You need to put your nodes hiera folder under a data folder. (*All* your
hiera data goes under a data folder.)
Also, ensure that your yaml file is named lhcsrvprdcms01.domain.com.yaml.
You need the *full* node name, *and* the .yaml at the end for hiera to find
it. That's tripped me up a few times...
On Thursday, July 30, 2020 at 10:43:13 AM UTC-4, Dan Crisp wrote:
>
> Hello experts,
>
> I'm struggling with some node specific heria. I basically want to add the
> following lines to a number of nodes:
>
> Match Address xx.xx.xx.xx
> PermitRootLogin without-password
>
> I have the following in place in an attempt to acheive this:
>
> # pwd
> /etc/puppetlabs/code/environments/production/modules/permitroot/manifests
>
> # more *
>
> ::::::::::::::
> config.pp
> ::::::::::::::
> class permitroot::config (
> $config_path = $permitroot::params::config_path
> ) inherits permitroot::params {
> if $facts['os']['release']['major'] =~ /7/ {
> file { 'Update SSHD PermitRoot':
> ensure => $permitroot::config_present,
> path => $permitroot::config_path,
> content => $permitroot::permitroot_config.join("\n"),
> owner => root,
> group => root,
> mode => '0600'
> }
> } else {
> notice ('Assuming RHEL 6.x thus taking no action')
> }
> }
> ::::::::::::::
> init.pp
> ::::::::::::::
> class permitroot (
> $service_name = $permitroot::params::service_name,
> $config_path = $permitroot::params::config_path,
> Array[String] $permitroot_config,
> String $service_ensure,
> Boolean $service_enable,
> Boolean $service_hasrestart,
> ) inherits permitroot::params {
> contain permitroot::config
> contain permitroot::service
>
> Class['permitroot::config']
> -> Class['permitroot::service']
> }
> ::::::::::::::
> params.pp
> ::::::::::::::
> class permitroot::params {
> $service_name = 'sshd'
> $config_path = '/etc/ssh/sshd_config'
> }
> ::::::::::::::
> service.pp
> ::::::::::::::
> class permitroot::service (
> $service_name = $permitroot::params::service_name,
> ) inherits permitroot::params {
> service {'permitroot_service':
> name => $service_name,
> ensure => $permitroot::service_ensure,
> enable => $permitroot::service_enable,
> hasrestart => $permitroot::service_hasrestart,
> }
> }
>
> This is probably not the best method and I'm still learning and don't want
> to use a module that has already been created by someone else at this point.
>
> Here is the node specific heria:
>
> # pwd
> /etc/puppetlabs/code/environments/production/nodes
>
> # more *
> permitroot::permitroot_config:
> - 'Match Address xx.xx.xx.xx
> - 'PermitRootLogin without-password'
>
> Hiera file:
>
> # pwd
> /etc/puppetlabs/code/environments/production
>
> # more hiera.yaml
> ---
> version: 5
> defaults:
> # The default value for "datadir" is "data" under the same directory as
> the hiera.yaml
> # file (this file)
> # When specifying a datadir, make sure the directory exists.
> # See https://puppet.com/docs/puppet/latest/environments_about.html for
> further details on environments.
> #datadir: data
> data_hash: yaml_data
> hierarchy:
> - name: "Per-node data" # Human-readable name.
> path: "nodes/%{trusted.certname}.yaml" # File path, relative to
> datadir.
>
> - name: "Per-OS defaults"
> path: "os/%{facts.os.family}.yaml"
>
> - name: "Common data"
> path: "common.yaml"
>
> Site.pp file:
>
> # more site.pp
> ...
> ...
> ...
> node lhcsrvprdcms01.domain.com {
> class { 'permitroot': }
> }
>
> When I run the puppet agent on the server about were I want the new vaules
> added, I see the see returned the following:
>
> # puppet agent --no-daemonize --onetime --verbose --noop
> Info: Using configured environment 'production'
> Info: Retrieving pluginfacts
> Info: Retrieving plugin
> Info: Retrieving locales
> Info: Loading facts
> Error: Could not retrieve catalog from remote server: Error 500 on SERVER:
> Server Error: Evaluation Error: Error while evaluating a Resource
> Statement, Class[Permitroot]: expects a value for parameter
> 'permitroot_config' (file:
> /etc/puppetlabs/code/environments/production/manifests/site.pp, line: 49,
> column: 3) on node lhcsrvprdcms01.fixnetix.com
> Info: Using cached catalog from environment 'production'
> Info: Applying configuration version '1596101172'
> Notice: Applied catalog in 2.39 seconds
>
> Any help here would be appreciated.
>
> Thanks,
> Dan.
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/00c7ca49-e568-4ca4-9d64-722ed6d2aee6o%40googlegroups.com.
