Problem using hiera-eyaml

[wernerbahlke]

I am trying to use hiera-eyaml and have followed the README instructions.

eyaml seems to work, I can encrypt and decrypt files and passwords.

I can also use hiera -c to get at an encrypted value like so:

hiera -c /etc/puppetlabs/puppet/hiera.yaml rootpwd 

But when running this simple test module it fails with cannot find the data item rootpwd defined in hieradata/defaults.eyaml.

class test {
$test = hiera('test')
$rootpwd = hiera('rootpwd')
notify { "Test: ${test}": }
}
If I just have the test variable defined in defaults.yaml it works fine. So it cannot find the defaults.eyaml file.

Here is my hiera.yaml:

---

:backends:

• yaml
• eyaml 
• :hierarchy:
  • defaults
  • "%{clientcert}"
  • "%{environment}"
  • global 
  • :yaml: :datadir: /etc/puppetlabs/puppet/modules/hieradata 
  • :eyaml: :datadir: /etc/puppetlabs/puppet/modules/hieradata 
  •            :pkcs7_private_key: /etc/puppetlabs/puppet/secure/keys/private_key.pkcs7.pem 
  •            :pkcs7_public_key: /etc/puppetlabs/puppet/secure/keys/public_key.pkcs7.pem

And my defaults.eyaml file:

---

rootpwd: >
ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQAwDQYJKoZIhvcNAQE ...]
Any hints will be greatly appreciated.

I am running Puppet Enterprise 3.1.0 on Ubuntu 12.04.

[Kit Plummer]

Did you resolve this?

I'm having a similar problem.  But, I think it is because the eyaml backend isn't getting loaded :) :

"Cannot load backend eyaml: cannot load such file -- hiera/backend/eyaml_backend"

I'm wondering if this is because the Ruby version/Gems that are used by PE.

[wernerbahlke]

Hi Kit,

Thanks for posting. No, I did not resolve it and have put it on the back burner. Quite possible that it is a Ruby / gems issue. 

Keep us posted if you resolve it before me.

Werner

[Kit Plummer]

Hey Werner.  I did resolve my issue.  It turned out to be a path issue, with how the PE’s rubygems installs gems.  While the eyaml commands were working, the directory for the hiera-eyaml (and it’s dependent gems) didn’t allow the pe-puppet user (global perms) to get to the lib .rb files in the installed gems.

It’s a bug and I need to remember to file it.

Kit


------------------------------------------------------
From: wernerbahlke werner...@gmail.com
Reply: puppet...@googlegroups.com puppet...@googlegroups.com
Date: December 30, 2013 at 9:12:48 AM
To: puppet...@googlegroups.com puppet...@googlegroups.com
Subject:  [Puppet Users] Re: Problem using hiera-eyaml

> >> ------------------------------
> >>
> >> :backends:
> >>
> >> - yaml
> >> - eyaml
> >> - :hierarchy:
> >> - defaults
> >> - "%{clientcert}"
> >> - "%{environment}"
> >> - global
> >> - :yaml: :datadir: /etc/puppetlabs/puppet/modules/hieradata
> >> - :eyaml: :datadir: /etc/puppetlabs/puppet/modules/hieradata
> >> - :pkcs7_private_key:
> >> /etc/puppetlabs/puppet/secure/keys/private_key.pkcs7.pem
> >> - :pkcs7_public_key:

> >> /etc/puppetlabs/puppet/secure/keys/public_key.pkcs7.pem
> >>
> >> And my defaults.eyaml file:

> >> ------------------------------

> >>
> >> rootpwd: >
> >> ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQAwDQYJKoZIhvcNAQE
> >> ...]
> >> Any hints will be greatly appreciated.
> >>
> >> I am running Puppet Enterprise 3.1.0 on Ubuntu 12.04.
> >>
> >
>

> --
> You received this message because you are subscribed to a topic
> in the Google Groups "Puppet Users" group.
> To unsubscribe from this topic, visit https://groups.google.com/d/topic/puppet-users/qpia1_TR2dI/unsubscribe.
> To unsubscribe from this group and all its topics, send an email
> to puppet-users...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/eed4dd1d-6fc0-4538-b1c5-1621f78ab509%40googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.
>

[Werner Bahlke]

Hi Kit,

I am glad you found the cause. Can you tell me a bit more how you resolved it? I probably can figure it out eventually but any hints will be greatly appreciated.

Thanks,

Werner

--
Werner Bahlke  | T: 503-438-9466 | Skype: wernerbahlke

[Kit Plummer]

Hey Werner. 

I just added the 'read' permission to the global setting on the installed gems' directories after the 'gem install' command.  I had to do it for hiera-eyaml and the gems that were installed with it.

Kit.

[Levent Tutar]

eyaml commands were working but not hiera-eyaml.
the following solved my problem.
default gem install uses the wrong gem environment. puppet uses a different one.
use /opt/puppet/bin/gem to install hiera-eyaml instead of default /usr/local/bin/gem

[Niranjan Putha]

Hi Levent,

I am getting  similar error as you where eyaml commands are working but not hiera-eyaml.  I was getting the below error before following your suggestion of installing gem by using /opt/puppet/bin/gem 

Error before :

notice: hiera(): Cannot load backend eyaml: no such file to load -- hiera/backend/eyaml_backend

Could not find data item foo in any Hiera data file and no default supplied at line 1 on node

After i re-installed hiera-eyaml using /opt/puppet/bin/gem i am getting the following error now

Error Now:

notice: hiera(): Cannot load backend eyaml: no such file to load -- hiera/filecache

Could not find data item foo in any Hiera data file and no default supplied at line 1

Any idea what this could be? Greatly Appreciate your help.

Thanks

Niranjan