Puppet 6:
# puppet --version
6.15.0
Yes, I ran the lookup as root.
On Thursday, October 1, 2020 at 11:40:49 AM UTC+1 Martin Alfke wrote:
> Which version of puppet are you using?
> Puppet 5 or puppert 6?
>
> And: did you ran the puppet lookup command as root user? (I assume so, I
> just want to be sure)
>
> On 1. Oct 2020, at 12:30, djc...@gmail.com <djc...@gmail.com> wrote:
>
> Thanks Martin, yes (on fours servers to be specific all with idm0 in the
> hostname). Problem I have, is although the lookup is returning what I
> need, when I run the agent, it returns:
>
> Error: Could not retrieve catalog from remote server: Error 500 on SERVER:
> Server Error: Evaluation Error: Error while evaluating a Resource
> Statement, Class[Grubipv6disable]: expects a value for parameter 'enable'
> (file: /etc/puppetlabs/code/environments/production/manifests/site.pp,
> line: 12, column: 3) on node lhcsrvprdidm02.fixnetix.com
>
> I guessing that this is suggesting the expected hiera vaule can't be found.
>
> Thanks,
> Dan.
>
>
> On Thursday, October 1, 2020 at 11:24:04 AM UTC+1 Martin Alfke wrote:
>
>> Hi Dan,
>>
>> The puppet lookup explain told you what it has found:
>>
>> Environment Data Provider (hiera configuration version 5)
>> Using configuration
>> "/etc/puppetlabs/code/environments/production/hiera.yaml"
>> Hierarchy entry "Per-node data"
>> Path
>> "/etc/puppetlabs/code/environments/production/data/nodes/lhcsrvprdidm02.fixnetix.com.yaml"
>> Original path: "nodes/%{trusted.certname}.yaml"
>> Found key: "grubipv6disable::enable" value: false
>>
>> So I assume that you want to disable ipv6 only on node
>> lhcsrvprdidm02.fixnetix.com
>>
>>
>>
>> On 1. Oct 2020, at 12:05, djc...@gmail.com <djc...@gmail.com> wrote:
>>
>> Hello Martin,
>>
>> Do you have any further thoughts on the above?
>>
>> Thanks,
>> Dan.
>>
>> On Monday, September 28, 2020 at 2:37:42 PM UTC+1 djc...@gmail.com wrote:
>>
>>> There is indeed a global hiera.yaml file:
>>> # cat /etc/puppetlabs/puppet/hiera.yaml
>>> ---
>>> # Hiera 5 Global configuration file
>>>
>>> version: 5
>>>
>>> # defaults:
>>> # data_hash: yaml_data
>>> # hierarchy:
>>> # - name: Common
>>> # data_hash: yaml_data
>>> hierarchy: []
>>>
>>> Top level environment hiera looks good:
>>> # cat /etc/puppetlabs/code/environments/production/hiera.yaml
>>> ---
>>> version: 5
>>> defaults:
>>> # The default value for "datadir" is "data" under the same directory
>>> as the hiera.yaml
>>> # file (this file)
>>> # When specifying a datadir, make sure the directory exists.
>>> # See https://puppet.com/docs/puppet/latest/environments_about.html for
>>> further details on environments.
>>> datadir: data
>>> data_hash: yaml_data
>>> hierarchy:
>>> - name: "Per-node data" # Human-readable name.
>>> path: "nodes/%{trusted.certname}.yaml" # File path, relative to
>>> datadir.
>>>
>>> - name: "Per-OS defaults"
>>> path: "os/%{facts.os.family}.yaml"
>>>
>>> - name: "Common data"
>>> path: "common.yaml"
>>>
>>> There is no associated branch or alike in this instance.
