Hello Martin, Do you have any further thoughts on the above?
Thanks, Dan. On Monday, September 28, 2020 at 2:37:42 PM UTC+1 [email protected] wrote: > There is indeed a global hiera.yaml file: > # cat /etc/puppetlabs/puppet/hiera.yaml > --- > # Hiera 5 Global configuration file > > version: 5 > > # defaults: > # data_hash: yaml_data > # hierarchy: > # - name: Common > # data_hash: yaml_data > hierarchy: [] > > Top level environment hiera looks good: > # cat /etc/puppetlabs/code/environments/production/hiera.yaml > --- > version: 5 > defaults: > # The default value for "datadir" is "data" under the same directory as > the hiera.yaml > # file (this file) > # When specifying a datadir, make sure the directory exists. > # See https://puppet.com/docs/puppet/latest/environments_about.html for > further details on environments. > datadir: data > data_hash: yaml_data > hierarchy: > - name: "Per-node data" # Human-readable name. > path: "nodes/%{trusted.certname}.yaml" # File path, relative to > datadir. > > - name: "Per-OS defaults" > path: "os/%{facts.os.family}.yaml" > > - name: "Common data" > path: "common.yaml" > > There is no associated branch or alike in this instance. > > Here's the puppet lookup output with --explain: > > # puppet lookup --node lhcsrvprdidm02.fixnetix.com > grubipv6disable::enable --explain > Searching for "lookup_options" > Global Data Provider (hiera configuration version 5) > Using configuration "/etc/puppetlabs/puppet/hiera.yaml" > No such key: "lookup_options" > Environment Data Provider (hiera configuration version 5) > Using configuration > "/etc/puppetlabs/code/environments/production/hiera.yaml" > Merge strategy hash > Hierarchy entry "Per-node data" > Path > "/etc/puppetlabs/code/environments/production/data/nodes/lhcsrvprdidm02.fixnetix.com.yaml" > Original path: "nodes/%{trusted.certname}.yaml" > No such key: "lookup_options" > Hierarchy entry "Per-OS defaults" > Path > "/etc/puppetlabs/code/environments/production/data/os/RedHat.yaml" > Original path: "os/%{facts.os.family}.yaml" > Path not found > Hierarchy entry "Common data" > Path > "/etc/puppetlabs/code/environments/production/data/common.yaml" > Original path: "common.yaml" > Path not found > Module "grubipv6disable" Data Provider (hiera configuration version 5) > Using configuration > "/etc/puppetlabs/code/environments/production/modules/grubipv6disable/hiera.yaml" > Merge strategy hash > Hierarchy entry "osfamily/major release" > Merge strategy hash > Path > "/etc/puppetlabs/code/environments/production/modules/grubipv6disable/data/os/RedHat/7.yaml" > Original path: "os/%{facts.os.name > }/%{facts.os.release.major}.yaml" > Path not found > Path > "/etc/puppetlabs/code/environments/production/modules/grubipv6disable/data/os/RedHat/7.yaml" > Original path: > "os/%{facts.os.family}/%{facts.os.release.major}.yaml" > Path not found > Path > "/etc/puppetlabs/code/environments/production/modules/grubipv6disable/data/os/RedHat/3.10.0-1127.13.1.el7.x86_64.yaml" > Original path: > "os/%{facts.os.family}/%{facts.kernelrelease}.yaml" > Path not found > Hierarchy entry "osfamily" > Merge strategy hash > Path > "/etc/puppetlabs/code/environments/production/modules/grubipv6disable/data/os/RedHat.yaml" > Original path: "os/%{facts.os.name}.yaml" > Path not found > Path > "/etc/puppetlabs/code/environments/production/modules/grubipv6disable/data/os/RedHat.yaml" > Original path: "os/%{facts.os.family}.yaml" > Path not found > Hierarchy entry "common" > Path > "/etc/puppetlabs/code/environments/production/modules/grubipv6disable/data/common.yaml" > Original path: "common.yaml" > No such key: "lookup_options" > Searching for "grubipv6disable::enable" > Global Data Provider (hiera configuration version 5) > Using configuration "/etc/puppetlabs/puppet/hiera.yaml" > No such key: "grubipv6disable::enable" > Environment Data Provider (hiera configuration version 5) > Using configuration > "/etc/puppetlabs/code/environments/production/hiera.yaml" > Hierarchy entry "Per-node