Yes I upated the site.pp as recommended. On Friday, July 31, 2020 at 6:41:24 PM UTC+1, A Manzer wrote: > > Did you update site.pp to use the include syntax? > > I looked at the error again, because I'm really not sure why it's working > (other than the fact that you've mixed patterns, and seriously > over-complicated your code). So here's your error, right? > Error: Could not retrieve catalog from remote server: Error 500 on SERVER: > Server Error: Evaluation Error: Error while evaluating a Resource > Statement, Class[Permitroot]: expects a value for parameter > 'permitroot_config' (file: > /etc/puppetlabs/code/environments/production/manifests/site.pp, line: 49, > column: 3) on node lhcsrvprdcms01.fixnetix.com > > Is it still more or less that? > Notice that the error is in the site.pp file, not your init.pp or > config.pp. It could be that since you're using the resource-like syntax, > Puppet is expecting you to set that parameter, and isn't using Hiera. > According to the hiera docs > <https://puppet.com/docs/puppet/6.17/hiera_automatic.html>, it looks like > it should still be looking things up? But I know that in my own code, I > always use include, or specify all my parameters when I'm forced to use > the resource-like syntax. > > On Friday, July 31, 2020 at 1:09:30 PM UTC-4 [email protected] wrote: > >> Don't think it's a hiera issue now: >> >> # puppet lookup permitroot::permitroot_config --node >> lhcsrvprdcms01.fixnetix.com >> --- >> - Match Address xx.xx.xx.xx >> - PermitRootLogin without-password >> >> # pwd >> /etc/puppetlabs/code/environments/production/data/nodes >> >> # cat * >> permitroot::permitroot_config: >> - 'Match Address 10.20.232.21' >> - 'PermitRootLogin without-password' >> >> Still no joy though. >> >> On Friday, July 31, 2020 at 4:47:40 PM UTC+1, A Manzer wrote: >>> >>> puppet lookup is a good diagnostic tool. >>> >>> Now though, you have a naming issue. You need the permitroot:: prefix >>> if you want Puppet/Hiera to automatically fill in your parameter. >>> >>> So your puppet lookup debug command should be puppet lookup >>> permitroot::permitroot_config --explain --node >>> lhcsrvprdcms01.fixnetix.com >>> >>> Once *that* works, your module should work too. >>> >>> Does any of this work if you put it in common.yaml to start? >>> On Friday, July 31, 2020 at 11:42:27 AM UTC-4 [email protected] wrote: >>> >>>> Still no luck. Hiera is now matching (it wasn't before): >>>> >>>> root@puppet:/# puppet lookup permitroot_config --node >>>> lhcsrvprdcms01.fixnetix.com >>>> --- >>>> - Match Address xx.xx.xx.xx >>>> - PermitRootLogin without-password >>>> >>>> I had to change the YAML file slightly to: >>>> >>>> permitroot_config: >>>> - 'Match Address xx.xx.xx.xx' >>>> - 'PermitRootLogin without-password' >>>> >>>> From: >>>> >>>> permitroot:permitroot_config >>>> - 'Match Address xx.xx.xx.xx' >>>> - 'PermitRootLogin without-password' >>>> >>>> Thanks for the tip! I have been using PDK. >>>> >>>> On Friday, July 31, 2020 at 4:25:13 PM UTC+1, A Manzer wrote: >>>>> >>>>> I've noticed two other things that may need fixing: >>>>> >>>>> - It may be a copy and paste error, but you don't close your Match >>>>> Address string in the pasted Hiera file above. That would cause your >>>>> Yaml >>>>> to be incorrect, and probably ignored. >>>>> - In site.pp, you use the resource-like syntax for including the >>>>> class. I'm not sure what this does for automatic hiera parameter lookup, >>>>> but it's usually safer to use include syntax instead. I'd change >>>>> your entry in site.pp to be >>>>> >>>>> >>>>> node lhcsrvprdcms01.domain.com { >>>>> include permitroot >>>>> } >>>>> >>>>> BTW, out of curiosity, are you using the Puppet PDK >>>>> <https://puppet.com/docs/pdk/1.x/pdk.html> to develop this module? >>>>> It brings *a lot* of boilerplate, but it also brings things like Yaml >>>>> syntax validating and syntax validating that might help you out while >>>>> you're learning. >>>>> >>>>> On Friday, July 31, 2020 at 10:46:13 AM UTC-4, Dan Crisp wrote: >>>>>> >>>>>> Thanks for the reply. >>>>>> >>>>>> Unfortunately although my YAML file didn't have the .yaml suffix and >>>>>> I didn't have a data directory, after making the necessary changes, the >>>>>> same problem persists: >>>>>> >>>>>> Error: Could not retrieve catalog from remote server: Error 500 on >>>>>> SERVER: Server Error: Evaluation Error: Error while evaluating a >>>>>> Resource >>>>>> Statement, Class[Permitroot]: expects a value for parameter >>>>>> 'permitroot_config' (file: >>>>>> /etc/puppetlabs/code/environments/production/manifests/site.pp, line: >>>>>> 49, >>>>>> column: 3) on node lhcsrvprdcms01.fixnetix >>>>>> >>>>>> # pwd >>>>>> /etc/puppetlabs/code/environments/production >>>>>> >>>>>> # ll data/nodes/lhcsrvprdcms01.fixnetix.com.yaml >>>>>> -rw-r--r--. 1 root root 103 Jul 30 12:09 >>>>>> data/nodes/lhcsrvprdcms01.fixnetix.com.yaml >>>>>> >>>>>> >>>>>> On Friday, July 31, 2020 at 2:15:18 PM UTC+1, A Manzer wrote: >>>>>>> >>>>>>> You need to put your nodes hiera folder under a data folder. (*All* >>>>>>> your hiera data goes under a data folder.) >>>>>>> >>>>>>> Also, ensure that your yaml file is named >>>>>>> lhcsrvprdcms01.domain.com.yaml. You need the *full* node name, >>>>>>> *and* the .yaml at the end for hiera to find it. That's tripped me >>>>>>> up a few times... >>>>>>> >>>>>>> On Thursday, July 30, 2020 at 10:43:13 AM UTC-4, Dan Crisp wrote: >>>>>>>> >>>>>>>> Hello experts, >>>>>>>> >>>>>>>> I'm struggling with some node specific heria. I basically want to >>>>>>>> add the following lines to a number of nodes: >>>>>>>> >>>>>>>> Match Address xx.xx.xx.xx >>>>>>>> PermitRootLogin without-password >>>>>>>> >>>>>>>> I have the following in place in an attempt to acheive this: >>>>>>>> >>>>>>>> # pwd >>>>>>>> >>>>>>>> /etc/puppetlabs/code/environments/production/modules/permitroot/manifests >>>>>>>> >>>>>>>> # more * >>>>>>>> >>>>>>>> :::::::::::::: >>>>>>>> config.pp >>>>>>>> :::::::::::::: >>>>>>>> class permitroot::config ( >>>>>>>> $config_path = $permitroot::params::config_path >>>>>>>> ) inherits permitroot::params { >>>>>>>> if $facts['os']['release']['major'] =~ /7/ { >>>>>>>> file { 'Update SSHD PermitRoot': >>>>>>>> ensure => $permitroot::config_present, >>>>>>>> path => $permitroot::config_path, >>>>>>>> content => $permitroot::permitroot_config.join("\n"), >>>>>>>> owner => root, >>>>>>>> group => root, >>>>>>>> mode => '0600' >>>>>>>> } >>>>>>>> } else { >>>>>>>> notice ('Assuming RHEL 6.x thus taking no action') >>>>>>>> } >>>>>>>> } >>>>>>>> :::::::::::::: >>>>>>>> init.pp >>>>>>>> :::::::::::::: >>>>>>>> class permitroot ( >>>>>>>> $service_name = $permitroot::params::service_name, >>>>>>>> $config_path = $permitroot::params::config_path, >>>>>>>> Array[String] $permitroot_config, >>>>>>>> String $service_ensure, >>>>>>>> Boolean $service_enable, >>>>>>>> Boolean $service_hasrestart, >>>>>>>> ) inherits permitroot::params { >>>>>>>> contain permitroot::config >>>>>>>> contain permitroot::service >>>>>>>> >>>>>>>> Class['permitroot::config'] >>>>>>>> -> Class['permitroot::service'] >>>>>>>> } >>>>>>>> :::::::::::::: >>>>>>>> params.pp >>>>>>>> :::::::::::::: >>>>>>>> class permitroot::params { >>>>>>>> $service_name = 'sshd' >>>>>>>> $config_path = '/etc/ssh/sshd_config' >>>>>>>> } >>>>>>>> :::::::::::::: >>>>>>>> service.pp >>>>>>>> :::::::::::::: >>>>>>>> class permitroot::service ( >>>>>>>> $service_name = $permitroot::params::service_name, >>>>>>>> ) inherits permitroot::params { >>>>>>>> service {'permitroot_service': >>>>>>>> name => $service_name, >>>>>>>> ensure => $permitroot::service_ensure, >>>>>>>> enable => $permitroot::service_enable, >>>>>>>> hasrestart => $permitroot::service_hasrestart, >>>>>>>> } >>>>>>>> } >>>>>>>> >>>>>>>> This is probably not the best method and I'm still learning and >>>>>>>> don't want to use a module that has already been created by someone >>>>>>>> else at >>>>>>>> this point. >>>>>>>> >>>>>>>> Here is the node specific heria: >>>>>>>> >>>>>>>> # pwd >>>>>>>> /etc/puppetlabs/code/environments/production/nodes >>>>>>>> >>>>>>>> # more * >>>>>>>> permitroot::permitroot_config: >>>>>>>> - 'Match Address xx.xx.xx.xx >>>>>>>> - 'PermitRootLogin without-password' >>>>>>>> >>>>>>>> Hiera file: >>>>>>>> >>>>>>>> # pwd >>>>>>>> /etc/puppetlabs/code/environments/production >>>>>>>> >>>>>>>> # more hiera.yaml >>>>>>>> --- >>>>>>>> version: 5 >>>>>>>> defaults: >>>>>>>> # The default value for "datadir" is "data" under the same >>>>>>>> directory as the hiera.yaml >>>>>>>> # file (this file) >>>>>>>> # When specifying a datadir, make sure the directory exists. >>>>>>>> # See >>>>>>>> https://puppet.com/docs/puppet/latest/environments_about.html for >>>>>>>> further details on environments. >>>>>>>> #datadir: data >>>>>>>> data_hash: yaml_data >>>>>>>> hierarchy: >>>>>>>> - name: "Per-node data" # Human-readable name. >>>>>>>> path: "nodes/%{trusted.certname}.yaml" # File path, relative >>>>>>>> to datadir. >>>>>>>> >>>>>>>> - name: "Per-OS defaults" >>>>>>>> path: "os/%{facts.os.family}.yaml" >>>>>>>> >>>>>>>> - name: "Common data" >>>>>>>> path: "common.yaml" >>>>>>>> >>>>>>>> Site.pp file: >>>>>>>> >>>>>>>> # more site.pp >>>>>>>> ... >>>>>>>> ... >>>>>>>> ... >>>>>>>> node lhcsrvprdcms01.domain.com { >>>>>>>> class { 'permitroot': } >>>>>>>> } >>>>>>>> >>>>>>>> When I run the puppet agent on the server about were I want the new >>>>>>>> vaules added, I see the see returned the following: >>>>>>>> >>>>>>>> # puppet agent --no-daemonize --onetime --verbose --noop >>>>>>>> Info: Using configured environment 'production' >>>>>>>> Info: Retrieving pluginfacts >>>>>>>> Info: Retrieving plugin >>>>>>>> Info: Retrieving locales >>>>>>>> Info: Loading facts >>>>>>>> Error: Could not retrieve catalog from remote server: Error 500 on >>>>>>>> SERVER: Server Error: Evaluation Error: Error while evaluating a >>>>>>>> Resource >>>>>>>> Statement, Class[Permitroot]: expects a value for parameter >>>>>>>> 'permitroot_config' (file: >>>>>>>> /etc/puppetlabs/code/environments/production/manifests/site.pp, line: >>>>>>>> 49, >>>>>>>> column: 3) on node lhcsrvprdcms01.fixnetix.com >>>>>>>> Info: Using cached catalog from environment 'production' >>>>>>>> Info: Applying configuration version '1596101172' >>>>>>>> Notice: Applied catalog in 2.39 seconds >>>>>>>> >>>>>>>> Any help here would be appreciated. >>>>>>>> >>>>>>>> Thanks, >>>>>>>> Dan. >>>>>>>> >>>>>>>
-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/c365630f-5546-4862-bf68-8e4434144536o%40googlegroups.com.
