From a21dbd1b1273b3bd51eb339887579bb076792e6c Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Thu, 7 May 2020 22:01:30 -0300 Subject: Hiera 5 migration --- config/hiera.yaml | 59 ++++++++++++++++++++++++++----------------------------- 1 file changed, 28 insertions(+), 31 deletions(-) (limited to 'config') diff --git a/config/hiera.yaml b/config/hiera.yaml index c39c8e7..c52eeb3 100644 --- a/config/hiera.yaml +++ b/config/hiera.yaml @@ -1,41 +1,38 @@ --- -:backends: - - eyaml - - yaml -:yaml: - # Right now vagrant and puppet are not fully supporting - # a relative datadir. For it to work, we were forced to - # create a manifests/hiera symlink. This should be - # reconsidered in the future. - # - # See http://docs.vagrantup.com/v2/provisioning/puppet_apply.html - :datadir: '%{settings::confdir}/config' -:eyaml: - :datadir: '%{settings::confdir}/config' - :extension: 'yaml' - - # If using the pkcs7 encryptor (default) - :pkcs7_private_key: '%{settings::confdir}/keys/private_key.pkcs7.pem' - :pkcs7_public_key: '%{settings::confdir}/keys/public_key.pkcs7.pem' -:hierarchy: +version: 5 +defaults: + datadir: "config" + data_hash: "yaml_data" +hierarchy: # # Put in the secrets folder all sensitive information that - # wont be spread into every system if you're using the Hydra Suite. + # wont be spread into every system if you"re using the Hydra Suite. # # We also recommend to leave only encrypted data in your hiera config. # - - 'secrets/node/%{::clientcert}' - - 'secrets/role/%{::nodo::role}' - - 'secrets/location/%{::nodo::location}' - - 'secrets/domain/%{::domain}' + - name: "encrypted secrets" + path: "secrets/node/%{::fqdn}.yaml" + lookup_key: eyaml_lookup_key + options: + # If using the pkcs7 encryptor (default) + pkcs7_private_key: "%{settings::confdir}/keys/private_key.pkcs7.pem" + pkcs7_public_key: "%{settings::confdir}/keys/public_key.pkcs7.pem" + + - name: "regular secrets" + paths: + - "secrets/role/%{::role}.yaml" + - "secrets/location/%{::location}.yaml" + - "secrets/domain/%{::domain}.yaml" # # All other stuff goes in regular YAML files. # - - 'node/%{::clientcert}' - - 'role/%{::nodo::role}' - - 'virtual/%{::virtual}' - - 'location/%{::nodo::location}' - - 'domain/%{::domain}' - - compiled - - common + - name: "public" + paths: + - "node/%{::fqdn}.yaml" + - "role/%{::role}.yaml" + - "virtual/%{::virtual}.yaml" + - "location/%{::location}.yaml" + - "domain/%{::domain}.yaml" + - "compiled.yaml" + - "common.yaml" -- cgit v1.2.3