data" > Path > "/etc/puppetlabs/code/environments/production/data/nodes/lhcsrvprdidm02.fixnetix.com.yaml" > Original path: "nodes/%{trusted.certname}.yaml" > Found key: "grubipv6disable::enable" value: false > > Thanks, > Dan. > > > On Monday, September 28, 2020 at 2:23:49 PM UTC+1 Martin Alfke wrote: > >> In this case it is hiera. >> >> Can you please check: >> - that there is no global hiera.yaml file in >> /etc/puppetlabs/puppet/hiera.yaml or, that the data paths mentioned in that >> file are empty >> - that node is the top level environment in your environment hiera.yaml >> file (/etc/puppetlabs/code/environment/<environment>/hiera.yaml >> - that your Puppet code changes are done in production environment and >> not within a feature branch or: if you use a feature branch: that the data >> fir enabling/disabling the flag is also in environment hiera data >> >> Can you run the puppet lookup command again using the ‘--explain’ >> parameter? >> >> Hth, >> Martin >> >> >> On 28. Sep 2020, at 15:18, [email protected] <[email protected]> wrote: >> >> Thanks again Martin, >> >> I've changed the code as per recommended. However, the same issue still >> persists. I'm starting to think that the issue is not code related but >> lies elsewhere >> >> # puppet agent --no-daemonize --onetime --verbose >> Info: Using configured environment 'production' >> Info: Retrieving pluginfacts >> Info: Retrieving plugin >> Info: Retrieving locales >> Info: Loading facts >> Error: Could not retrieve catalog from remote server: Error 500 on >> SERVER: Server Error: Evaluation Error: Error while evaluating a Resource >> Statement, Class[Grubipv6disable]: expects a value for parameter 'enable' >> (file: /etc/puppetlabs/code/environments/production/manifests/site.pp, >> line: 12, column: 3) on node lhcsrvprdidm02.fixnetix.com >> Info: Using cached catalog from environment 'production' >> Info: Applying configuration version '1601218290' >> Notice: Applied catalog in 1.95 seconds >> >> I've checked if a lookup checks-out ok: >> >> # puppet lookup --node lhcsrvprdidm02.fixnetix.com >> grubipv6disable::enable >> --- false >> >> Thanks, >> Dan. >> >> >> >> On Monday, September 28, 2020 at 11:54:42 AM UTC+1 Martin Alfke wrote: >> >>> Hi Dan, >>> >>> I would write the grubipv6disable class in another way: >>> >>> class grubipv6disable ( >>> Boolean $enable, >>> ) { >>> if $enable { >>> contain grubipv6disable::config >>> } >>> } >>> >>> And keep the grubipv6disable::config class as is: >>> >>> class grubipv6disable::config ( >>> ){ >>> >>> if $facts['os']['release']['major'] =~ /7/ { >>> exec { 'grub2_ipv6_disable': >>> command => '/usr/sbin/grubby --update-kernel=ALL >>> --args=ipv6.disable=1', >>> unless => '/usr/sbin/grubby --info=ALL | /usr/bin/grep ipv6' >>> } >>> } else { >>> notice ('Assuming RHEL 6.x thus taking no action') >>> } >>> } >>> >>> Parameters, like variables, are always local to a class. >>> >>> Best, >>> Martin >>> >>> >>> On 28. Sep 2020, at 12:03, [email protected] <[email protected]> wrote: >>> >>> Thanks for that Martin, >>> >>> I seem to have unearthed a different issue: >>> >>> # puppet agent --no-daemonize --onetime --verbose >>> Error: Could not retrieve catalog from remote server: Error 500 on >>> SERVER: Server Error: Evaluation Error: Error while evaluating a Resource >>> Statement, Class[Grubipv6disable]: expects a value for parameter 'enable' >>> (file: /etc/puppetlabs/code/environments/production/manifests/site.pp, >>> line: 12, column: 3) on node lhcsrvprdidm02.fixnetix.com >>> >>> # pwd >>> /etc/puppetlabs/code/environments/production/modules/grubipv6disable >>> # more manifests/init.pp >>> class grubipv6disable ( >>> Boolean $enable, >>> ) { >>> contain grubipv6disable::config >>> } >>> >>> # more manifests/config.pp >>> class grubipv6disable::config ( >>> Boolean $enable = true, >>> ){ >>> if $enable { >>> if $facts['os']['release']['major'] =~ /7/ { >>> exec { 'grub2_ipv6_disable': >>> command => '/usr/sbin/grubby --update-kernel=ALL >>> --args=ipv6.disable=1', >>> unless => '/usr/sbin/grubby --info=ALL | /usr/bin/grep ipv6' >>> } >>> } else { >>> notice ('Assuming RHEL 6.x thus taking no action') >>> } >>> } >>> } >>> >>> # pwd >>> /etc/puppetlabs/code/environments/production/data >>> # more nodes/lhcsrvprdidm02.fixnetix.com.yaml >>> --- >>> grubipv6disable::enable: false >>> >>> Seems hiera is not being read. >>> >>> Any further help you can provide would be appreciated >>> >>> Thanks, >>> Dan. >>> On Friday, September 18, 2020 at 12:43:26 PM UTC+1 Martin Alfke wrote: >>> >>>> Add a parameter to grubipv6disable class which controls the internal >>>> behaviour. >>>> >>>> https://puppet.com/docs/puppet/6.17/lang_classes.html#class-parameters-and-variables >>>> >>>> e.g. >>>> >>>> # modules/grubipv6disable/manifests/init.pp >>>> class grubipv6disable ( >>>> Boolean $enable = true, >>>> ){ >>>> if $enable { >>>> # add here the code from the class. >>>> } >>>> } >>>> >>>> Now you add hiera.yaml to your control-repo and add node specific data. >>>> https://puppet.com/docs/puppet/6.17/hiera_intro.html >>>> >>>> e.g. >>>> data/nodes/<nodename>.yaml >>>> --- >>>> grubipv6disable::enable: false >>>> >>>> Hth, >>>> Martin >>>> >>>> >>>> On 17. Sep 2020, at 19:19, [email protected] <[email protected]> wrote: >>>> >>>> Hello experts, >>>> >>>> I apply all my current classes like so: >>>> >>>> # cat site.pp >>>> >>>> node default { >>>> class { 'selinux': >>>> mode => 'permissive', >>>> type => 'targeted', } >>>> class { 'commonpackages': } >>>> class { 'polkit': } >>>> class { 'libstoragemgmt': } >>>> class { 'rngd': } >>>> class { 'gssproxy': } >>>> class { 'smartd': } >>>> class { 'firewalld': } >>>> class { 'grubipv6disable': } >>>> class { 'grubrootpasswd': } >>>> class { 'grubcrash': } >>>> class { 'logrotate': } >>>> class { 'htop': } >>>> class { 'vim': } >>>> class { 'yum': } >>>> class { 'yumlocalrepo': } >>>> class { 'sysctl': } >>>> class { 'sysconfig': } >>>> class { 'bashrc': } >>>> class { 'vault': } >>>> class { 'useradd': } >>>> class { 'crontab': } >>>> class { 'modprobe': } >>>> class { 'rsyslogd': } >>>> class { 'sudoers': } >>>> class { 'motd': } >>>> class { 'pam': } >>>> class { 'issue': } >>>> class { 'issuenet': } >>>> class { 'limits': } >>>> class { 'timezone': } >>>> class { 'profiled': } >>>> class { 'pulpconsumer': } >>>> class { 'resolver': } >>>> class { 'aide': } >>>> class { 'autofs': } >>>> class { 'vmtoolsd': } >>>> class { 'ntpd': } >>>> class { 'postfix': } >>>> class { 'auditd': } >>>> class { 'sshd': } >>>> class { 'idmclient': } >>>> } >>>> >>>> However, it's now become apparent that I need to exclude the >>>> grubipv6disable from some nodes (all have idm0 in their hostname). >>>> >>>> What is the best way (or the less complicated) to achive this? >>>> >>>> Thanks in advance. >>>> Dan. >>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "Puppet Users" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> To view this discussion on the web visit >>>> https://groups.google.com/d/msgid/puppet-users/e0226cb0-a8d9-4767-afa7-093c89358063n%40googlegroups.com >>>> >>>> <https://groups.google.com/d/msgid/puppet-users/e0226cb0-a8d9-4767-afa7-093c89358063n%40googlegroups.com?utm_medium=email&utm_source=footer> >>>> . >>>> >>>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Puppet Users" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/puppet-users/b168cfbc-a37a-4ecd-b394-223de8580440n%40googlegroups.com >>> >>> <https://groups.google.com/d/msgid/puppet-users/b168cfbc-a37a-4ecd-b394-223de8580440n%40googlegroups.com?utm_medium=email&utm_source=footer> >>> . >>> >>> >>> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/puppet-users/6ce33b24-d9e3-4c5d-bb9f-9295f900db36n%40googlegroups.com >> >> <https://groups.google.com/d/msgid/puppet-users/6ce33b24-d9e3-4c5d-bb9f-9295f900db36n%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> >> >> -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/4dd65c40-7489-4c9e-81db-0c75f2a43cddn%40googlegroups.com.