>>>
>>> Here's the puppet lookup output with --explain:
>>>
>>> # puppet lookup --node lhcsrvprdidm02.fixnetix.com grubipv6disable::enable
>>> --explain
>>> Searching for "lookup_options"
>>> Global Data Provider (hiera configuration version 5)
>>> Using configuration "/etc/puppetlabs/puppet/hiera.yaml"
>>> No such key: "lookup_options"
>>> Environment Data Provider (hiera configuration version 5)
>>> Using configuration
>>> "/etc/puppetlabs/code/environments/production/hiera.yaml"
>>> Merge strategy hash
>>> Hierarchy entry "Per-node data"
>>> Path
>>> "/etc/puppetlabs/code/environments/production/data/nodes/lhcsrvprdidm02.fixnetix.com.yaml"
>>> Original path: "nodes/%{trusted.certname}.yaml"
>>> No such key: "lookup_options"
>>> Hierarchy entry "Per-OS defaults"
>>> Path
>>> "/etc/puppetlabs/code/environments/production/data/os/RedHat.yaml"
>>> Original path: "os/%{facts.os.family}.yaml"
>>> Path not found
>>> Hierarchy entry "Common data"
>>> Path
>>> "/etc/puppetlabs/code/environments/production/data/common.yaml"
>>> Original path: "common.yaml"
>>> Path not found
>>> Module "grubipv6disable" Data Provider (hiera configuration version 5)
>>> Using configuration
>>> "/etc/puppetlabs/code/environments/production/modules/grubipv6disable/hiera.yaml"
>>> Merge strategy hash
>>> Hierarchy entry "osfamily/major release"
>>> Merge strategy hash
>>> Path
>>> "/etc/puppetlabs/code/environments/production/modules/grubipv6disable/data/os/RedHat/7.yaml"
>>> Original path: "os/%{facts.os.name
>>> }/%{facts.os.release.major}.yaml"
>>> Path not found
>>> Path
>>> "/etc/puppetlabs/code/environments/production/modules/grubipv6disable/data/os/RedHat/7.yaml"
>>> Original path:
>>> "os/%{facts.os.family}/%{facts.os.release.major}.yaml"
>>> Path not found
>>> Path
>>> "/etc/puppetlabs/code/environments/production/modules/grubipv6disable/data/os/RedHat/3.10.0-1127.13.1.el7.x86_64.yaml"
>>> Original path:
>>> "os/%{facts.os.family}/%{facts.kernelrelease}.yaml"
>>> Path not found
>>> Hierarchy entry "osfamily"
>>> Merge strategy hash
>>> Path
>>> "/etc/puppetlabs/code/environments/production/modules/grubipv6disable/data/os/RedHat.yaml"
>>> Original path: "os/%{facts.os.name}.yaml"
>>> Path not found
>>> Path
>>> "/etc/puppetlabs/code/environments/production/modules/grubipv6disable/data/os/RedHat.yaml"
>>> Original path: "os/%{facts.os.family}.yaml"
>>> Path not found
>>> Hierarchy entry "common"
>>> Path
>>> "/etc/puppetlabs/code/environments/production/modules/grubipv6disable/data/common.yaml"
>>> Original path: "common.yaml"
>>> No such key: "lookup_options"
>>> Searching for "grubipv6disable::enable"
>>> Global Data Provider (hiera configuration version 5)
>>> Using configuration "/etc/puppetlabs/puppet/hiera.yaml"
>>> No such key: "grubipv6disable::enable"
>>> Environment Data Provider (hiera configuration version 5)
>>> Using configuration
>>> "/etc/puppetlabs/code/environments/production/hiera.yaml"
>>> Hierarchy entry "Per-node data"
>>> Path
>>> "/etc/puppetlabs/code/environments/production/data/nodes/lhcsrvprdidm02.fixnetix.com.yaml"
>>> Original path: "nodes/%{trusted.certname}.yaml"
>>> Found key: "grubipv6disable::enable" value: false
>>>
>>> Thanks,
>>> Dan.
>>>
>>>
>>> On Monday, September 28, 2020 at 2:23:49 PM UTC+1 Martin Alfke wrote:
>>>
>>>> In this case it is hiera.
