I am attempting to learn puppet, and so far so good.
What I am having an issue with is using a variable that I have set for a node or group in the web console.
I created a variable called myCustomSetting, and then in a manifest:
file {/var/tmp/myfile.txt
ensure => file,
content => $::myCustomSetting,
}
When I apply the manifest with puppet apply mytest.pp, there are no errors, but the file is empty? What am I missing?
The double semi colon indicate that you wish to reach the top level scope, where you supposedly declared your variable. Check that your variable has not been declared in a local scope.
Related
We are using the roles pattern in puppet with hiera, meaning we have these lines in hiera.yaml:
- name: "Roles data"
path: "roles/%{::server_role}.yaml"
We have a custom fact that produces the role name when facter runs, but we would like to move this into hiera. Instead of the server_role variable being produced by facter, we want to specify the server_role inside of hiera, and let that variable be referenced elsewhere in hiera. Something like this:
hiera.yaml:
- name: "Per-node data"
path: "nodes/%{trusted.certname}.yaml"
- name: "Roles data"
path: "roles/%{lookup(server_role)}.yaml"
nodes/hostname.yaml:
server_role: foo_bar
I have seen this question, which says to use hiera() or lookup() but when I try to use those, I get this error message:
Interpolation using method syntax is not allowed in this context
So how can I use a hiera variable that's defined elsewhere in hiera?
Edit:
The prototypical code examples for defining roles could use any fact that's known to facter, often giving examples that are based on hostname. When you can't embed server config into hostname, a common(ish) workaround is to write a file such as /etc/server_role, but it seems to defeat the purpose of config management, when you need to ssh into a machine and edit a file. As the other comments & answer here so far mentioned, you could use an ENC, but again, the goal here is not to have config stored outside of version control. In fact, we have foreman as an ENC and we make a practice to never use it that way because then upgrades and other maintenance become unsustainable.
We could write a class which will pick up data from hiera, write it to /etc/server_role, and on the next puppet run, facter will pick that up and send it back to hiera, so then we'll have the server_role fact available to use in hiera.yaml. As gross as this sounds, so far, it's the best known solution. Still looking for better answers to this question.
Thanks.
As #MattSchuchard explained in comments, you cannot interpolate Hiera data into your Hiera config, because the config has to be known before the data can be looked up.
If you need a per-role level in your data hierarchy then an alternative would be to assign roles to machines via an external node classifier. You don't need it to assign any classes, just the server_role top-scope variable and probably also environment.
On the other hand, maybe you don't need a per-role level of your general hierarchy in the first place. Lots of people do roles & profiles without per-role data, but even if you don't want to do altogether without then it may be that module-specific data inside the module providing your role classes could be made to suffice.
I'm writing a terraform module that will select a value from a map, based on a key passed to it.
Nothing unusual.
The values in that map are secret however, and do not change based on who is calling the module.
A simple way I thought to keep those secrets secret would be to define the variable as a map in variables.tf in the module, put the keys/values in terraform.tfvars in the module, .gitignore terraform.tfvars, and encrypt it to terraform.tfvars.gpg or something.
But that doesn't work, because I have no default for the variable in the module terraform is expecting the variable to be set by the caller.
I can define the variable in the caller without a value, add it to the call, and either specify manually --var-file or include a terraform.tfvars in the caller. But that means the user having to remember a magic --var-file invocation or the duplication of terraform.tfvars everywhere my new module is used.
Remembering magic strings and duplication are both not good options.
Is it possible for a module to use its own tfvars to fill in variables not passed to it?
There is no way to use an automatic .tfvars file with a non-root module. Child modules always get all of their values from the calling module block (with default values inserted where appropriate); .tfvars is only for assigning values to root module variables.
Another option with similar characteristics to what you're describing is to use a data file in either JSON or YAML format inside the module directory, and load it in using the file function and one of the decoding functions. For example:
locals {
# This file must be created before using this module by
# decrypting secrets.yaml.gpg in this directory.
secrets = yamldecode(file("${path.module}/secrets.yaml"))
}
If the caller neglects to decrypt into the .gitignored file before using the module then the file call will fail with a "file not found" error message.
