awesome - thanks
On Wednesday, November 19, 2014 11:55:51 AM UTC-7, Ramin K wrote:
>
> On 11/19/14 10:42 AM, Craig White wrote:
> > getting very frustrated and have covered the 7 or so pages on puppet's
> > documentation on hiera several times.
> >
> > # cat hiera.yaml
> > ---
> > :backends:
> > - yaml
> > :hierarchy:
> > - defaults
> > - "%{clientcert}"
> > - "%{environment}"
> > - global
> > - common
> > - ldap
> > :yaml:
> > :datadir: /etc/puppetlabs/puppet/hieradata
> >
> > # cat hieradata/ldap.yaml
> > ---
> > ldap:
> > rootdn: cn=admin,dc=wl,dc=com
> > rootpw: mySuperSecretPassword
> > dn: dc=wl,dc=com
> > directory: /var/lib/ldap
> >
> > # hiera ldap
> > {"rootdn"=>"cn=admin,dc=wl,dc=com",
> > "rootpw"=>"mySuperSecretPassword",
> > "dn"=>"dc=wl,dc=com",
> > "directory"=>"/var/lib/ldap"}
> >
> > # head -n 5 modules/wl/manifests/config.pp
> > # script to setup OpenLDAP
> >
> > class wl::config () inherits wl {
> >
> > $rootpw = hiera('ldap::rootpw')
> >
> > but unfortunately...
> >
> > # puppet agent --test --debug
> > results in the error...
> > Error: Could not retrieve catalog from remote server: Error 400 on
> > SERVER: Could not find data item ldap::rootpw in any Hiera data file and
> > no default supplied at
> > /etc/puppetlabs/puppet/modules/wl/manifests/config.pp:5 on node
> $obscured
> > Warning: Not using cache on failed catalog
> > Error: Could not retrieve catalog; skipping run
> >
> > what am I doing wrong?
>
> 1. Your hierarchy isn't. You can call it common, global, default, or
> whatever else but you only get one and it goes at the bottom. If it's
> not at the bottom, it's not common, default or global. Clientcert goes
> at the top because it's the most specific.
>
> :hierarchy:
> - "%{clientcert}"
> - "%{environment}"
> - common
>
>
> https://ask.puppetlabs.com/question/3146/how-to-build-a-proper-hiera-hierarchy/
>
>
> 2. You're using a hash as your data. If you want to query for key
> ldap::rootpw, it'll look like the following.
>
> ldap::rootdn: 'cn=admin,dc=wl,dc=com'
> ldap::rootpw: 'mySuperSecretPassword'
> ldap::dn: 'dc=wl,dc=com'
> ldap::directory: '/var/lib/ldap'
>
> Note this has nothing to do with hiera_hash or hiera_array.
>
> http://ask.puppetlabs.com/question/13592/when-to-use-hiera-hiera_array-and-hiera_hash/
>
>
> 3. You're not using hiera-eyaml. Don't put clear txt passwords in your
> yaml files, use hiera-eyaml instead. It's really nice.
>
> https://github.com/TomPoulton/hiera-eyaml
>
> Ramin
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/fa294a8b-516c-452b-bd57-cdbf12bbe216%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
