aboutsummaryrefslogtreecommitdiff
path: root/config
diff options
context:
space:
mode:
authorSilvio Rhatto <rhatto@riseup.net>2020-05-07 22:01:30 -0300
committerSilvio Rhatto <rhatto@riseup.net>2020-05-07 22:01:30 -0300
commita21dbd1b1273b3bd51eb339887579bb076792e6c (patch)
treef5f941d6ffe52deda3459a4cb77344d0a9b9e10c /config
parent0dc7009118d1d83c510dd8ee9764f936f244224f (diff)
downloadpuppet-bootstrap-a21dbd1b1273b3bd51eb339887579bb076792e6c.tar.gz
puppet-bootstrap-a21dbd1b1273b3bd51eb339887579bb076792e6c.tar.bz2
Hiera 5 migrationdevelop
Diffstat (limited to 'config')
-rw-r--r--config/hiera.yaml59
1 files changed, 28 insertions, 31 deletions
diff --git a/config/hiera.yaml b/config/hiera.yaml
index c39c8e7..c52eeb3 100644
--- a/config/hiera.yaml
+++ b/config/hiera.yaml
@@ -1,41 +1,38 @@
---
-:backends:
- - eyaml
- - yaml
-:yaml:
- # Right now vagrant and puppet are not fully supporting
- # a relative datadir. For it to work, we were forced to
- # create a manifests/hiera symlink. This should be
- # reconsidered in the future.
- #
- # See http://docs.vagrantup.com/v2/provisioning/puppet_apply.html
- :datadir: '%{settings::confdir}/config'
-:eyaml:
- :datadir: '%{settings::confdir}/config'
- :extension: 'yaml'
-
- # If using the pkcs7 encryptor (default)
- :pkcs7_private_key: '%{settings::confdir}/keys/private_key.pkcs7.pem'
- :pkcs7_public_key: '%{settings::confdir}/keys/public_key.pkcs7.pem'
-:hierarchy:
+version: 5
+defaults:
+ datadir: "config"
+ data_hash: "yaml_data"
+hierarchy:
#
# Put in the secrets folder all sensitive information that
- # wont be spread into every system if you're using the Hydra Suite.
+ # wont be spread into every system if you"re using the Hydra Suite.
#
# We also recommend to leave only encrypted data in your hiera config.
#
- - 'secrets/node/%{::clientcert}'
- - 'secrets/role/%{::nodo::role}'
- - 'secrets/location/%{::nodo::location}'
- - 'secrets/domain/%{::domain}'
+ - name: "encrypted secrets"
+ path: "secrets/node/%{::fqdn}.yaml"
+ lookup_key: eyaml_lookup_key
+ options:
+ # If using the pkcs7 encryptor (default)
+ pkcs7_private_key: "%{settings::confdir}/keys/private_key.pkcs7.pem"
+ pkcs7_public_key: "%{settings::confdir}/keys/public_key.pkcs7.pem"
+
+ - name: "regular secrets"
+ paths:
+ - "secrets/role/%{::role}.yaml"
+ - "secrets/location/%{::location}.yaml"
+ - "secrets/domain/%{::domain}.yaml"
#
# All other stuff goes in regular YAML files.
#
- - 'node/%{::clientcert}'
- - 'role/%{::nodo::role}'
- - 'virtual/%{::virtual}'
- - 'location/%{::nodo::location}'
- - 'domain/%{::domain}'
- - compiled
- - common
+ - name: "public"
+ paths:
+ - "node/%{::fqdn}.yaml"
+ - "role/%{::role}.yaml"
+ - "virtual/%{::virtual}.yaml"
+ - "location/%{::location}.yaml"
+ - "domain/%{::domain}.yaml"
+ - "compiled.yaml"
+ - "common.yaml"