diff options
Diffstat (limited to 'puppet/config/hiera.yaml')
| -rw-r--r-- | puppet/config/hiera.yaml | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/puppet/config/hiera.yaml b/puppet/config/hiera.yaml new file mode 100644 index 0000000..14e393d --- /dev/null +++ b/puppet/config/hiera.yaml @@ -0,0 +1,38 @@ +--- +version: 5 +defaults: + datadir: "config" + data_hash: "yaml_data" +hierarchy: + # + # Put in the secrets folder all sensitive information that + # wont be spread into every system if you"re using the Hydra Suite. + # + # We also recommend to leave only encrypted data in your hiera config. + # + - name: "encrypted secrets" + path: "secrets/node/%{facts.fqdn}.yaml" + lookup_key: eyaml_lookup_key + options: + # If using the pkcs7 encryptor (default) + pkcs7_private_key: "%{settings::confdir}/keys/private_key.pkcs7.pem" + pkcs7_public_key: "%{settings::confdir}/keys/public_key.pkcs7.pem" + + - name: "regular secrets" + paths: + - "secrets/role/%{facts.role}.yaml" + - "secrets/location/%{facts.location}.yaml" + - "secrets/domain/%{facts.domain}.yaml" + + # + # All other stuff goes in regular YAML files. + # + - name: "public" + paths: + - "node/%{facts.fqdn}.yaml" + - "role/%{facts.role}.yaml" + - "virtual/%{facts.virtual}.yaml" + - "location/%{facts.location}.yaml" + - "domain/%{facts.domain}.yaml" + - "compiled.yaml" + - "common.yaml" |