[Puppet Users] Puppet client is not applying changes
Hello all,
Been at this problem I have for nearly a week now and it's driving
crazy!!! I hope it's simply a case of someone with some fresh eyes taking
a look and showing me the error of my ways.
Before I continue with the Puppet deployment, for testing purposes, I just
want to create a single user namely djc72uk on a single server. The server
hostname is lhcadvdeveye05 and you can see below that it has successfully
generated a certificate:
# puppetserver ca list --all
Signed Certificates:
lhcadvdeveye05.x.com (SHA256)
F1:07:CD:17:8F:0B:B5:AF:79:8A:13:F3:BA:CA:90:1A:1D:67:2C:74:C2:7F:25:3B:88:E9:34:C5:FB:50:CD:7D
puppet.xx.com (SHA256)
7D:2E:79:6D:DE:97:A7:B0:5D:EB:48:37:3D:B1:0F:B2:C3:E1:7F:ED:70:D9:EC:2D:71:BE:53:4A:7C:9B:B6:81
alt names: ["DNS:puppet", "DNS:puppet.xx.com"]
I'm seeing the following output from the servers when I run the agent:
# puppet agent --no-daemonize --verbose --onetime
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Retrieving locales
Info: Caching catalog for lhcadvdeveye05.xx.com
Info: Applying configuration version '1569503223'
Notice: Applied catalog in 0.24 seconds
Looks all good here other than it's not applying the module I created
namely accounts (see below within the puppet environment).
Puppet Server Environment:
# puppet config print confdir
/etc/puppetlabs/puppet
# ll /etc/puppetlabs/puppet
total 48
drwxr-xr-x. 1 puppet puppet 4096 Sep 25 22:34 ./
drwxr-xr-x. 1 root root 4096 Sep 24 12:16 ../
-rw-r--r--. 1 puppet puppet 5487 Sep 23 22:22 auth.conf
-rw-r--r--. 1 puppet puppet 161 Sep 23 22:22 hiera.yaml
-rw-r--r--. 1 puppet puppet 697 Sep 25 22:34 puppet.conf
# more /etc/puppetlabs/puppet/puppet.conf
[master]
vardir = /opt/puppetlabs/server/data/puppetserver
logdir = /var/log/puppetlabs/puppetserver
rundir = /var/run/puppetlabs/puppetserver
pidfile = /var/run/puppetlabs/puppetserver/puppetserver.pid
codedir = /etc/puppetlabs/code
environmentpath = $codedir/environments
autosign = true
# puppet config print codedir
/etc/puppetlabs/code
# puppet config print environmentpath
/etc/puppetlabs/code/environments
# puppet config print modulepath
/etc/puppetlabs/code/environments/production/modules:/etc/puppetlabs/code/modules:/opt/puppetlabs/puppet/modules
# puppet module list --tree
/etc/puppetlabs/code/environments/production/modules
└── accounts (???)
/etc/puppetlabs/code/modules (no modules installed)
/opt/puppetlabs/puppet/modules (no modules installed)
# puppet config print manifest
/etc/puppetlabs/code/environments/production/manifests
# ls -lR /etc/puppetlabs/code
/etc/puppetlabs/code:
total 8
drwxr-xr-x. 3 root root 4096 Sep 25 21:02 environments
drwxr-xr-x. 2 root root 4096 Sep 25 21:02 modules
/etc/puppetlabs/code/environments:
total 4
drwxr-xr-x. 5 root root 4096 Sep 25 20:47 production
/etc/puppetlabs/code/environments/production:
total 20
-rw-r--r--. 1 root root 808 Sep 25 20:47 environment.conf
-rw-r--r--. 1 root root 518 Sep 17 22:22 hiera.yaml
drwxr-xr-x. 2 root root 4096 Sep 24 20:34 manifests
drwxr-xr-x. 3 root root 4096 Sep 24 19:57 modules
/etc/puppetlabs/code/environments/production/manifests:
total 4
-rw-r--r--. 1 root root 40 Sep 24 20:34 site.pp
/etc/puppetlabs/code/environments/production/modules:
total 4
drwxr-x---. 5 root root 4096 Sep 25 21:18 accounts
/etc/puppetlabs/code/environments/production/modules/accounts:
total 12
drwxr-x---. 2 root root 4096 Sep 24 20:38 manifests
/etc/puppetlabs/code/environments/production/modules/accounts/manifests:
total 8
-rw-r-. 1 root root 77 Sep 24 20:38 groups.pp
-rw-r-. 1 root root 224 Sep 24 20:01 init.pp
/etc/puppetlabs/code/modules:
total 0
# more /etc/puppetlabs/code/environments/production/manifests/site.pp
node 'default' {
include accounts
}
# more
/etc/puppetlabs/code/environments/production/modules/accounts/manifests/init.pp
class accounts {
include accounts::groups
user { 'djc72uk':
ensure => present,
home=> '/home/djc72uk',
shell => '/bin/bash',
managehome => true,
gid => 'djc72uk',
}
}
# more
/etc/puppetlabs/code/environments/production/modules/accounts/manifests/groups.pp
class accounts::groups {
group { 'djc72uk':
ensure => present,
}
}
Nothing complaining here:
# puppet parser validate
/etc/puppetlabs/code/environments/production/manifests/site.pp
# puppet parser validate
/etc/puppetlabs/code/environments/production/modules/accounts/manifests/init.pp
# puppet parser validate
/etc/puppetlabs/code/environments/production/modules/accounts/manifests/groups.pp
My gut feel is that the site.pp file is in the wrong place and therefore
not being read however, based on the above environment details, I'm
struggling to see how that's possible.
Any help will be appreciated here.
Many Thanks,
Dan.Hello all,
Been at this problem I have for nearly a week now and it's driving
craz
[Puppet Users] Puppet client is not applying changes
Hello all,
Been at this problem I have for nearly a week now and it's driving
crazy!!! I hope it's simply a case of someone with some fresh eyes taking
a look and showing me the error of my ways.
Before I continue with the Puppet deployment, for testing purposes, I just
want to create a single user namely djc72uk on a single server. The server
hostname is lhcadvdeveye05 and you can see below that it has successfully
generated a certificate:
# puppetserver ca list --all
Signed Certificates:
lhcadvdeveye05.x.com (SHA256)
F1:07:CD:17:8F:0B:B5:AF:79:8A:13:F3:BA:CA:90:1A:1D:67:2C:74:C2:7F:25:3B:88:E9:34:C5:FB:50:CD:7D
puppet.xx.com (SHA256)
7D:2E:79:6D:DE:97:A7:B0:5D:EB:48:37:3D:B1:0F:B2:C3:E1:7F:ED:70:D9:EC:2D:71:BE:53:4A:7C:9B:B6:81
alt names: ["DNS:puppet", "DNS:puppet.xx.com"]
I'm seeing the following output from the server when I run the agent:
# puppet agent --no-daemonize --verbose --onetime
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Retrieving locales
Info: Caching catalog for lhcadvdeveye05.xx.com
Info: Applying configuration version '1569503223'
Notice: Applied catalog in 0.24 seconds
Looks all good here other than it's not applying the module I created
namely accounts (see below within the puppet environment).
*Puppet Server Environment:*
# puppet config print confdir
/etc/puppetlabs/puppet
# ll /etc/puppetlabs/puppet
total 48
drwxr-xr-x. 1 puppet puppet 4096 Sep 25 22:34 ./
drwxr-xr-x. 1 root root 4096 Sep 24 12:16 ../
-rw-r--r--. 1 puppet puppet 5487 Sep 23 22:22 auth.conf
-rw-r--r--. 1 puppet puppet 161 Sep 23 22:22 hiera.yaml
-rw-r--r--. 1 puppet puppet 697 Sep 25 22:34 puppet.conf
# more /etc/puppetlabs/puppet/puppet.conf
[master]
vardir = /opt/puppetlabs/server/data/puppetserver
logdir = /var/log/puppetlabs/puppetserver
rundir = /var/run/puppetlabs/puppetserver
pidfile = /var/run/puppetlabs/puppetserver/puppetserver.pid
codedir = /etc/puppetlabs/code
environmentpath = $codedir/environments
autosign = true
# puppet config print codedir
/etc/puppetlabs/code
# puppet config print environmentpath
/etc/puppetlabs/code/environments
# puppet config print modulepath
/etc/puppetlabs/code/environments/production/modules:/etc/puppetlabs/code/modules:/opt/puppetlabs/puppet/modules
# puppet module list --tree
/etc/puppetlabs/code/environments/production/modules
└── accounts (???)
/etc/puppetlabs/code/modules (no modules installed)
/opt/puppetlabs/puppet/modules (no modules installed)
# puppet config print manifest
/etc/puppetlabs/code/environments/production/manifests
# ls -lR /etc/puppetlabs/code
/etc/puppetlabs/code:
total 8
drwxr-xr-x. 3 root root 4096 Sep 25 21:02 environments
drwxr-xr-x. 2 root root 4096 Sep 25 21:02 modules
/etc/puppetlabs/code/environments:
total 4
drwxr-xr-x. 5 root root 4096 Sep 25 20:47 production
/etc/puppetlabs/code/environments/production:
total 20
-rw-r--r--. 1 root root 808 Sep 25 20:47 environment.conf
-rw-r--r--. 1 root root 518 Sep 17 22:22 hiera.yaml
drwxr-xr-x. 2 root root 4096 Sep 24 20:34 manifests
drwxr-xr-x. 3 root root 4096 Sep 24 19:57 modules
/etc/puppetlabs/code/environments/production/manifests:
total 4
-rw-r--r--. 1 root root 40 Sep 24 20:34 site.pp
/etc/puppetlabs/code/environments/production/modules:
total 4
drwxr-x---. 5 root root 4096 Sep 25 21:18 accounts
/etc/puppetlabs/code/environments/production/modules/accounts:
total 12
drwxr-x---. 2 root root 4096 Sep 24 20:38 manifests
/etc/puppetlabs/code/environments/production/modules/accounts/manifests:
total 8
-rw-r-. 1 root root 77 Sep 24 20:38 groups.pp
-rw-r-. 1 root root 224 Sep 24 20:01 init.pp
/etc/puppetlabs/code/modules:
total 0
# more /etc/puppetlabs/code/environments/production/manifests/site.pp
node 'default' {
include accounts
}
# more
/etc/puppetlabs/code/environments/production/modules/accounts/manifests/init.pp
class accounts {
include accounts::groups
user { 'djc72uk':
ensure => present,
home=> '/home/djc72uk',
shell => '/bin/bash',
managehome => true,
gid => 'djc72uk',
}
}
# more
/etc/puppetlabs/code/environments/production/modules/accounts/manifests/groups.pp
class accounts::groups {
group { 'djc72uk':
ensure => present,
}
}
Nothing complaining here:
# puppet parser validate
/etc/puppetlabs/code/environments/production/manifests/site.pp
# puppet parser validate
/etc/puppetlabs/code/environments/production/modules/accounts/manifests/init.pp
# puppet parser validate
/etc/puppetlabs/code/environments/production/modules/accounts/manifests/groups.pp
My gut feel is that the site.pp file is in the wrong place and therefore
not being read however, based on the above environment details, I'm
struggling to see how that's possible.
Any help will be appreciated here.
Many Thanks,
Dan.
--
You received this message because you are subscribed to the Google Groups
"P
[Puppet Users] Puppet agent is not applying changes
Hello all,
Been at this problem I have for nearly a week now and it's driving
crazy!!! I hope it's simply a case of someone with some fresh eyes taking
a look and showing me the error of my ways.
Before I continue with the Puppet deployment, for testing purposes, I just
want to create a single user namely djc72uk on a single server. The
servers name is lhcadvdeveye05 and you can see below that it has
successfully generated a certificate:
# puppetserver ca list --all
Signed Certificates:
lhcadvdeveye05.x.com (SHA256)
F1:07:CD:17:8F:0B:B5:AF:79:8A:13:F3:BA:CA:90:1A:1D:67:2C:74:C2:7F:25:3B:88:E9:34:C5:FB:50:CD:7D
puppet.fixnetix.com (SHA256)
7D:2E:79:6D:DE:97:A7:B0:5D:EB:48:37:3D:B1:0F:B2:C3:E1:7F:ED:70:D9:EC:2D:71:BE:53:4A:7C:9B:B6:81
alt names: ["DNS:puppet", "DNS:puppet.xx.com"]
I'm seeing the following output from the servers when I run the agent:
# puppet agent --no-daemonize --verbose --onetime
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Retrieving locales
Info: Caching catalog for lhcadvdeveye05.xx.com
Info: Applying configuration version '1569503223'
Notice: Applied catalog in 0.24 seconds
Looks all good here other than it's not applying the module I created
namely accounts (see below within the puppet environment).
*Puppet Server Environment*:
# puppet config print confdir
/etc/puppetlabs/puppet
# ll /etc/puppetlabs/puppet
total 48
drwxr-xr-x. 1 puppet puppet 4096 Sep 25 22:34 ./
drwxr-xr-x. 1 root root 4096 Sep 24 12:16 ../
-rw-r--r--. 1 puppet puppet 5487 Sep 23 22:22 auth.conf
-rw-r--r--. 1 puppet puppet 161 Sep 23 22:22 hiera.yaml
-rw-r--r--. 1 puppet puppet 697 Sep 25 22:34 puppet.conf
# more /etc/puppetlabs/puppet/puppet.conf
[master]
vardir = /opt/puppetlabs/server/data/puppetserver
logdir = /var/log/puppetlabs/puppetserver
rundir = /var/run/puppetlabs/puppetserver
pidfile = /var/run/puppetlabs/puppetserver/puppetserver.pid
codedir = /etc/puppetlabs/code
environmentpath = $codedir/environments
autosign = true
# puppet config print codedir
/etc/puppetlabs/code
# puppet config print environmentpath
/etc/puppetlabs/code/environments
# puppet config print modulepath
/etc/puppetlabs/code/environments/production/modules:/etc/puppetlabs/code/modules:/opt/puppetlabs/puppet/modules
# puppet module list --tree
/etc/puppetlabs/code/environments/production/modules
└── accounts (???)
