/private_key.pkcs7.pem" + pkcs7_public_key: "%{settings::confdir}/keys/public_key.pkcs7.pem" + + - name: "regular secrets" + paths: + - "secrets/role/%{::role}.yaml" + - "secrets/location/%{::location}.yaml" + - "secrets/domain/%{::domain}.yaml" # # All other stuff goes in regular YAML files. # - - 'node/%{::clientcert}' - - 'role/%{::nodo::role}' - - 'virtual/%{::virtual}' - - 'location/%{::nodo::location}' - - 'domain/%{::domain}' - - compiled - - common + - name: "public" + paths: + - "node/%{::fqdn}.yaml" + - "role/%{::role}.yaml" + - "virtual/%{::virtual}.yaml" + - "location/%{::location}.yaml" + - "domain/%{::domain}.yaml" + - "compiled.yaml" + - "common.yaml" |