I'm trying to build a Hiera configuration for my Puppet setup. My Hosts are FreeBSD and Debian systems. Therefore I have a configuration based on ::osfamily. But since I'm making extensive use of Jails I would like to have a further breakdown of my FreeBSD hosts with ::virtual.
from hiera.yaml:
:hierarchy:
- "osfamily/%{::osfamily}"
- "%{::virtual}/%{::osfamily}"
- common
And my data directory tree:
hieradata/
|-- common.yaml
|-- osfamily
| |-- Debian.yaml
| `-- FreeBSD.yaml
|-- physical
| `-- FreeBSD.yaml
|-- jailed
`-- virtual
In my understandigs puppet should apply everything osfamily/FreeBSD.yaml and afterwards from physical/FreeBSD.yaml for a physical FreeBSD host.
Now I want to install the CA-Certificates package on every host and have a class for that task:
class certificates ( $packageName = hiera('ca_package') ){
# Install CA-Certificates
package { $packageName:
ensure => installed,
}
}
That class is included from common.yaml
classes:
- certificates
And the ca_package-Variable is defined in osfamily/FreeBSD.yaml:
---
rootuser: root
rootgroup: wheel
sshservicename: sshd
ca_package: 'security/ca_root_nss'
When I do a hiera test on that variable, everything is working fine:
# hiera -c /usr/local/etc/puppet/hiera.yaml ca_package ::osfamily=FreeBSD
security/ca_root_nss
#
But Puppet is (even in Jails) complaining, that the data item ca_package is not available.
Error: Could not retrieve catalog from remote server: Error 400 on
SERVER: Could not find data item ca_package in any Hiera data file and
no default supplied at
/usr/local/etc/puppet/modules/certificates/manifests/init.pp:2 on node
puppet.fqdn
What am I doing wrong?
The best way to debug hiera is using below command:
puppet master --debug --compile hostname --osfamily=FreeBSD |grep hiera
look for the key ca_package, then you should know how to fix.
Second, your hostname is puppet.fqdn, which is weird for me.
Check if the facter variable 'osfamily' on your client is 'FreeBSD'. Alternatively you can enable debug on puppetserver (logback.xml) and see the log to see which hierarchy its going through and where its failing to get the ca_package.
The best way to debug Hiera is running lookup command on Puppet server node:
$ puppet lookup --environment production --explain --node fqdn.example.com ca_package
where ca_package is the hiera key you're looking for. The --explain flag is helpful for verifying paths were Puppet is looking for the key.
Also merge behavior can be manually defined:
puppet lookup --merge deep --environment production --node fqdn.example.com
Related
I'm just start learning Puppet, really new to this world. I'm using puppet 2.7.26 on my two learning VMs --
puppet-master 192.168.160.131
eisen-suse11 192.168.160.129
Follow the turial, I've signed the node "eisen-suse11" to puppet-master successfully--
puppet-master:/etc/puppet/modules/motd/manifests # puppet cert --list --all
+ "eisen-suse11" (A0:7F:E2:77:30:9A:96:E3:79:FD:F7:1E:59:35:5B:1E)
+ "puppet-master" (38:90:B5:8A:68:8A:A7:44:8A:2F:07:D3:F3:AC:E8:80) (alt names: "DNS:puppet", "DNS:puppet-master", "DNS:puppet-master.suse11", "DNS:puppet.suse11")
+ "puppet-master.suse11" (5D:9E:A4:D9:0C:5F:69:07:FA:55:13:C3:38:6D:9B:26)
Then follow the book, I write a module -- motd -- which should put a file to client node --
puppet-master:/etc/puppet/modules/motd/manifests # cat init.pp
class motd{
package{ 'setup':
ensure => present,
}
file{ '/etc/motd':
ensure => present,
owner => 'root',
group => 'root',
mode => '0644',
source => "puppet://$puppetserver/modules/motd/etc/motd",
require => Package['setup']
}
}
puppet-master:/etc/puppet/modules/motd/manifests # cat site.pp
$puppetserver='puppet-master.suse11'
node 'eisen-suse11'{
include motd
}
But when I tested "puppet agent --test --trace" on the client node -- eisen-suse11 --- it's all quiet --
eisen-suse11:~ # puppet agent --test --trace
info: Caching catalog for eisen-suse11
info: Applying configuration version '1633779962'
notice: Finished catalog run in 0.01 seconds
eisen-suse11:~ # ls /etc/motd
ls: cannot access /etc/motd: No such file or directory
That "/etc/motd" is not copied from puppet-master --
Does anyone can help? Any idea would be appreciated.
