basic hiera question

50 views
Skip to first unread message

Craig White

unread,
Nov 19, 2014, 1:42:12 PM11/19/14
to puppet...@googlegroups.com
getting very frustrated and have covered the 7 or so pages on puppet's documentation on hiera several times.

# cat hiera.yaml
---
:backends:
  - yaml
:hierarchy:
  - defaults
  - "%{clientcert}"
  - "%{environment}"
  - global
  - common
  - ldap
:yaml:
  :datadir: /etc/puppetlabs/puppet/hieradata

# cat hieradata/ldap.yaml
---
ldap:
  rootdn: cn=admin,dc=wl,dc=com
  rootpw: mySuperSecretPassword
  dn: dc=wl,dc=com
  directory: /var/lib/ldap

# hiera ldap
{"rootdn"=>"cn=admin,dc=wl,dc=com",
 "rootpw"=>"mySuperSecretPassword",
 "dn"=>"dc=wl,dc=com",
 "directory"=>"/var/lib/ldap"}

# head -n 5 modules/wl/manifests/config.pp
# script to setup OpenLDAP

class wl::config () inherits wl {

  $rootpw     = hiera('ldap::rootpw')

but unfortunately...

# puppet agent --test --debug
results in the error...
Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Could not find data item ldap::rootpw in any Hiera data file and no default supplied at /etc/puppetlabs/puppet/modules/wl/manifests/config.pp:5 on node $obscured
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run

what am I doing wrong?

Ramin K

unread,
Nov 19, 2014, 1:55:51 PM11/19/14
to puppet...@googlegroups.com
1. Your hierarchy isn't. You can call it common, global, default, or
whatever else but you only get one and it goes at the bottom. If it's
not at the bottom, it's not common, default or global. Clientcert goes
at the top because it's the most specific.

:hierarchy:
- "%{clientcert}"
- "%{environment}"
- common

https://ask.puppetlabs.com/question/3146/how-to-build-a-proper-hiera-hierarchy/

2. You're using a hash as your data. If you want to query for key
ldap::rootpw, it'll look like the following.

ldap::rootdn: 'cn=admin,dc=wl,dc=com'
ldap::rootpw: 'mySuperSecretPassword'
ldap::dn: 'dc=wl,dc=com'
ldap::directory: '/var/lib/ldap'

Note this has nothing to do with hiera_hash or hiera_array.
http://ask.puppetlabs.com/question/13592/when-to-use-hiera-hiera_array-and-hiera_hash/

3. You're not using hiera-eyaml. Don't put clear txt passwords in your
yaml files, use hiera-eyaml instead. It's really nice.

https://github.com/TomPoulton/hiera-eyaml

Ramin

Craig White

unread,
Nov 19, 2014, 4:29:08 PM11/19/14
to puppet...@googlegroups.com, ramin...@badapple.net
awesome - thanks
Reply all
Reply to author
Forward
0 new messages