/etc/puppetlabs/code/modules (no modules installed)
/opt/puppetlabs/puppet/modules (no modules installed)
# puppet config print manifest
/etc/puppetlabs/code/environments/production/manifests
# ls -lR /etc/puppetlabs/code
/etc/puppetlabs/code:
total 8
drwxr-xr-x. 3 root root 4096 Sep 25 21:02 environments
drwxr-xr-x. 2 root root 4096 Sep 25 21:02 modules
/etc/puppetlabs/code/environments:
total 4
drwxr-xr-x. 5 root root 4096 Sep 25 20:47 production
/etc/puppetlabs/code/environments/production:
total 20
-rw-r--r--. 1 root root 808 Sep 25 20:47 environment.conf
-rw-r--r--. 1 root root 518 Sep 17 22:22 hiera.yaml
drwxr-xr-x. 2 root root 4096 Sep 24 20:34 manifests
drwxr-xr-x. 3 root root 4096 Sep 24 19:57 modules
/etc/puppetlabs/code/environments/production/manifests:
total 4
-rw-r--r--. 1 root root 40 Sep 24 20:34 site.pp
/etc/puppetlabs/code/environments/production/modules:
total 4
drwxr-x---. 5 root root 4096 Sep 25 21:18 accounts
/etc/puppetlabs/code/environments/production/modules/accounts:
total 12
drwxr-x---. 2 root root 4096 Sep 24 20:38 manifests
/etc/puppetlabs/code/environments/production/modules/accounts/manifests:
total 8
-rw-r-. 1 root root 77 Sep 24 20:38 groups.pp
-rw-r-. 1 root root 224 Sep 24 20:01 init.pp
/etc/puppetlabs/code/modules:
total 0
# more /etc/puppetlabs/code/environments/production/manifests/site.pp
node 'default' {
include accounts
}
# more
/etc/puppetlabs/code/environments/production/modules/accounts/manifests/init.pp
class accounts {
include accounts::groups
user { 'djc72uk':
ensure => present,
home=> '/home/djc72uk',
shell => '/bin/bash',
managehome => true,
gid => 'djc72uk',
}
}
# more
/etc/puppetlabs/code/environments/production/modules/accounts/manifests/groups.pp
class accounts::groups {
group { 'djc72uk':
ensure => present,
}
}
My gut feel is that the site.pp file is in the wrong place and therefore
not being read however, based on the above environment details, I'm
struggling to see how that's possible.
Any help will be appreciated here.
Many Thanks,
Dan,
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/34731f49-113f-4529-989d-18dd1dbe8e3d%40googlegroups.com.
Re: [Puppet Users] Puppet agent is not applying changes
Hello Josh, Thanks for the reply. Still no luck I'm afraid after changing what you suggested. I even changed node to be fqdn (quoted & unquoted) and that didn't work either. Which again makes me think, for some reason, it's not being read due to perhaps being the the wrong place. Thanks, Dan. On Thursday, September 26, 2019 at 7:13:48 PM UTC+1, Josh Cooper wrote: > > Hi Dan, > > I think the problem is that default should not be quoted (see > https://puppet.com/docs/puppet/latest/lang_node_definitions.html#syntax): > > If you do node "default", then puppet will only apply the class if the > node's fqdn is "default". > > Josh > > On Thu, Sep 26, 2019 at 9:55 AM Dan Crisp > > wrote: > >> Hello all, >> >> Been at this problem I have for nearly a week now and it's driving >> crazy!!! I hope it's simply a case of someone with some fresh eyes taking >> a look and showing me the error of my ways. >> >> Before I continue with the Puppet deployment, for testing purposes, I >> just want to create a single user namely djc72uk on a single server. The >> servers name is lhcadvdeveye05 and you can see below that it has >> successfully generated a certificate: >> >> # puppetserver ca list --all >> Signed Certificates: >> lhcadvdeveye05.x.com (SHA256) >> F1:07:CD:17:8F:0B:B5:AF:79:8A:13:F3:BA:CA:90:1A:1D:67:2C:74:C2:7F:25:3B:88:E9:34:C5:FB:50:CD:7D >> puppet.fixnetix.com (SHA256) >> 7D:2E:79:6D:DE:97:A7:B0:5D:EB:48:37:3D:B1:0F:B2:C3:E1:7F:ED:70:D9:EC:2D:71:BE:53:4A:7C:9B:B6:81 >> >> alt names: ["DNS:puppet", "DNS:puppet.xx.com"] >> >> I'm seeing the following output from the servers when I run the agent: >> >> # puppet agent --no-daemonize --verbose --onetime >> Info: Using configured environment 'production' >> Info: Retrieving pluginfacts >> Info: Retrieving plugin >> Info: Retrieving locales >> Info: Caching catalog for lhcadvdeveye05.xx.com >> Info: Applying configuration version '1569503223' >> Notice: Applied catalog in 0.24 seconds >> >> Looks all good here other than it's not applying the module I created >> namely accounts (see below within the puppet environment). >> >> *Puppet Server Environment*: >> >> # puppet config print confdir >> /etc/puppetlabs/puppet >> >> # ll /etc/puppetlabs/puppet >> total 48 >> drwxr-xr-x. 1 puppet puppet 4096 Sep 25 22:34 ./ >> drwxr-xr-x. 1 root root 4096 Sep 24 12:16 ../ >> -rw-r--r--. 1 puppet puppet 5487 Sep 23 22:22 auth.conf >> -rw-r--r--. 1 puppet puppet 161 Sep 23 22:22 hiera.yaml >> -rw-r--r--. 1 puppet puppet 697 Sep 25 22:34 puppet.conf >> >> # more /etc/puppetlabs/puppet/puppet.conf >> [master] >> vardir = /opt/puppetlabs/server/data/puppetserver >> logdir = /var/log/puppetlabs/puppetserver >> rundir = /var/run/puppetlabs/puppetserver >> pidfile = /var/run/puppetlabs/puppetserver/puppetserver.pid >> codedir = /etc/puppetlabs/code >> environmentpath = $codedir/environments >> autosign = true >> >> # puppet config print codedir >> /etc/puppetlabs/code >> >> # puppet config print environmentpath >> /etc/puppetlabs/code/environments >> >> # puppet config print modulepath >> >> /etc/puppetlabs/code/environments/production/modules:/etc/puppetlabs/code/modules:/opt/puppetlabs/puppet/modules >> >> # puppet module list --tree >> /etc/puppetlabs/code/environments/production/modules >> └── accounts (???) >> /etc/puppetlabs/code/modules (no modules installed) >> /opt/puppetlabs/puppet/modules (no modules installed) >> >> # puppet config print manifest >> /etc/puppetlabs/code/environments/production/manifests >> >> # ls -lR /etc/puppetlabs/code >> /etc/puppetlabs/code: >> total 8 >> drwxr-xr-x. 3 root root 4096 Sep 25 21:02 environments >> drwxr-xr-x. 2 root root 4096 Sep 25 21:02 modules >> >> /etc/puppetlabs/code/environments: >> total 4 >> drwxr-xr-x. 5 root root 4096 Sep 25 20:47 production >> >> /etc/puppetlabs/code/environments/production: >> total 20 >> -rw-r--r--. 1 root root 808 Sep 25 20:47 environment.conf >> -rw-r--r--. 1 root root 518 Sep 17 22:22 hiera.yaml >> drwxr-xr-x. 2 root root 4096 Sep 24 20:34 manifests >> drwxr-xr-x. 3 root root 4096 Sep 24 19:57 modules >> >> >> /etc/puppetlabs/code/environments/production/manifests: >> total 4 >> -rw-r--r--. 1 root root 40 Sep 24 20:34
Re: [Puppet Users] Puppet agent is not applying changes
Thank you Dirk. However the same issue persists. I even intentionally
updated the site.pp with invalid syntax hoping that consequently, the agent
run would fail and through a error. The site.pp was updated like so:
node default {}
include accounts
}
}
Agent still runs:
# puppet agent --no-daemonize --verbose --onetime
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Retrieving locales
Info: Caching catalog for lhcadvdeveye05.xxx.com
Info: Applying configuration version '1569503223'
Notice: Applied catalog in 0.15 seconds
On Friday, September 27, 2019 at 10:22:56 AM UTC+1, Dirk Heinrichs wrote:
>
> Am Donnerstag, den 26.09.2019, 06:20 -0700 schrieb Dan Crisp:
>
> node 'default' {
>
>
> Should be "node default {"
>
> HTH...
>
> Dirk
>
> --
>
> *Dirk Heinrichs*
> Senior Systems Engineer, Delivery Pipeline
> OpenText ™ Discovery | Recommind
> *Phone*: +49 2226 15966 18
> *Email*: dhei...@opentext.com
> *Website*: www.recommind.de
> Recommind GmbH, Von-Liebig-Straße 1, 53359 Rheinbach
> Vertretungsberechtigte Geschäftsführer Gordon Davies, Madhu Ranganathan,
> Christian Waida, Registergericht Amtsgericht Bonn, Registernummer HRB 10646
> This e-mail may contain confidential and/or privileged information. If you
> are not the intended recipient (or have received this e-mail in error)
> please notify the sender immediately and destroy this e-mail. Any
> unauthorized copying, disclosure or distribution of the material in this
> e-mail is strictly forbidden
> Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte
> Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail
> irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und
> vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte
> Weitergabe dieser Mail sind nicht gestattet.
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/4995e256-5300-49a7-bebc-1629b7c3f20a%40googlegroups.com.
Re: [EXTERNAL] - [Puppet Users] Puppet agent is not applying changes
This file does nothing. All the lines therein are commented out. In fact, I have in the past moved this file out of the way then put it back just to rule out it was doing anything weird. Dan. On Friday, September 27, 2019 at 10:58:49 AM UTC+1, Dirk Heinrichs wrote: > > Am Donnerstag, den 26.09.2019, 06:20 -0700 schrieb Dan Crisp: > > /etc/puppetlabs/code/environments/production: > total 20 > -rw-r--r--. 1 root root 808 Sep 25 20:47 environment.conf > > > What does this one contain? I don't have these in my environments. > > Bye... > > Dirk > > -- > > *Dirk Heinrichs* > Senior Systems Engineer, Delivery Pipeline > OpenText ™ Discovery | Recommind > *Phone*: +49 2226 15966 18 > *Email*: dhei...@opentext.com > *Website*: www.recommind.de > Recommind GmbH, Von-Liebig-Straße 1, 53359 Rheinbach > Vertretungsberechtigte Geschäftsführer Gordon Davies, Madhu Ranganathan, > Christian Waida, Registergericht Amtsgericht Bonn, Registernummer HRB 10646 > This e-mail may contain confidential and/or privileged information. If you > are not the intended recipient (or have received this e-mail in error) > please notify the sender immediately and destroy this e-mail. Any > unauthorized copying, disclosure or distribution of the material in this > e-mail is strictly forbidden > Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte > Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail > irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und > vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte > Weitergabe dieser Mail sind nicht gestattet. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/d431a657-2a6c-4c19-9eb1-46298447d025%40googlegroups.com.