RGS
Eisen
The problem is that your node is receiving an empty catalog, which is happening because you put your site.pp file in the wrong place. Puppet will not find it inside the module. It has been a very long time since I wrote code for Puppet 2 (and I hung on to that version much longer than was healthy), but as I recall, the correct directory for that file would be /etc/puppet/manifests.
But again, as I wrote in comments, Puppet 2 is utterly obsolete and well past the end of its life. Ditch it, and also ditch any books you have that teach it. The only reason I can think of to learn this version of Puppet is that you have an existing legacy infrastructure that you are obligated to maintain, but if you are faced with such a Puppet code base in 2021 then it would be best to rewrite from scratch for Puppet 7.
I recently upgraded puppet version 3 to version 5. all is working fine with the new version but hiera configurations for puppet 5 is not working as expected. I think I missing something which would deploy changes in the remote node. Please advise what should I do here. below are the configurations for my setup.
1) Hiera.yaml
cat /etc/puppetlabs/code/environments/hiera.yaml
version: 5
hierarchy:
- name: "Master"
path: "environments/%{environment}/data/%{trusted.certname}.yaml"
data_hash: yaml_data
datadir: /etc/puppetlabs/code/
2) And my Environment YAML files are kept at
cat /etc/puppetlabs/code/environments/staging/data/puppetsr7.demo.com.yaml
demo::configuration::phpini::memory_limit: '64'
3) but when I run the command on my remote node, nothing is changing
/opt/puppetlabs/bin/puppet agent
4) In order to troubleshoot I tried to run the command
puppet lookup --explain demo::configuration::phpini::memory_limit --environment staging --node puppetsr7.demo.com
and got below output
Searching for "lookup_options"
Global Data Provider (hiera configuration version 5)
Using configuration "/etc/puppetlabs/code/environments/hiera.yaml"
Hierarchy entry "Master"
Path "/etc/puppetlabs/code/environments/staging/data/puppetsr7.demo.com.yaml"
Original path: "environments/%{environment}/data/%{trusted.certname}.yaml"
Found key: "lookup_options" value: nil
Module data provider for module "demo" not found
Searching for "demo::configuration::phpini::memory_limit"
Global Data Provider (hiera configuration version 5)
Using configuration "/etc/puppetlabs/code/environments/hiera.yaml"
Hierarchy entry "Master"
Path "/etc/puppetlabs/code/environments/staging/data/puppetsr7.demo.com.yaml"
Original path: "environments/%{environment}/data/%{trusted.certname}.yaml"
Found key: "demo::configuration::phpini::memory_limit" value: "64"
It's showing the proper value when running from CLI i.e 64 which I need to be get applied on a remote node in php.ini and change the value from 512 to 64.
But don't know how to proceed further from here as I struck now. please help to troubleshoot this.
What I did is I kept the required class in site.pp file as well which I want to get executed through hieradata.
"demo::configuration::phpini::memory_limit: '64'" in hiera file and "demo::configuration::phpini::memory_limit in site.pp.
Hoping that some one could get help from it.
I have created a custom module and i would like to keep it within a sub-directory (category) because there are several components that should logically fall under that category. So to segregate things in a better way, i created the following structure.
- hieradata
- manifests
- modules
- infra
- git
- files
- manifests
- init.pp
- install.pp
- configure.pp
- monitoring
- etc
- templates
$ cat modules/infra/git/manifests/init.pp
class infra::git {}
$ cat modules/infra/git/manifests/install.pp
class infra::git::install {
file { 'Install Git':
...
...