>>>>
>>>> Can you please check:
>>>> - that there is no global hiera.yaml file in
>>>> /etc/puppetlabs/puppet/hiera.yaml or, that the data paths mentioned in
>>>> that
>>>> file are empty
>>>> - that node is the top level environment in your environment hiera.yaml
>>>> file (/etc/puppetlabs/code/environment/<environment>/hiera.yaml
>>>> - that your Puppet code changes are done in production environment and
>>>> not within a feature branch or: if you use a feature branch: that the data
>>>> fir enabling/disabling the flag is also in environment hiera data
>>>>
>>>> Can you run the puppet lookup command again using the ‘--explain’
>>>> parameter?
>>>>
>>>> Hth,
>>>> Martin
>>>>
>>>>
>>>> On 28. Sep 2020, at 15:18, djc...@gmail.com <djc...@gmail.com> wrote:
>>>>
>>>> Thanks again Martin,
>>>>
>>>> I've changed the code as per recommended. However, the same issue
>>>> still persists. I'm starting to think that the issue is not code related
>>>> but lies elsewhere
>>>>
>>>> # puppet agent --no-daemonize --onetime --verbose
>>>> Info: Using configured environment 'production'
>>>> Info: Retrieving pluginfacts
>>>> Info: Retrieving plugin
>>>> Info: Retrieving locales
>>>> Info: Loading facts
>>>> Error: Could not retrieve catalog from remote server: Error 500 on
>>>> SERVER: Server Error: Evaluation Error: Error while evaluating a Resource
>>>> Statement, Class[Grubipv6disable]: expects a value for parameter 'enable'
>>>> (file: /etc/puppetlabs/code/environments/production/manifests/site.pp,
>>>> line: 12, column: 3) on node lhcsrvprdidm02.fixnetix.com
>>>> Info: Using cached catalog from environment 'production'
>>>> Info: Applying configuration version '1601218290'
>>>> Notice: Applied catalog in 1.95 seconds
>>>>
>>>> I've checked if a lookup checks-out ok:
>>>>
>>>> # puppet lookup --node lhcsrvprdidm02.fixnetix.com
>>>> grubipv6disable::enable
>>>> --- false
>>>>
>>>> Thanks,
>>>> Dan.
>>>>
>>>>
>>>>
>>>> On Monday, September 28, 2020 at 11:54:42 AM UTC+1 Martin Alfke wrote:
>>>>
>>>>> Hi Dan,
>>>>>
>>>>> I would write the grubipv6disable class in another way:
>>>>>
>>>>> class grubipv6disable (
>>>>> Boolean $enable,
>>>>> ) {
>>>>> if $enable {
>>>>> contain grubipv6disable::config
>>>>> }
>>>>> }
>>>>>
>>>>> And keep the grubipv6disable::config class as is:
>>>>>
>>>>> class grubipv6disable::config (
>>>>> ){
>>>>>
>>>>> if $facts['os']['release']['major'] =~ /7/ {
>>>>> exec { 'grub2_ipv6_disable':
>>>>> command => '/usr/sbin/grubby --update-kernel=ALL
>>>>> --args=ipv6.disable=1',
>>>>> unless => '/usr/sbin/grubby --info=ALL | /usr/bin/grep ipv6'
>>>>> }
>>>>> } else {
>>>>> notice ('Assuming RHEL 6.x thus taking no action')
>>>>> }
>>>>> }
>>>>>
>>>>> Parameters, like variables, are always local to a class.