Re: [EXTERNAL] - [Puppet Users] Puppet agent is not applying changes
s/puppet/ssl/private_keys/lhcadvdeveye05.fixnetix.com.pem]{:path=>"/etc/puppetlabs/puppet/ssl/private_keys/lhcadvdeveye05.fixnetix.com.pem",
:mode=>"640", :owner=>"root", :ensure=>:file, :loglevel=>:debug,
:links=>:follow, :backup=>false}'
Debug: Using settings: adding file resource 'localcacert':
'File[/etc/puppetlabs/puppet/ssl/certs/ca.pem]{:path=>"/etc/puppetlabs/puppet/ssl/certs/ca.pem",
:mode=>"644", :owner=>"root", :ensure=>:file, :loglevel=>:debug,
:links=>:follow, :backup=>false}'
Debug: Using settings: adding file resource 'hostcrl':
'File[/etc/puppetlabs/puppet/ssl/crl.pem]{:path=>"/etc/puppetlabs/puppet/ssl/crl.pem",
:mode=>"644", :owner=>"root", :ensure=>:file, :loglevel=>:debug,
:links=>:follow, :backup=>false}'
Debug: Using settings: adding file resource 'statefile':
'File[/opt/puppetlabs/puppet/cache/state/state.yaml]{:path=>"/opt/puppetlabs/puppet/cache/state/state.yaml",
:mode=>"660", :ensure=>:file, :loglevel=>:debug, :links=>:follow,
:backup=>false}'
Debug: Using settings: adding file resource 'transactionstorefile':
'File[/opt/puppetlabs/puppet/cache/state/transactionstore.yaml]{:path=>"/opt/puppetlabs/puppet/cache/state/transactionstore.yaml",
:mode=>"660", :ensure=>:file, :loglevel=>:debug, :links=>:follow,
:backup=>false}'
Debug: Using settings: adding file resource 'clientyamldir':
'File[/opt/puppetlabs/puppet/cache/client_yaml]{:path=>"/opt/puppetlabs/puppet/cache/client_yaml",
:mode=>"750", :ensure=>:directory, :loglevel=>:debug, :links=>:follow,
:backup=>false}'
Debug: Using settings: adding file resource 'client_datadir':
'File[/opt/puppetlabs/puppet/cache/client_data]{:path=>"/opt/puppetlabs/puppet/cache/client_data",
:mode=>"750", :ensure=>:directory, :loglevel=>:debug, :links=>:follow,
:backup=>false}'
Debug: Using settings: adding file resource 'classfile':
'File[/opt/puppetlabs/puppet/cache/state/classes.txt]{:path=>"/opt/puppetlabs/puppet/cache/state/classes.txt",
:mode=>"640", :owner=>"root", :ensure=>:file, :loglevel=>:debug,
:links=>:follow, :backup=>false}'
Debug: Using settings: adding file resource 'resourcefile':
'File[/opt/puppetlabs/puppet/cache/state/resources.txt]{:path=>"/opt/puppetlabs/puppet/cache/state/resources.txt",
:mode=>"640", :owner=>"root", :ensure=>:file, :loglevel=>:debug,
:links=>:follow, :backup=>false}'
Debug: Using settings: adding file resource 'deviceconfdir':
'File[/etc/puppetlabs/puppet/devices]{:path=>"/etc/puppetlabs/puppet/devices",
:mode=>"750", :owner=>"root", :ensure=>:directory, :loglevel=>:debug,
:links=>:follow, :backup=>false}'
Debug: Using settings: adding file resource 'clientbucketdir':
'File[/opt/puppetlabs/puppet/cache/clientbucket]{:path=>"/opt/puppetlabs/puppet/cache/clientbucket",
:mode=>"750", :ensure=>:directory, :loglevel=>:debug, :links=>:follow,
:backup=>false}'
Debug: Using settings: adding file resource 'lastrunfile':
'File[/opt/puppetlabs/puppet/cache/state/last_run_summary.yaml]{:path=>"/opt/puppetlabs/puppet/cache/state/last_run_summary.yaml",
:mode=>"644", :ensure=>:file, :loglevel=>:debug, :links=>:follow,
:backup=>false}'
Debug: Using settings: adding file resource 'lastrunreport':
'File[/opt/puppetlabs/puppet/cache/state/last_run_report.yaml]{:path=>"/opt/puppetlabs/puppet/cache/state/last_run_report.yaml",
:mode=>"640", :ensure=>:file, :loglevel=>:debug, :links=>:follow,
:backup=>false}'
Debug: Using settings: adding file resource 'graphdir':
'File[/opt/puppetlabs/puppet/cache/state/graphs]{:path=>"/opt/puppetlabs/puppet/cache/state/graphs",
:ensure=>:directory, :loglevel=>:debug, :links=>:follow, :backup=>false}'
Debug: Using settings: adding file resource 'pluginfactdest':
'File[/opt/puppetlabs/puppet/cache/facts.d]{:path=>"/opt/puppetlabs/puppet/cache/facts.d",
:ensure=>:directory, :loglevel=>:debug, :links=>:follow, :backup=>false}'
Debug: Using settings: adding file resource 'localedest':
'File[/opt/puppetlabs/puppet/cache/locales]{:path=>"/opt/puppetlabs/puppet/cache/locales",
:ensure=>:directory, :loglevel=>:debug, :links=
Re: [Puppet Users] Puppet agent is not applying changes
No. I only have /etc/puppetlabs/code/environments/production/manifests/site.pp On Friday, September 27, 2019 at 1:03:20 PM UTC+1, Dirk Heinrichs wrote: > > Am Freitag, den 27.09.2019, 11:50 + schrieb Dirk Heinrichs: > > Am Freitag, den 27.09.2019, 03:43 -0700 schrieb Dan Crisp: > > This file does nothing. All the lines therein are commented out. In > fact, I have in the past moved this file out of the way then put it back > just to rule out it was doing anything weird. > > > OK, just wanted to make sure it doesn't contain any strange configuration > for that environment. Not sure what else could be the problem. Could you > run the agent with --debug and post the relevant lines involving your user > resource (if any)? > > > Oh, and do you, by chance, have a file > /etc/puppetlabs/code/manifests/site.pp? Mine has just the following content > (might as well be empty): > > # site.pp must exist (puppet #15106, foreman #1708) > > Bye... > > Dirk > > -- > > *Dirk Heinrichs* > Senior Systems Engineer, Delivery Pipeline > OpenText ™ Discovery | Recommind > *Phone*: +49 2226 15966 18 > *Email*: dhei...@opentext.com > *Website*: www.recommind.de > Recommind GmbH, Von-Liebig-Straße 1, 53359 Rheinbach > Vertretungsberechtigte Geschäftsführer Gordon Davies, Madhu Ranganathan, > Christian Waida, Registergericht Amtsgericht Bonn, Registernummer HRB 10646 > This e-mail may contain confidential and/or privileged information. If you > are not the intended recipient (or have received this e-mail in error) > please notify the sender immediately and destroy this e-mail. Any > unauthorized copying, disclosure or distribution of the material in this > e-mail is strictly forbidden > Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte > Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail > irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und > vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte > Weitergabe dieser Mail sind nicht gestattet. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/4a476fc2-2daf-493f-9767-dee4bcb70576%40googlegroups.com.
Re: [EXTERNAL] - [Puppet Users] Puppet agent is not applying changes
Thanks for the reply John,
The issue still persists unfortunately.
I've ensured that Selinux isn't enforcing on both the server side and
client and then restarted the Puppet service on the master server. The
server logs whilst running the agent read as follows:
10.20.25.83 - - - 27/Sep/2019:16:06:43 + "GET
/puppet/v3/node/lhcadvdeveye05.fixnetix.com?environment=production&transaction_uuid=4d2c88b1-2aec-45a5-bc7e-407c2ad8229e&fail_on_404=true
HTTP/1.1" 200 13535 10.20.25.83 10.20.25.83 8140 109
10.20.25.83 - - - 27/Sep/2019:16:06:43 + "GET
/puppet/v3/file_metadatas/pluginfacts?environment=production&links=follow&recurse=true&source_permissions=use&ignore=.svn&ignore=CVS&ignore=.git&ignore=.hg&checksum_type=md5
HTTP/1.1" 200 220 10.20.25.83 10.20.25.83 8140 25
10.20.25.83 - - - 27/Sep/2019:16:06:43 + "GET
/puppet/v3/file_metadatas/plugins?environment=production&links=follow&recurse=true&source_permissions=ignore&ignore=.svn&ignore=CVS&ignore=.git&ignore=.hg&checksum_type=md5
HTTP/1.1" 200 224 10.20.25.83 10.20.25.83 8140 16
10.20.25.83 - - - 27/Sep/2019:16:06:44 + "GET
/puppet/v3/file_metadatas/locales?environment=production&links=follow&recurse=true&source_permissions=ignore&ignore=.svn&ignore=CVS&ignore=.git&ignore=.hg&ignore=%2A.pot&ignore=config.yaml&checksum_type=md5
HTTP/1.1" 200 224 10.20.25.83 10.20.25.83 8140 20
2019-09-27 16:06:44,620 INFO [puppetserver] Puppet Compiled catalog for
lhcadvdeveye05.fixnetix.com in environment production in 0.10 seconds
10.20.25.83 - - - 27/Sep/2019:16:06:44 + "POST
/puppet/v3/catalog/lhcadvdeveye05.fixnetix.com?environment=production
HTTP/1.1" 200 612 10.20.25.83 10.20.25.83 8140 249
10.20.25.83 - - - 27/Sep/2019:16:06:45 + "PUT
/puppet/v3/report/lhcadvdeveye05.fixnetix.com?environment=production&
HTTP/1.1" 200 9 10.20.25.83 10.20.25.83 8140 92
Unfortunately, I don't see anything untoward here nor anything helpful that
contributes to resolving the issue.
Thanks,
Dan.
On Friday, September 27, 2019 at 2:21:32 PM UTC+1, jcbollinger wrote:
>
>
>
> On Friday, September 27, 2019 at 7:20:51 AM UTC-5, Dan Crisp wrote:
>>
>> Please see below. Apologies, there is a lot of detail here:
>>
>> Debug: Using settings: adding file resource 'confdir':
>> 'File[/etc/puppetlabs/puppet]{:path=>"/etc/puppetlabs/puppet",
>> :ensure=>:directory, :loglevel=>:debug, :links=>:follow, :backup=>false}'
>>
>
> [...]
>
> If the (elided) log messages presented were *all* the log messages
> emitted, then they depict the agent applying an empty catalog, which is of
> course consistent with not changing anything. All the resources shown are
> generated locally by the agent. You should be able to confirm that by
> looking at the catalog itself, which you will find, by default, in a file
> in /opt/puppetlabs/puppet/cache/client_data/catalog.
>
> If you're making changes to your manifest set but not seeing any effect at
> the agent then there are several possibilities, but the most likely issue
> is server-side caching. Before tweaking the cache configuration, however,
> the easiest way to test this hypothesis is to flush the cache by restarting
> the puppetserver service on the master. (That's not the only way, but it's
> quick and easy, and you don't need to learn anything new to do it.)
>
> If that indeed solves the problem then you'll want to adjust the
> environment_timeout
> <https://puppet.com/docs/puppet/latest/configuration.html#environmenttimeout>
> configuration setting on the master. For the time being, I would suggest
> setting it to 0 to disable caching altogether. This is also supposed to be
> the default if the setting is not explicitly specified, however.
>
> ---
>
> If that doesn't turn out to be the issue, then do have a look at the
> master's logs. You should confirm that it is logging catalog requests from
> the agent in question (else they must be going to a different master), and
> you should look for any messages providing a clue about the issue. It may
> be helpful to turn up puppetserver's log level to get more detailed
> information.
>
> If that's also unavailing then my last suggestion would be to confirm that
> the puppetserver process can successfully access everything in the
> environment directory. Check file ownership, mode, ACLs, SELinux context,
> and anything else that affects whether the puppetserver can read the files
> and traverse (all) the directories. I would pay special attention to your
> one manifest file, because that's the most likely one to be messed up in
> this regard.
>
>
> John
>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/558c4849-87b4-41d9-b5a7-97e3e7e0896c%40googlegroups.com.
Re: [EXTERNAL] - [Puppet Users] Puppet agent is not applying changes
Thanks to all that contributed. I managed to solve the issue. Transpires
that the permissions on the files and directories (0644 for the most part)
was not sufficient. I had to ensure that all files in question had 0644
and directories at 0755 permissions set to get this to work. A simple
permission denied error somewhere among the logs would of been helpful!!
Thanks again,
Dan.
On Sunday, September 29, 2019 at 9:19:13 PM UTC+1, Andreas Ntaflos wrote:
>
> On 28.09.19 12:15, Martin Alfke wrote:
> > Hi Dirk,
> >
> > you are including class accounts within node default classification.
> > The accounts module does not do anything unless you add data to it.
> >
> > Please look at https://github.com/puppetlabs/puppetlabs-accounts and
> check if the following example is working:
>
> It doesn't look like Dan is using the puppetlabs-accounts module. His
> accounts module just creates a user and a group (copy/pasting the code
> from the initial post):
>
> # more
> /etc/puppetlabs/code/environments/production/modules/accounts/manifests/init.pp
>
>
> class accounts {
>
> include accounts::groups
>
> user { 'djc72uk':
> ensure => present,
> home=> '/home/djc72uk',
> shell => '/bin/bash',
> managehome => true,
> gid => 'djc72uk',
> }
>
> }
>
> # more
> /etc/puppetlabs/code/environments/production/modules/accounts/manifests/groups.pp
>
>
> class accounts::groups {
>
> group { 'djc72uk':
> ensure => present,
> }
> }
>
> Andreas
>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/afc42c9d-0604-4cfc-86eb-356ea9619594%40googlegroups.com.
Re: [EXTERNAL] - [Puppet Users] Puppet agent is not applying changes
Thanks to all that contributed. I managed to solve the issue. Transpires
that the permissions on the files and directories (0640 for the most part)
was not sufficient. I had to ensure that all files in question had 0644
and directories at 0755 permissions set to get this to work. A simple
permission denied error somewhere among the logs would of been helpful!!
Thanks again,
Dan.
On Sunday, September 29, 2019 at 9:19:13 PM UTC+1, Andreas Ntaflos wrote:
>
> On 28.09.19 12:15, Martin Alfke wrote:
> > Hi Dirk,
> >
> > you are including class accounts within node default classification.
> > The accounts module does not do anything unless you add data to it.
> >
> > Please look at https://github.com/puppetlabs/puppetlabs-accounts and
> check if the following example is working:
>
> It doesn't look like Dan is using the puppetlabs-accounts module. His
> accounts module just creates a user and a group (copy/pasting the code
> from the initial post):
>
> # more
> /etc/puppetlabs/code/environments/production/modules/accounts/manifests/init.pp
>
>
> class accounts {
>
> include accounts::groups
>
> user { 'djc72uk':
> ensure => present,
> home=> '/home/djc72uk',
> shell => '/bin/bash',
> managehome => true,
> gid => 'djc72uk',
> }
>
> }
>
> # more
> /etc/puppetlabs/code/environments/production/modules/accounts/manifests/groups.pp
>
>
> class accounts::groups {
>
> group { 'djc72uk':
> ensure => present,
> }
> }
>
> Andreas
>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/4a709aee-0057-4498-92f8-7b24ec4a31b4%40googlegroups.com.
[Puppet Users] Puppet Template for Multiple OS
Hello all, I’m not sure what I’m attempting can be best accomplished via a template so please do correct me if there is better/simpler method. On our servers within the SSH configuration, we have/need the following line: ListenAddress x.x.x.x This is standard for all our servers regardless of OS release. I know that I can achieve this via a template by declaring the following therein: ListenAddress <%= @ipaddress_eth0 %> I then need to include some additional lines that are OS release specific i.e.: AuthorizedKeysCommandUser root Can this be achieved via a single template via some conditional declarations? If this is at all possible then any help and/or experiences to something similar to this will be greatly appreciated. Thanks, Dan. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/7909dc37-4299-4820-9094-107207752c41%40googlegroups.com.
[Puppet Users] Puppetforge Selinux Module Not Working
Hello all,
I've download the selinux module from Puppet forge:
puppet module list
/etc/puppetlabs/code/environments/production/modules
└── fixnetix-base (v0.1.0)
/etc/puppetlabs/code/modules
├── *puppetlabs-selinux_core (v1.0.2)*
└── puppetlabs-stdlib (v6.1.0)
/opt/puppetlabs/puppet/modules (no modules installed)
# ll /etc/puppetlabs/code/modules
total 16
drwxr-xr-x. 4 root root 4096 Oct 3 15:38 ./
drwxr-xr-x. 4 root root 4096 Oct 4 12:29 ../
drwxr-xr-x. 6 root root 4096 Aug 14 07:55 selinux/
drwxr-xr-x. 10 root root 4096 Sep 26 16:17 stdlib/
I created a manifest like so:
# cat
/etc/puppetlabs/code/environments/production/modules/base/manifests/selinux.pp
class base::selinux {
class { selinux:
mode => 'permissive',
type => 'targeted',
}
}
Perms etc. all look good:
# ll /etc/puppetlabs/code/environments/production/modules
total 16
drwxr-xr-x. 4 root root 4096 Oct 4 11:48 ./
drwxr-xr-x. 5 root root 4096 Sep 27 10:40 ../
drwxr-xr-x. 10 root root 4096 Oct 4 11:48 base/
# ll
/etc/puppetlabs/code/environments/production/modules/base/manifests/selinux.pp
-rw-r--r--. 1 root root 242 Oct 7 13:47
/etc/puppetlabs/code/environments/production/modules/base/manifests/selinux.pp
However, the agent is failing:
# puppet agent --no-daemonize --verbose --onetime
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Retrieving locales
Info: Loading facts
Error: Could not retrieve catalog from remote server: Error 500 on SERVER:
Server Error: Evaluation Error: Error while evaluating a Resource
Statement, Could not find declared class selinux (file:
/etc/puppetlabs/code/environments/production/modules/base/manifests/selinux.pp,
line: 9, column: 5) on node lhcadvdeveye05.com
Info: Using cached catalog from environment 'production'
Info: Applying configuration version '1570455621'
Notice: Applied catalog in 1.22 seconds
Any help here would be appreciated.
