Hi Dan,
The puppet lookup explain told you what it has found:
Environment Data Provider (hiera configuration version 5)
Using configuration
"/etc/puppetlabs/code/environments/production/hiera.yaml"
Hierarchy entry "Per-node data"
Path
"/etc/puppetlabs/code/environments/production/data/nodes/lhcsrvprdidm02.fixnetix.com.yaml"
Original path: "nodes/%{trusted.certname}.yaml"
Found key: "grubipv6disable::enable" value: false
So I assume that you want to disable ipv6 only on node
lhcsrvprdidm02.fixnetix.com <http://lhcsrvprdidm02.fixnetix.com/>
> On 1. Oct 2020, at 12:05, [email protected] <[email protected]> wrote:
>
> Hello Martin,
>
> Do you have any further thoughts on the above?
>
> Thanks,
> Dan.
>
> On Monday, September 28, 2020 at 2:37:42 PM UTC+1 [email protected]
> <http://gmail.com/> wrote:
> There is indeed a global hiera.yaml file:
> # cat /etc/puppetlabs/puppet/hiera.yaml
> ---
> # Hiera 5 Global configuration file
>
> version: 5
>
> # defaults:
> # data_hash: yaml_data
> # hierarchy:
> # - name: Common
> # data_hash: yaml_data
> hierarchy: []
>
> Top level environment hiera looks good:
> # cat /etc/puppetlabs/code/environments/production/hiera.yaml
> ---
> version: 5
> defaults:
> # The default value for "datadir" is "data" under the same directory as the
> hiera.yaml
> # file (this file)
> # When specifying a datadir, make sure the directory exists.
> # See https://puppet.com/docs/puppet/latest/environments_about.html
> <https://puppet.com/docs/puppet/latest/environments_about.html> for further
> details on environments.
> datadir: data
> data_hash: yaml_data
> hierarchy:
> - name: "Per-node data" # Human-readable name.
> path: "nodes/%{trusted.certname}.yaml" # File path, relative to datadir.
>
> - name: "Per-OS defaults"
> path: "os/%{facts.os.family}.yaml"
>
> - name: "Common data"
> path: "common.yaml"
>
> There is no associated branch or alike in this instance.
>
> Here's the puppet lookup output with --explain:
>
> # puppet lookup --node lhcsrvprdidm02.fixnetix.com
> <http://lhcsrvprdidm02.fixnetix.com/> grubipv6disable::enable --explain
> Searching for "lookup_options"
> Global Data Provider (hiera configuration version 5)
> Using configuration "/etc/puppetlabs/puppet/hiera.yaml"
> No such key: "lookup_options"
> Environment Data Provider (hiera configuration version 5)
> Using configuration
> "/etc/puppetlabs/code/environments/production/hiera.yaml"
> Merge strategy hash
> Hierarchy entry "Per-node data"
> Path
> "/etc/puppetlabs/code/environments/production/data/nodes/lhcsrvprdidm02.fixnetix.com.yaml"
> Original path: "nodes/%{trusted.certname}.yaml"
> No such key: "lookup_options"
> Hierarchy entry "Per-OS defaults"
> Path
> "/etc/puppetlabs/code/environments/production/data/os/RedHat.yaml"
> Original path: "os/%{facts.os.family}.yaml"
> Path not found
> Hierarchy entry "Common data"
> Path "/etc/puppetlabs/code/environments/production/data/common.yaml"
> Original path: "common.yaml"
> Path not found
> Module "grubipv6disable" Data Provider (hiera configuration version 5)
> Using configuration
> "/etc/puppetlabs/code/environments/production/modules/grubipv6disable/hiera.yaml"
> Merge strategy hash
> Hierarchy entry "osfamily/major release"
> Merge strategy hash
> Path
> "/etc/puppetlabs/code/environments/production/modules/grubipv6disable/data/os/RedHat/7.yaml"
> Original path: "os/%{facts.os.name
> <http://facts.os.name/>}/%{facts.os.release.major}.yaml"
> Path not found
> Path
> "/etc/puppetlabs/code/environments/production/modules/grubipv6disable/data/os/RedHat/7.yaml"
