Hello all,
I'm running puppet 3.7.5 + hiera 1.3.4 and facter 2.3.0 .
My site.pp:
$ cat manifests/site.pp
node default {
hiera_include('classes')}
in *hiera, *I've defined the default classes to be included:
$ cat hieradb/defaults.yaml
---#Default classes
classes:
- profiles::base
and the *base proflie *includes few classes like:
class profiles::base {
contain ntp
contain resolv
contain smtp
contain ssh
contain common
contain puppet::agent
contain repos
contain nagios::client
...}
in hiera *defaults.yaml *I've also defined a couple of *nagios::client*[1]
variables (for not including selinux):
$cat hieradb/defaults.yaml[...]
nagios::client::selinux: 'false'
nagios::client::selinux_enforced: 'false'[...]
**Default for selinux is true.*
the relevant code from *nagios*[1] module:
# nagios/manifests/client.pp
[...]
# With selinux, some nrpe plugins require additional rules to work
if $selinux and $::selinux_enforced {
selinux::audit2allow { 'nrpe':
source => "puppet:///modules/${module_name}/messages.nrpe",
}
}[...]
*and ONLY NTP class has the tag kickstart::bootstrap defined.*
** Hiera works and returns the expected values:*
# hiera -c /etc/puppet/hiera.yaml -d classes environment=basic_conf
clientcert=XX
DEBUG: Tue Nov 10 14:14:39 +0100 2015: Hiera YAML backend starting
DEBUG: Tue Nov 10 14:14:39 +0100 2015: Looking up classes in YAML backend
DEBUG: Tue Nov 10 14:14:39 +0100 2015: Looking for data source
basic_conf/hieradb/global
DEBUG: Tue Nov 10 14:14:39 +0100 2015: Looking for data source
basic_conf/hieradb/cert/XX
DEBUG: Tue Nov 10 14:14:39 +0100 2015: Looking for data source
basic_conf/hieradb/env/basic_conf
DEBUG: Tue Nov 10 14:14:39 +0100 2015: Cannot find datafile
/var/lib/puppet-deploy/.../basic_conf.yaml, skipping
DEBUG: Tue Nov 10 14:14:39 +0100 2015: Looking for data source
basic_conf/hieradb/defaults
DEBUG: Tue Nov 10 14:14:39 +0100 2015: Found classes in
basic_conf/hieradb/defaults["profiles::cb::base"]
# hiera -c /etc/puppet/hiera.yaml -d nagios::client::selinux
environment=basic_cb_conf clientcert=inhas01883.eu.boehringer.com
[...]
false
My kickstart posinstall section runs puppet like:
puppet agent --test --tags=kickstart::bootstrap --report --pluginsync --no-noop
*I expect puppet to run, not include selinux and ONLY configure ntp*
But it gives me an error (failed catalog) because
*selinux::audit2allow *is an invlaid resource type. (which means that
the nagios variables are not picked up from hiera (false) so selinux
is included)
If I reboot the node, and run the same exact puppet agent line, then
puppet runs (no selinux complain) and only NTP class is configured:
# /usr/bin/puppet agent --test --environment=basic_cb_conf
--tags=kickstart::bootstrap
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Info: Caching catalog for XXX
Info: Applying configuration version '....'
Notice: /Stage[main]/Ntp/File[/etc/ntp.conf]/content:
--- /etc/ntp.conf 2015-11-10 12:23:14.946909373 +0000
+++ /tmp/puppet-file20151110-5619-gw8wio-0 2015-11-10
12:24:05.208909327 +0000
@@ -1,54 +1,10 @@
-# For more information about this file, see the man pages
-# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5),
ntp_mon(5).[...]
the expected behaivour.
So, what are (or could be) the differences between puppet runs inside the
kickstart postinstall process and puppet runs outside it?
Why is hiera ignored?
[1] (https://forge.puppetlabs.com/thias/nagios)
TIA,
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/CAM69jx_uAbfBc1aU0hYUv%3DGfkGu1oTCx%3D1%3DkgS1JUE1ifsxMxQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