Thanks,
Dan.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/cb7dd9d8-d0ac-41ba-bfa8-d3316259bc2d%40googlegroups.com.
Re: [Puppet Users] Puppetforge Selinux Module Not Working
Hello Becca,
Thanks for the reply.
Refer here to what I'm attempting to achieve:
https://forge.puppet.com/puppet/selinux
At this point, I simply want to put Selinux into the permissive state. I'm
not yet in the position to start managing Selinux content etc. via the link
you provided.
Thanks,
Dan.
On Monday, October 7, 2019 at 8:43:33 PM UTC+1, Becca Robinson wrote:
>
> I do not see examples of that use case in the docs.
> Please review https://forge.puppet.com/puppetlabs/selinux_core to
> validate your code against examples.
>
> --
> *Becca Robinson*
>
>
> On Oct 7, 2019, at 6:58 AM, Dan Crisp >
> wrote:
>
> Hello all,
>
> I've download the selinux module from Puppet forge:
>
> puppet module list
> /etc/puppetlabs/code/environments/production/modules
> └── fixnetix-base (v0.1.0)
> /etc/puppetlabs/code/modules
> ├── *puppetlabs-selinux_core (v1.0.2)*
> └── puppetlabs-stdlib (v6.1.0)
> /opt/puppetlabs/puppet/modules (no modules installed)
>
>
> # ll /etc/puppetlabs/code/modules
> total 16
> drwxr-xr-x. 4 root root 4096 Oct 3 15:38 ./
> drwxr-xr-x. 4 root root 4096 Oct 4 12:29 ../
> drwxr-xr-x. 6 root root 4096 Aug 14 07:55 selinux/
> drwxr-xr-x. 10 root root 4096 Sep 26 16:17 stdlib/
>
> I created a manifest like so:
>
> # cat
> /etc/puppetlabs/code/environments/production/modules/base/manifests/selinux.pp
> class base::selinux {
>
> class { selinux:
> mode => 'permissive',
> type => 'targeted',
> }
>
> }
>
>
> Perms etc. all look good:
>
> # ll /etc/puppetlabs/code/environments/production/modules
> total 16
> drwxr-xr-x. 4 root root 4096 Oct 4 11:48 ./
> drwxr-xr-x. 5 root root 4096 Sep 27 10:40 ../
> drwxr-xr-x. 10 root root 4096 Oct 4 11:48 base/
>
>
> # ll
> /etc/puppetlabs/code/environments/production/modules/base/manifests/selinux.pp
> -rw-r--r--. 1 root root 242 Oct 7 13:47
> /etc/puppetlabs/code/environments/production/modules/base/manifests/selinux.pp
>
> However, the agent is failing:
>
> # puppet agent --no-daemonize --verbose --onetime
> Info: Using configured environment 'production'
> Info: Retrieving pluginfacts
> Info: Retrieving plugin
> Info: Retrieving locales
> Info: Loading facts
> Error: Could not retrieve catalog from remote server: Error 500 on SERVER:
> Server Error: Evaluation Error: Error while evaluating a Resource
> Statement, Could not find declared class selinux (file:
> /etc/puppetlabs/code/environments/production/modules/base/manifests/selinux.pp,
>
> line: 9, column: 5) on node lhcadvdeveye05.com
> Info: Using cached catalog from environment 'production'
> Info: Applying configuration version '1570455621'
> Notice: Applied catalog in 1.22 seconds
>
> Any help here would be appreciated.
>
> Thanks,
> Dan.
>
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet...@googlegroups.com .
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/cb7dd9d8-d0ac-41ba-bfa8-d3316259bc2d%40googlegroups.com
>
> <https://groups.google.com/d/msgid/puppet-users/cb7dd9d8-d0ac-41ba-bfa8-d3316259bc2d%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
>
>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/fb0c6772-b643-4306-85bc-2ebbb17fe238%40googlegroups.com.
Re: [Puppet Users] Puppetforge Selinux Module Not Working
Much appreciated Becca for pointing my mistake out. On Tuesday, October 8, 2019 at 12:48:00 AM UTC+1, Rebecca Robinson wrote: > > Yeah you are referring to the instructions of one module while trying to > use another. > > puppetlabs/selinux_core != puppet/selinux > > > >> >> -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/15e67111-c24e-4cfb-94ea-97d4b5c16541%40googlegroups.com.
[Puppet Users] Could not find resource 'File[/etc/logrotate.d/syslog]
Hi,
I'm seeing the following error when running the agent on a server:
Error: Could not retrieve catalog from remote server: Error 500 on SERVER:
Server Error: Could not find resource 'File[/etc/logrotate.d/syslog]' in
parameter 'subscribe' (file:
/etc/puppetlabs/code/environments/production/modules/base/manifests/syslog.pp,
line: 21) on node lhcsrvmtrrsl01.fixnetix.com
I want the logrotate command to run every time there is a change to the
/etc/logrotate.d/syslog file. Thought this could be achieved via the
following:
exec { 'LogRotate':
path=> '/usr/sbin',
command => 'logrotate -vdf /etc/logrotate.d/syslog 2>/dev/null',
subscribe => File['/etc/logrotate.d/syslog'],
refreshonly => true,
}
I can't work out why the agent is complaining re Could not find resource
'File[/etc/logrotate.d/syslog]'
# puppet resource file /etc/logrotate.d/syslog
file { '/etc/logrotate.d/syslog':
ensure => 'file',
content => '{md5}e59f6816e9fcd21174501313720c660f',
ctime=> '2019-10-22 21:36:25 +0100',
group=> 0,
mode => '0644',
mtime=> '2019-10-22 21:36:25 +0100',
owner=> 0,
selrange => 's0',
selrole => 'object_r',
seltype => 'etc_t',
seluser => 'system_u',
type => 'file',
}
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/482e3b96-c20c-4517-85c9-dc437f28c56c%40googlegroups.com.
Re: [Puppet Users] Could not find resource 'File[/etc/logrotate.d/syslog]
Perfect!! Thanks Ben.
On Tuesday, October 22, 2019 at 11:22:50 PM UTC+1, Ben Ford wrote:
>
> Hi Dan!
>
> When you subscribe to another resource like subscribe =>
> File['/etc/logrotate.d/syslog'], the key is that you're not actually
> subscribing to the file on disk. You're subscribing to *another Puppet
> resource*, of type File and with a title of '/etc/logrotate.d/syslog'. Any
> time that Puppet makes changes to the resource, that notification will
> trigger.
>
> Here's a graphic that shows how the relationship works. References in the
> Puppet code point to resource declarations in Puppet code, not to the
> artifacts on the system that are managed by those resource declarations.
>
> [image: reference_manifest.png]
>
> This means that unless you're actually managing that file with Puppet
> code, the relationship won't work.
>
>
> On Tue, Oct 22, 2019 at 2:27 PM Dan Crisp >
> wrote:
>
>> Hi,
>>
>> I'm seeing the following error when running the agent on a server:
>>
>> Error: Could not retrieve catalog from remote server: Error 500 on
>> SERVER: Server Error: Could not find resource
>> 'File[/etc/logrotate.d/syslog]' in parameter 'subscribe' (file:
>> /etc/puppetlabs/code/environments/production/modules/base/manifests/syslog.pp,
>>
>> line: 21) on node lhcsrvmtrrsl01.fixnetix.com
>>
>> I want the logrotate command to run every time there is a change to the
>> /etc/logrotate.d/syslog file. Thought this could be achieved via the
>> following:
>>
>> exec { 'LogRotate':
>> path=> '/usr/sbin',
>> command => 'logrotate -vdf /etc/logrotate.d/syslog 2>/dev/null',
>> subscribe => File['/etc/logrotate.d/syslog'],
>> refreshonly => true,
>> }
>>
>> I can't work out why the agent is complaining re Could not find resource
>> 'File[/etc/logrotate.d/syslog]'
>>
>> # puppet resource file /etc/logrotate.d/syslog
>> file { '/etc/logrotate.d/syslog':
>> ensure => 'file',
>> content => '{md5}e59f6816e9fcd21174501313720c660f',
>> ctime=> '2019-10-22 21:36:25 +0100',
>> group=> 0,
>> mode => '0644',
>> mtime=> '2019-10-22 21:36:25 +0100',
>> owner=> 0,
>> selrange => 's0',
>> selrole => 'object_r',
>> seltype => 'etc_t',
>> seluser => 'system_u',
>> type => 'file',
>> }
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to puppet...@googlegroups.com .
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/puppet-users/482e3b96-c20c-4517-85c9-dc437f28c56c%40googlegroups.com
>>
>> <https://groups.google.com/d/msgid/puppet-users/482e3b96-c20c-4517-85c9-dc437f28c56c%40googlegroups.com?utm_medium=email&utm_source=footer>
>> .
>>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/5f460232-eadf-441a-983e-7651abcd342b%40googlegroups.com.
[Puppet Users] Update SSH Config File With Different Values
Hi, I'm looking for some advice on a best approach on a topic that I'm know where near an expert in. Should the following be dealt with via a template, hera or something else? Our goal is to deploy a standard SSH configuration across all servers albeit some minor alternations to a handful. All of our servers have the following line: ListenAddress xx.xx.xx No problem there I can alter this simply enough on a per server/per IP bases. The advise I'm looking for is how to handle the following scenario. In some cases, we allow password-less SSH access between servers via the following: Match Address xx.xx.xx.xx PermitRootLogin without-password However in all instances where we declare the above, all IP addresses are different. For example: Server A: Allows access from Server B via: Match Address *Server B IP ADDR* PermitRootLogin without-password Server B: Allows access from Server A via: Match Address *Server A IP ADDR* PermitRootLogin without-password Is this achievable? Looking forward to any advise that can help me out here. Thanks, Dan. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/cf8f69ed-d636-4482-a787-d92a1061b2b4%40googlegroups.com.
[Puppet Users] Augtool Failed To Execute Command
Hello all, Can someone help me out please with this. I can't see what the issue is or what it is I'm doing wrong: augtool> set /files/etc/logrotate.d/syslog/rule/file[last()+1] "/var/log/puppet" augtool> ls /files/etc/logrotate.d/syslog/rule/ file[1] = /var/log/cron file[2] = /var/log/maillog file[3] = /var/log/messages file[4] = /var/log/secure file[5] = /var/log/sudolog file[6] = /var/log/spooler missingok = missingok sharedscripts = sharedscripts postrotate = (none) compress = compress *file[7] = /var/log/puppet* So far so good. The line I need seems to be present. augtool> save error: Failed to execute command saving failed (run 'errors' for details) Hang on! What's happening here? augtool> errors Error in /etc/rsyslog.conf:32.0 (parse_failed) Get did not match entire input Lens: /usr/share/augeas/lenses/dist/rsyslog.aug:61.10-.57: Error in /etc/krb5.conf:19.0 (parse_failed) Get did not match entire input Lens: /usr/share/augeas/lenses/dist/krb5.aug:156.10-158.66: Error in /etc/logrotate.d/syslog (put_failed) Failed to match This is not the complete output from the errors command. Happy to provide it all if will help. Thanks, Dan. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/499c7db6-737c-44fc-b7ca-795aa57febe3%40googlegroups.com.
[Puppet Users] Hiera Setup Lookup Complaining
Hello all,
Strugling to get started with Hiera (all new to me):
# more /etc/puppetlabs/puppet/hiera.yaml
---
*# Hiera 5 Global configuration file*
version: 5
# defaults:
# data_hash: yaml_data
# hierarchy:
# - name: Common
#data_hash: yaml_data
hierarchy: []
# more environments/production/hiera.yaml
---
version: 5
defaults:
# The default value for "datadir" is "data" under the same directory as
the hiera.yaml
# file (this file)
# When specifying a datadir, make sure the directory exists.
# See https://puppet.com/docs/puppet/latest/environments_about.html for
further details on environments.
datadir: data
data_hash: yaml_data
hierarchy:
- name: "Per-node data" # Human-readable name.
path: "nodes/%{trusted.certname}.yaml" # File path, relative to
datadir.
