diff options
| author | Silvio Rhatto <rhatto@riseup.net> | 2015-09-26 15:04:34 -0300 |
|---|---|---|
| committer | Silvio Rhatto <rhatto@riseup.net> | 2015-09-26 15:04:34 -0300 |
| commit | 5a2de12fb6660a3d40e7548cf6f071f9b0ce170f (patch) | |
| tree | aed2ee7a7a97daddaa2a276b5ddf9baa3d4cb4a2 | |
| parent | 4fc808f0673f42c7fae8519d793acea186aa092d (diff) | |
| download | puppet-bootstrap-5a2de12fb6660a3d40e7548cf6f071f9b0ce170f.tar.gz puppet-bootstrap-5a2de12fb6660a3d40e7548cf6f071f9b0ce170f.tar.bz2 | |
New hiera scheme for secrets storage
| -rw-r--r-- | hiera/hiera.yaml | 22 | ||||
| -rw-r--r-- | hiera/node/puppet-bootstrap.example.org.yaml (renamed from hiera/domain/example.org/node/puppet-bootstrap.example.org.yaml) | 0 |
2 files changed, 17 insertions, 5 deletions
diff --git a/hiera/hiera.yaml b/hiera/hiera.yaml index 96cfb87..7e541b1 100644 --- a/hiera/hiera.yaml +++ b/hiera/hiera.yaml @@ -10,12 +10,24 @@ # See http://docs.vagrantup.com/v2/provisioning/puppet_apply.html :datadir: hiera :hierarchy: - - 'domain/%{::domain}/node/%{::clientcert}' - - 'domain/%{::domain}/role/%{::role}' - - 'domain/%{::domain}/location/%{::location}' - - 'domain/%{::domain}/%{::domain}' + # + # Put in the secrets folder all sensitive information that + # wont be spread into every system if you're using the Hydra Suite. + # + # We also recommend to leave only encrypted data in your hiera config. + # + - 'secrets/node/%{::clientcert}' + - 'secrets/domain/%{::domain}' + - 'secrets/role/%{::role}' + - 'secrets/location/%{::location}' + + # + # All other stuff goes in regular YAML files. + # + - 'node/%{::clientcert}' + - 'domain/%{::domain}' + - 'role/%{::role}' - 'location/%{::location}' - 'virtual/%{::virtual}' - - 'role/%{::role}' - bootstrap - common diff --git a/hiera/domain/example.org/node/puppet-bootstrap.example.org.yaml b/hiera/node/puppet-bootstrap.example.org.yaml index deec4fa..deec4fa 100644 --- a/hiera/domain/example.org/node/puppet-bootstrap.example.org.yaml +++ b/hiera/node/puppet-bootstrap.example.org.yaml |