Add support for eyaml in Hiera

And at the same time remove support for gpg. The modern version of the configuration (v5) has been tested with 20.04 but might work with older dists.
2023-02-16 07:44:00 +01:00 · 2023-02-16 07:44:00 +01:00 · 5af8093338
commit 5af8093338
parent ef4e27e337
1 changed files with 21 additions and 15 deletions
--- a/global/overlay/etc/puppet/hiera.yaml
+++ b/global/overlay/etc/puppet/hiera.yaml
@ -1,21 +1,27 @@
+# Hiera version 5 configuration
+#
 ---
-:backends:
-  - yaml
-  - gpg
+version: 5
+defaults:
+  datadir: /etc/hiera/data
+  data_hash: yaml_data

-:logger: console
+hierarchy:
+  - name: "Per-node data"
+    path: "local.yaml"

-:hierarchy:
-  - "%{env}/%{location}/%{calling_module}"
-  - "%{env}/%{calling_module}"
-  - local
-  - secrets.yaml
-  - common
+  - name: "Per-group data"
+    path: "group.yaml"

+  - name: "Per-host secrets"
+    path: "local.eyaml"
+    lookup_key: eyaml_lookup_key
+    options:
+      pkcs7_private_key: /etc/hiera/eyaml/private_key.pkcs7.pem
+      pkcs7_public_key:  /etc/hiera/eyaml/public_certkey.pkcs7.pem

-:yaml:
-   :datadir: /etc/hiera/data
+  - name: "Overrides per distribution"
+    path: "dist_%{::lsbdistcodename}_override.yaml"

-:gpg:
-   :datadir: /etc/hiera/data
-   :key_dir: /etc/hiera/gpg
+  - name: "Data common to whole environment"
+    path: "common.yaml"