puppet lookup is a good diagnostic tool. Now though, you have a naming issue. You need the permitroot:: prefix if you want Puppet/Hiera to automatically fill in your parameter.
So your puppet lookup debug command should be puppet lookup permitroot::permitroot_config --explain --node lhcsrvprdcms01.fixnetix.com Once *that* works, your module should work too. Does any of this work if you put it in common.yaml to start? On Friday, July 31, 2020 at 11:42:27 AM UTC-4 [email protected] wrote: > Still no luck. Hiera is now matching (it wasn't before): > > root@puppet:/# puppet lookup permitroot_config --node > lhcsrvprdcms01.fixnetix.com > --- > - Match Address xx.xx.xx.xx > - PermitRootLogin without-password > > I had to change the YAML file slightly to: > > permitroot_config: > - 'Match Address xx.xx.xx.xx' > - 'PermitRootLogin without-password' > > From: > > permitroot:permitroot_config > - 'Match Address xx.xx.xx.xx' > - 'PermitRootLogin without-password' > > Thanks for the tip! I have been using PDK. > > On Friday, July 31, 2020 at 4:25:13 PM UTC+1, A Manzer wrote: >> >> I've noticed two other things that may need fixing: >> >> - It may be a copy and paste error, but you don't close your Match >> Address string in the pasted Hiera file above. That would cause your Yaml >> to be incorrect, and probably ignored. >> - In site.pp, you use the resource-like syntax for including the class. >> I'm not sure what this does for automatic hiera parameter lookup, but it's >> usually safer to use include syntax instead. I'd change your entry in >> site.pp to be >> >> >> node lhcsrvprdcms01.domain.com { >> include permitroot >> } >> >> BTW, out of curiosity, are you using the Puppet PDK >> <https://puppet.com/docs/pdk/1.x/pdk.html> to develop this module? It >> brings *a lot* of boilerplate, but it also brings things like Yaml >> syntax validating and syntax validating that might help you out while >> you're learning. >> >> On Friday, July 31, 2020 at 10:46:13 AM UTC-4, Dan Crisp wrote: >>> >>> Thanks for the reply. >>> >>> Unfortunately although my YAML file didn't have the .yaml suffix and I >>> didn't have a data directory, after making the necessary changes, the same >>> problem persists: >>> >>> Error: Could not retrieve catalog from remote server: Error 500 on >>> SERVER: Server Error: Evaluation Error: Error while evaluating a Resource >>> Statement, Class[Permitroot]: expects a value for parameter >>> 'permitroot_config' (file: >>> /etc/puppetlabs/code/environments/production/manifests/site.pp, line: 49, >>> column: 3) on node lhcsrvprdcms01.fixnetix >>> >>> # pwd >>> /etc/puppetlabs/code/environments/production >>> >>> # ll data/nodes/lhcsrvprdcms01.fixnetix.com.yaml >>> -rw-r--r--. 1 root root 103 Jul 30 12:09 >>> data/nodes/lhcsrvprdcms01.fixnetix.com.yaml >>> >>> >>> On Friday, July 31, 2020 at 2:15:18 PM UTC+1, A Manzer wrote: >>>> >>>> You need to put your nodes hiera folder under a data folder. (*All* >>>> your hiera data goes under a data folder.) >>>> >>>> Also, ensure that your yaml file is named >>>> lhcsrvprdcms01.domain.com.yaml. You need the *full* node name, *and* >>>> the .yaml at the end for hiera to find it. That's tripped me up a few >>>> times... >>>> >>>> On Thursday, July 30, 2020 at 10:43:13 AM UTC-4, Dan Crisp wrote: >>>>> >>>>> Hello experts, >>>>> >>>>> I'm struggling with some node specific heria. I basically want to add >>>>> the following lines to a number of nodes: >>>>> >>>>> Match Address xx.xx.xx.xx >>>>> PermitRootLogin without-password >>>>> >>>>> I have the following in place in an attempt to acheive this: >>>>> >>>>> # pwd >>>>> >>>>> /etc/puppetlabs/code/environments/production/modules/permitroot/manifests >>>>> >>>>> # more * >>>>> >>>>> :::::::::::::: >>>>> config.pp >>>>> :::::::::::::: >>>>> class permitroot::config ( >>>>> $config_path = $permitroot::params::config_path >>>>> ) inherits permitroot::params { >>>>> if $facts['os']['release']['major'] =~ /7/ { >>>>> file { 