Don't think it's a hiera issue now: # puppet lookup permitroot::permitroot_config --node lhcsrvprdcms01.fixnetix.com --- - Match Address xx.xx.xx.xx - PermitRootLogin without-password
# pwd /etc/puppetlabs/code/environments/production/data/nodes # cat * permitroot::permitroot_config: - 'Match Address 10.20.232.21' - 'PermitRootLogin without-password' Still no joy though. On Friday, July 31, 2020 at 4:47:40 PM UTC+1, A Manzer wrote: > > puppet lookup is a good diagnostic tool. > > Now though, you have a naming issue. You need the permitroot:: prefix if > you want Puppet/Hiera to automatically fill in your parameter. > > So your puppet lookup debug command should be puppet lookup > permitroot::permitroot_config --explain --node lhcsrvprdcms01.fixnetix.com > > Once *that* works, your module should work too. > > Does any of this work if you put it in common.yaml to start? > On Friday, July 31, 2020 at 11:42:27 AM UTC-4 [email protected] wrote: > >> Still no luck. Hiera is now matching (it wasn't before): >> >> root@puppet:/# puppet lookup permitroot_config --node >> lhcsrvprdcms01.fixnetix.com >> --- >> - Match Address xx.xx.xx.xx >> - PermitRootLogin without-password >> >> I had to change the YAML file slightly to: >> >> permitroot_config: >> - 'Match Address xx.xx.xx.xx' >> - 'PermitRootLogin without-password' >> >> From: >> >> permitroot:permitroot_config >> - 'Match Address xx.xx.xx.xx' >> - 'PermitRootLogin without-password' >> >> Thanks for the tip! I have been using PDK. >> >> On Friday, July 31, 2020 at 4:25:13 PM UTC+1, A Manzer wrote: >>> >>> I've noticed two other things that may need fixing: >>> >>> - It may be a copy and paste error, but you don't close your Match >>> Address string in the pasted Hiera file above. That would cause your Yaml >>> to be incorrect, and probably ignored. >>> - In site.pp, you use the resource-like syntax for including the >>> class. I'm not sure what this does for automatic hiera parameter lookup, >>> but it's usually safer to use include syntax instead. I'd change your >>> entry in site.pp to be >>> >>> >>> node lhcsrvprdcms01.domain.com { >>> include permitroot >>> } >>> >>> BTW, out of curiosity, are you using the Puppet PDK >>> <https://puppet.com/docs/pdk/1.x/pdk.html> to develop this module? It >>> brings *a lot* of boilerplate, but it also brings things like Yaml >>> syntax validating and syntax validating that might help you out while >>> you're learning. >>> >>> On Friday, July 31, 2020 at 10:46:13 AM UTC-4, Dan Crisp wrote: >>>> >>>> Thanks for the reply. >>>> >>>> Unfortunately although my YAML file didn't have the .yaml suffix and I >>>> didn't have a data directory, after making the necessary changes, the same >>>> problem persists: >>>> >>>> Error: Could not retrieve catalog from remote server: Error 500 on >>>> SERVER: Server Error: Evaluation Error: Error while evaluating a Resource >>>> Statement, Class[Permitroot]: expects a value for parameter >>>> 'permitroot_config' (file: >>>> /etc/puppetlabs/code/environments/production/manifests/site.pp, line: 49, >>>> column: 3) on node lhcsrvprdcms01.fixnetix >>>> >>>> # pwd >>>> /etc/puppetlabs/code/environments/production >>>> >>>> # ll data/nodes/lhcsrvprdcms01.fixnetix.com.yaml >>>> -rw-r--r--. 1 root root 103 Jul 30 12:09 >>>> data/nodes/lhcsrvprdcms01.fixnetix.com.yaml >>>> >>>> >>>> On Friday, July 31, 2020 at 2:15:18 PM UTC+1, A Manzer wrote: >>>>> >>>>> You need to put your nodes hiera folder under a data folder. (*All* >>>>> your hiera data goes under a data folder.) >>>>> >>>>> Also, ensure that your yaml file is named >>>>> lhcsrvprdcms01.domain.com.yaml. You need the *full* node name, *and* >>>>> the .yaml at the end for hiera to find it. That's tripped me up a few >>>>> times... >>>>> >>>>> On Thursday, July 30, 2020 at 10:43:13 AM UTC-4, Dan Crisp wrote: >>>>>> >>>>>> Hello experts, >>>>>> >>>>>> I'm struggling with some node specific heria. I basically want to >>>>>> add the following lines to a number of nodes: >>>>>> >>>>>> Match Address xx.xx.xx.xx >>>>>> PermitRootLogin without-password >>>>>> >>>>>> I have the following in place in an attempt to acheive this: >>>>>> >>>>>> # pwd >>>>>> >>>>>> /etc/puppetlabs/code/environments/production/modules/permitroot/manifests >>>>>> >>>>>> # more * >>>>>> >>>>>> :::::::::::::: >>>>>> config.pp >>>>>> :::::::::::::: >>>>>> class permitroot::config ( >>>>>> $config_path = $permitroot::params::config_path >>>>>> ) inherits permitroot::params { >>>>>> if $facts['os']['release']['major'] =~ /7/ { >>>>>> file { 'Update SSHD PermitRoot': >>>>>> ensure => $permitroot::config_present, >>>>>> path => $permitroot::config_path, >>>>>> content => $permitroot::permitroot_config.join("\n"), >>>>>> owner => root, >>>>>> group => root, >>>>>> mode => '0600' >>>>>> } >>>>>> } else { >>>>>> notice ('Assuming RHEL 6.x thus taking no action') >>>>>> } >>>>>> } >>>>>> :::::::::::::: >>>>>> init.pp >>>>>> :::::::::::::: >>>>>> class permitroot ( >>>>>> $service_name = $permitroot::params::service_name, >>>>>> $config_path = $permitroot::params::config_path, >>>>>> Array[String] $permitroot_config, >>>>>> String $service_ensure, >>>>>> Boolean $service_enable, >>>>>> Boolean $service_hasrestart, >>>>>> ) inherits permitroot::params { >>>>>> contain permitroot::config >>>>>> contain permitroot::service >>>>>> >>>>>> Class['permitroot::config'] >>>>>> -> Class['permitroot::service'] >>>>>> } >>>>>> :::::::::::::: >>>>>> params.pp >>>>>> :::::::::::::: >>>>>> class permitroot::params { >>>>>> $service_name = 'sshd' >>>>>> $config_path = '/etc/ssh/sshd_config' >>>>>> } >>>>>> :::::::::::::: >>>>>> service.pp >>>>>> :::::::::::::: >>>>>> class permitroot::service ( >>>>>> $service_name = $permitroot::params::service_name, >>>>>> ) inherits permitroot::params { >>>>>> service {'permitroot_service': >>>>>> name => $service_name, >>>>>> ensure => $permitroot::service_ensure, >>>>>> enable => $permitroot::service_enable, >>>>>> hasrestart => $permitroot::service_hasrestart, >>>>>> } >>>>>> } >>>>>> >>>>>> This is probably not the best method and I'm still learning and don't >>>>>> want to use a module that has already been created by someone else at >>>>>> this >>>>>> point. >>>>>> >>>>>> Here is the node specific heria: >>>>>> >>>>>> # pwd >>>>>> /etc/puppetlabs/code/environments/production/nodes >>>>>> >>>>>> # more * >>>>>> permitroot::permitroot_config: >>>>>> - 'Match Address xx.xx.xx.xx >>>>>> - 'PermitRootLogin without-password' >>>>>> >>>>>> Hiera file: >>>>>> >>>>>> # pwd >>>>>> /etc/puppetlabs/code/environments/production >>>>>> >>>>>> # more hiera.yaml >>>>>> --- >>>>>> version: 5 >>>>>> defaults: >>>>>> # The default value for "datadir" is "data" under the same >>>>>> directory as the hiera.yaml >>>>>> # file (this file) >>>>>> # When specifying a datadir, make sure the directory exists. >>>>>> # See https://puppet.com/docs/puppet/latest/environments_about.html >>>>>> for further details on environments. >>>>>> #datadir: data >>>>>> data_hash: yaml_data >>>>>> hierarchy: >>>>>> - name: "Per-node data" # Human-readable name. >>>>>> path: "nodes/%{trusted.certname}.yaml" # File path, relative to >>>>>> datadir. >>>>>> >>>>>> - name: "Per-OS defaults" >>>>>> path: "os/%{facts.os.family}.yaml" >>>>>> >>>>>> - name: "Common data" >>>>>> path: "common.yaml" >>>>>> >>>>>> Site.pp file: >>>>>> >>>>>> # more site.pp >>>>>> ... >>>>>> ... >>>>>> ... >>>>>> node lhcsrvprdcms01.domain.com { >>>>>> class { 'permitroot': } >>>>>> } >>>>>> >>>>>> When I run the puppet agent on the server about were I want the new >>>>>> vaules added, I see the see returned the following: >>>>>> >>>>>> # puppet agent --no-daemonize --onetime --verbose --noop >>>>>> Info: Using configured environment 'production' >>>>>> Info: Retrieving pluginfacts >>>>>> Info: Retrieving plugin >>>>>> Info: Retrieving locales >>>>>> Info: Loading facts >>>>>> Error: Could not retrieve catalog from remote server: Error 500 on >>>>>> SERVER: Server Error: Evaluation Error: Error while evaluating a >>>>>> Resource >>>>>> Statement, Class[Permitroot]: expects a value for parameter >>>>>> 'permitroot_config' (file: >>>>>> /etc/puppetlabs/code/environments/production/manifests/site.pp, line: >>>>>> 49, >>>>>> column: 3) on node lhcsrvprdcms01.fixnetix.com >>>>>> Info: Using cached catalog from environment 'production' >>>>>> Info: Applying configuration version '1596101172' >>>>>> Notice: Applied catalog in 2.39 seconds >>>>>> >>>>>> Any help here would be appreciated. >>>>>> >>>>>> Thanks, >>>>>> Dan. >>>>>> >>>>> -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/ea7d8592-1728-4a96-9f72-aa5bf0e23ffdo%40googlegroups.com.