> Original path:
> "os/%{facts.os.family}/%{facts.os.release.major}.yaml"
> Path not found
> Path
> "/etc/puppetlabs/code/environments/production/modules/grubipv6disable/data/os/RedHat/3.10.0-1127.13.1.el7.x86_64.yaml"
> Original path: "os/%{facts.os.family}/%{facts.kernelrelease}.yaml"
> Path not found
> Hierarchy entry "osfamily"
> Merge strategy hash
> Path
> "/etc/puppetlabs/code/environments/production/modules/grubipv6disable/data/os/RedHat.yaml"
> Original path: "os/%{facts.os.name <http://facts.os.name/>}.yaml"
> Path not found
> Path
> "/etc/puppetlabs/code/environments/production/modules/grubipv6disable/data/os/RedHat.yaml"
> Original path: "os/%{facts.os.family}.yaml"
> Path not found
> Hierarchy entry "common"
> Path
> "/etc/puppetlabs/code/environments/production/modules/grubipv6disable/data/common.yaml"
> Original path: "common.yaml"
> No such key: "lookup_options"
> Searching for "grubipv6disable::enable"
> Global Data Provider (hiera configuration version 5)
> Using configuration "/etc/puppetlabs/puppet/hiera.yaml"
> No such key: "grubipv6disable::enable"
> Environment Data Provider (hiera configuration version 5)
> Using configuration
> "/etc/puppetlabs/code/environments/production/hiera.yaml"
> Hierarchy entry "Per-node data"
> Path
> "/etc/puppetlabs/code/environments/production/data/nodes/lhcsrvprdidm02.fixnetix.com.yaml"
> Original path: "nodes/%{trusted.certname}.yaml"
> Found key: "grubipv6disable::enable" value: false
>
> Thanks,
> Dan.
>
>
> On Monday, September 28, 2020 at 2:23:49 PM UTC+1 Martin Alfke wrote:
> In this case it is hiera.
>
> Can you please check:
> - that there is no global hiera.yaml file in
> /etc/puppetlabs/puppet/hiera.yaml or, that the data paths mentioned in that
> file are empty
> - that node is the top level environment in your environment hiera.yaml file
> (/etc/puppetlabs/code/environment/<environment>/hiera.yaml
> - that your Puppet code changes are done in production environment and not
> within a feature branch or: if you use a feature branch: that the data fir
> enabling/disabling the flag is also in environment hiera data
>
> Can you run the puppet lookup command again using the ‘--explain’ parameter?
>
> Hth,
> Martin
>
>
>
>> On 28. Sep 2020, at 15:18, [email protected] <http://gmail.com/>
>> <[email protected] <>> wrote:
>>
>
>> Thanks again Martin,
>>
>> I've changed the code as per recommended. However, the same issue still
>> persists. I'm starting to think that the issue is not code related but lies
>> elsewhere
>>
>> # puppet agent --no-daemonize --onetime --verbose
>> Info: Using configured environment 'production'
>> Info: Retrieving pluginfacts
>> Info: Retrieving plugin
>> Info: Retrieving locales
>> Info: Loading facts
>> Error: Could not retrieve catalog from remote server: Error 500 on SERVER:
>> Server Error: Evaluation Error: Error while evaluating a Resource Statement,
>> Class[Grubipv6disable]: expects a value for parameter 'enable' (file:
>> /etc/puppetlabs/code/environments/production/manifests/site.pp, line: 12,
>> column: 3) on node lhcsrvprdidm02.fixnetix.com
>> <http://lhcsrvprdidm02.fixnetix.com/>
>> Info: Using cached catalog from environment 'production'
>> Info: Applying configuration version '1601218290'
>> Notice: Applied catalog in 1.95 seconds
>>
>> I've checked if a lookup checks-out ok:
>>
>> # puppet lookup --node lhcsrvprdidm02.fixnetix.com
>> <http://lhcsrvprdidm02.fixnetix.com/> grubipv6disable::enable
>> --- false
>>
>> Thanks,
>> Dan.
>>
>>
>>
>> On Monday, September 28, 2020 at 11:54:42 AM UTC+1 Martin Alfke wrote:
>> Hi Dan,
>>
>> I would write the grubipv6disable class in another way:
>>
>> class grubipv6disable (
>> Boolean $enable,
>> ) {
>> if $enable {
>> contain grubipv6disable::config
>> }
>> }
>>
>> And keep the grubipv6disable::config class as is:
>>
>> class grubipv6disable::config (
>> ){
>>
>> if $facts['os']['release']['major'] =~ /7/ {
>> exec { 'grub2_ipv6_disable':
>> command => '/usr/sbin/grubby --update-kernel=ALL
>> --args=ipv6.disable=1',
>> unless => '/usr/sbin/grubby --info=ALL | /usr/bin/grep ipv6'
>> }
>> } else {
>> notice ('Assuming RHEL 6.x thus taking no action')
>> }
>> }
>>
>> Parameters, like variables, are always local to a class.
>>
>> Best,
>> Martin
>>
>>
>>
>>> On 28. Sep 2020, at 12:03, [email protected] <http://gmail.com/>
>>> <[email protected] <>> wrote:
>>>
>>
>>> Thanks for that Martin,
>>>
>>> I seem to have unearthed a different issue:
>>>
>>> # puppet agent --no-daemonize --onetime --verbose
>>> Error: Could not retrieve catalog from remote server: Error 500 on SERVER:
>>> Server Error: Evaluation Error: Error while evaluating a Resource
>>> Statement, Class[Grubipv6disable]: expects a value for parameter 'enable'
>>> (file: /etc/puppetlabs/code/environments/production/manifests/site.pp,
>>> line: 12, column: 3) on node lhcsrvprdidm02.fixnetix.com
>>> <http://lhcsrvprdidm02.fixnetix.com/>
>>>
>>> # pwd
>>> /etc/puppetlabs/code/environments/production/modules/grubipv6disable
>>> # more manifests/init.pp
>>> class grubipv6disable (
>>> Boolean $enable,
>>> ) {
>>> contain grubipv6disable::config
>>> }
>>>
>>> # more manifests/config.pp
>>> class grubipv6disable::config (
>>> Boolean $enable = true,
>>> ){
>>> if $enable {
>>> if $facts['os']['release']['major'] =~ /7/ {
>>> exec { 'grub2_ipv6_disable':
>>> command => '/usr/sbin/grubby --update-kernel=ALL
>>> --args=ipv6.disable=1',
>>> unless => '/usr/sbin/grubby --info=ALL | /usr/bin/grep ipv6'
>>> }
>>> } else {
>>> notice ('Assuming RHEL 6.x thus taking no action')
>>> }
>>> }
>>> }
>>>
>>> # pwd
>>> /etc/puppetlabs/code/environments/production/data
>>> # more nodes/lhcsrvprdidm02.fixnetix.com.yaml
>>> ---
>>> grubipv6disable::enable: false
>>>
>>> Seems hiera is not being read.
>>>
>>> Any further help you can provide would be appreciated
>>>
>>> Thanks,
>>> Dan.
>>> On Friday, September 18, 2020 at 12:43:26 PM UTC+1 Martin Alfke wrote:
>>> Add a parameter to grubipv6disable class which controls the internal
>>> behaviour.
>>> https://puppet.com/docs/puppet/6.17/lang_classes.html#class-parameters-and-variables
>>>
>>> <https://puppet.com/docs/puppet/6.17/lang_classes.html#class-parameters-and-variables>
>>>
>>> e.g.
>>>
>>> # modules/grubipv6disable/manifests/init.pp
>>> class grubipv6disable (
>>> Boolean $enable = true,
>>> ){
>>> if $enable {
>>> # add here the code from the class.
>>> }
>>> }
>>>
>>> Now you add hiera.yaml to your control-repo and add node specific data.
>>> https://puppet.com/docs/puppet/6.17/hiera_intro.html
>>> <https://puppet.com/docs/puppet/6.17/hiera_intro.html>
>>>
>>> e.g.
>>> data/nodes/<nodename>.yaml
>>> ---
>>> grubipv6disable::enable: false
>>>
>>> Hth,
>>> Martin
>>>
>>>
>>>
>>>> On 17. Sep 2020, at 19:19, [email protected] <http://gmail.com/>
>>>> <[email protected] <>> wrote:
>>>>
>>>
>>>> Hello experts,
>>>>
>>>> I apply all my current classes like so:
>>>>
>>>> # cat site.pp
>>>>
>>>> node default {
>>>> class { 'selinux':
>>>> mode => 'permissive',
>>>> type => 'targeted', }
>>>> class { 'commonpackages': }
>>>> class { 'polkit': }
>>>> class { 'libstoragemgmt': }
>>>> class { 'rngd': }
>>>> class { 'gssproxy': }
>>>> class { 'smartd': }
>>>> class { 'firewalld': }
>>>> class { 'grubipv6disable': }
>>>> class { 'grubrootpasswd': }
>>>> class { 'grubcrash': }
>>>> class { 'logrotate': }
>>>> class { 'htop': }
>>>> class { 'vim': }
>>>> class { 'yum': }
>>>> class { 'yumlocalrepo': }
>>>> class { 'sysctl': }
>>>> class { 'sysconfig': }
>>>> class { 'bashrc': }
>>>> class { 'vault': }
>>>> class { 'useradd': }
>>>> class { 'crontab': }
>>>> class { 'modprobe': }
>>>> class { 'rsyslogd': }
>>>> class { 'sudoers': }
>>>> class { 'motd': }
>>>> class { 'pam': }
>>>> class { 'issue': }
>>>> class { 'issuenet': }
>>>> class { 'limits': }
>>>> class { 'timezone': }
>>>> class { 'profiled': }
>>>> class { 'pulpconsumer': }
>>>> class { 'resolver': }
>>>> class { 'aide': }
>>>> class { 'autofs': }
>>>> class { 'vmtoolsd': }
>>>> class { 'ntpd': }
>>>> class { 'postfix': }
>>>> class { 'auditd': }
>>>> class { 'sshd': }
>>>> class { 'idmclient': }
>>>> }
>>>>
>>>> However, it's now become apparent that I need to exclude the
>>>> grubipv6disable from some nodes (all have idm0 in their hostname).
>>>>
>>>> What is the best way (or the less complicated) to achive this?
>>>>
>>>> Thanks in advance.
>>>> Dan.
>>>>
>>>
>>>> --
>>>> You received this message because you are subscribed to the Google Groups
>>>> "Puppet Users" group.
>>>> To unsubscribe from this group and stop receiving emails from it, send an
>>>> email to [email protected] <>.
>>>> To view this discussion on the web visit
>>>> https://groups.google.com/d/msgid/puppet-users/e0226cb0-a8d9-4767-afa7-093c89358063n%40googlegroups.com
>>>>
>>>> <https://groups.google.com/d/msgid/puppet-users/e0226cb0-a8d9-4767-afa7-093c89358063n%40googlegroups.com?utm_medium=email&utm_source=footer>.
>>>
>>>
>>> --
>>> You received this message because you are subscribed to the Google Groups
>>> "Puppet Users" group.
>>> To unsubscribe from this group and stop receiving emails from it, send an
>>> email to [email protected] <>.
>>
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/puppet-users/b168cfbc-a37a-4ecd-b394-223de8580440n%40googlegroups.com
>>>
>>> <https://groups.google.com/d/msgid/puppet-users/b168cfbc-a37a-4ecd-b394-223de8580440n%40googlegroups.com?utm_medium=email&utm_source=footer>.
>>
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to [email protected] <>.
>
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/puppet-users/6ce33b24-d9e3-4c5d-bb9f-9295f900db36n%40googlegroups.com
>>
>> <https://groups.google.com/d/msgid/puppet-users/6ce33b24-d9e3-4c5d-bb9f-9295f900db36n%40googlegroups.com?utm_medium=email&utm_source=footer>.
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected]
> <mailto:[email protected]>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/4dd65c40-7489-4c9e-81db-0c75f2a43cddn%40googlegroups.com
>
> <https://groups.google.com/d/msgid/puppet-users/4dd65c40-7489-4c9e-81db-0c75f2a43cddn%40googlegroups.com?utm_medium=email&utm_source=footer>.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/55DB00ED-2481-485F-B074-E8EC38A5F547%40gmail.com.
