There is indeed a global hiera.yaml file: # cat /etc/puppetlabs/puppet/hiera.yaml --- # Hiera 5 Global configuration file
version: 5 # defaults: # data_hash: yaml_data # hierarchy: # - name: Common # data_hash: yaml_data hierarchy: [] Top level environment hiera looks good: # cat /etc/puppetlabs/code/environments/production/hiera.yaml --- version: 5 defaults: # The default value for "datadir" is "data" under the same directory as the hiera.yaml # file (this file) # When specifying a datadir, make sure the directory exists. # See https://puppet.com/docs/puppet/latest/environments_about.html for further details on environments. datadir: data data_hash: yaml_data hierarchy: - name: "Per-node data" # Human-readable name. path: "nodes/%{trusted.certname}.yaml" # File path, relative to datadir. - name: "Per-OS defaults" path: "os/%{facts.os.family}.yaml" - name: "Common data" path: "common.yaml" There is no associated branch or alike in this instance. Here's the puppet lookup output with --explain: # puppet lookup --node lhcsrvprdidm02.fixnetix.com grubipv6disable::enable --explain Searching for "lookup_options" Global Data Provider (hiera configuration version 5) Using configuration "/etc/puppetlabs/puppet/hiera.yaml" No such key: "lookup_options" Environment Data Provider (hiera configuration version 5) Using configuration "/etc/puppetlabs/code/environments/production/hiera.yaml" Merge strategy hash Hierarchy entry "Per-node data" Path "/etc/puppetlabs/code/environments/production/data/nodes/lhcsrvprdidm02.fixnetix.com.yaml" Original path: "nodes/%{trusted.certname}.yaml" No such key: "lookup_options" Hierarchy entry "Per-OS defaults" Path "/etc/puppetlabs/code/environments/production/data/os/RedHat.yaml" Original path: "os/%{facts.os.family}.yaml" Path not found Hierarchy entry "Common data" Path "/etc/puppetlabs/code/environments/production/data/common.yaml" Original path: "common.yaml" Path not found Module "grubipv6disable" Data Provider (hiera configuration version 5) Using configuration "/etc/puppetlabs/code/environments/production/modules/grubipv6disable/hiera.yaml" Merge strategy hash Hierarchy entry "osfamily/major release" Merge strategy hash Path "/etc/puppetlabs/code/environments/production/modules/grubipv6disable/data/os/RedHat/7.yaml" Original path: "os/%{facts.os.name}/%{facts.os.release.major}.yaml" Path not found Path "/etc/puppetlabs/code/environments/production/modules/grubipv6disable/data/os/RedHat/7.yaml" Original path: "os/%{facts.os.family}/%{facts.os.release.major}.yaml" Path not found Path "/etc/puppetlabs/code/environments/production/modules/grubipv6disable/data/os/RedHat/3.10.0-1127.13.1.el7.x86_64.yaml" Original path: "os/%{facts.os.family}/%{facts.kernelrelease}.yaml" Path not found Hierarchy entry "osfamily" Merge strategy hash Path "/etc/puppetlabs/code/environments/production/modules/grubipv6disable/data/os/RedHat.yaml" Original path: "os/%{facts.os.name}.yaml" Path not found Path "/etc/puppetlabs/code/environments/production/modules/grubipv6disable/data/os/RedHat.yaml" Original path: "os/%{facts.os.family}.yaml" Path not found Hierarchy entry "common" Path "/etc/puppetlabs/code/environments/production/modules/grubipv6disable/data/common.yaml" Original path: "common.yaml" No such key: "lookup_options" Searching for "grubipv6disable::enable" Global Data Provider (hiera configuration version 5) Using configuration "/etc/puppetlabs/puppet/hiera.yaml" No such key: "grubipv6disable::enable" Environment Data Provider (hiera configuration version 5) Using configuration "/etc/puppetlabs/code/environments/production/hiera.yaml" Hierarchy entry "Per-node data" Path "/etc/puppetlabs/code/environments/production/data/nodes/lhcsrvprdidm02.fixnetix.com.yaml" Original