setting up eYaml

Date: May 2016

Product Version: 2016.1 (4.4)

## Setting up eYaml for secure data structure

Contents

Background:

eYaml is a secure Yaml file that can store passwords and other sensitive data. This shows how to configure your Master to serve encrypted data via Hiera.

Section A - Install module

install Hunner Hiera module from Puppetforge

puppet module install hunner-hiera

if using Code Manager or R10K, add the hunner-hiera to your Puppetfile

mod 'hunner/hiera'

Section B - Configure Roles & Profiles

to configure your Puppet Master, call the Hunner Hiera module through a PuppetMaster profile using the Roles+Profiles structure

cat role\puppetmaster.pp

class role::puppetmaster {

include ::profile::puppetmaster

}

Make sure to set yeaml => true, the module will enable eYaml on your Master

cat profile\puppetmaster.pp

class profile::puppetmaster {Section C

## HIERA config

class { '::hiera':

hierarchy => [ 'node/%{::hostname}','%{::operatingsystem}','common'],

hiera_yaml => '/etc/puppetlabs/puppet/hiera.yaml',

datadir => '/etc/puppetlabs/code/environments/%{::environment}/hieradata',

puppet_conf_manage => true,

create_symlink => true,

eyaml => true,

eyaml_extension => 'yaml',

owner => 'pe-puppet',

group => 'pe-puppet',

notify => Service['pe-puppetserver'],

}

}

This profile calls the Hunner Hiera class and provides specific parameters like Hierarchy and eYaml True/False.

Assign the PuppetMaster role to your Puppet Master either in Site.pp or Console.

Section C - Run Puppet

run "puppet agent -t" on Master to setup eyaml