I am new to Puppet and Hiera, and having a configuration issue when attempting to apply a module the contains a Hiera lookup to an agent.
From /etc/puppetlabs/puppet/hiera.yaml:
---
:backends:
- yaml
:hierarchy:
- defaults
- "%{clientcert}"
- "%{environment}"
- global
:yaml:
:datadir: '/etc/puppetlabs/puppet/hiera'
From /etc/puppetlabs/puppet/hiera/develop.yaml:
git_client:
file_content:here
When running Hiera to debug:
/opt/puppet/bin/hiera git_client environment=develop -c /etc/puppetlabs/puppet/hiera.yaml --debug
DEBUG: 2015-05-12 12:40:27 -0400: Hiera YAML backend starting
DEBUG: 2015-05-12 12:40:27 -0400: Looking up git_client in YAML backend
DEBUG: 2015-05-12 12:40:27 -0400: Looking for data source defaults
DEBUG: 2015-05-12 12:40:27 -0400: Cannot find datafile /etc/puppetlabs/puppet/hiera/defaults.yaml, skipping
DEBUG: 2015-05-12 12:40:27 -0400: Looking for data source develop
DEBUG: 2015-05-12 12:40:27 -0400: Found git_client in develop
file_content:here
Windows agent configuration from puppet.conf:
[main]
server=[REDACTED]
pluginsync=true
autoflush=true
archive_files=true
archive_file_server=[REDACTED]
graph=true
environment=develop
But when running from the Windows agent:
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Could not find data item git_client in any Hiera data file and no default supplied at /etc/puppetlabs/puppet/environments/develop/modules/[REDACTED PATH TO .pp FILE]:24 on node [REDACTED]
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
I must have something misconfigured, but I'm not sure where. Any help would be appreciated.
In order for changes to your hiera configuration to take effect, you need to make sure to restart your puppet master. If you are using the puppetserver that runs in the JVM then restart the pe-puppetserver service. If you are using the old ruby master running on passenger, then restart pe-httpd.
Taken from the hiera docs:
Puppet master note: If you modify hiera.yaml between agent runs, you’ll have to restart your puppet master for your changes to take effect.
Related
I'm learning Puppet now. Everything is new to me... After installed a puppet7 server and agent on my two learning VMs--
192.168.160.131 puppet-mst.eisen #The puppet server
192.168.160.140 sles12.eisen #The puppet agent
And I've successfully signed the node "sles12.eisen" to the server "puppet-mst.eisen" --
[root#puppet-mst manifests]# puppetserver --version
puppetserver version: 7.4.1
[root#puppet-mst manifests]# puppetserver ca list --all
Signed Certificates:
puppet-mst.eisen (SHA256) 0B:3F:DA:60:2F:2D:D3:91:94:58:E2:B6:32:28:50:8E:D4:1C:A0:8F:A0:CF:94:99:6E:EE:99:46:B4:1D:30:58 alt names: ["DNS:puppet-mst.eisen"] authorization extensions: [pp_cli_auth: true]
puppet-mst (SHA256) C8:89:47:D2:15:74:6E:49:E7:9A:27:B5:EA:10:9B:81:C4:DC:68:E8:B4:01:07:5D:63:34:5A:AF:B6:66:C9:EE alt names: ["DNS:puppet-mst"]
sles12.eisen (SHA256) C5:40:D7:8A:C6:64:BD:E8:BF:D3:BB:5D:01:24:66:03:57:96:84:31:84:42:DF:36:AA:D1:25:14:76:4D:A5:99 alt names: ["DNS:sles12.eisen"]
Then I wrote a testing module --filetest1, and hope it can put a file to the agent node in /tmp/puppettest --
[root#puppet-mst manifests]# cat /etc/puppetlabs/code/environments/production/modules/filetest1/manifests/init.pp
class filetest1{
file {'/tmp/puppettest/filetest1':
ensure => file,
content => 'Hello World!',
}
}
[root#puppet-mst manifests]# cat /etc/puppetlabs/code/environments/production/manifests/site.pp
node 'sles12.eisen'{
include filetest1
}
But the "puppet agent --test" can't work, it's said it either server can't find agent node, or the test module's catalog is missing --
sles12:/tmp/puppettest # puppet --version
7.12.0
sles12:/tmp/puppettest # hostname -f
sles12.eisen
sles12:/tmp/puppettest # puppet agent --test --verbose
Info: Using environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Failed when searching for node sles12.eisen: Failed to find sles12.eisen via exec: Execution of '/etc/puppetlabs/puppet/node.rb sles12.eisen' returned 1:
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
I don't know what's wrong here. Please kind help. Thanks
Regards
Eisen
The error message suggests that you have configured Puppet to use an external node classifier (/etc/puppetlabs/puppet/node.rb), and either the attempt to execute it is failing altogether, or it is terminating with a failure status, or it is not outputting anything.
You may want to explore ENCs later, but now is probably not the time for that. To disable use of an ENC, edit /etc/puppetlabs/puppet/puppet.conf and either remove the node_terminus setting or change its value to plain.
I have an agent/master setup. I have created a new environment in /etc/puppetlabs/code/environments/ called master.
The content of environment.conf for the master directory environment is
modulepath = site:modules:$basemodulepath
manifest = manifests/site.pp
and when I try puppet agent -t --environment master I am getting some error
Notice: Local environment: 'master' doesn't match server specified node environment 'production', switching agent to 'production'.
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Info: Caching catalog for node1.localpuppet.com
Info: Applying configuration version '1490712072'
Notice: Applied catalog in 0.67 seconds
I am new to puppet. What changes do I need?