path: "nodes/%{trusted.certname}.yaml" Found key: "grubipv6disable::enable" value: false Thanks, Dan. On Monday, September 28, 2020 at 2:23:49 PM UTC+1 Martin Alfke wrote: > In this case it is hiera. > > Can you please check: > - that there is no global hiera.yaml file in > /etc/puppetlabs/puppet/hiera.yaml or, that the data paths mentioned in that > file are empty > - that node is the top level environment in your environment hiera.yaml > file (/etc/puppetlabs/code/environment/<environment>/hiera.yaml > - that your Puppet code changes are done in production environment and not > within a feature branch or: if you use a feature branch: that the data fir > enabling/disabling the flag is also in environment hiera data > > Can you run the puppet lookup command again using the ‘--explain’ > parameter? > > Hth, > Martin > > > On 28. Sep 2020, at 15:18, [email protected] <[email protected]> wrote: > > Thanks again Martin, > > I've changed the code as per recommended. However, the same issue still > persists. I'm starting to think that the issue is not code related but > lies elsewhere > > # puppet agent --no-daemonize --onetime --verbose > Info: Using configured environment 'production' > Info: Retrieving pluginfacts > Info: Retrieving plugin > Info: Retrieving locales > Info: Loading facts > Error: Could not retrieve catalog from remote server: Error 500 on SERVER: > Server Error: Evaluation Error: Error while evaluating a Resource > Statement, Class[Grubipv6disable]: expects a value for parameter 'enable' > (file: /etc/puppetlabs/code/environments/production/manifests/site.pp, > line: 12, column: 3) on node lhcsrvprdidm02.fixnetix.com > Info: Using cached catalog from environment 'production' > Info: Applying configuration version '1601218290' > Notice: Applied catalog in 1.95 seconds > > I've checked if a lookup checks-out ok: > > # puppet lookup --node lhcsrvprdidm02.fixnetix.com grubipv6disable::enable > --- false > > Thanks, > Dan. > > > > On Monday, September 28, 2020 at 11:54:42 AM UTC+1 Martin Alfke wrote: > >> Hi Dan, >> >> I would write the grubipv6disable class in another way: >> >> class grubipv6disable ( >> Boolean $enable, >> ) { >> if $enable { >> contain grubipv6disable::config >> } >> } >> >> And keep the grubipv6disable::config class as is: >> >> class grubipv6disable::config ( >> ){ >> >> if $facts['os']['release']['major'] =~ /7/ { >> exec { 'grub2_ipv6_disable': >> command => '/usr/sbin/grubby --update-kernel=ALL >> --args=ipv6.disable=1', >> unless => '/usr/sbin/grubby --info=ALL | /usr/bin/grep ipv6' >> } >> } else { >> notice ('Assuming RHEL 6.x thus taking no action') >> } >> } >> >> Parameters, like variables, are always local to a class. >> >> Best, >> Martin >> >> >> On 28. Sep 2020, at 12:03, [email protected] <[email protected]> wrote: >> >> Thanks for that Martin, >> >> I seem to have unearthed a different issue: >> >> # puppet agent --no-daemonize --onetime --verbose >> Error: Could not retrieve catalog from remote server: Error 500 on >> SERVER: Server Error: Evaluation Error: Error while evaluating a Resource >> Statement, Class[Grubipv6disable]: expects a value for parameter 'enable' >> (file: /etc/puppetlabs/code/environments/production/manifests/site.pp, >> line: 12, column: 3) on node lhcsrvprdidm02.fixnetix.com >> >> # pwd >> /etc/puppetlabs/code/environments/production/modules/grubipv6disable >> # more manifests/init.pp >> class grubipv6disable ( >> Boolean $enable, >> ) { >> contain grubipv6disable::config >> } >> >> # more manifests/config.pp >> class grubipv6disable::config ( >> Boolean $enable = true, >> ){ >> if $enable { >> if $facts['os']['release']['major'] =~ /7/ { >> exec { 'grub2_ipv6_disable': >> command => '/usr/sbin/grubby --update-kernel=ALL >> --args=ipv6.disable=1', >> unless => '/usr/sbin/grubby --info=ALL | /usr/bin/grep ipv6' >> } >> } else { >> notice ('Assuming RHEL 6.x thus taking no action') >> } >> } >> } >> >> # pwd >> /etc/puppetlabs/code/environments/production/data >> # more nodes/lhcsrvprdidm02.fixnetix.com.yaml >> --- >> grubipv6disable::enable: false >> >> Seems hiera is not being read. >> >> Any further help you can provide would be appreciated >> >> Thanks, >> Dan. >> On Friday, September 18, 2020 at 12:43:26 PM UTC+1 Martin Alfke wrote: >> >>> Add a parameter to grubipv6disable class which controls the internal >>> behaviour. >>> >>> https://puppet.com/docs/puppet/6.17/lang_classes.html#class-parameters-and-variables >>> >>> e.g. >>> >>> # modules/grubipv6disable/manifests/init.pp >>> class grubipv6disable ( >>> Boolean $enable = true, >>> ){ >>> if $enable { >>> # add here the code from the class. >>> } >>> } >>> >>> Now you add hiera.yaml to your control-repo and add node specific data. >>> https://puppet.com/docs/puppet/6.17/hiera_intro.html >>> >>> e.g. >>> data/nodes/<nodename>.yaml >>> --- >>> grubipv6disable::enable: false >>> >>> Hth, >>> Martin >>> >>> >>> On 17. Sep 2020, at 19:19, [email protected] <[email protected]> wrote: >>> >>> Hello experts, >>> >>> I apply all my current classes like so: >>> >>> # cat site.pp >>> >>> node default { >>> class { 'selinux': >>> mode => 'permissive', >>> type => 'targeted', } >>> class { 'commonpackages': } >>> class { 'polkit': } >>> class { 'libstoragemgmt': } >>> class { 'rngd': } >>> class { 'gssproxy': } >>> class { 'smartd': } >>> class { 'firewalld': } >>> class { 'grubipv6disable': } >>> class { 'grubrootpasswd': } >>> class { 'grubcrash': } >>> class { 'logrotate': } >>> class { 'htop': } >>> class { 'vim': } >>> class { 'yum': } >>> class { 'yumlocalrepo': } >>> class { 'sysctl': } >>> class { 'sysconfig': } >>> class { 'bashrc': } >>> class { 'vault': } >>> class { 'useradd': } >>> class { 'crontab': } >>> class { 'modprobe': } >>> class { 'rsyslogd': } >>> class { 'sudoers': } >>> class { 'motd': } >>> class { 'pam': } >>> class { 'issue': } >>> class { 'issuenet': } >>> class { 'limits': } >>> class { 'timezone': } >>> class { 'profiled': } >>> class { 'pulpconsumer': } >>> class { 'resolver': } >>> class { 'aide': } >>> class { 'autofs': } >>> class { 'vmtoolsd': } >>> class { 'ntpd': } >>> class { 'postfix': } >>> class { 'auditd': } >>> class { 'sshd': } >>> class { 'idmclient': } >>> } >>> >>> However, it's now become apparent that I need to exclude the >>> grubipv6disable from some nodes (all have idm0 in their hostname). >>> >>> What is the best way (or the less complicated) to achive this? >>> >>> Thanks in advance. >>> Dan. >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Puppet Users" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/puppet-users/e0226cb0-a8d9-4767-afa7-093c89358063n%40googlegroups.com >>> >>> <https://groups.google.com/d/msgid/puppet-users/e0226cb0-a8d9-4767-afa7-093c89358063n%40googlegroups.com?utm_medium=email&utm_source=footer> >>> . >>> >>> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/puppet-users/b168cfbc-a37a-4ecd-b394-223de8580440n%40googlegroups.com >> >> <https://groups.google.com/d/msgid/puppet-users/b168cfbc-a37a-4ecd-b394-223de8580440n%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> >> >> > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/6ce33b24-d9e3-4c5d-bb9f-9295f900db36n%40googlegroups.com > > <https://groups.google.com/d/msgid/puppet-users/6ce33b24-d9e3-4c5d-bb9f-9295f900db36n%40googlegroups.com?utm_medium=email&utm_source=footer> > . > > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/7333f66c-a7c7-4a64-9013-6dc248f00fafn%40googlegroups.com.