>>>>>
>>>>> Best,
>>>>> Martin
>>>>>
>>>>>
>>>>> On 28. Sep 2020, at 12:03, djc...@gmail.com <djc...@gmail.com> wrote:
>>>>>
>>>>> Thanks for that Martin,
>>>>>
>>>>> I seem to have unearthed a different issue:
>>>>>
>>>>> # puppet agent --no-daemonize --onetime --verbose
>>>>> Error: Could not retrieve catalog from remote server: Error 500 on
>>>>> SERVER: Server Error: Evaluation Error: Error while evaluating a Resource
>>>>> Statement, Class[Grubipv6disable]: expects a value for parameter 'enable'
>>>>> (file: /etc/puppetlabs/code/environments/production/manifests/site.pp,
>>>>> line: 12, column: 3) on node lhcsrvprdidm02.fixnetix.com
>>>>>
>>>>> # pwd
>>>>> /etc/puppetlabs/code/environments/production/modules/grubipv6disable
>>>>> # more manifests/init.pp
>>>>> class grubipv6disable (
>>>>> Boolean $enable,
>>>>> ) {
>>>>> contain grubipv6disable::config
>>>>> }
>>>>>
>>>>> # more manifests/config.pp
>>>>> class grubipv6disable::config (
>>>>> Boolean $enable = true,
>>>>> ){
>>>>> if $enable {
>>>>> if $facts['os']['release']['major'] =~ /7/ {
>>>>> exec { 'grub2_ipv6_disable':
>>>>> command => '/usr/sbin/grubby --update-kernel=ALL
>>>>> --args=ipv6.disable=1',
>>>>> unless => '/usr/sbin/grubby --info=ALL | /usr/bin/grep ipv6'
>>>>> }
>>>>> } else {
>>>>> notice ('Assuming RHEL 6.x thus taking no action')
>>>>> }
>>>>> }
>>>>> }
>>>>>
>>>>> # pwd
>>>>> /etc/puppetlabs/code/environments/production/data
>>>>> # more nodes/lhcsrvprdidm02.fixnetix.com.yaml
>>>>> ---
>>>>> grubipv6disable::enable: false
>>>>>
>>>>> Seems hiera is not being read.
>>>>>
>>>>> Any further help you can provide would be appreciated
>>>>>
>>>>> Thanks,
>>>>> Dan.
>>>>> On Friday, September 18, 2020 at 12:43:26 PM UTC+1 Martin Alfke wrote:
>>>>>
>>>>>> Add a parameter to grubipv6disable class which controls the internal
>>>>>> behaviour.
>>>>>>
>>>>>> https://puppet.com/docs/puppet/6.17/lang_classes.html#class-parameters-and-variables
>>>>>>
>>>>>> e.g.
>>>>>>
>>>>>> # modules/grubipv6disable/manifests/init.pp
>>>>>> class grubipv6disable (
>>>>>> Boolean $enable = true,
>>>>>> ){
>>>>>> if $enable {
>>>>>> # add here the code from the class.
>>>>>> }
>>>>>> }
>>>>>>
>>>>>> Now you add hiera.yaml to your control-repo and add node specific
>>>>>> data.
>>>>>> https://puppet.com/docs/puppet/6.17/hiera_intro.html
>>>>>>
>>>>>> e.g.
>>>>>> data/nodes/<nodename>.yaml
>>>>>> ---
>>>>>> grubipv6disable::enable: false
>>>>>>
>>>>>> Hth,
>>>>>> Martin
>>>>>>
>>>>>>
>>>>>> On 17. Sep 2020, at 19:19, djc...@gmail.com <djc...@gmail.com> wrote:
>>>>>>
>>>>>> Hello experts,
>>>>>>
>>>>>> I apply all my current classes like so:
>>>>>>
>>>>>> # cat site.pp
>>>>>>
>>>>>> node default {
>>>>>> class { 'selinux':
>>>>>> mode => 'permissive',
>>>>>> type => 'targeted', }
>>>>>> class { 'commonpackages': }
>>>>>> class { 'polkit': }
>>>>>> class { 'libstoragemgmt': }
>>>>>> class { 'rngd': }
>>>>>> class { 'gssproxy': }
>>>>>> class { 'smartd': }
>>>>>> class { 'firewalld': }
>>>>>> class { 'grubipv6disable': }
>>>>>> class { 'grubrootpasswd': }
>>>>>> class { 'grubcrash': }
>>>>>> class { 'logrotate': }
>>>>>> class { 'htop': }
>>>>>> class { 'vim': }
>>>>>> class { 'yum': }
>>>>>> class { 'yumlocalrepo': }
>>>>>> class { 'sysctl': }
>>>>>> class { 'sysconfig': }
>>>>>> class { 'bashrc': }
>>>>>> class { 'vault': }
>>>>>> class { 'useradd': }
>>>>>> class { 'crontab': }
>>>>>> class { 'modprobe': }
>>>>>> class { 'rsyslogd': }
>>>>>> class { 'sudoers': }
>>>>>> class { 'motd': }
>>>>>> class { 'pam': }
>>>>>> class { 'issue': }
>>>>>> class { 'issuenet': }
>>>>>> class { 'limits': }
>>>>>> class { 'timezone': }
>>>>>> class { 'profiled': }
>>>>>> class { 'pulpconsumer': }
>>>>>> class { 'resolver': }
>>>>>> class { 'aide': }
>>>>>> class { 'autofs': }
>>>>>> class { 'vmtoolsd': }
>>>>>> class { 'ntpd': }
>>>>>> class { 'postfix': }
>>>>>> class { 'auditd': }
>>>>>> class { 'sshd': }
>>>>>> class { 'idmclient': }
>>>>>> }
>>>>>>
>>>>>> However, it's now become apparent that I need to exclude the
>>>>>> grubipv6disable from some nodes (all have idm0 in their hostname).