I'm not totally sure I understand but taking a stab. Are you using AWS? A fun solution I've used in the past is SSM parameters.
data "aws_ssm_parameter" "foo" {
name = "foo"
}
...
value = data.aws_ssm_parameter.foo.value
...
The SSM param could be created outside of tf and looked up in your module (and policies granting access depending on caller via IAM, or whatever).
I have a root level variable, whose value is set at run time via a tfvar file. The tfvar file used and the var value can vary. Now I want to use this variable inside a module, the terraform way to do this is to set it up as a module variable and pass the root var when creating the module.
Except, I have this module used in our infrastructure several hundred times. Is repeating this variable 100s of times the only way to do this? Can the module access root namespace to grab the variable value?
I'm half tempted to use an external data script in the module to fetch the value instead, except, I wont know which tfvars file will be in effect at runtime..
Unfortunately, the only Terraform supported way is to pass the value into the module as a variable. Terraform has made me a copy/paste expert.
The only other approach that comes to mind that Terraform supports is making creative use of the External Data Source.
Any environment variable prefixed with "FACTER_" is automatically added to the facter collection. I've successfully added a "FACTER_" environment variable it is indeed showing up in the facter -p list, so it should be able to be used by puppet...
The problem, though, is in my .pp file the variable name that should be set to the FACTER_ value is empty (or non existant)
Is there something else I need to do to get FACTER_ variables into puppet variables?
Cheers
You are most likely setting up the system so that the FACTER_ variables are available in interactive shells. This is not sensible if you want your background agent to respect them.
I can see two direct approaches:
Modify your initscript or its configuration to set the appropriate environment variables.
Forego the approach entirely and use /etc/facter/facts.d instead.
I would advise towards the latter.
We have a build script which build three types of projects - C++, Java and finally the respective InstallShield installers.
Right now the installer build script relies on the fact that the C++ projects are always built in the Release configuration.
But now I wish to allow building them in an additional configuration, namely Profile.
We are using the Jenkins CI server and thus the desired configuration is provided through a dedicated Jenkins build parameter DRIVER_PROXY_CONFIG, which is surfaced as an environment variable with the same name.
Now the problem. According to our InstallShield guy, IS cannot use an environment variable in part of a source file path. I quote:
You can use or 'environment variable' or 'user-defined path variables
defined through InstallShield' as file path.
So we can:
Create 'environment variable' for each component (since 'DRIVER_PROXY_CONFIG' is only part of the component path) – not desirable.
Make the 'environment variable' part of the component 'user-defined path variable' – not possible, I have just tried it.
Has anyone done anything like this? The installer depends on multiple source files in different locations, where a part of such a location path is the value of the DRIVER_PROXY_CONFIG environment variable. Note that this part is neither the path prefix nor the suffix.
You absolutely can create it as part of a path. Some exact behaviors do depend on the version of InstallShield, but for the last several you can even use relative parent directories. Just go to the Path Variables view, add a new environment path variable (say Env), and set the environment variable it references. Then either add any number of standard path variables (say Stn) that are defined as <Env>\Sub\Dir, or skip this step and just reference those for the ISBuildSourcePath of the relevant files. Typically adding a file from a path under a defined path variable will use that path variable as part of its path.
If you've already added the files, the convert source paths wizard may help here, but you might find it easier to visit the File table directly to update the ISBuildSourcePath
However there is at least one exception. If your environment variable has the value Sub and your full directory name is SubDirectory, you cannot always reference <Env>Directory. Typically the path variable support will turn that into Sub\Directory instead.
Michael:
What if 'env' is not prefix nor suffix of the path ("SomeDir\<env>\SubDir")?
I have created system env config=release
I have created IS variable 'MyConf' that reference the env 'config'
I have created IS standard path MyPath = "SomeDir\<MyConf>\SubDir"
If I add file from this path - IS won't suggest 'MyPath' as suggested path!!!
The only way I have found, is to add the files, and then visit the File table directly to update the ISBuildSourcePath.
I added the environment variable as a path variable, ytou can set environment variable types here (not string types!)
then you can use that anywhere you'd use a path variable - though I did have to enclose it in square brackets rather than the usual angle ones). It should work in the middle of a path as I have done that with ordinary path variables.