Puppet 6: # puppet --version 6.15.0
Yes, I ran the lookup as root. On Thursday, October 1, 2020 at 11:40:49 AM UTC+1 Martin Alfke wrote: > Which version of puppet are you using? > Puppet 5 or puppert 6? > > And: did you ran the puppet lookup command as root user? (I assume so, I > just want to be sure) > > On 1. Oct 2020, at 12:30, [email protected] <[email protected]> wrote: > > Thanks Martin, yes (on fours servers to be specific all with idm0 in the > hostname). Problem I have, is although the lookup is returning what I > need, when I run the agent, it returns: > > Error: Could not retrieve catalog from remote server: Error 500 on SERVER: > Server Error: Evaluation Error: Error while evaluating a Resource > Statement, Class[Grubipv6disable]: expects a value for parameter 'enable' > (file: /etc/puppetlabs/code/environments/production/manifests/site.pp, > line: 12, column: 3) on node lhcsrvprdidm02.fixnetix.com > > I guessing that this is suggesting the expected hiera vaule can't be found. > > Thanks, > Dan. > > > On Thursday, October 1, 2020 at 11:24:04 AM UTC+1 Martin Alfke wrote: > >> Hi Dan, >> >> The puppet lookup explain told you what it has found: >> >> Environment Data Provider (hiera configuration version 5) >> Using configuration >> "/etc/puppetlabs/code/environments/production/hiera.yaml" >> Hierarchy entry "Per-node data" >> Path >> "/etc/puppetlabs/code/environments/production/data/nodes/lhcsrvprdidm02.fixnetix.com.yaml" >> Original path: "nodes/%{trusted.certname}.yaml" >> Found key: "grubipv6disable::enable" value: false >> >> So I assume that you want to disable ipv6 only on node >> lhcsrvprdidm02.fixnetix.com >> >> >> >> On 1. Oct 2020, at 12:05, [email protected] <[email protected]> wrote: >> >> Hello Martin, >> >> Do you have any further thoughts on the above? >> >> Thanks, >> Dan. >> >> On Monday, September 28, 2020 at 2:37:42 PM UTC+1 [email protected] wrote: >> >>> There is indeed a global hiera.yaml file: >>> # cat /etc/puppetlabs/puppet/hiera.yaml >>> --- >>> # Hiera 5 Global configuration file >>> >>> version: 5 >>> >>> # defaults: >>> # data_hash: yaml_data >>> # hierarchy: >>> # - name: Common >>> # data_hash: yaml_data >>> hierarchy: [] >>> >>> Top level environment hiera looks good: >>> # cat /etc/puppetlabs/code/environments/production/hiera.yaml >>> --- >>> version: 5 >>> defaults: >>> # The default value for "datadir" is "data" under the same directory >>> as the hiera.yaml >>> # file (this file) >>> # When specifying a datadir, make sure the directory exists. >>> # See https://puppet.com/docs/puppet/latest/environments_about.html for >>> further details on environments. >>> datadir: data >>> data_hash: yaml_data >>> hierarchy: >>> - name: "Per-node data" # Human-readable name. >>> path: "nodes/%{trusted.certname}.yaml" # File path, relative to >>> datadir. >>> >>> - name: "Per-OS defaults" >>> path: "os/%{facts.os.family}.yaml" >>> >>> - name: "Common data" >>> path: "common.yaml" >>> >>> There is no associated branch or alike in this instance. >>> >>> Here's the puppet lookup output with --explain: >>> >>> # puppet lookup --node lhcsrvprdidm02.fixnetix.com grubipv6disable::enable >>> --explain >>> Searching for "lookup_options" >>> Global Data Provider (hiera configuration version 5) >>> Using configuration "/etc/puppetlabs/puppet/hiera.yaml" >>> No such key: "lookup_options" >>> Environment Data Provider (hiera configuration version 5) >>> Using configuration >>> "/etc/puppetlabs/code/environments/production/hiera.yaml" >>> Merge strategy hash >>> Hierarchy entry "Per-node data" >>> Path >>> "/etc/puppetlabs/code/environments/production/data/nodes/lhcsrvprdidm02.fixnetix.com.yaml" >>> Original path: "nodes/%{trusted.certname}.yaml" >>> No such key: "lookup_options" >>> Hierarchy entry "Per-OS defaults" >>> Path >>> "/etc/puppetlabs/code/environments/production/data/os/RedHat.yaml" >>> Original