I'm able to get Hiera + GPG working fine, but am running into an issue when
I want to use GPG as the primary backend. We want to do this to make sure
any secrets are realized first. However, it seems when a value in GPG
backend also exists in a YAML backend, hiera dies with a message:
Debug: Automatically imported puppet::client from puppet/client into
>> DEVENV_20131205_2000
>
> Debug: hiera(): [gpg_backend]: Loaded gpg_backend
>
> Debug: hiera(): [gpg_backend]: Lookup called, key
>> puppet::client::runinterval resolution type is
>
> Debug: hiera(): [gpg_backend]: GNUPGHOME is /etc/puppet/gpgkeys
>
> Debug: hiera(): [gpg_backend]: loaded cipher:
>> /etc/puppet/hiera/DEVENV_20131205_2000/adhoc.gpg
>
> Debug: hiera(): [gpg_backend]: result is a String ctx
>> #<GPGME::Ctx:0x2b191de61458> txt ---
>
>
>> encryption_key: 'HIERA + GPG ROCKS!'
>
> integrity_key: 'HIERA + GPG ROCKS!'
>
>
>> <SNIP>
>
> Debug: hiera(): Looking for data source env/ec2-labs/lab3
>
> Error: undefined method `read_file' for #<Hiera::Filecache:0x2b191dd93760
>> @cache={}> at
>> /etc/puppet/modules/DEVENV_20131205_2000/base_server/manifests/init.pp:12
>> on node <node>
>
> Wrapped exception:
>
> undefined method `read_file' for #<Hiera::Filecache:0x2b191dd93760
>> @cache={}>
>
> Error: undefined method `read_file' for #<Hiera::Filecache:0x2b191dd93760
>> @cache={}> at
>> /etc/puppet/modules/DEVENV_20131205_2000/base_server/manifests/init.pp:12
>> on node <node>
>
> Error: undefined method `read_file' for #<Hiera::Filecache:0x2b191dd93760
>> @cache={}> at
>> /etc/puppet/modules/DEVENV_20131205_2000/base_server/manifests/init.pp:12
>> on node <node>
>
>
>
adhoc.gpg is higher in the hierarchy, env/ec2-labs/lab3 is lower, but holds
values for the node the catalog is being built for. In this particular
case, the "encryption_key" and "integrity_key" values have been commented
out of lab3.yaml.
If I switch to have YAML as the primary provider, everything works, but I
get the YAML value as opposed to the GPG value (if both are defined).
If the value doesn't exist in the YAML, everything works perfectly if GPG
is the secondary backend, however, since our repository is shared between
teams, we want to make GPG the primary value.
Is there some sort of cache collision if GPG values are created for a
node's variables in the catalog first?
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/2736927d-5f7a-4026-99ff-da6f510ade4f%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