- name: "Per-OS defaults"
path: "os/%{facts.os.family}.yaml"
- name: "Common data"
path: "common.yaml"
# more environment/production/data/nodes/nodename.domain.com.yaml
---
sshdconfig:
match_address: "xx.xx.xx.xx"
permit_root_login: without-password
I don't have many modules:
# puppet module list
Warning: Module 'puppetlabs-stdlib' (v6.1.0) fails to meet some
dependencies:
'saz-timezone' (v5.1.1) requires 'puppetlabs-stdlib' (>=2.6.0 < 6.0.0)
Warning: Missing dependency 'stm-debconf':
'saz-timezone' (v5.1.1) requires 'stm-debconf' (>= 2.0.0 < 3.0.0)
/etc/puppetlabs/code/environments/production/modules
├── fixnetix-base (v0.1.0)
├── puppet-selinux (v3.0.0)
├── puppetlabs-stdlib (v6.1.0)
└── saz-timezone (v5.1.1)
/etc/puppetlabs/code/modules (no modules installed)
/opt/puppetlabs/puppet/modules (no modules installed)
# ls environments/production/modules/base/
appveyor.yml CHANGELOG.md data examples files Gemfile Gemfile.lock
hiera.yaml manifests metadata.json Rakefile README.md spec tasks
templates
The modules hiera.yaml is as follows:
# cat environments/production/modules/base/hiera.yaml
---
version: 5
defaults: # Used for any hierarchy level that omits these keys.
datadir: data # This path is relative to hiera.yaml's directory.
data_hash: yaml_data # Use the built-in YAML backend.
hierarchy:
- name: "osfamily/major release"
paths:
- "os/%{facts.os.family}/%{facts.os.release.major}.yaml"
# Used for Solaris
- "os/%{facts.os.family}/%{facts.kernelrelease}.yaml"
# Used to distinguish between Debian and Ubuntu
- "os/%{facts.os.name}/%{facts.os.release.major}.yaml"
- name: "nodes"
- "nodes/%{trusted.certname}.yaml"
- name: "osfamily"
paths:
- "os/%{facts.os.family}.yaml"
- "os/%{facts.os.name}.yaml"
- name: 'common'
path: 'common.yaml'
I get following returned when I lookup:
# puppet lookup match_address --node nodename.domain.com.yaml --explain
Searching for "lookup_options"
Global Data Provider (hiera configuration version 5)
No such key: "lookup_options"
Environment Data Provider (hiera configuration version 5)
Using configuration
"/etc/puppetlabs/code/environments/production/hiera.yaml"
Merge strategy hash
Hierarchy entry "Per-node data"
Path "/etc/puppetlabs/code/environments/production/data/nodes/.yaml"
Original path: "nodes/%{trusted.certname}.yaml"
Path not found
Hierarchy entry "Per-OS defaults"
Path "/etc/puppetlabs/code/environments/production/data/os/.yaml"
Original path: "os/%{facts.os.family}.yaml"
Path not found
Hierarchy entry "Common data"
Path "/etc/puppetlabs/code/environments/production/data/common.yaml"
Original path: "common.yaml"
Path not found
Searching for "match_address"
Global Data Provider (hiera configuration version 5)
No such key: "match_address"
Environment Data Provider (hiera configuration version 5)
Using configuration
"/etc/puppetlabs/code/environments/production/hiera.yaml"
Hierarchy entry "Per-node data"
Path "/etc/puppetlabs/code/environments/production/data/nodes/.yaml"
Original path: "nodes/%{trusted.certname}.yaml"
Path not found
Hierarchy entry "Per-OS defaults"
Path "/etc/puppetlabs/code/environments/production/data/os/.yaml"
Original path: "os/%{facts.os.family}.yaml"
Path not found
Hierarchy entry "Common data"
Path "/etc/puppetlabs/code/environments/production/data/common.yaml"
Original path: "common.yaml"
Path not found
Function lookup() did not find a value for the name 'match_address'
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/795b8faa-ab78-4576-b8b8-ad31eba2c4e8%40googlegroups.com.
Re: [Puppet Users] Hiera Setup Lookup Complaining
Hello Henrik, thanks for your reply. This file:
environment/production/data/nodes/nodename.domain.com.yaml
On Monday, February 24, 2020 at 4:26:37 PM UTC, Henrik Lindberg wrote:
>
> On 2020-02-24 17:06, Dan Crisp wrote:
> > Hello all,
> >
> > Strugling to get started with Hiera (all new to me):
> >
>
> First glance that looks ok, as you can see it is not finding your key in
> any of the resulting paths. From where (which data file) was it supposed
> to find the key you looked up?
>
> Best,
> - henrik
>
>
> > # more /etc/puppetlabs/puppet/hiera.yaml
> > ---
> > *# Hiera 5 Global configuration file*
> >
> > version: 5
> >
> > # defaults:
> > # data_hash: yaml_data
> > # hierarchy:
> > # - name: Common
> > #data_hash: yaml_data
> > hierarchy: []
> >
> > # more environments/production/hiera.yaml
> > ---
> > version: 5
> > defaults:
> ># The default value for "datadir" is "data" under the same directory
> > as the hiera.yaml
> ># file (this file)
> ># When specifying a datadir, make sure the directory exists.
> ># See https://puppet.com/docs/puppet/latest/environments_about.html
> > for further details on environments.
> > datadir: data
> > data_hash: yaml_data
> > hierarchy:
> >- name: "Per-node data" # Human-readable name.
> > path: "nodes/%{trusted.certname}.yaml" # File path, relative to
> > datadir.
> >
> >- name: "Per-OS defaults"
> > path: "os/%{facts.os.family}.yaml"
> >
> >- name: "Common data"
> > path: "common.yaml"
> >
> > # more environment/production/data/nodes/nodename.domain.com.yaml
> > ---
> > sshdconfig:
> >match_address: "xx.xx.xx.xx"
> >permit_root_login: without-password
> >
> >
> > I don't have many modules:
> >
> > # puppet module list
> > Warning: Module 'puppetlabs-stdlib' (v6.1.0) fails to meet some
> > dependencies:
> >'saz-timezone' (v5.1.1) requires 'puppetlabs-stdlib' (>=2.6.0 <
> 6.0.0)
> > Warning: Missing dependency 'stm-debconf':
> >'saz-timezone' (v5.1.1) requires 'stm-debconf' (>= 2.0.0 < 3.0.0)
> > /etc/puppetlabs/code/environments/production/modules
> > ├── fixnetix-base (v0.1.0)
> > ├── puppet-selinux (v3.0.0)
> > ├── puppetlabs-stdlib (v6.1.0)
> > └── saz-timezone (v5.1.1)
> > /etc/puppetlabs/code/modules (no modules installed)
> > /opt/puppetlabs/puppet/modules (no modules installed)
> >
> > # ls environments/production/modules/base/
> > appveyor.yml CHANGELOG.md data examples files Gemfile
> > Gemfile.lock hiera.yaml manifests metadata.json Rakefile README.md
>
> > spec tasks templates
> >
> > The moduleshiera.yaml is as follows:
> >
> > # cat environments/production/modules/base/hiera.yaml
> > ---
> > version: 5
> >
> > defaults: # Used for any hierarchy level that omits these keys.
> >datadir: data # This path is relative to hiera.yaml's
> directory.
> >data_hash: yaml_data # Use the built-in YAML backend.
> >
> > hierarchy:
> >- name: "osfamily/major release"
> > paths:
> >- "os/%{facts.os.family}/%{facts.os.release.major}.yaml"
> > # Used for Solaris
> >- "os/%{facts.os.family}/%{facts.kernelrelease}.yaml"
> > # Used to distinguish between Debian and Ubuntu
> >- "os/%{facts.os.name}/%{facts.os.release.major}.yaml"
> >- name: "nodes"
> >- "nodes/%{trusted.certname}.yaml"
> >- name: "osfamily"
> > paths:
> >- "os/%{facts.os.family}.yaml"
> >- "os/%{facts.os.name}.yaml"
> >- name: 'common'
> > path: 'common.yaml'
> >
> > I get following returned when I lookup:
> >
> > # puppet lookup match_address --node nodename.domain.com.yaml --explain
> >
> > Searching for "lookup_options"
> >Global Data Provider (hiera configuration version 5)
> > No such key: "lookup_options"
> >Environment Data Provider (hiera configuration version 5)
> > Using configuration
> &g
Re: [Puppet Users] Hiera Setup Lookup Complaining
I included the --compile option. Now (not sure whether as a result of use
--option) I can see
/etc/puppetlabs/code/environments/production/data/nodes/nodename.domain.com.yaml
in the output:
Searching for "lookup_options"
Global Data Provider (hiera configuration version 5)
No such key: "lookup_options"
Environment Data Provider (hiera configuration version 5)
Using configuration
"/etc/puppetlabs/code/environments/production/hiera.yaml"
Merge strategy hash
Hierarchy entry "Per-node data"
Path
"/etc/puppetlabs/code/environments/production/data/nodes/nodename.fixnetix.com.yaml"
Original path: "nodes/%{trusted.certname}.yaml"
No such key: "lookup_options"
Hierarchy entry "Per-OS defaults"
Path
"/etc/puppetlabs/code/environments/production/data/os/RedHat.yaml"
Original path: "os/%{facts.os.family}.yaml"
Path not found
Hierarchy entry "Common data"
Path "/etc/puppetlabs/code/environments/production/data/common.yaml"
Original path: "common.yaml"
Path not found
Searching for "match_address"
Global Data Provider (hiera configuration version 5)
No such key: "match_address"
Environment Data Provider (hiera configuration version 5)
Using configuration
"/etc/puppetlabs/code/environments/production/hiera.yaml"
Hierarchy entry "Per-node data"
Path
"/etc/puppetlabs/code/environments/production/data/nodes/lhcsrvmtrrsl01.fixnetix.com.yaml"
Original path: "nodes/%{trusted.certname}.yaml"
No such key: "match_address"
Hierarchy entry "Per-OS defaults"
Path
"/etc/puppetlabs/code/environments/production/data/os/RedHat.yaml"
Original path: "os/%{facts.os.family}.yaml"
Path not found
Hierarchy entry "Common data"
Path "/etc/puppetlabs/code/environments/production/data/common.yaml"
Original path: "common.yaml"
Path not found
Function lookup() did not find a value for the name 'match_address'
Still no luck finding the requested value though.
Thanks,
Dan.
On Monday, February 24, 2020 at 7:13:25 PM UTC, Henrik Lindberg wrote:
>
> Dan Crisp wrote:
> > environment/production/data/nodes/nodename.domain.com.yaml
> As you can see in the output - the hiera path expanded to:
>
>Path "/etc/puppetlabs/code/environments/production/data/nodes/.yaml"
>
> Meaning that trusted.certname was empty. It would be empty if the node
> "nodename.domain.com" never checked in with the puppet server to deposit
> any facts. It will do that on its first agent run though.
>
> Meanwhile you have to supply your own facts (and trusted) to do lookups
> as it will be done when the node later requests a catalog. Look at the
> help for the various flags to the lookup command to learn how to give it
> values for facts and trusted information.
>
> - henrik
>
>
> --
>
> Visit my Blog "Puppet on the Edge"
> http://puppet-on-the-edge.blogspot.se/
>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/51b5a4bd-0e18-42c9-8cc3-9b77bcfd4218%40googlegroups.com.
Re: [Puppet Users] Hiera Setup Lookup Complaining
This is what I have:
---
sshdconfig:
match_address: "xx.xx.xx.xx"
permit_root_login: without-password
YAML Lint validates the YAML ok.
However, it doesn't matter what I put in this file (Non YAML or a bunch of
random characters ) the result is the same so I suspect it's not being
read. How can I confirm that the file is actualy being read rather than
simply sucessfully displayed in the lookup output.
On Tuesday, February 25, 2020 at 12:58:02 PM UTC, Henrik Lindberg wrote:
>
> On 2020-02-25 13:42, Dan Crisp wrote:
> > I included the --compile option. Now (not sure whether as a result of
> > use --option) I can
> >
> see/etc/puppetlabs/code/environments/production/data/nodes/nodename.domain.com.yaml
>
>
> > in the output:
> >
>
> Probably because you got a run done by the agent?
> Anyway - first step, make sure you see the expected paths being read.
> Then, for the file where you expect the key to be found and produce a
> value, do check the content of that file - is it valid yaml, is it
> representing what you think it represents?
>
> best,
> - henrik
>
>
> > Searching for "lookup_options"
> >Global Data Provider (hiera configuration version 5)
> > No such key: "lookup_options"
> >Environment Data Provider (hiera configuration version 5)
> > Using configuration
> > "/etc/puppetlabs/code/environments/production/hiera.yaml"
> > Merge strategy hash
> >Hierarchy entry "Per-node data"
> > Path
> >
> "/etc/puppetlabs/code/environments/production/data/nodes/nodename.fixnetix.com.yaml"
>
>
> >Original path: "nodes/%{trusted.certname}.yaml"
> >No such key: "lookup_options"
> >Hierarchy entry "Per-OS defaults"
> > Path
> > "/etc/puppetlabs/code/environments/production/data/os/RedHat.yaml"
> >Original path: "os/%{facts.os.family}.yaml"
> >Path not found
> >Hierarchy entry "Common data"
> > Path
> > "/etc/puppetlabs/code/environments/production/data/common.yaml"
> >Original path: "common.yaml"
> >Path not found
> > Searching for "match_address"
> >Global Data Provider (hiera configuration version 5)
> > No such key: "match_address"
> >Environment Data Provider (hiera configuration version 5)
> > Using configuration
> > "/etc/puppetlabs/code/environments/production/hiera.yaml"
> > Hierarchy entry "Per-node data"
> >Path
> >
> "/etc/puppetlabs/code/environments/production/data/nodes/lhcsrvmtrrsl01.fixnetix.com.yaml"
>
>
> > Original path: "nodes/%{trusted.certname}.yaml"
> > No such key: "match_address"
> > Hierarchy entry "Per-OS defaults"
> >Path
> > "/etc/puppetlabs/code/environments/production/data/os/RedHat.yaml"
> > Original path: "os/%{facts.os.family}.yaml"
> > Path not found
> > Hierarchy entry "Common data"
> >Path
> "/etc/puppetlabs/code/environments/production/data/common.yaml"
> > Original path: "common.yaml"
> > Path not found
> > Function lookup() did not find a value for the name 'match_address'
> >
> > Still no luck finding the requested value though.
> >
> > Thanks,
> > Dan.
> >
> > On Monday, February 24, 2020 at 7:13:25 PM UTC, Henrik Lindberg wrote:
> >
> > Dan Crisp wrote:
> > > environment/production/data/nodes/nodename.domain.com.yaml
> > As you can see in the output - the hiera path expanded to:
> >
> > Path
> > "/etc/puppetlabs/code/environments/production/data/nodes/.yaml"
> >
> > Meaning that trusted.certname was empty. It would be empty if the
> node
> > "nodename.domain.com <http://nodename.domain.com>" never checked in
> > with the puppet server to deposit
> > any facts. It will do that on its first agent run though.