path: "os/%{facts.os.family}.yaml" >>> Path not found >>> Hierarchy entry "Common data" >>> Path >>> "/etc/puppetlabs/code/environments/production/data/common.yaml" >>> Original path: "common.yaml" >>> Path not found >>> Module "grubipv6disable" Data Provider (hiera configuration version 5) >>> Using configuration >>> "/etc/puppetlabs/code/environments/production/modules/grubipv6disable/hiera.yaml" >>> Merge strategy hash >>> Hierarchy entry "osfamily/major release" >>> Merge strategy hash >>> Path >>> "/etc/puppetlabs/code/environments/production/modules/grubipv6disable/data/os/RedHat/7.yaml" >>> Original path: "os/%{facts.os.name >>> }/%{facts.os.release.major}.yaml" >>> Path not found >>> Path >>> "/etc/puppetlabs/code/environments/production/modules/grubipv6disable/data/os/RedHat/7.yaml" >>> Original path: >>> "os/%{facts.os.family}/%{facts.os.release.major}.yaml" >>> Path not found >>> Path >>> "/etc/puppetlabs/code/environments/production/modules/grubipv6disable/data/os/RedHat/3.10.0-1127.13.1.el7.x86_64.yaml" >>> Original path: >>> "os/%{facts.os.family}/%{facts.kernelrelease}.yaml" >>> Path not found >>> Hierarchy entry "osfamily" >>> Merge strategy hash >>> Path >>> "/etc/puppetlabs/code/environments/production/modules/grubipv6disable/data/os/RedHat.yaml" >>> Original path: "os/%{facts.os.name}.yaml" >>> Path not found >>> Path >>> "/etc/puppetlabs/code/environments/production/modules/grubipv6disable/data/os/RedHat.yaml" >>> Original path: "os/%{facts.os.family}.yaml" >>> Path not found >>> Hierarchy entry "common" >>> Path >>> "/etc/puppetlabs/code/environments/production/modules/grubipv6disable/data/common.yaml" >>> Original path: "common.yaml" >>> No such key: "lookup_options" >>> Searching for "grubipv6disable::enable" >>> Global Data Provider (hiera configuration version 5) >>> Using configuration "/etc/puppetlabs/puppet/hiera.yaml" >>> No such key: "grubipv6disable::enable" >>> Environment Data Provider (hiera configuration version 5) >>> Using configuration >>> "/etc/puppetlabs/code/environments/production/hiera.yaml" >>> Hierarchy entry "Per-node data" >>> Path >>> "/etc/puppetlabs/code/environments/production/data/nodes/lhcsrvprdidm02.fixnetix.com.yaml" >>> Original path: "nodes/%{trusted.certname}.yaml" >>> Found key: "grubipv6disable::enable" value: false >>> >>> Thanks, >>> Dan. >>> >>> >>> On Monday, September 28, 2020 at 2:23:49 PM UTC+1 Martin Alfke wrote: >>> >>>> In this case it is hiera. >>>> >>>> Can you please check: >>>> - that there is no global hiera.yaml file in >>>> /etc/puppetlabs/puppet/hiera.yaml or, that the data paths mentioned in >>>> that >>>> file are empty >>>> - that node is the top level environment in your environment hiera.yaml >>>> file (/etc/puppetlabs/code/environment/<environment>/hiera.yaml >>>> - that your Puppet code changes are done in production environment and >>>> not within a feature branch or: if you use a feature branch: that the data >>>> fir enabling/disabling the flag is also in environment hiera data >>>> >>>> Can you run the puppet lookup command again using the ‘--explain’ >>>> parameter? >>>> >>>> Hth, >>>> Martin >>>> >>>> >>>> On 28. Sep 2020, at 15:18, [email protected] <[email protected]> wrote: >>>> >>>> Thanks again Martin, >>>> >>>> I've changed the code as per recommended. However, the same issue >>>> still persists. I'm starting to think that the issue is not code related >>>> but lies elsewhere >>>> >>>> # puppet agent --no-daemonize --onetime --verbose >>>> Info: Using configured environment 'production' >>>> Info: Retrieving pluginfacts >>>> Info: Retrieving plugin >>>> Info: Retrieving locales >>>> Info: Loading facts >>>> Error: Could not retrieve catalog from remote server: Error 500 on >>>> SERVER: Server Error: Evaluation Error: Error while evaluating a Resource >>>> Statement, Class[Grubipv6disable]: expects a value for parameter 'enable' >>>> (file: /etc/puppetlabs/code/environments/production/manifests/site.pp, >>>> line: 12, column: 3) on node lhcsrvprdidm02.fixnetix.com >>>> Info: Using cached catalog from environment 'production' >>>> Info: Applying configuration version '1601218290' >>>> Notice: Applied catalog in 1.95 seconds >>>> >>>> I've checked if a lookup checks-out ok: >>>> >>>> # puppet lookup --node lhcsrvprdidm02.fixnetix.com >>>> grubipv6disable::enable >>>> --- false >>>> >>>> Thanks, >>>> Dan. >>>> >>>> >>>> >>>> On Monday, September 28, 2020 at 11:54:42 AM UTC+1 Martin Alfke wrote: >>>> >>>>> Hi Dan, >>>>> >>>>> I would write the grubipv6disable class in another way: >>>>> >>>>> class grubipv6disable ( >>>>> Boolean $enable, >>>>> ) { >>>>> if $enable { >>>>> contain grubipv6disable::config >>>>> } >>>>> } >>>>> >>>>> And keep the grubipv6disable::config class as is: >>>>> >>>>> class grubipv6disable::config ( >>>>> ){ >>>>> >>>>> if $facts['os']['release']['major'] =~ /7/ { >>>>> exec { 'grub2_ipv6_disable': >>>>> command => '/usr/sbin/grubby --update-kernel=ALL >>>>> --args=ipv6.disable=1', >>>>> unless => '/usr/sbin/grubby --info=ALL | /usr/bin/grep ipv6' >>>>> } >>>>> } else { >>>>> notice ('Assuming RHEL 6.x thus taking no action') >>>>> } >>>>> } >>>>> >>>>> Parameters, like variables, are always local to a class. >>>>> >>>>> Best, >>>>> Martin >>>>> >>>>> >>>>> On 28. Sep 2020, at 12:03, [email protected] <[email protected]> wrote: >>>>> >>>>> Thanks for that Martin, >>>>> >>>>> I seem to have unearthed a different issue: >>>>> >>>>> # puppet agent --no-daemonize --onetime --verbose >>>>> Error: Could not retrieve catalog from remote server: Error 500 on >>>>> SERVER: Server Error: Evaluation Error: Error while evaluating a Resource >>>>> Statement, Class[Grubipv6disable]: expects a value for parameter 'enable' >>>>> (file: /etc/puppetlabs/code/environments/production/manifests/site.pp, >>>>> line: 12, column: 3) on node lhcsrvprdidm02.fixnetix.com >>>>> >>>>> # pwd >>>>> /etc/puppetlabs/code/environments/production/modules/grubipv6disable >>>>> # more manifests/init.pp >>>>> class grubipv6disable ( >>>>> Boolean $enable, >>>>> ) { >>>>> contain grubipv6disable::config >>>>> } >>>>> >>>>> # more manifests/config.pp >>>>> class grubipv6disable::config ( >>>>> Boolean $enable = true, >>>>> ){ >>>>> if $enable { >>>>> if $facts['os']['release']['major'] =~ /7/ { >>>>> exec { 'grub2_ipv6_disable': >>>>> command => '/usr/sbin/grubby --update-kernel=ALL >>>>> --args=ipv6.disable=1', >>>>> unless => '/usr/sbin/grubby --info=ALL | /usr/bin/grep ipv6' >>>>> } >>>>> } else { >>>>> notice ('Assuming RHEL 6.x thus taking no action') >>>>> } >>>>> } >>>>> } >>>>> >>>>> # pwd >>>>> /etc/puppetlabs/code/environments/production/data >>>>> # more nodes/lhcsrvprdidm02.fixnetix.com.yaml >>>>> --- >>>>> grubipv6disable::enable: false >>>>> >>>>> Seems hiera is not being read. >>>>> >>>>> Any further help you can provide would be appreciated >>>>> >>>>> Thanks, >>>>> Dan. >>>>> On Friday, September 18, 2020 at 12:43:26 PM UTC+1 Martin Alfke wrote: >>>>> >>>>>> Add a parameter to grubipv6disable class which controls the internal >>>>>> behaviour. >>>>>> >>>>>> https://puppet.com/docs/puppet/6.17/lang_classes.html#class-parameters-and-variables >>>>>> >>>>>> e.g. >>>>>> >>>>>> # modules/grubipv6disable/manifests/init.pp >>>>>> class grubipv6disable ( >>>>>> Boolean $enable = true, >>>>>> ){ >>>>>> if $enable { >>>>>> # add here the code from the class. >>>>>> } >>>>>> } >>>>>> >>>>>> Now you add hiera.yaml to your control-repo and add node specific >>>>>> data. >>>>>> https://puppet.com/docs/puppet/6.17/hiera_intro.html >>>>>> >>>>>> e.g. >>>>>> data/nodes/<nodename>.yaml >>>>>> --- >>>>>> grubipv6disable::enable: false >>>>>> >>>>>> Hth, >>>>>> Martin >>>>>> >>>>>> >>>>>> On 17. Sep 