'Update SSHD PermitRoot': >>>>> ensure => $permitroot::config_present, >>>>> path => $permitroot::config_path, >>>>> content => $permitroot::permitroot_config.join("\n"), >>>>> owner => root, >>>>> group => root, >>>>> mode => '0600' >>>>> } >>>>> } else { >>>>> notice ('Assuming RHEL 6.x thus taking no action') >>>>> } >>>>> } >>>>> :::::::::::::: >>>>> init.pp >>>>> :::::::::::::: >>>>> class permitroot ( >>>>> $service_name = $permitroot::params::service_name, >>>>> $config_path = $permitroot::params::config_path, >>>>> Array[String] $permitroot_config, >>>>> String $service_ensure, >>>>> Boolean $service_enable, >>>>> Boolean $service_hasrestart, >>>>> ) inherits permitroot::params { >>>>> contain permitroot::config >>>>> contain permitroot::service >>>>> >>>>> Class['permitroot::config'] >>>>> -> Class['permitroot::service'] >>>>> } >>>>> :::::::::::::: >>>>> params.pp >>>>> :::::::::::::: >>>>> class permitroot::params { >>>>> $service_name = 'sshd' >>>>> $config_path = '/etc/ssh/sshd_config' >>>>> } >>>>> :::::::::::::: >>>>> service.pp >>>>> :::::::::::::: >>>>> class permitroot::service ( >>>>> $service_name = $permitroot::params::service_name, >>>>> ) inherits permitroot::params { >>>>> service {'permitroot_service': >>>>> name => $service_name, >>>>> ensure => $permitroot::service_ensure, >>>>> enable => $permitroot::service_enable, >>>>> hasrestart => $permitroot::service_hasrestart, >>>>> } >>>>> } >>>>> >>>>> This is probably not the best method and I'm still learning and don't >>>>> want to use a module that has already been created by someone else at >>>>> this >>>>> point. >>>>> >>>>> Here is the node specific heria: >>>>> >>>>> # pwd >>>>> /etc/puppetlabs/code/environments/production/nodes >>>>> >>>>> # more * >>>>> permitroot::permitroot_config: >>>>> - 'Match Address xx.xx.xx.xx >>>>> - 'PermitRootLogin without-password' >>>>> >>>>> Hiera file: >>>>> >>>>> # pwd >>>>> /etc/puppetlabs/code/environments/production >>>>> >>>>> # more hiera.yaml >>>>> --- >>>>> version: 5 >>>>> defaults: >>>>> # The default value for "datadir" is "data" under the same directory >>>>> as the hiera.yaml >>>>> # file (this file) >>>>> # When specifying a datadir, make sure the directory exists. >>>>> # See https://puppet.com/docs/puppet/latest/environments_about.html >>>>> for further details on environments. >>>>> #datadir: data >>>>> data_hash: yaml_data >>>>> hierarchy: >>>>> - name: "Per-node data" # Human-readable name. >>>>> path: "nodes/%{trusted.certname}.yaml" # File path, relative to >>>>> datadir. >>>>> >>>>> - name: "Per-OS defaults" >>>>> path: "os/%{facts.os.family}.yaml" >>>>> >>>>> - name: "Common data" >>>>> path: "common.yaml" >>>>> >>>>> Site.pp file: >>>>> >>>>> # more site.pp >>>>> ... >>>>> ... >>>>> ... >>>>> node lhcsrvprdcms01.domain.com { >>>>> class { 'permitroot': } >>>>> } >>>>> >>>>> When I run the puppet agent on the server about were I want the new >>>>> vaules added, I see the see returned the following: >>>>> >>>>> # puppet agent --no-daemonize --onetime --verbose --noop >>>>> Info: Using configured environment 'production' >>>>> Info: Retrieving pluginfacts >>>>> Info: Retrieving plugin >>>>> Info: Retrieving locales >>>>> Info: Loading facts >>>>> Error: Could not retrieve catalog from remote server: Error 500 on >>>>> SERVER: Server Error: Evaluation Error: Error while evaluating a Resource >>>>> Statement, Class[Permitroot]: expects a value for parameter >>>>> 'permitroot_config' (file: >>>>> /etc/puppetlabs/code/environments/production/manifests/site.pp, line: 49, >>>>> column: 3) on node lhcsrvprdcms01.fixnetix.com >>>>> Info: Using cached catalog from environment 'production' >>>>> Info: Applying configuration version '1596101172' >>>>> Notice: Applied catalog in 2.39 seconds >>>>> >>>>> Any help here would be appreciated. >>>>> >>>>> Thanks, >>>>> Dan. >>>>> >>>> -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/f061ce25-9a84-412c-b8d5-d6c0e648a3ebn%40googlegroups.com.
