-
-
Notifications
You must be signed in to change notification settings - Fork 130
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
hiera eyaml does not work on PE 3.7.2 #126
Comments
Repaste your hiera.yaml file surrounded by ``` characters. Like this:
Anecdotally, I can tell you that hiera-eyaml works great for me on PE 3.7.2. |
Which version are you using. We cut a new 2.0.4 this week although it included no backend changes I can think of. |
I am glad to hear that you guys have eyaml working on PE 3.7.2 with no problems. I am using the following versions: As far as i can see from the error message, it looks like whatever i define in .eyaml format is not picked up...however eyaml is installed and working (i can encrypt/decrypt strings without no issues). I installed eyaml both times as follows:
is that way fully compatible with 3.7.x? should i use instead any help or suggestion would be much appreciated. |
You'll need to do |
To elaborate some, the puppetserver system is a Java stack implementation of the Puppet master using JRuby. For security reasons, they locked down which folders it checks for gems and other libraries. Using |
I receive the following error when i try to install it using puppetserver:
|
Is your Puppet master behind a firewall like Zscaler that does HTTPS filtering? |
Yes, we are in a filtered network. |
Yes. This page has instructions for you. In the long term, I recommend submitting a ticket to your IT team to have them whitelist the Puppet master for bypassing the filter. If that sort of blanket filter bypass isn't possible, see if they can at least whitelist |
Hi elyscape, The instructions listed involve to install the gem using:
instead of
so i don't know whether that will work considering my scenario (the first command runs well in my environment, eyaml is installed and working, but puppet is not aware) |
well, in any case i have just followed the instructions suggested and after copying it from another puppet server and installing it, it keeps failing... |
in my attempt to resolve this issue, i have set up eyaml on a fresh new puppet master 3.7.3 (open source in this case), but i receive the same issue |
Try changing these lines in your hiera.yaml file: :pkcs7_private_key: '/etc/puppetlabs/puppet/keys/private_key.pkcs7.pem'
:pkcs7_public_key: '/etc/puppetlabs/puppet/keys/public_key.pkcs7.pem' to: :pkcs7_private_key: /etc/puppetlabs/puppet/keys/private_key.pkcs7.pem
:pkcs7_public_key: /etc/puppetlabs/puppet/keys/public_key.pkcs7.pem That is to say, try removing the quotes. |
I am afraid that removing the quotes did not work in neither of the two puppet servers I have (Enterprise and OpenSource)... I keep receiving the same error. |
Basically, running
If it doesn't, then it's not installed properly. As for the site I Iinked giving commands along the lines of |
Hi again,
After upgrading Puppet-Enterprise (3.7.2) running Ubuntu 14.04, the following command did not give any output:
However running /opt/puppet/bin/gem reported the following:
What i did after seeing this was to remove hiera-eyaml:
and install hiera-eyaml using puppetserver gem from a local folder which containts( hiera-eyaml-2.0.4.gem highline-1.6.21.gem trollop-2.0.gem)
Although that might seem the cause of the issue reported, after doing the steps listed above (upgrade, uninstall hiera-eyaml (2.0.3) and install (2.0.4) using puppetserver, i keep receiving the same issue... |
One thing to point out:
When i try to run it:
I receive the following error:
I have added the ruby path:
And now i receive the following errors:
|
This is normal. When you install hiera-eyaml into puppetserver, it won't add it to your PATH, but it will make it available to the Puppet master. It should work as a backend now. If you also want it available on the command line, do a regular |
I would like to say something different, but still does not work... |
So does it currently not work as a backend for hiera on puppetserver in addition to not working on the command line? |
I have to restore the VM, but it definetely was not working neither by command line nor from hiera. |
Try running |
In case someone is still struggling, to do this behind a proxy I had to use the following:
|
Who here has actually gotten eyaml to reliably run on 3.7x? |
I have. |
Awesome, I'm going through the process of trying this again. I had to drop back to 3.3 as I ran into some blockers on this a few months ago and didn't have the time to actually figure it out. I think it was a faulty gem install on the PM, so I'm trying again today. |
Out of curiosity, can I actually execute eyaml encrypt commands on the PM (running PE not OS) or is it only available to the PM process? |
To be able to use |
That's what I thought. On my last go around I was really confused about that. |
Did you see something like this:
|
^^ with puppetserver gem install I've seen this issue on windows but not ubuntu before. |
Are you behind a firewall that does SSL interception/inspection? |
I'm in aws but 443 is open. My quick solution which is probably bad was:
Then the install worked fine. |
|
^^ Installed with puppetserver, this was the point that I got to before and gave up. |
|
You made sure to have the keys listed in |
This hiera config worked fine on my 3.3 master |
What command are you running that produces this error? |
puppet apply -e "notice(hiera('r10k_git_key_pub'))" |
^^ An encrypted key from encrypted.yaml. Again, a key that decrypts fine with this exact config on my 3.3 master. |
For |
So. Many. Gems. Ok I'll try that. |
Oh shit! It worked! Like a boss, thanks. |
As have I. From: Eli Young <notifications@github.commailto:notifications@github.com> I have. — This communication is Confidential Information. By using this message and attachments you implicitly consent to terms and conditions set forth at http://www.taos.com/email_disclaimer. If you do not consent or received this message in error, please destroy it. |
Following the steps described by @elyscape helped me get it working on PE2015.3. |
Just to consolidate everything:
|
I am facing this same error when I run "puppet agent -t" on agent node. It is working fine with "puppet apply" on master. |
@jkumar19 When you run |
I am running against puppet master. I am not using standalone setup. |
it can be reopened if it's reproducible on the latest Puppet 4 or newer |
Hello all,
Does anyone has eyaml working on the latest version of PE? if so, how?
I have upgraded from PE 3.3 to 3.7.2, and hiera eyaml stopped working. However, hiera (no encryption) keeps working as expected
I have also tried to set it up on a fresh installation of PE 3.7.2, with the same result...
The error I receive is when i run puppet agent -t:
in that init.pp, i have configured the following:
in mynodexxxx.domain.com.eyaml file i have the following:
in hiera.yaml i have the following:
The text was updated successfully, but these errors were encountered: