Thanks Martin, yes (on fours servers to be specific all with idm0 in the
hostname). Problem I have, is although the lookup is returning what I
need, when I run the agent, it returns:
Error: Could not retrieve catalog from remote server: Error 500 on SERVER:
Server Error: Evaluation Error: Error while evaluating a Resource
Statement, Class[Grubipv6disable]: expects a value for parameter 'enable'
(file: /etc/puppetlabs/code/environments/production/manifests/site.pp,
line: 12, column: 3) on node lhcsrvprdidm02.fixnetix.com
I guessing that this is suggesting the expected hiera vaule can't be found.
Thanks,
Dan.
On Thursday, October 1, 2020 at 11:24:04 AM UTC+1 Martin Alfke wrote:
> Hi Dan,
>
> The puppet lookup explain told you what it has found:
>
> Environment Data Provider (hiera configuration version 5)
> Using configuration
> "/etc/puppetlabs/code/environments/production/hiera.yaml"
> Hierarchy entry "Per-node data"
> Path
> "/etc/puppetlabs/code/environments/production/data/nodes/lhcsrvprdidm02.fixnetix.com.yaml"
> Original path: "nodes/%{trusted.certname}.yaml"
> Found key: "grubipv6disable::enable" value: false
>
> So I assume that you want to disable ipv6 only on node
> lhcsrvprdidm02.fixnetix.com
>
>
>
> On 1. Oct 2020, at 12:05, [email protected] <[email protected]> wrote:
>
> Hello Martin,
>
> Do you have any further thoughts on the above?
>
> Thanks,
> Dan.
>
> On Monday, September 28, 2020 at 2:37:42 PM UTC+1 [email protected] wrote:
>
>> There is indeed a global hiera.yaml file:
>> # cat /etc/puppetlabs/puppet/hiera.yaml
>> ---
>> # Hiera 5 Global configuration file
>>
>> version: 5
>>
>> # defaults:
>> # data_hash: yaml_data
>> # hierarchy:
>> # - name: Common
>> # data_hash: yaml_data
>> hierarchy: []
>>
>> Top level environment hiera looks good:
>> # cat /etc/puppetlabs/code/environments/production/hiera.yaml
>> ---
>> version: 5
>> defaults:
>> # The default value for "datadir" is "data" under the same directory
>> as the hiera.yaml
>> # file (this file)
>> # When specifying a datadir, make sure the directory exists.
>> # See https://puppet.com/docs/puppet/latest/environments_about.html for
>> further details on environments.
>> datadir: data
>> data_hash: yaml_data
>> hierarchy:
>> - name: "Per-node data" # Human-readable name.
>> path: "nodes/%{trusted.certname}.yaml" # File path, relative to
>> datadir.
>>
>> - name: "Per-OS defaults"
>> path: "os/%{facts.os.family}.yaml"
>>
>> - name: "Common data"
>> path: "common.yaml"
>>
>> There is no associated branch or alike in this instance.
>>
>> Here's the puppet lookup output with --explain:
>>
>> # puppet lookup --node lhcsrvprdidm02.fixnetix.com grubipv6disable::enable
>> --explain
>> Searching for "lookup_options"
>> Global Data Provider (hiera configuration version 5)
>> Using configuration "/etc/puppetlabs/puppet/hiera.yaml"
>> No such key: "lookup_options"
>> Environment Data Provider (hiera configuration version 5)
>> Using configuration
>> "/etc/puppetlabs/code/environments/production/hiera.yaml"
>> Merge strategy hash
>> Hierarchy entry "Per-node data"
>> Path
>> "/etc/puppetlabs/code/environments/production/data/nodes/lhcsrvprdidm02.fixnetix.com.yaml"
>> Original path: "nodes/%{trusted.certname}.yaml"
>> No such key: "lookup_options"
>> Hierarchy entry "Per-OS defaults"
>> Path
>> "/etc/puppetlabs/code/environments/production/data/os/RedHat.yaml"
>> Original path: "os/%{facts.os.family}.yaml"
>> Path not found
>> Hierarchy entry "Common data"
>> Path
>> "/etc/puppetlabs/code/environments/production/data/common.yaml"
>> Original path: "common.yaml"
>> Path not found
>> Module "grubipv6disable" Data Provider (hiera configuration version 5)
>> Using configuration
>> "/etc/puppetlabs/code/environments/production/modules/grubipv6disable/hiera.yaml"
>> Merge strategy hash
>> Hierarchy entry "osfamily/major release"
>> Merge strategy hash
>> Path
>> "/etc/puppetlabs/code/environments/production/modules/grubipv6disable/data/os/RedHat/7.yaml"
>> Original path: "os/%{facts.os.name
>> }/%{facts.os.release.major}.yaml"
>> Path not found
>> Path
>> "/etc/puppetlabs/code/environments/production/modules/grubipv6disable/data/os/RedHat/7.yaml"
>> Original path:
>> "os/%{facts.os.family}/%{facts.os.release.major}.yaml"
>> Path not found
>> Path
>> "/etc/puppetlabs/code/environments/production/modules/grubipv6disable/data/os/RedHat/3.10.0-1127.13.1.el7.x86_64.yaml"
>> Original path:
>> "os/%{facts.os.family}/%{facts.kernelrelease}.yaml"
>> Path not found
>> Hierarchy entry "osfamily"
>> Merge strategy hash
>> Path
>> "/etc/puppetlabs/code/environments/production/modules/grubipv6disable/data/os/RedHat.yaml"
>> Original path: "os/%{facts.os.name}.yaml"
>> Path not found
>> Path
>> "/etc/puppetlabs/code/environments/production/modules/grubipv6disable/data/os/RedHat.yaml"
>> Original path: "os/%{facts.os.family}.yaml"
>> Path not found
>> Hierarchy entry "common"
>> Path
>> "/etc/puppetlabs/code/environments/production/modules/grubipv6disable/data/common.yaml"
>> Original path: "common.yaml"
>> No such key: "lookup_options"
>> Searching for "grubipv6disable::enable"
>> Global Data Provider (hiera configuration version 5)
>> Using configuration "/etc/puppetlabs/puppet/hiera.yaml"
>> No such key: "grubipv6disable::enable"
>> Environment Data Provider (hiera configuration version 5)
>> Using configuration
>> "/etc/puppetlabs/code/environments/production/hiera.yaml"
>> Hierarchy entry "Per-node data"
>> Path
>> "/etc/puppetlabs/code/environments/production/data/nodes/lhcsrvprdidm02.fixnetix.com.yaml"
>> Original path: "nodes/%{trusted.certname}.yaml"
>> Found key: "grubipv6disable::enable" value: false
>>
>> Thanks,
>> Dan.
>>
>>
>> On Monday, September 28, 2020 at 2:23:49 PM UTC+1 Martin Alfke wrote:
>>
>>> In this case it is hiera.
>>>
>>> Can you please check:
>>> - that there is no global hiera.yaml file in
>>> /etc/puppetlabs/puppet/hiera.yaml or, that the data paths mentioned in that
>>> file are empty
>>> - that node is the top level environment in your environment hiera.yaml
>>> file (/etc/puppetlabs/code/environment/<environment>/hiera.yaml
>>> - that your Puppet code changes are done in production environment and
>>> not within a feature branch or: if you use a feature branch: that the data
>>> fir enabling/disabling the flag is also in environment hiera data
>>>
>>> Can you run the puppet lookup command again using the ‘--explain’
>>> parameter?
>>>
>>> Hth,
>>> Martin
>>>
>>>
>>> On 28. Sep 2020, at 15:18, [email protected] <[email protected]> wrote:
>>>
>>> Thanks again Martin,
>>>
>>> I've changed the code as per recommended. However, the same issue still
>>> persists. I'm starting to think that the issue is not code related but
>>> lies elsewhere
>>>
>>> # puppet agent --no-daemonize --onetime --verbose
>>> Info: Using configured environment 'production'
>>> Info: Retrieving pluginfacts
>>> Info: Retrieving plugin
>>> Info: Retrieving locales
>>> Info: Loading facts
>>> Error: Could not retrieve catalog from remote server: Error 500 on
>>> SERVER: Server Error: Evaluation Error: Error while evaluating a Resource
>>> Statement, Class[Grubipv6disable]: expects a value for parameter 'enable'
>>> (file: /etc/puppetlabs/code/environments/production/manifests/site.pp,
>>> line: 12, column: 3) on node lhcsrvprdidm02.fixnetix.com
>>> Info: Using cached catalog from environment 'production'
>>> Info: Applying configuration version '1601218290'
>>> Notice: Applied catalog in 1.95 seconds
>>>
>>> I've checked if a lookup checks-out ok:
>>>
>>> # puppet lookup --node lhcsrvprdidm02.fixnetix.com
>>> grubipv6disable::enable
>>> --- false
>>>
>>> Thanks,
>>> Dan.
>>>
>>>
>>>
>>> On Monday, September 28, 2020 at 11:54:42 AM UTC+1 Martin Alfke wrote:
>>>
>>>> Hi Dan,
>>>>
>>>> I would write the grubipv6disable class in another way:
>>>>
>>>> class grubipv6disable (
>>>> Boolean $enable,
>>>> ) {
>>>> if $enable {
>>>> contain grubipv6disable::config
>>>> }
>>>> }
>>>>
>>>> And keep the grubipv6disable::config class as is:
>>>>
>>>> class grubipv6disable::config (
>>>> ){
>>>>
>>>> if $facts['os']['release']['major'] =~ /7/ {
>>>> exec { 'grub2_ipv6_disable':
>>>> command => '/usr/sbin/grubby --update-kernel=ALL
>>>> --args=ipv6.disable=1',
>>>> unless => '/usr/sbin/grubby --info=ALL | /usr/bin/grep ipv6'
>>>> }
>>>> } else {
>>>> notice ('Assuming RHEL 6.x thus taking no action')
>>>> }
>>>> }
>>>>
>>>> Parameters, like variables, are always local to a class.
>>>>
>>>> Best,
>>>> Martin
>>>>
>>>>
>>>> On 28. Sep 2020, at 12:03, [email protected] <[email protected]> wrote:
>>>>
>>>> Thanks for that Martin,
>>>>
>>>> I seem to have unearthed a different issue:
>>>>
>>>> # puppet agent --no-daemonize --onetime --verbose
>>>> Error: Could not retrieve catalog from remote server: Error 500 on
>>>> SERVER: Server Error: Evaluation Error: Error while evaluating a Resource
>>>> Statement, Class[Grubipv6disable]: expects a value for parameter 'enable'
>>>> (file: /etc/puppetlabs/code/environments/production/manifests/site.pp,
>>>> line: 12, column: 3) on node lhcsrvprdidm02.fixnetix.com
>>>>
>>>> # pwd
>>>> /etc/puppetlabs/code/environments/production/modules/grubipv6disable
>>>> # more manifests/init.pp
>>>> class grubipv6disable (
>>>> Boolean $enable,
>>>> ) {
>>>> contain grubipv6disable::config
>>>> }
>>>>
>>>> # more manifests/config.pp
>>>> class grubipv6disable::config (
>>>> Boolean $enable = true,
>>>> ){
>>>> if $enable {
>>>> if $facts['os']['release']['major'] =~ /7/ {
>>>> exec { 'grub2_ipv6_disable':
>>>> command => '/usr/sbin/grubby --update-kernel=ALL
>>>> --args=ipv6.disable=1',
>>>> unless => '/usr/sbin/grubby --info=ALL | /usr/bin/grep ipv6'
>>>> }
>>>> } else {
>>>> notice ('Assuming RHEL 6.x thus taking no action')
>>>> }
>>>> }
>>>> }
>>>>
>>>> # pwd
>>>> /etc/puppetlabs/code/environments/production/data
>>>> # more nodes/lhcsrvprdidm02.fixnetix.com.yaml
>>>> ---
>>>> grubipv6disable::enable: false
>>>>
>>>> Seems hiera is not being read.
>>>>
>>>> Any further help you can provide would be appreciated
>>>>
>>>> Thanks,
>>>> Dan.
>>>> On Friday, September 18, 2020 at 12:43:26 PM UTC+1 Martin Alfke wrote:
>>>>
>>>>> Add a parameter to grubipv6disable class which controls the internal
>>>>> behaviour.
>>>>>
>>>>> https://puppet.com/docs/puppet/6.17/lang_classes.html#class-parameters-and-variables
>>>>>
>>>>> e.g.
>>>>>
>>>>> # modules/grubipv6disable/manifests/init.pp
>>>>> class grubipv6disable (
>>>>> Boolean $enable = true,
>>>>> ){
>>>>> if $enable {
>>>>> # add here the code from the class.
>>>>> }
>>>>> }
>>>>>
>>>>> Now you add hiera.yaml to your control-repo and add node specific data.
>>>>> https://puppet.com/docs/puppet/6.17/hiera_intro.html
>>>>>
>>>>> e.g.
>>>>> data/nodes/<nodename>.yaml
>>>>> ---
>>>>> grubipv6disable::enable: false
>>>>>
>>>>> Hth,
>>>>> Martin
>>>>>
>>>>>
>>>>> On 17. Sep 2020, at 19:19, [email protected] <[email protected]> wrote:
>>>>>
>>>>> Hello experts,
>>>>>
>>>>> I apply all my current classes like so:
>>>>>
>>>>> # cat site.pp
>>>>>
>>>>> node default {
>>>>> class { 'selinux':
>>>>> mode => 'permissive',
>>>>> type => 'targeted', }
>>>>> class { 'commonpackages': }
>>>>> class { 'polkit': }
>>>>> class { 'libstoragemgmt': }
>>>>> class { 'rngd': }
>>>>> class { 'gssproxy': }
>>>>> class { 'smartd': }
>>>>> class { 'firewalld': }
>>>>> class { 'grubipv6disable': }
>>>>> class { 'grubrootpasswd': }
>>>>> class { 'grubcrash': }
>>>>> class { 'logrotate': }
>>>>> class { 'htop': }
>>>>> class { 'vim': }
>>>>> class { 'yum': }
>>>>> class { 'yumlocalrepo': }
>>>>> class { 'sysctl': }
>>>>> class { 'sysconfig': }
>>>>> class { 'bashrc': }
>>>>> class { 'vault': }
>>>>> class { 'useradd': }
>>>>> class { 'crontab': }
>>>>> class { 'modprobe': }
>>>>> class { 'rsyslogd': }
>>>>> class { 'sudoers': }
>>>>> class { 'motd': }
>>>>> class { 'pam': }
>>>>> class { 'issue': }
>>>>> class { 'issuenet': }
>>>>> class { 'limits': }
>>>>> class { 'timezone': }
>>>>> class { 'profiled': }
>>>>> class { 'pulpconsumer': }
>>>>> class { 'resolver': }
>>>>> class { 'aide': }
>>>>> class { 'autofs': }
>>>>> class { 'vmtoolsd': }
>>>>> class { 'ntpd': }
>>>>> class { 'postfix': }
>>>>> class { 'auditd': }
>>>>> class { 'sshd': }
>>>>> class { 'idmclient': }
>>>>> }
>>>>>
>>>>> However, it's now become apparent that I need to exclude the
>>>>> grubipv6disable from some nodes (all have idm0 in their hostname).
>>>>>
>>>>> What is the best way (or the less complicated) to achive this?
>>>>>
>>>>> Thanks in advance.
>>>>> Dan.
>>>>>
>>>>> --
>>>>> You received this message because you are subscribed to the Google
>>>>> Groups "Puppet Users" group.
>>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>>> an email to [email protected].
>>>>> To view this discussion on the web visit
>>>>> https://groups.google.com/d/msgid/puppet-users/e0226cb0-a8d9-4767-afa7-093c89358063n%40googlegroups.com
>>>>>
>>>>> <https://groups.google.com/d/msgid/puppet-users/e0226cb0-a8d9-4767-afa7-093c89358063n%40googlegroups.com?utm_medium=email&utm_source=footer>
>>>>> .
>>>>>
>>>>>
>>>> --
>>>> You received this message because you are subscribed to the Google
>>>> Groups "Puppet Users" group.
>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>> an email to [email protected].
>>>>
>>>> To view this discussion on the web visit
>>>> https://groups.google.com/d/msgid/puppet-users/b168cfbc-a37a-4ecd-b394-223de8580440n%40googlegroups.com
>>>>
>>>> <https://groups.google.com/d/msgid/puppet-users/b168cfbc-a37a-4ecd-b394-223de8580440n%40googlegroups.com?utm_medium=email&utm_source=footer>
>>>> .
>>>>
>>>>
>>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Puppet Users" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to [email protected].
>>>
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/puppet-users/6ce33b24-d9e3-4c5d-bb9f-9295f900db36n%40googlegroups.com
>>>
>>> <https://groups.google.com/d/msgid/puppet-users/6ce33b24-d9e3-4c5d-bb9f-9295f900db36n%40googlegroups.com?utm_medium=email&utm_source=footer>
>>> .
>>>
>>>
>>>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
>
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/4dd65c40-7489-4c9e-81db-0c75f2a43cddn%40googlegroups.com
>
> <https://groups.google.com/d/msgid/puppet-users/4dd65c40-7489-4c9e-81db-0c75f2a43cddn%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
>
>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/a6ea6ef0-94a8-426c-9df8-34f102ef8b76n%40googlegroups.com.
