I am using the following Puppet definition to disable IPV6 in windows:
#IPv6 Management
define winconfig::ipv6 (
$ensure,
$state = UNDEF,
) {
include winconfig::params
case $ensure {
'present','enabled': {
case $state {
UNDEF,'all': { $ipv6_data = '0' }
'preferred': { $ipv6_data = '0x20' }
'nontunnel': { $ipv6_data = '0x10' }
'tunnel': { $ipv6_data = '0x01' }
default: { $ipv6_data = '0' }
}
}
'absent','disabled': { $ipv6_data = '0xffffffff' }
default: { fail('You must specify ensure status...') }
}
registry::value{'ipv6':
key => 'hklm\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters',
value => 'DisabledComponents',
type => 'dword',
data => $ipv6_data,
}
reboot {'ipv6':
subscribe => Registry::Value['ipv6'],
}
}
In Site.pp on the master I am using the follwing to call it from a node:
node 'BMSGITSS1' {
# Disable IPV6
winconfig::ipv6 {
ensure => 'disabled',
}
}
I get the following error when running puppet agent -t
Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Could
not parse for environment production: All resource specifications require names
; expected '%s' at /etc/puppetlabs/puppet/manifests/site.pp:55 on node bmsgitss1
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
The hint is in the error:
All resource specifications require names; expected '%s'
You need to give it a name:
winconfig::ipv6{"Disable IPv6":
ensure => 'disabled',
}
Related
I am trying to create a bicep template to deploy a VM with either 1 or 2 NICs depending on a conditional.
Anyone know if there is a way to deploy a VM NIC using conditional statements inside a property definition? Seems an if function is not permitted inside a resource definition and a ternary errors out due to invalid ID.
Just trying to avoid having 2 dupicate VM resource definitions using resource = if (bool) {}
networkProfile: {
networkInterfaces: [
{
id: nic_wan.id
properties: {
primary: true
}
}
{
id: bool ? nic_lan.id : '' #Trying to deploy this as a conditional if bool = true.
properties: {
primary: false
}
}
]
}
The above code errors out because as soon as you define a NIC, it needs a valid ID.
'properties.networkProfile.networkInterfaces[1].id' is invalid. Expect fully qualified resource Id that start with '/subscriptions/{subscriptionId}' or
'/providers/{resourceProviderNamespace}/'. (Code:LinkedInvalidPropertyId)
You can create some variables to handle that:
// Define the default nic
var defaultNic = [
{
id: nic_wan.id
properties: {
primary: true
}
}
]
// Add second nic if required
var nics = concat(defaultNic, bool ? [
{
id: nic_lan.id
properties: {
primary: false
}
}
] : [])
// Deploy the VM
resource vm 'Microsoft.Compute/virtualMachines#2020-12-01' = {
...
properties: {
...
networkProfile: {
networkInterfaces: nics
}
}
}
I'm trying to use a dynamic block in a kubernetes_ingress resource. The dynamic block is for the spec.rule.http.path block. Unfortunately, I am trying to dynamically create a path block which causes issues as path appears to be a reserved word.
Is it possible to rename the loop variable within the dynamic block, or to otherwise circumvent this issue?
This is my current code:
resource "kubernetes_ingress" "ingress" {
metadata { ... }
spec {
tls { ... }
rule {
http {
dynamic "path" {
for_each = var.services
content {
path = path.value.path
backend {
service_name = path.value.name
service_port = path.value.port
}
}
}
}
}
}
}
The services variable has the following structure:
[
{
name: "foo",
port: 3000,
path: "/foo",
}
]
Dynamic blocks take an argument called iterator that lets you rename the symbol it assigns values to.
dynamic "path" {
for_each = var.services
iterator = "service"
content {
path = service.value.path
backend {
service_name = service.value.name
service_port = service.value.port
}
}
}
I need to have nested loop logic. F.ex.
I have one local:
locals {
build_args = {
api: {
RAILS_ENV: "production"
}
client: {
NODE_ENV: "production"
}
}
}
Now I would like to connect to CircleCI with terraform and set these environments in adequate circleCI projects (api and client). The knowledge about circleci projects (name of a project) I keep here:
apps: {
api: {
desired_count: 1,
load_balancer: {
container_name: "api",
container_port: 5000,
health_check_path: "/",
listener: {
path: "api",
},
},
circleci_project: "some-api",
},
client: {
desired_count: 1,
load_balancer: {
container_name: "client",
container_port: 3000,
health_check_path: "/",
listener: {
path: "web",
},
},
circleci_project: "some-client",
}
}
Now, I need to create resource:
resource "circleci_environment_variable" "this" {
project = projects_from_apps_var
name = names_from_local_build_args
value = value_from_local_build_args
}
So as you can see I need two loops one in another to generate many name/values env pairs for many projects.
Just create a map keyed by project and variable name and apply a bunch of resources for each combination:
locals {
map = merge([
for project, env in local.build_args : {
for name, value in env : "${project}-${name}" => {
name = name,
value = value,
project = project
}
}
]...)