}
}
$ cat manifests/site.pp
node abc.com {
include infra::git::install
}
Now on the puppet agent, when i try puppet agent -t, i get the following error:
ruby 2.1.8p440 (2015-12-16 revision 53160) [x64-mingw32]
C:\puppet agent -t
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Error: Could not retrieve catalog from remote server: Error 500 on SERVER: {"message":"Server Error: Evaluation Error: Error while evaluating a Function Call, Could not find class ::infra::git::install for abc.com at /etc/puppetlabs/code/environments/production/manifests/site.pp:15:2 on node abc.com","issue_kind":"RUNTIME_ERROR"}
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
I have already read this link but that suggests keeping custom module directly under main modules directory, which is not how i would like to structure the directories.
Any help will really be appreciated.
I have Puppet enterprise installed on my VM, running in Virtualbox.
The installation went fine, but when I try to run the command puppet agent -t I get the following error:
[root#puppetmaster ~]# puppet agent -t
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Evaluation Error: Error while evaluating a Function Call, Could not find data item role in any Hiera data file and no default supplied at /etc/puppetlabs/code/environments/production/manifests/site.pp:32:10 on node puppetmaster.localdomain
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
Here is my site.pp file line where the error is coming from;
## site.pp ##
# This file (/etc/puppetlabs/puppet/manifests/site.pp) is the main entry point
# used when an agent connects to a master and asks for an updated configuration.
#
# Global objects like filebuckets and resource defaults should go in this file,
# as should the default node definition. (The default node can be omitted
# if you use the console and don't define any other nodes in site.pp. See
# http://docs.puppetlabs.com/guides/language_guide.html#nodes for more on
# node definitions.)
## Active Configurations ##
# Disable filebucket by default for all File resources:
#http://docs.puppetlabs.com/pe/latest/release_notes.html#filebucket-resource-no-longer-created-by-default
File { backup => false }
# DEFAULT NODE
# Node definitions in this file are merged with node data from the console. See
# http://docs.puppetlabs.com/guides/language_guide.html#nodes for more on
# node definitions.
# The default node definition matches any node lacking a more specific node
# definition. If there are no other nodes in this file, classes declared here
# will be included in every node's catalog, *in addition* to any classes
# specified in the console for that node.
node default {
# This is where you can declare classes for all nodes.
# Example:
# class { 'my_class': }
$role = hiera('role')
$location = hiera('location')
notify{"in the top level site.pp : role is '${role}', location is '${location}'": }
include "::roles::${role}"
}
If you look at the error, it can't find the hiera key that you've asked for in your site.pp:
Could not find data item role in any Hiera data file and no default supplied at /etc/puppetlabs/code/environments/production/manifests/site.pp:32:10 on node puppetmaster.localdomain
In your code, you have the following:
$role = hiera('role')
$location = hiera('location')
Both of these are hiera calls, that require that hiera is setup and that the relevant key is in a hieradata folder.
A useful tool to help you diagnose hiera issues is hiera_explain, which shows you how your hiera hierarchy is setup and configured, and might help explain what the issue is with your code.
just testing out hiera and I'd like to be able to view all the available data (variable=value pairs) in the hierarchy for a given node.
My Hiera hierarchy is configured as:
---
:backends:
- yaml
- json
:yaml:
:datadir: C:\Puppet\hieradata
:hierarchy:
- "Env/%{::env}"
- common
I can run the following to return node1's value for 'some-common' variable :
>hiera some-common ::env=node1
data
What I'd like to be able to see is all the variable=value pairs available to node1 in the hierarchy, is this possible?
Thanks
I'm afraid this is not possible. Closest thing you could do is dump facts for specific node:
facter -y > node.yml
And then use them for look for specific keys:
hiera -y node.yml my_class:arg -d
this way you will be able to access Hiera keys based on operating system, domain, etc. (depends on your hierarchy defined in hiera.yaml).
Yet another option is to ssh into puppet master node. And use puppet lookup (should be available since Puppet 4). lookup is using by default Hiera backend (again requires hiera.yaml config file).
puppet lookup resolv_conf::nameservers --node mynode.example.net
or more verbose version:
puppet lookup resolv_conf::nameservers --merge deep --environment production --explain --node mynode.example.net
I found another workaround - you can add top level key to your yaml data:
node-data:
hosts:
- localhost:3367
- company.com
dns: 8.8.8.8
policy:
retries: 3
timeout: 5
and do puppet lookup with merge for this top level key, e.g.:
puppet lookup --merge hash/deep node_data