Hello experts,
I'm struggling with some node specific heria. I basically want to add the
following lines to a number of nodes:
Match Address xx.xx.xx.xx
PermitRootLogin without-password
I have the following in place in an attempt to acheive this:
# pwd
/etc/puppetlabs/code/environments/production/modules/permitroot/manifests
# more *
::::::::::::::
config.pp
::::::::::::::
class permitroot::config (
$config_path = $permitroot::params::config_path
) inherits permitroot::params {
if $facts['os']['release']['major'] =~ /7/ {
file { 'Update SSHD PermitRoot':
ensure => $permitroot::config_present,
path => $permitroot::config_path,
content => $permitroot::permitroot_config.join("\n"),
owner => root,
group => root,
mode => '0600'
}
} else {
notice ('Assuming RHEL 6.x thus taking no action')
}
}
::::::::::::::
init.pp
::::::::::::::
class permitroot (
$service_name = $permitroot::params::service_name,
$config_path = $permitroot::params::config_path,
Array[String] $permitroot_config,
String $service_ensure,
Boolean $service_enable,
Boolean $service_hasrestart,
) inherits permitroot::params {
contain permitroot::config
contain permitroot::service
Class['permitroot::config']
-> Class['permitroot::service']
}
::::::::::::::
params.pp
::::::::::::::
class permitroot::params {
$service_name = 'sshd'
$config_path = '/etc/ssh/sshd_config'
}
::::::::::::::
service.pp
::::::::::::::
class permitroot::service (
$service_name = $permitroot::params::service_name,
) inherits permitroot::params {
service {'permitroot_service':
name => $service_name,
ensure => $permitroot::service_ensure,
enable => $permitroot::service_enable,
hasrestart => $permitroot::service_hasrestart,
}
}
This is probably not the best method and I'm still learning and don't want
to use a module that has already been created by someone else at this point.
Here is the node specific heria:
# pwd
/etc/puppetlabs/code/environments/production/nodes
# more *
permitroot::permitroot_config:
- 'Match Address xx.xx.xx.xx
- 'PermitRootLogin without-password'
Hiera file:
# pwd
/etc/puppetlabs/code/environments/production
# more hiera.yaml
---
version: 5
defaults:
# The default value for "datadir" is "data" under the same directory as
the hiera.yaml
# file (this file)
# When specifying a datadir, make sure the directory exists.
# See https://puppet.com/docs/puppet/latest/environments_about.html for
further details on environments.
#datadir: data
data_hash: yaml_data
hierarchy:
- name: "Per-node data" # Human-readable name.
path: "nodes/%{trusted.certname}.yaml" # File path, relative to
datadir.
- name: "Per-OS defaults"
path: "os/%{facts.os.family}.yaml"
- name: "Common data"
path: "common.yaml"
Site.pp file:
# more site.pp
...
...
...
node lhcsrvprdcms01.domain.com {
class { 'permitroot': }
}
When I run the puppet agent on the server about were I want the new vaules
added, I see the see returned the following:
# puppet agent --no-daemonize --onetime --verbose --noop
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Retrieving locales
Info: Loading facts
Error: Could not retrieve catalog from remote server: Error 500 on SERVER:
Server Error: Evaluation Error: Error while evaluating a Resource
Statement, Class[Permitroot]: expects a value for parameter
'permitroot_config' (file:
/etc/puppetlabs/code/environments/production/manifests/site.pp, line: 49,
column: 3) on node lhcsrvprdcms01.fixnetix.com
Info: Using cached catalog from environment 'production'
Info: Applying configuration version '1596101172'
Notice: Applied catalog in 2.39 seconds
Any help here would be appreciated.
Thanks,
Dan.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/92247132-e001-4dfe-bd31-5ff64dd9904bo%40googlegroups.com.
