1

I am using Foreman, Puppet and Hiera to provide parameter data for my nodes. Each node has its own node.yaml file on the Puppet Master in /etc/puppet/hieradata. There is also a global.yaml file which defines some other parameters not found found in the node.yaml files. It appears that when I do a puppet run, the pi_firewall::global::loghash parameter is not being pulled in from the global.yaml.

Below is the actual error message, some CLI tests I've run on both the node and PM as well as they hiera.yaml config file and global.yaml.

== Error Message ==

root@door0036:~# puppet agent -t
Warning: Local environment: "production" doesn't match server specified node environment "development", switching agent to "development".
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Error: Could not retrieve catalog from remote server: Error 400 on SERVER: create_resources(): second argument must be a hash at /etc/puppet/environments/development/modules/pi_firewall/manifests/init.pp:52 on node door0036.domain.com
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run

== Ran Apply on Node (Puppet) ==

root@door0036:~# puppet apply -e '$loghash = hiera(pi_firewall::global::loghash) notify { $loghash: }'
Error: Could not find data item pi_firewall::global::loghash in any Hiera data file and no default supplied at line 1 on node door0036.neardesk.com
Error: Could not find data item pi_firewall::global::loghash in any Hiera data file and no default supplied at line 1 on node door0036.neardesk.com

== Ran Hiera on PM (CLI) ==

ubuntu@foreman:/etc/puppet/hieradata$ hiera pi_firewall::global::loghash ::fqdn=door0036.neardesk.com{"000 accept all icmp"=>
  {"proto"=>"icmp", "action"=>"accept", "chain"=>"INPUT"},
 "000 allow any related or established"=>
  {"proto"=>"all",
   "state"=>["RELATED", "ESTABLISHED"],
   "action"=>"accept",
   "chain"=>"INPUT"},
 "002 accept dst_type MULTICAST"=>
  {"dst_type"=>"MULTICAST", "chain"=>"INPUT", "action"=>"accept"},
 "002 accept dst_type BROADCAST"=>
  {"dst_type"=>"BROADCAST", "chain"=>"INPUT", "action"=>"accept"},
 "501 allow ssh access to unit"=>
  {"port"=>22, "proto"=>"tcp", "action"=>"accept", "chain"=>"INPUT"},
 "100 allow http access to this device"=>
  {"port"=>80, "proto"=>"tcp", "action"=>"accept", "chain"=>"INPUT"},
 "101 allow monit http access to this device"=>
  {"port"=>2812, "proto"=>"tcp", "action"=>"accept", "chain"=>"INPUT"},
 "999 drop all"=>{"proto"=>"all", "action"=>"drop"}}

== hiera.yaml on PM ==

---
:backends:
  - yaml
:yaml:
  :datadir: /etc/puppet/hieradata
:hierarchy:
  - "%{::clientcert}"
  - global

== global.yaml (/etc/puppet/hieradata/) ==

pi_firewall::global::loghash:
  '000 accept all icmp':
    proto: icmp
    action: accept
    chain: INPUT
  '000 allow any related or established':
    proto: all
    state: ['RELATED', 'ESTABLISHED']
    action: accept
    chain: 'INPUT'
  '002 accept dst_type MULTICAST':
    dst_type: MULTICAST
    chain: INPUT
    action: accept
  '002 accept dst_type BROADCAST':
    dst_type: BROADCAST
    chain: INPUT
    action: accept
  '501 allow ssh access to unit':
    port: 22
    proto: tcp
    action: accept
    chain: INPUT
  '100 allow http access to this device':
    port: 80
    proto: tcp
    action: accept
    chain: INPUT
  '101 allow monit http access to this device':
    port: 2812
    proto: tcp
    action: accept
    chain: INPUT
  '999 drop all':
    proto: all
        action: drop
pi_ssh::sshd_enabled: 'no'
pi_cardreader::nd_byip: 'value'
pi_cardreader::nd_id: 'value2'
pi_cardreader::nd_password: 'value3'
pi_cardreader::nd_mode: 'value4'
pi_wallboard::url: 'http://tv.neardesk.com/?mac='
faker
  • 17,496
  • 2
  • 60
  • 70
Tom Arnautovic
  • 11
  • 2

0 Answers0