> >
> > Meanwhile you have to supply your own facts (and trusted) to do
> lookups
> > as it will be done when the node later requests a catalog. Look at
> the
> > help for the various flags to the lookup command to learn how to
> > give it
> >
Re: [Puppet Users] Hiera Setup Lookup Complaining
Hello Bart,
Thanks for your reply. Yes that threw me also. I was originally looking
for sshdconfig::match_adddress however the output from lookup returned:
Searching for "sshdconfig::match_address"
Global Data Provider (hiera configuration version 5)
Using configuration "/etc/puppetlabs/puppet/hiera.yaml"
No such key: "sshdconfig::match_address"
Environment Data Provider (hiera configuration version 5)
Using configuration
"/etc/puppetlabs/code/environments/production/hiera.yaml"
Hierarchy entry "Per-node data (yaml version)"
Path
"/etc/puppetlabs/code/environments/production/data/nodes/lhcsrvmtrrsl01.fixnetix.com.yaml"
Original path: "nodes/%{::trusted.certname}.yaml"
Path not found
Hierarchy entry "Other YAML hierarchy levels"
Path "/etc/puppetlabs/code/environments/production/data/common.yaml"
Original path: "common.yaml"
Path not found
*Module "sshdconfig" not found*
Function lookup() did not find a value for the name
'sshdconfig::match_address'
Suggesting that it was expecting sshdconfig to be be a module. Not the
case in this instance. In fact, the hiera in question is not refferenced
in any module or class etc. Is that the issue?
On Tuesday, February 25, 2020 at 3:34:49 PM UTC, Bart-Jan Vrielink wrote:
>
> Hello,
>
>
> I see you are looking for 'match_address', but in Hiera it is stored as
> 'sshdconfig::match_address'.
>
>
> -Original message-
> *From:* Dan Crisp >
> *Sent:* Tuesday 25th February 2020 13:42
> *To:* Puppet Users >
> *Subject:* Re: [Puppet Users] Hiera Setup Lookup Complaining
>
> I included the --compile option. Now (not sure whether as a result of use
> --option) I can see
> /etc/puppetlabs/code/environments/production/data/nodes/nodename.domain.com.yaml
>
> in the output:
>
> Searching for "lookup_options"
> Global Data Provider (hiera configuration version 5)
> No such key: "lookup_options"
> Environment Data Provider (hiera configuration version 5)
> Using configuration
> "/etc/puppetlabs/code/environments/production/hiera.yaml"
> Merge strategy hash
> Hierarchy entry "Per-node data"
> Path
> "/etc/puppetlabs/code/environments/production/data/nodes/nodename.fixnetix.com.yaml"
> Original path: "nodes/%{trusted.certname}.yaml"
> No such key: "lookup_options"
> Hierarchy entry "Per-OS defaults"
> Path
> "/etc/puppetlabs/code/environments/production/data/os/RedHat.yaml"
> Original path: "os/%{facts.os.family}.yaml"
> Path not found
> Hierarchy entry "Common data"
> Path
> "/etc/puppetlabs/code/environments/production/data/common.yaml"
> Original path: "common.yaml"
> Path not found
> Searching for "match_address"
> Global Data Provider (hiera configuration version 5)
> No such key: "match_address"
> Environment Data Provider (hiera configuration version 5)
> Using configuration
> "/etc/puppetlabs/code/environments/production/hiera.yaml"
> Hierarchy entry "Per-node data"
> Path
> "/etc/puppetlabs/code/environments/production/data/nodes/lhcsrvmtrrsl01.fixnetix.com.yaml"
> Original path: "nodes/%{trusted.certname}.yaml"
> No such key: "match_address"
> Hierarchy entry "Per-OS defaults"
> Path
> "/etc/puppetlabs/code/environments/production/data/os/RedHat.yaml"
> Original path: "os/%{facts.os.family}.yaml"
> Path not found
> Hierarchy entry "Common data"
> Path "/etc/puppetlabs/code/environments/production/data/common.yaml"
> Original path: "common.yaml"
> Path not found
> Function lookup() did not find a value for the name 'match_address'
>
> Still no luck finding the requested value though.
>
> Thanks,
> Dan.
>
> On Monday, February 24, 2020 at 7:13:25 PM UTC, Henrik Lindberg wrote:
>>
>> Dan Crisp wrote:
>> > environment/production/data/nodes/nodename.domain.com.yaml
>> As you can see in the output - the hiera path expanded to:
>>
>>Path "/etc/puppetlabs/code/environments/production/data/nodes/.yaml"
>>
>> Meaning that trusted.certname was empty. It would be empty if the node
>> "nodename.domain.com" never checked in with the puppet server to deposit
>> any facts. It
Re: [Puppet Users] Hiera Setup Lookup Complaining
Look all good to me:
puppet@puppet:/etc/puppetlabs/puppet$ ls -ltr
total 40
-rw-r--r--. 1 puppet puppet 5487 Sep 23 22:22 auth.conf
-rw-r--r--. 1 puppet puppet 657 Sep 24 12:17 puppet.conf
drwxrwx--x. 1 puppet puppet 4096 Sep 27 16:22 ssl
drwxr-x---. 2 puppet puppet 4096 Sep 27 22:32 devices
-rw-r--r--. 1 puppet puppet 219 Feb 26 13:43 hiera.yaml
*puppet@puppet:/etc/puppetlabs/puppet$* more hiera.yaml
---
# Hiera 5 Global configuration file
version: 5
#defaults:
#data_hash: yaml_data
# datadir: /etc/puppetlabs/code/environments/production/data
# hierarchy:
# - name: Common
#data_hash: yaml_data
#hierarchy: []
*puppet@puppet:/etc/puppetlabs/code/environments/production$* ls -ltr
total 16
drwxr-xr-x. 6 root root 4096 Oct 22 14:06 modules
drwxr-xr-x. 2 root root 4096 Feb 18 16:04 manifests
-rw-r--r--. 1 root root 618 Feb 26 12:40 hiera.yaml
drwxr-xr-x. 3 root root 4096 Feb 26 13:07 data
*puppet@puppet:/etc/puppetlabs/code/environments/production$* more
hiera.yaml
---
version: 5
defaults:
# The default value for "datadir" is "data" under the same directory as
the hiera.yaml
# file (this file)
# When specifying a datadir, make sure the directory exists.
# See https://puppet.com/docs/puppet/latest/environments_about.html for
further details on environments.
#datadir: data
data_hash: yaml_data
hierarchy:
- name: "Per-node data" # Human-readable name.
path: "nodes/%{trusted.certname}.yaml" # File path, relative to
datadir.
- name: "Per-OS defaults"
path: "os/%{facts.os.family}.yaml"
- name: "Common data"
path: "common.yaml"
*puppet@puppet:/etc/puppetlabs/code/environments/production/data/nodes$* ls
-ltr
total 8
-rw-r--r--. 1 root root 31 Feb 25 15:42 nodename.domain.com.yaml
*puppet@puppet:/etc/puppetlabs/code/environments/production/data/nodes$*
more nodename.domain.com.yaml
---
sshdconfig::match_address: "xx.xx.xx.xx"
sshdconfig::permit_root_login: without-password
Some files above are onwned by root however, have sufficient permissions to
be at least read.
On Wednesday, February 26, 2020 at 1:27:22 PM UTC, Henrik Lindberg wrote:
>
> On 2020-02-25 16:51, Dan Crisp wrote:
> > This is what I have:
> >
> > ---
> > sshdconfig:
> >match_address: "xx.xx.xx.xx"
> >permit_root_login: without-password
> >
> > YAML Lint validates the YAML ok.
> >
> > However, it doesn't matter what I put in this file (Non YAML or a bunch
> > of random characters ) the result is the same so I suspect it's not
> > being read. How can I confirm that the file is actualy being read
> > rather than simply sucessfully displayed in the lookup output.
>
> Check permissions on files, it may be silently skipping files that
> cannot be read.
> - henrik
>
> >
> > On Tuesday, February 25, 2020 at 12:58:02 PM UTC, Henrik Lindberg wrote:
> >
> > On 2020-02-25 13:42, Dan Crisp wrote:
> > > I included the --compile option. Now (not sure whether as a
> > result of
> > > use --option) I can
> > >
> >
> see/etc/puppetlabs/code/environments/production/data/nodes/nodename.domain.com.yaml
>
>
> >
> > > in the output:
> > >
> >
> > Probably because you got a run done by the agent?
> > Anyway - first step, make sure you see the expected paths being
> read.
> > Then, for the file where you expect the key to be found and produce
> a
> > value, do check the content of that file - is it valid yaml, is it
> > representing what you think it represents?
> >
> > best,
> > - henrik
> >
> >
> > > Searching for "lookup_options"
> > >Global Data Provider (hiera configuration version 5)
> > > No such key: "lookup_options"
> > >Environment Data Provider (hiera configuration version 5)
> > > Using configuration
> > > "/etc/puppetlabs/code/environments/production/hiera.yaml"
> > > Merge strategy hash
> > >Hierarchy entry "Per-node data"
> > > Path
> > >
> >
> "/etc/puppetlabs/code/environments/production/data/nodes/nodename.fixnetix.com.yaml"
>
>
> >
> > >Original path: "nodes/%{trusted.certname}.yaml"
> > >No such key: "lookup_options"
> > >Hierarchy entry "Per-OS defaults"
> > > Path
> > >
>
Re: [Puppet Users] Hiera Setup Lookup Complaining
Still no joy with lookup despite re-writing Hiera as per you example.
On Wednesday, February 26, 2020 at 10:20:09 AM UTC, Bart-Jan Vrielink wrote:
>
> Hello,
>
>
> What you have in Hiera is the following:
>
> ---
> sshdconfig:
> match_address: "xx.xx.xx.xx"
> permit_root_login: without-password
>
>
> This is a single key sshdconfig with the value:
>
> {
> "match_address" => "xx.xx.xx.xx",
> "permit_root_login" => "without-password"
> }
>
>
> If you want to use the contents of match_address in your Puppet code, you
> would need to lookup sshdconfig and then access
> $sshconfig['match_address'], or rewrite your yaml into something like:
>
> ---
> sshdconfig::match_address: "xx.xx.xx.xx"
> sshdconfig::permit_root_login: without-password
>
>
> Where you can lookup sshdconfig::match_address
>
>
> As you've already noted, this naming convention is most appropriate for a
> module sshdconfig. If there is such a module, its parameters match_address
> and permit_root_login would be automatically looked up in Hiera.
>
>
>
>
>
> -Original message-
> *From:* Dan Crisp >
> *Sent:* Tuesday 25th February 2020 16:59
> *To:* Puppet Users >
> *Subject:* Re: [Puppet Users] Hiera Setup Lookup Complaining
>
> Hello Bart,
>
> Thanks for your reply. Yes that threw me also. I was originally looking
> for sshdconfig::match_adddress however the output from lookup returned:
>
> Searching for "sshdconfig::match_address"
> Global Data Provider (hiera configuration version 5)
> Using configuration "/etc/puppetlabs/puppet/hiera.yaml"
> No such key: "sshdconfig::match_address"
> Environment Data Provider (hiera configuration version 5)
> Using configuration
> "/etc/puppetlabs/code/environments/production/hiera.yaml"
> Hierarchy entry "Per-node data (yaml version)"
> Path
> "/etc/puppetlabs/code/environments/production/data/nodes/lhcsrvmtrrsl01.fixnetix.com.yaml"
> Original path: "nodes/%{::trusted.certname}.yaml"
> Path not found
> Hierarchy entry "Other YAML hierarchy levels"
> Path "/etc/puppetlabs/code/environments/production/data/common.yaml"
> Original path: "common.yaml"
> Path not found
> *Module "sshdconfig" not found*
> Function lookup() did not find a value for the name
> 'sshdconfig::match_address'
>
> Suggesting that it was expecting sshdconfig to be be a module. Not the
> case in this instance. In fact, the hiera in question is not refferenced
> in any module or class etc. Is that the issue?
>
> On Tuesday, February 25, 2020 at 3:34:49 PM UTC, Bart-Jan Vrielink wrote:
>>
>> Hello,
>>
>>
>> I see you are looking for 'match_address', but in Hiera it is stored as
>> 'sshdconfig::match_address'.
>>
>>
>> -Original message-
>> *From:* Dan Crisp > <#zarafa.5e564648.02f2.2753846926c53483@anjie.dontpanic.nl_>>
>> *Sent:* Tuesday 25th February 2020 13:42
>> *To:* Puppet Users > <#zarafa.5e564648.02f2.2753846926c53483@anjie.dontpanic.nl_>>
>> *Subject:* Re: [Puppet Users] Hiera Setup Lookup Complaining
>>
>> I included the --compile option. Now (not sure whether as a result of
>> use --option) I can see
>> /etc/puppetlabs/code/environments/production/data/nodes/nodename.domain.com.yaml
>>
>> in the output:
>>
>> Searching for "lookup_options"
>> Global Data Provider (hiera configuration version 5)
>> No such key: "lookup_options"
>> Environment Data Provider (hiera configuration version 5)
>> Using configuration
>> "/etc/puppetlabs/code/environments/production/hiera.yaml"
>> Merge strategy hash
>> Hierarchy entry "Per-node data"
>> Path
>> "/etc/puppetlabs/code/environments/production/data/nodes/nodename.fixnetix.com.yaml"
>> Original path: "nodes/%{trusted.certname}.yaml"
>> No such key: "lookup_options"
>> Hierarchy entry "Per-OS defaults"
>> Path
>> "/etc/puppetlabs/code/environments/production/data/os/RedHat.yaml"
>> Original path: "os/%{facts.os.family}.yaml"
>> Path not found
>> Hierarchy entry "Common data"
>> Path
>> "/etc/puppetlabs/code/environments/production/data/comm
Re: [Puppet Users] Hiera Setup Lookup Complaining
Thanks all. Have this working now. On Wednesday, February 26, 2020 at 4:04:34 PM UTC, Becca Robinson wrote: > > Hi Dan, > > I see that you have this `puppet lookup match_address --node > nodename.domain.com.yaml —explain` . > > Might want to ditch the .yaml from the node name. > > -- > *Becca Robinson* > Senior Professional Services Engineer > be...@puppet.com | @_itgrl_ > cell: (913) 752-7084 > Puppet <https://www.puppet.com> *The shortest path to better software.* > > > > On Feb 24, 2020, at 8:06 AM, Dan Crisp > > wrote: > > puppet lookup match_address --node nodename.domain.com.yaml --explain > > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/276b96f6-8345-4858-abe1-171f37b6d370%40googlegroups.com.