2020, at 19:19, [email protected] <[email protected]> wrote: >>>>>> >>>>>> Hello experts, >>>>>> >>>>>> I apply all my current classes like so: >>>>>> >>>>>> # cat site.pp >>>>>> >>>>>> node default { >>>>>> class { 'selinux': >>>>>> mode => 'permissive', >>>>>> type => 'targeted', } >>>>>> class { 'commonpackages': } >>>>>> class { 'polkit': } >>>>>> class { 'libstoragemgmt': } >>>>>> class { 'rngd': } >>>>>> class { 'gssproxy': } >>>>>> class { 'smartd': } >>>>>> class { 'firewalld': } >>>>>> class { 'grubipv6disable': } >>>>>> class { 'grubrootpasswd': } >>>>>> class { 'grubcrash': } >>>>>> class { 'logrotate': } >>>>>> class { 'htop': } >>>>>> class { 'vim': } >>>>>> class { 'yum': } >>>>>> class { 'yumlocalrepo': } >>>>>> class { 'sysctl': } >>>>>> class { 'sysconfig': } >>>>>> class { 'bashrc': } >>>>>> class { 'vault': } >>>>>> class { 'useradd': } >>>>>> class { 'crontab': } >>>>>> class { 'modprobe': } >>>>>> class { 'rsyslogd': } >>>>>> class { 'sudoers': } >>>>>> class { 'motd': } >>>>>> class { 'pam': } >>>>>> class { 'issue': } >>>>>> class { 'issuenet': } >>>>>> class { 'limits': } >>>>>> class { 'timezone': } >>>>>> class { 'profiled': } >>>>>> class { 'pulpconsumer': } >>>>>> class { 'resolver': } >>>>>> class { 'aide': } >>>>>> class { 'autofs': } >>>>>> class { 'vmtoolsd': } >>>>>> class { 'ntpd': } >>>>>> class { 'postfix': } >>>>>> class { 'auditd': } >>>>>> class { 'sshd': } >>>>>> class { 'idmclient': } >>>>>> } >>>>>> >>>>>> However, it's now become apparent that I need to exclude the >>>>>> grubipv6disable from some nodes (all have idm0 in their hostname). >>>>>> >>>>>> What is the best way (or the less complicated) to achive this? >>>>>> >>>>>> Thanks in advance. >>>>>> Dan. >>>>>> >>>>>> -- >>>>>> You received this message because you are subscribed to the Google >>>>>> Groups "Puppet Users" group. >>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>> send an email to [email protected]. >>>>>> To view this discussion on the web visit >>>>>> https://groups.google.com/d/msgid/puppet-users/e0226cb0-a8d9-4767-afa7-093c89358063n%40googlegroups.com >>>>>> >>>>>> <https://groups.google.com/d/msgid/puppet-users/e0226cb0-a8d9-4767-afa7-093c89358063n%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>>> . >>>>>> >>>>>> >>>>> -- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "Puppet Users" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to [email protected]. >>>>> >>>>> To view this discussion on the web visit >>>>> https://groups.google.com/d/msgid/puppet-users/b168cfbc-a37a-4ecd-b394-223de8580440n%40googlegroups.com >>>>> >>>>> <https://groups.google.com/d/msgid/puppet-users/b168cfbc-a37a-4ecd-b394-223de8580440n%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>> . >>>>> >>>>> >>>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "Puppet Users" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> >>>> To view this discussion on the web visit >>>> https://groups.google.com/d/msgid/puppet-users/6ce33b24-d9e3-4c5d-bb9f-9295f900db36n%40googlegroups.com >>>> >>>> <https://groups.google.com/d/msgid/puppet-users/6ce33b24-d9e3-4c5d-bb9f-9295f900db36n%40googlegroups.com?utm_medium=email&utm_source=footer> >>>> . >>>> >>>> >>>> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/puppet-users/4dd65c40-7489-4c9e-81db-0c75f2a43cddn%40googlegroups.com >> >> <https://groups.google.com/d/msgid/puppet-users/4dd65c40-7489-4c9e-81db-0c75f2a43cddn%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> >> >> > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/a6ea6ef0-94a8-426c-9df8-34f102ef8b76n%40googlegroups.com > > <https://groups.google.com/d/msgid/puppet-users/a6ea6ef0-94a8-426c-9df8-34f102ef8b76n%40googlegroups.com?utm_medium=email&utm_source=footer> > . > > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/7d82ef09-ada0-4b07-a894-a7068b09c954n%40googlegroups.com.