}
resource "circleci_environment_variable" "this" {
for_each = local.map
project = each.value.project
name = each.value.name
value = each.value.value
}
I have a Terraform Version v0.11.7, and code looks like this:
resource "vault_policy" "vault-auth" {
name = "vault-auth"
policy = <<_EOT
path "secret/approle-acl/*" {
capabilities = ["read", "list"]
}
path "auth/approle/role/*" {
capabilities = ["update"]
}
_EOT
}
resource "vault_generic_secret" "approle-vault-auth" {
path = "auth/approle/role/vault-auth"
data_json = <<_EOT
{
"bind_secret_id": false,
"bound_cidr_list": "127.0.0.0/24",
"policies": "${vault_policy.vault-auth.name}",
"period": 1200
}
_EOT
}
data "vault_generic_secret" "vault-auth-approle-id" {
path = "${vault_generic_secret.approle-vault-auth.path}/role-id"
}
resource "consul_keys" "vault-auth-approle-id" {
key {
path = "vault-auth/vault-approle-id"
value = "${lookup(data.vault_generic_secret.vault-auth-approle-id.data, "role_id")}"
delete = "true"
}
}
I used this piece of code with Terraform 0.9.4 and it works as expected, but with 0.11.7 I see the errors:
Error: Error refreshing state: 1 error(s) occurred:
module.roles.data.vault_generic_secret.vault-auth-approle-id: 1 error(s) occurred:
module.roles.data.vault_generic_secret.vault-auth-approle-id: data.vault_generic_secret.vault-auth-approle-id: No secret found at "auth/approle/role/vault-auth/role-id"
In my opinion, this might be correlated with Error Checking for Output Values, because we don't have a value when we do refresh.
Or what happens here, because I'm not sure where I'm wrong.
Steps to Reproduce
terraform init
terraform apply
You may be dumping your data_json into 'vault-auth' and then when you're trying to call your secrets via path you are using 'auth/approle/role/vault-auth/role-id'. Try something like this instead:
resource "vault_generic_secret" "approle-vault-auth" {
path = "auth/approle/role/vault-auth/role-id"
data_json = <<_EOT
{
"bind_secret_id": false,
"bound_cidr_list": "127.0.0.0/24",
"policies": "${vault_policy.vault-auth.name}",
"period": 1200
}
_EOT
}
data "vault_generic_secret" "vault-auth-approle-id" {
path = "${vault_generic_secret.approle-vault-auth.path}"
}
Now you are dumping your secrets into 'role-id' and are then trying to retrieve them from the same endpoint. Hope this helps!
Reference: https://www.terraform.io/docs/providers/vault/r/generic_secret.html
Puppet beginner here so maybe I'm doing something wrong...
I have a manifest that contains the following define
define amqconf (
$activemq_home = '/opt/apache-activemq',
$group = 'activemq',
$mode = 0644,
$owner = 'activemq',
$broker_name = $title,
$broker_port = 61616,
) {
file { $title:
ensure => present,
path => "${activemq_home}/${broker_name}/conf/activemq.xml",
content => template('profiles/activemq.xml.erb'),
}
}
and then tries to use that define
$broker_conf = hiera('profiles::activemq::broker::conf')
create_resources( amqconf, $broker_conf )
but when I try and use this class I get the following error
Info: Using configured environment 'testing'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Evaluation Error: Error while evaluating a Resource Statement, Evaluation Error: Error while evaluating a Function Call, Puppet::Parser::AST::Resource failed with error ArgumentError: Invalid resource type amqconf at /etc/puppetlabs/code/environments/testing/modules/profiles/manifests/activemq.pp:73:5 on node cust-stage.internal
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
What do I need to do in order to be able to use this define?
EDIT: added complete manifest
class profiles::activemq {
include archive
include profiles::java_7_oracle
$activemq_version = '5.13.3'
define amqconf (
$activemq_home = '/opt/apache-activemq',
$group = 'activemq',
$mode = 0644,
$owner = 'activemq',
$broker_name = $title,
$broker_port = 61616,
) {
file { $title:
ensure => present,
path => "${activemq_home}/${broker_name}/conf/activemq.xml",
content => template('profiles/activemq.xml.erb'),
}
}
group { 'activemq':
ensure => present,
}
user { 'activemq':
groups => 'activemq',
comment => 'Service user for running the ActiveMQ service',
home => "/opt/apache-activemq-$activemq_version",
ensure => present,
shell => '/bin/bash',
}
file { "/opt/apache-activemq-$activemq_version" :
ensure => directory,
owner => 'activemq',
group => 'activemq',
mode => '0755',
}
archive { "/tmp/apache-activemq-$activemq_version-bin.tar.gz" :
ensure => present,
source => 'http://archive.apache.org/dist/activemq/5.13.3/apache-activemq-5.13.3-bin.tar.gz',
checksum => 'c19e2717f5c844a2f271fcd39eb024d04ebcfa5d',
checksum_type => 'sha1',
extract => true,
extract_path => '/opt',
creates => "/opt/apache-activemq-$activemq_version/bin",
cleanup => true,
user => 'activemq',
group => 'activemq',
}
# Create the brokers defined in hiera.
$brokers = hiera('profiles::activemq::brokers')
$broker_defaults = {
cwd => "/opt/apache-activemq-${activemq_version}",
group => 'activemq',
user => 'activemq',
}
create_resources( exec , $brokers, $broker_defaults )
$broker_conf = hiera('profiles::activemq::broker::conf')
create_resources( amqconf, $broker_conf )
}
I was never able to get the define to work in the class, but by placing it in its own file, I was able to get the define to work.
amqconf.pp
define profiles::amqconf (
$activemq_home = '/opt/apache-activemq',
$group = 'activemq',
$mode = 0644,
$owner = 'activemq',
$broker_name = $title,
$broker_port = 61616,
$broker_network_uri = 'NONE',
) {
file { $title:
ensure => present,
path => "${activemq_home}/${broker_name}/conf/activemq.xml",
content => template('profiles/activemq.xml.erb'),
}
}
and then declaring it in activemq.pp
profiles::amqconf { 'amq-1-conf' :
broker_name => 'amq-1',
activemq_home => "/opt/apache-activemq-${activemq_version}",
}
The define works as expected.