[Puppet Users] Hiera Array Only Returns Last Line
Hi,
Attempting to popualte a file with a hiera array.
I have the following hiera defined:
# more common.yaml
vimrc:
- 'syntax on'
- 'colo delek'
- 'set nu'
- 'set cursorline'
- 'set history=1000'
- 'set showmode'
- 'set showcmd'
Puppet lookup seems to return what I expect to see:
# puppet lookup vimrc
---
- syntax on
- colo delek
- set nu
- set cursorline
- set history=1000
- set showmode
- set showcmd
Here's how I'm call the hiera array:
class base::vim {
$set = lookup('vimrc', Array[String])
package { 'vim': ensure => installed, }
file { '/root/.vimrc':
owner=> root,
group=> root,
mode => '0644',
content => $set,
}
}
However I just end up with the last line of the arrary:
# more .vimrc
set showcmd
Any help here would be greatly appreciated.
Thanks,
Dan.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/3620a92d-f2d2-43a4-9f92-4d12c3f0c45f%40googlegroups.com.
Re: [Puppet Users] Hiera Array Only Returns Last Line
Thanks for the respone Martin. Unfortunately that made no difference.
Still only end up with one line.
Thanks,
Dan.
On Saturday, February 29, 2020 at 2:44:38 PM UTC, Martin Alfke wrote:
>
> AFAIK content expects a string.
> Maybe you can try
>
> content => $set.flatten
>
> hth,
> martin
>
>
> > On 29. Feb 2020, at 14:42, Dan Crisp >
> wrote:
> >
> > Hi,
> >
> > Attempting to popualte a file with a hiera array.
> >
> > I have the following hiera defined:
> >
> > # more common.yaml
> > vimrc:
> > - 'syntax on'
> > - 'colo delek'
> > - 'set nu'
> > - 'set cursorline'
> > - 'set history=1000'
> > - 'set showmode'
> > - 'set showcmd'
> >
> > Puppet lookup seems to return what I expect to see:
> >
> > # puppet lookup vimrc
> > ---
> > - syntax on
> > - colo delek
> > - set nu
> > - set cursorline
> > - set history=1000
> > - set showmode
> > - set showcmd
> >
> > Here's how I'm call the hiera array:
> >
> > class base::vim {
> >
> > $set = lookup('vimrc', Array[String])
> >
> > package { 'vim': ensure => installed, }
> >
> > file { '/root/.vimrc':
> > owner=> root,
> > group=> root,
> > mode => '0644',
> > content => $set,
> > }
> >
> > }
> >
> > However I just end up with the last line of the arrary:
> >
> > # more .vimrc
> > set showcmd
> >
> > Any help here would be greatly appreciated.
> >
> > Thanks,
> > Dan.
> >
> > --
> > You received this message because you are subscribed to the Google
> Groups "Puppet Users" group.
> > To unsubscribe from this group and stop receiving emails from it, send
> an email to puppet...@googlegroups.com .
> > To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/3620a92d-f2d2-43a4-9f92-4d12c3f0c45f%40googlegroups.com.
>
>
>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/d30de2a4-a70b-41df-a9d3-f65001498be7%40googlegroups.com.
Re: [Puppet Users] Hiera Array Only Returns Last Line
Perfect!!! Thank you Martin.
On Saturday, February 29, 2020 at 3:49:04 PM UTC, Martin Alfke wrote:
>
> Sorry. wrong function:
>
> content => $set.join("\n")
>
> hth,
> martin
>
>
> > On 29. Feb 2020, at 15:56, Dan Crisp >
> wrote:
> >
> > Thanks for the respone Martin. Unfortunately that made no difference.
> Still only end up with one line.
> >
> > Thanks,
> > Dan.
> >
> > On Saturday, February 29, 2020 at 2:44:38 PM UTC, Martin Alfke wrote:
> > AFAIK content expects a string.
> > Maybe you can try
> >
> > content => $set.flatten
> >
> > hth,
> > martin
> >
> >
> > > On 29. Feb 2020, at 14:42, Dan Crisp wrote:
> > >
> > > Hi,
> > >
> > > Attempting to popualte a file with a hiera array.
> > >
> > > I have the following hiera defined:
> > >
> > > # more common.yaml
> > > vimrc:
> > > - 'syntax on'
> > > - 'colo delek'
> > > - 'set nu'
> > > - 'set cursorline'
> > > - 'set history=1000'
> > > - 'set showmode'
> > > - 'set showcmd'
> > >
> > > Puppet lookup seems to return what I expect to see:
> > >
> > > # puppet lookup vimrc
> > > ---
> > > - syntax on
> > > - colo delek
> > > - set nu
> > > - set cursorline
> > > - set history=1000
> > > - set showmode
> > > - set showcmd
> > >
> > > Here's how I'm call the hiera array:
> > >
> > > class base::vim {
> > >
> > > $set = lookup('vimrc', Array[String])
> > >
> > > package { 'vim': ensure => installed, }
> > >
> > > file { '/root/.vimrc':
> > > owner=> root,
> > > group=> root,
> > > mode => '0644',
> > > content => $set,
> > > }
> > >
> > > }
> > >
> > > However I just end up with the last line of the arrary:
> > >
> > > # more .vimrc
> > > set showcmd
> > >
> > > Any help here would be greatly appreciated.
> > >
> > > Thanks,
> > > Dan.
> > >
> > > --
> > > You received this message because you are subscribed to the Google
> Groups "Puppet Users" group.
> > > To unsubscribe from this group and stop receiving emails from it, send
> an email to puppet...@googlegroups.com.
> > > To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/3620a92d-f2d2-43a4-9f92-4d12c3f0c45f%40googlegroups.com.
>
>
> >
> >
> > --
> > You received this message because you are subscribed to the Google
> Groups "Puppet Users" group.
> > To unsubscribe from this group and stop receiving emails from it, send
> an email to puppet...@googlegroups.com .
> > To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/d30de2a4-a70b-41df-a9d3-f65001498be7%40googlegroups.com.
>
>
>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/b053934a-508a-414b-a826-b0a2f1e1e078%40googlegroups.com.
[Puppet Users] I'm struggling with some node specific heria
Hello experts,
I'm struggling with some node specific heria. I basically want to add the
following lines to a number of nodes:
Match Address xx.xx.xx.xx
PermitRootLogin without-password
I have the following in place in an attempt to acheive this:
# pwd
/etc/puppetlabs/code/environments/production/modules/permitroot/manifests
# more *
::
config.pp
::
class permitroot::config (
$config_path = $permitroot::params::config_path
) inherits permitroot::params {
if $facts['os']['release']['major'] =~ /7/ {
file { 'Update SSHD PermitRoot':
ensure=> $permitroot::config_present,
path => $permitroot::config_path,
content => $permitroot::permitroot_config.join("\n"),
owner => root,
group => root,
mode => '0600'
}
} else {
notice ('Assuming RHEL 6.x thus taking no action')
}
}
::
init.pp
::
class permitroot (
$service_name = $permitroot::params::service_name,
$config_path = $permitroot::params::config_path,
Array[String] $permitroot_config,
String $service_ensure,
Boolean $service_enable,
Boolean $service_hasrestart,
) inherits permitroot::params {
contain permitroot::config
contain permitroot::service
Class['permitroot::config']
-> Class['permitroot::service']
}
::
params.pp
::
class permitroot::params {
$service_name = 'sshd'
$config_path = '/etc/ssh/sshd_config'
}
::
service.pp
::
class permitroot::service (
$service_name = $permitroot::params::service_name,
) inherits permitroot::params {
service {'permitroot_service':
name => $service_name,
ensure => $permitroot::service_ensure,
enable => $permitroot::service_enable,
hasrestart => $permitroot::service_hasrestart,
}
}
This is probably not the best method and I'm still learning and don't want
to use a module that has already been created by someone else at this point.
Here is the node specific heria:
# pwd
/etc/puppetlabs/code/environments/production/nodes
# more *
permitroot::permitroot_config:
- 'Match Address xx.xx.xx.xx
- 'PermitRootLogin without-password'
Hiera file:
# pwd
/etc/puppetlabs/code/environments/production
# more hiera.yaml
---
version: 5
defaults:
# The default value for "datadir" is "data" under the same directory as
the hiera.yaml
# file (this file)
# When specifying a datadir, make sure the directory exists.
# See https://puppet.com/docs/puppet/latest/environments_about.html for
further details on environments.
#datadir: data
data_hash: yaml_data
hierarchy:
- name: "Per-node data" # Human-readable name.
path: "nodes/%{trusted.certname}.yaml" # File path, relative to
datadir.
- name: "Per-OS defaults"
path: "os/%{facts.os.family}.yaml"
- name: "Common data"
path: "common.yaml"
Site.pp file:
# more site.pp
...
...
...
node lhcsrvprdcms01.domain.com {
class { 'permitroot': }
}
When I run the puppet agent on the server about were I want the new vaules
added, I see the see returned the following:
# puppet agent --no-daemonize --onetime --verbose --noop
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Retrieving locales
Info: Loading facts
Error: Could not retrieve catalog from remote server: Error 500 on SERVER:
Server Error: Evaluation Error: Error while evaluating a Resource
Statement, Class[Permitroot]: expects a value for parameter
'permitroot_config' (file:
/etc/puppetlabs/code/environments/production/manifests/site.pp, line: 49,
column: 3) on node lhcsrvprdcms01.fixnetix.com
Info: Using cached catalog from environment 'production'
Info: Applying configuration version '1596101172'
Notice: Applied catalog in 2.39 seconds
Any help here would be appreciated.
Thanks,
Dan.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/92247132-e001-4dfe-bd31-5ff64dd9904bo%40googlegroups.com.
[Puppet Users] Re: I'm struggling with some node specific heria
Thanks for the reply.
Unfortunately although my YAML file didn't have the .yaml suffix and I
didn't have a data directory, after making the necessary changes, the same
problem persists:
Error: Could not retrieve catalog from remote server: Error 500 on SERVER:
Server Error: Evaluation Error: Error while evaluating a Resource
Statement, Class[Permitroot]: expects a value for parameter
'permitroot_config' (file:
/etc/puppetlabs/code/environments/production/manifests/site.pp, line: 49,
column: 3) on node lhcsrvprdcms01.fixnetix
# pwd
/etc/puppetlabs/code/environments/production
# ll data/nodes/lhcsrvprdcms01.fixnetix.com.yaml
-rw-r--r--. 1 root root 103 Jul 30 12:09
data/nodes/lhcsrvprdcms01.fixnetix.com.yaml
On Friday, July 31, 2020 at 2:15:18 PM UTC+1, A Manzer wrote:
>
> You need to put your nodes hiera folder under a data folder. (*All* your
> hiera data goes under a data folder.)
>
> Also, ensure that your yaml file is named lhcsrvprdcms01.domain.com.yaml.
> You need the *full* node name, *and* the .yaml at the end for hiera to
> find it. That's tripped me up a few times...
>
> On Thursday, July 30, 2020 at 10:43:13 AM UTC-4, Dan Crisp wrote:
>>
>> Hello experts,
>>
>> I'm struggling with some node specific heria. I basically want to add
>> the following lines to a number of nodes:
>>
>> Match Address xx.xx.xx.xx
>> PermitRootLogin without-password
>>
>> I have the following in place in an attempt to acheive this:
>>
>> # pwd
>> /etc/puppetlabs/code/environments/production/modules/permitroot/manifests
>>
>> # more *
>>
>> ::
>> config.pp
>> ::
>> class permitroot::config (
>> $config_path = $permitroot::params::config_path
>> ) inherits permitroot::params {
>> if $facts['os']['release']['major'] =~ /7/ {
>> file { 'Update SSHD PermitRoot':
>> ensure=> $permitroot::config_present,
>> path => $permitroot::config_path,
>> content => $permitroot::permitroot_config.join("\n"),
>> owner => root,
>> group => root,
>> mode => '0600'
>> }
>> } else {
>> notice ('Assuming RHEL 6.x thus taking no action')
>> }
>> }
>> ::
>> init.pp
>> ::
>> class permitroot (
>> $service_name = $permitroot::params::service_name,
>> $config_path = $permitroot::params::config_path,
>> Array[String] $permitroot_config,
>> String $service_ensure,
>> Boolean $service_enable,
>> Boolean $service_hasrestart,
>> ) inherits permitroot::params {
>> contain permitroot::config
>> contain permitroot::service
>>
>> Class['permitroot::config']
>> -> Class['permitroot::service']
>> }
>> ::
>> params.pp
>> ::
>> class permitroot::params {
>> $service_name = 'sshd'
>> $config_path = '/etc/ssh/sshd_config'
>> }
>> ::
>> service.pp
>> ::
>> class permitroot::service (
>> $service_name = $permitroot::params::service_name,
>> ) inherits permitroot::params {
>> service {'permitroot_service':
>> name => $service_name,
>> ensure => $permitroot::service_ensure,
>> enable => $permitroot::service_enable,
>> hasrestart => $permitroot::service_hasrestart,
>> }
>> }
>>
>> This is probably not the best method and I'm still learning and don't
>> want to use a module that has already been created by someone else at this
>> point.
>>
>> Here is the node specific heria:
>>
>> # pwd
>> /etc/puppetlabs/code/environments/production/nodes
>>
>> # more *
>> permitroot::permitroot_config:
>> - 'Match Address xx.xx.xx.xx
>> - 'PermitRootLogin without-password'
>>
>> Hiera file:
>>
>> # pwd
>> /etc/puppetlabs/code/environments/production
>>
>> # more hiera.yaml
>> ---
>> version: 5
>> defaults:
>> # The default value for "datadir" is "data" under the same directory as
>> the hiera.yaml
>> # file (this file)
>> # When specifying a datadir, make sure the directory exists.
>> # See https://puppet.com/docs/puppet/latest/environments_about.html
>> for further details on environments.