PE Console Config
This is a "really fun" quirk of Puppet Enterprise that showed up in the last couple of years. You have to specify the nodes in the PE Classifier that are allowed to specify their directory environment in the puppet.conf or in the puppet agent -t --environment arguments.
In the agent-specified environment tab in the Classifier (you see it at the bottom of your picture above), you can enable it for all nodes. Do this by adding a rule, selecting the name fact, using a regular expression (~), then using the regexp for matching all characters (.*). After you fill this out, the PE Classifier will give you a number of matching nodes. It should be all that are subscribed to your master. Remember to click in the bottom right to update your rules. Your nodes will now be able to use master instead of production from the config file or CLI arguments.
That being said, if you are doing this to avoid naming your default Git branch production in your control repository when working with Code Manager, you should really just rename the branch as that is much easier.
I have created a custom module and i would like to keep it within a sub-directory (category) because there are several components that should logically fall under that category. So to segregate things in a better way, i created the following structure.
- hieradata
- manifests
- modules
- infra
- git
- files
- manifests
- init.pp
- install.pp
- configure.pp
- monitoring
- etc
- templates
$ cat modules/infra/git/manifests/init.pp
class infra::git {}
$ cat modules/infra/git/manifests/install.pp
class infra::git::install {
file { 'Install Git':
...
...
}
}
$ cat manifests/site.pp
node abc.com {
include infra::git::install
}
Now on the puppet agent, when i try puppet agent -t, i get the following error:
ruby 2.1.8p440 (2015-12-16 revision 53160) [x64-mingw32]
C:\puppet agent -t
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Error: Could not retrieve catalog from remote server: Error 500 on SERVER: {"message":"Server Error: Evaluation Error: Error while evaluating a Function Call, Could not find class ::infra::git::install for abc.com at /etc/puppetlabs/code/environments/production/manifests/site.pp:15:2 on node abc.com","issue_kind":"RUNTIME_ERROR"}
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
I have already read this link but that suggests keeping custom module directly under main modules directory, which is not how i would like to structure the directories.
Any help will really be appreciated.
I'm trying to build a Hiera configuration for my Puppet setup. My Hosts are FreeBSD and Debian systems. Therefore I have a configuration based on ::osfamily. But since I'm making extensive use of Jails I would like to have a further breakdown of my FreeBSD hosts with ::virtual.
from hiera.yaml:
:hierarchy:
- "osfamily/%{::osfamily}"
- "%{::virtual}/%{::osfamily}"
- common
And my data directory tree:
hieradata/
|-- common.yaml
|-- osfamily
| |-- Debian.yaml
| `-- FreeBSD.yaml
|-- physical
| `-- FreeBSD.yaml
|-- jailed
`-- virtual
In my understandigs puppet should apply everything osfamily/FreeBSD.yaml and afterwards from physical/FreeBSD.yaml for a physical FreeBSD host.
Now I want to install the CA-Certificates package on every host and have a class for that task:
class certificates ( $packageName = hiera('ca_package') ){
# Install CA-Certificates
package { $packageName:
ensure => installed,
}
}
That class is included from common.yaml
classes:
- certificates
And the ca_package-Variable is defined in osfamily/FreeBSD.yaml:
---
rootuser: root
rootgroup: wheel
sshservicename: sshd
ca_package: 'security/ca_root_nss'
When I do a hiera test on that variable, everything is working fine:
# hiera -c /usr/local/etc/puppet/hiera.yaml ca_package ::osfamily=FreeBSD
security/ca_root_nss
#
But Puppet is (even in Jails) complaining, that the data item ca_package is not available.
Error: Could not retrieve catalog from remote server: Error 400 on
SERVER: Could not find data item ca_package in any Hiera data file and
no default supplied at
/usr/local/etc/puppet/modules/certificates/manifests/init.pp:2 on node
puppet.fqdn
What am I doing wrong?
The best way to debug hiera is using below command:
puppet master --debug --compile hostname --osfamily=FreeBSD |grep hiera
look for the key ca_package, then you should know how to fix.
Second, your hostname is puppet.fqdn, which is weird for me.
Check if the facter variable 'osfamily' on your client is 'FreeBSD'. Alternatively you can enable debug on puppetserver (logback.xml) and see the log to see which hierarchy its going through and where its failing to get the ca_package.
The best way to debug Hiera is running lookup command on Puppet server node:
$ puppet lookup --environment production --explain --node fqdn.example.com ca_package
where ca_package is the hiera key you're looking for. The --explain flag is helpful for verifying paths were Puppet is looking for the key.
Also merge behavior can be manually defined:
puppet lookup --merge deep --environment production --node fqdn.example.com
I am using masterless Puppet. And My situation is that I am using a custom Hiera backend called hiera-regex. The process of using it is that you have to have hiera-regex installed on your target machine.
If sometime for some reason, hiera-regex is not installed, hiera still looks up for the key in hierarchy and starts using that key which it was not suppose to use in the presence of hiera-regex. Ideally, I would want Puppet to exit when it does not find hiera-regex backend installed. But as of now, Puppet only prints a notice() which can be easily missed and can leave your node in an unwanted state.
Is it possible to somehow configure Puppet/hiera for masterless setup to not continue at all if the backend hiera is configured to use is not installed?
Here is my hiera.yaml file:
---
:backends:
- regex # this is the custom backend (hiera-regex)
- yaml
:regex:
:datadir: /etc/puppet/hiera
:yaml:
:datadir: /etc/puppet/hiera
:hierarchy:
- "%{fqdn}"
- base