>>>>>>
>>>>>> What is the best way (or the less complicated) to achive this?
>>>>>>
>>>>>> Thanks in advance.
>>>>>> Dan.
>>>>>>
>>>>>> --
>>>>>> You received this message because you are subscribed to the Google
>>>>>> Groups "Puppet Users" group.
>>>>>> To unsubscribe from this group and stop receiving emails from it,
>>>>>> send an email to puppet-users...@googlegroups.com.
>>>>>> To view this discussion on the web visit
>>>>>> https://groups.google.com/d/msgid/puppet-users/e0226cb0-a8d9-4767-afa7-093c89358063n%40googlegroups.com
>>>>>>
>>>>>> <https://groups.google.com/d/msgid/puppet-users/e0226cb0-a8d9-4767-afa7-093c89358063n%40googlegroups.com?utm_medium=email&utm_source=footer>
>>>>>> .
>>>>>>
>>>>>>
>>>>> --
>>>>> You received this message because you are subscribed to the Google
>>>>> Groups "Puppet Users" group.
>>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>>> an email to puppet-users...@googlegroups.com.
>>>>>
>>>>> To view this discussion on the web visit
>>>>> https://groups.google.com/d/msgid/puppet-users/b168cfbc-a37a-4ecd-b394-223de8580440n%40googlegroups.com
>>>>>
>>>>> <https://groups.google.com/d/msgid/puppet-users/b168cfbc-a37a-4ecd-b394-223de8580440n%40googlegroups.com?utm_medium=email&utm_source=footer>
>>>>> .
>>>>>
>>>>>
>>>>>
>>>> --
>>>> You received this message because you are subscribed to the Google
>>>> Groups "Puppet Users" group.
>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>> an email to puppet-users...@googlegroups.com.
>>>>
>>>> To view this discussion on the web visit
>>>> https://groups.google.com/d/msgid/puppet-users/6ce33b24-d9e3-4c5d-bb9f-9295f900db36n%40googlegroups.com
>>>>
>>>> <https://groups.google.com/d/msgid/puppet-users/6ce33b24-d9e3-4c5d-bb9f-9295f900db36n%40googlegroups.com?utm_medium=email&utm_source=footer>
>>>> .
>>>>
>>>>
>>>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to puppet-users...@googlegroups.com.
>>
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/puppet-users/4dd65c40-7489-4c9e-81db-0c75f2a43cddn%40googlegroups.com
>>
>> <https://groups.google.com/d/msgid/puppet-users/4dd65c40-7489-4c9e-81db-0c75f2a43cddn%40googlegroups.com?utm_medium=email&utm_source=footer>
>> .
>>
>>
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users...@googlegroups.com.
>
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/a6ea6ef0-94a8-426c-9df8-34f102ef8b76n%40googlegroups.com
>
> <https://groups.google.com/d/msgid/puppet-users/a6ea6ef0-94a8-426c-9df8-34f102ef8b76n%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
>
>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/7d82ef09-ada0-4b07-a894-a7068b09c954n%40googlegroups.com.