>> #datadir: data
>> data_hash: yaml_data
>> hierar
[Puppet Users] Re: I'm struggling with some node specific heria
Still no luck. Hiera is now matching (it wasn't before):
root@puppet:/# puppet lookup permitroot_config --node
lhcsrvprdcms01.fixnetix.com
---
- Match Address xx.xx.xx.xx
- PermitRootLogin without-password
I had to change the YAML file slightly to:
permitroot_config:
- 'Match Address xx.xx.xx.xx'
- 'PermitRootLogin without-password'
From:
permitroot:permitroot_config
- 'Match Address xx.xx.xx.xx'
- 'PermitRootLogin without-password'
Thanks for the tip! I have been using PDK.
On Friday, July 31, 2020 at 4:25:13 PM UTC+1, A Manzer wrote:
>
> I've noticed two other things that may need fixing:
>
> - It may be a copy and paste error, but you don't close your Match
> Address string in the pasted Hiera file above. That would cause your Yaml
> to be incorrect, and probably ignored.
> - In site.pp, you use the resource-like syntax for including the class.
> I'm not sure what this does for automatic hiera parameter lookup, but it's
> usually safer to use include syntax instead. I'd change your entry in
> site.pp to be
>
>
> node lhcsrvprdcms01.domain.com {
> include permitroot
> }
>
> BTW, out of curiosity, are you using the Puppet PDK
> <https://puppet.com/docs/pdk/1.x/pdk.html> to develop this module? It
> brings *a lot* of boilerplate, but it also brings things like Yaml syntax
> validating and syntax validating that might help you out while you're
> learning.
>
> On Friday, July 31, 2020 at 10:46:13 AM UTC-4, Dan Crisp wrote:
>>
>> Thanks for the reply.
>>
>> Unfortunately although my YAML file didn't have the .yaml suffix and I
>> didn't have a data directory, after making the necessary changes, the same
>> problem persists:
>>
>> Error: Could not retrieve catalog from remote server: Error 500 on
>> SERVER: Server Error: Evaluation Error: Error while evaluating a Resource
>> Statement, Class[Permitroot]: expects a value for parameter
>> 'permitroot_config' (file:
>> /etc/puppetlabs/code/environments/production/manifests/site.pp, line: 49,
>> column: 3) on node lhcsrvprdcms01.fixnetix
>>
>> # pwd
>> /etc/puppetlabs/code/environments/production
>>
>> # ll data/nodes/lhcsrvprdcms01.fixnetix.com.yaml
>> -rw-r--r--. 1 root root 103 Jul 30 12:09
>> data/nodes/lhcsrvprdcms01.fixnetix.com.yaml
>>
>>
>> On Friday, July 31, 2020 at 2:15:18 PM UTC+1, A Manzer wrote:
>>>
>>> You need to put your nodes hiera folder under a data folder. (*All*
>>> your hiera data goes under a data folder.)
>>>
>>> Also, ensure that your yaml file is named lhcsrvprdcms01.domain.com.yaml.
>>> You need the *full* node name, *and* the .yaml at the end for hiera to
>>> find it. That's tripped me up a few times...
>>>
>>> On Thursday, July 30, 2020 at 10:43:13 AM UTC-4, Dan Crisp wrote:
>>>>
>>>> Hello experts,
>>>>
>>>> I'm struggling with some node specific heria. I basically want to add
>>>> the following lines to a number of nodes:
>>>>
>>>> Match Address xx.xx.xx.xx
>>>> PermitRootLogin without-password
>>>>
>>>> I have the following in place in an attempt to acheive this:
>>>>
>>>> # pwd
>>>>
>>>> /etc/puppetlabs/code/environments/production/modules/permitroot/manifests
>>>>
>>>> # more *
>>>>
>>>> ::
>>>> config.pp
>>>> ::
>>>> class permitroot::config (
>>>> $config_path = $permitroot::params::config_path
>>>> ) inherits permitroot::params {
>>>> if $facts['os']['release']['major'] =~ /7/ {
>>>> file { 'Update SSHD PermitRoot':
>>>> ensure=> $permitroot::config_present,
>>>> path => $permitroot::config_path,
>>>> content => $permitroot::permitroot_config.join("\n"),
>>>> owner => root,
>>>> group => root,
>>>> mode => '0600'
>>>> }
>>>> } else {
>>>> notice ('Assuming RHEL 6.x thus taking no action')
>>>> }
>>>> }
>>>> ::
>>>> init.pp
>>>> ::
>>>> class permitroot (
>>>> $service_name = $permitroot::params::service_name,
>>>> $config_path = $permitroot::params::config_path,
>>
[Puppet Users] Re: I'm struggling with some node specific heria
Don't think it's a hiera issue now:
# puppet lookup permitroot::permitroot_config --node
lhcsrvprdcms01.fixnetix.com
---
- Match Address xx.xx.xx.xx
- PermitRootLogin without-password
# pwd
/etc/puppetlabs/code/environments/production/data/nodes
# cat *
permitroot::permitroot_config:
- 'Match Address 10.20.232.21'
- 'PermitRootLogin without-password'
Still no joy though.
On Friday, July 31, 2020 at 4:47:40 PM UTC+1, A Manzer wrote:
>
> puppet lookup is a good diagnostic tool.
>
> Now though, you have a naming issue. You need the permitroot:: prefix if
> you want Puppet/Hiera to automatically fill in your parameter.
>
> So your puppet lookup debug command should be puppet lookup
> permitroot::permitroot_config --explain --node lhcsrvprdcms01.fixnetix.com
>
> Once *that* works, your module should work too.
>
> Does any of this work if you put it in common.yaml to start?
> On Friday, July 31, 2020 at 11:42:27 AM UTC-4 djc...@gmail.com wrote:
>
>> Still no luck. Hiera is now matching (it wasn't before):
>>
>> root@puppet:/# puppet lookup permitroot_config --node
>> lhcsrvprdcms01.fixnetix.com
>> ---
>> - Match Address xx.xx.xx.xx
>> - PermitRootLogin without-password
>>
>> I had to change the YAML file slightly to:
>>
>> permitroot_config:
>> - 'Match Address xx.xx.xx.xx'
>> - 'PermitRootLogin without-password'
>>
>> From:
>>
>> permitroot:permitroot_config
>> - 'Match Address xx.xx.xx.xx'
>> - 'PermitRootLogin without-password'
>>
>> Thanks for the tip! I have been using PDK.
>>
>> On Friday, July 31, 2020 at 4:25:13 PM UTC+1, A Manzer wrote:
>>>
>>> I've noticed two other things that may need fixing:
>>>
>>> - It may be a copy and paste error, but you don't close your Match
>>> Address string in the pasted Hiera file above. That would cause your Yaml
>>> to be incorrect, and probably ignored.
>>> - In site.pp, you use the resource-like syntax for including the
>>> class. I'm not sure what this does for automatic hiera parameter lookup,
>>> but it's usually safer to use include syntax instead. I'd change your
>>> entry in site.pp to be
>>>
>>>
>>> node lhcsrvprdcms01.domain.com {
>>> include permitroot
>>> }
>>>
>>> BTW, out of curiosity, are you using the Puppet PDK
>>> <https://puppet.com/docs/pdk/1.x/pdk.html> to develop this module? It
>>> brings *a lot* of boilerplate, but it also brings things like Yaml
>>> syntax validating and syntax validating that might help you out while
>>> you're learning.
>>>
>>> On Friday, July 31, 2020 at 10:46:13 AM UTC-4, Dan Crisp wrote:
>>>>
>>>> Thanks for the reply.
>>>>
>>>> Unfortunately although my YAML file didn't have the .yaml suffix and I
>>>> didn't have a data directory, after making the necessary changes, the same
>>>> problem persists:
>>>>
>>>> Error: Could not retrieve catalog from remote server: Error 500 on
>>>> SERVER: Server Error: Evaluation Error: Error while evaluating a Resource
>>>> Statement, Class[Permitroot]: expects a value for parameter
>>>> 'permitroot_config' (file:
>>>> /etc/puppetlabs/code/environments/production/manifests/site.pp, line: 49,
>>>> column: 3) on node lhcsrvprdcms01.fixnetix
>>>>
>>>> # pwd
>>>> /etc/puppetlabs/code/environments/production
>>>>
>>>> # ll data/nodes/lhcsrvprdcms01.fixnetix.com.yaml
>>>> -rw-r--r--. 1 root root 103 Jul 30 12:09
>>>> data/nodes/lhcsrvprdcms01.fixnetix.com.yaml
>>>>
>>>>
>>>> On Friday, July 31, 2020 at 2:15:18 PM UTC+1, A Manzer wrote:
>>>>>
>>>>> You need to put your nodes hiera folder under a data folder. (*All*
>>>>> your hiera data goes under a data folder.)
>>>>>
>>>>> Also, ensure that your yaml file is named
>>>>> lhcsrvprdcms01.domain.com.yaml. You need the *full* node name, *and*
>>>>> the .yaml at the end for hiera to find it. That's tripped me up a few
>>>>> times...
>>>>>
>>>>> On Thursday, July 30, 2020 at 10:43:13 AM UTC-4, Dan Crisp wrote:
>>>>>>
>>>>>> Hello experts,
>>>>>>
>>>>>> I'm struggling with some node spe
Re: [Puppet Users] Re: I'm struggling with some node specific heria
Hello Henrik, Do you have a hunch to why this is not working? Thanks, Dan. On Friday, July 31, 2020 at 7:40:22 PM UTC+1, Henrik Lindberg wrote: > > On 2020-07-31 19:41, A Manzer wrote: > > Did you update site.pp to use the include syntax? > > That is not needed to make automatic parameter lookup to work. > > - henrik > > -- > > Visit my Blog "Puppet on the Edge" > http://puppet-on-the-edge.blogspot.se/ > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/f4499e4f-192c-4f26-bb12-caf35e051942o%40googlegroups.com.
[Puppet Users] Re: I'm struggling with some node specific heria
Yes I upated the site.pp as recommended.
On Friday, July 31, 2020 at 6:41:24 PM UTC+1, A Manzer wrote:
>
> Did you update site.pp to use the include syntax?
>
> I looked at the error again, because I'm really not sure why it's working
> (other than the fact that you've mixed patterns, and seriously
> over-complicated your code). So here's your error, right?
> Error: Could not retrieve catalog from remote server: Error 500 on SERVER:
> Server Error: Evaluation Error: Error while evaluating a Resource
> Statement, Class[Permitroot]: expects a value for parameter
> 'permitroot_config' (file:
> /etc/puppetlabs/code/environments/production/manifests/site.pp, line: 49,
> column: 3) on node lhcsrvprdcms01.fixnetix.com
>
> Is it still more or less that?
> Notice that the error is in the site.pp file, not your init.pp or
> config.pp. It could be that since you're using the resource-like syntax,
> Puppet is expecting you to set that parameter, and isn't using Hiera.
> According to the hiera docs
> <https://puppet.com/docs/puppet/6.17/hiera_automatic.html>, it looks like
> it should still be looking things up? But I know that in my own code, I
> always use include, or specify all my parameters when I'm forced to use
> the resource-like syntax.
>
> On Friday, July 31, 2020 at 1:09:30 PM UTC-4 djc...@gmail.com wrote:
>
>> Don't think it's a hiera issue now:
>>
>> # puppet lookup permitroot::permitroot_config --node
>> lhcsrvprdcms01.fixnetix.com
>> ---
>> - Match Address xx.xx.xx.xx
>> - PermitRootLogin without-password
>>
>> # pwd
>> /etc/puppetlabs/code/environments/production/data/nodes
>>
>> # cat *
>> permitroot::permitroot_config:
>> - 'Match Address 10.20.232.21'
>> - 'PermitRootLogin without-password'
>>
>> Still no joy though.
>>
>> On Friday, July 31, 2020 at 4:47:40 PM UTC+1, A Manzer wrote:
>>>
>>> puppet lookup is a good diagnostic tool.
>>>
>>> Now though, you have a naming issue. You need the permitroot:: prefix
>>> if you want Puppet/Hiera to automatically fill in your parameter.
>>>
>>> So your puppet lookup debug command should be puppet lookup
>>> permitroot::permitroot_config --explain --node
>>> lhcsrvprdcms01.fixnetix.com
>>>
>>> Once *that* works, your module should work too.
>>>
>>> Does any of this work if you put it in common.yaml to start?
>>> On Friday, July 31, 2020 at 11:42:27 AM UTC-4 djc...@gmail.com wrote:
>>>
>>>> Still no luck. Hiera is now matching (it wasn't before):
>>>>
>>>> root@puppet:/# puppet lookup permitroot_config --node
>>>> lhcsrvprdcms01.fixnetix.com
>>>> ---
>>>> - Match Address xx.xx.xx.xx
>>>> - PermitRootLogin without-password
>>>>
>>>> I had to change the YAML file slightly to:
>>>>
>>>> permitroot_config:
>>>> - 'Match Address xx.xx.xx.xx'
>>>> - 'PermitRootLogin without-password'
>>>>
>>>> From:
>>>>
>>>> permitroot:permitroot_config
>>>> - 'Match Address xx.xx.xx.xx'
>>>> - 'PermitRootLogin without-password'
>>>>
>>>> Thanks for the tip! I have been using PDK.
>>>>
>>>> On Friday, July 31, 2020 at 4:25:13 PM UTC+1, A Manzer wrote:
>>>>>
>>>>> I've noticed two other things that may need fixing:
>>>>>
>>>>> - It may be a copy and paste error, but you don't close your Match
>>>>> Address string in the pasted Hiera file above. That would cause your
>>>>> Yaml
>>>>> to be incorrect, and probably ignored.
>>>>> - In site.pp, you use the resource-like syntax for including the
>>>>> class. I'm not sure what this does for automatic hiera parameter lookup,
>>>>> but it's usually safer to use include syntax instead. I'd change
>>>>> your entry in site.pp to be
>>>>>
>>>>>
>>>>> node lhcsrvprdcms01.domain.com {
>>>>> include permitroot
>>>>> }
>>>>>
>>>>> BTW, out of curiosity, are you using the Puppet PDK
>>>>> <https://puppet.com/docs/pdk/1.x/pdk.html> to develop this module?
>>>>> It brings *a lot* of boilerplate, but it also brings things like Yaml
>>>>> syntax va
