0

I'm using Puppet alongside Foreman to provision hosts, and I've currently got all of Puppet config as modules in a repository. I'd like to use Hiera but I've never been able to get even the simplest thing to pull from one of the .yaml files that I add. My master puppet.conf is:

[main]
    basemodulepath = /etc/puppetlabs/code/environments/common:/etc/puppetlabs/code/modules:/opt/puppetlabs/puppet/modules:/usr/share/puppet/modules
    codedir = /etc/puppetlabs/code
    environmentpath = /etc/puppetlabs/code/environments
    hiera_config = /etc/puppetlabs/code/environments/production/hiera.yaml
    hostprivkey = $privatekeydir/$certname.pem { mode = 640 }
    logdir = /var/log/puppetlabs/puppet
    pluginfactsource = puppet:///pluginfacts
    pluginsource = puppet:///plugins
    privatekeydir = $ssldir/private_keys { group = service }
    reports = foreman
    rundir = /var/run/puppetlabs
    server = foreman.domain.net
    show_diff = false
    ssldir = /etc/puppetlabs/puppet/ssl
    vardir = /opt/puppetlabs/puppet/cache

[agent]
    certname = foreman.domain.net
    classfile = $statedir/classes.txt
    default_schedules = false
    environment = production
    listen = false
    localconfig = $vardir/localconfig
    masterport = 8140
    noop = false
    pluginsync = true
    report = true
    runinterval = 1800
    splay = false
    splaylimit = 1800
    usecacheonfailure = true

[master]
    autosign = /etc/puppetlabs/puppet/autosign.conf { mode = 0664 }
    ca = true
    certname = foreman.domain.net
    external_nodes = /etc/puppetlabs/puppet/node.rb
    logdir = /var/log/puppetlabs/puppetserver
    node_terminus = exec
    parser = current
    rundir = /var/run/puppetlabs/puppetserver
    ssldir = /etc/puppetlabs/puppet/ssl
    strict_variables = false
    vardir = /opt/puppetlabs/server/data/puppetserver

contents of /etc/puppetlabs/code/environments/production/hiera.yaml:

---
version: 5
defaults:
  datadir: hieradata
  data_hash: yaml_data
hierarchy:
  - name: "Per-node data"
    path: "nodes/%{trusted.certname}.yaml"
  - name: "Per-domain data"
    path: "domains/%{facts.networking.domain}.yaml"
  - name: "OS family"
    path: "os/%{facts.os.family}.yaml"
  - name: "Other hierarchy levels"
    path: "common.yaml"

and structure of hieradata:

hieradata/
├── common.yaml
├── domains
│   └── domain.net.yaml
├── nodes
│   ├── foreman.domain.net.yaml
│   └── test.domain.net.yaml
└── os
    └── Debian.yaml

and for example the foreman specific data file content:

---
environment: production
classes:
  - roles::default

finally, versions of things that seem relevant:

$ puppet --version
5.5.3
$ facter --version
3.11.3 (commit 1854ababc68ec12ca40bdc143e46c3d5434b92ba)
$ hiera --version
3.4.3

I feel like I've followed along with the various guides on the internets, but none of my hosts seem to use the settings in the .yaml files. How do you test hiera? I would expect that there'd be some sensible way to resolve what files are applied to an individual node, but I can't find a command that works to do that, or even search for some of the classes that I've created in my environments. I would also think that I'd be able to use something like hiera -c hiera.yaml --hash profiles, but that gives an error about v5 syntax.

geoffjay
  • 131
  • 5
  • It looks like you can use `puppet lookup --node test.domain.net --explain classes` to resolve `hiera` information. This works for me on the master, but on the agent side it's pulling local information and not what it should receive from the server. – geoffjay Aug 01 '18 at 22:49

1 Answers1

0

I think the answer to the question is actually what I put in the comment that I made.

puppet lookup --node test.domain.net --explain classes

Executing that command on the server showed that it was supposed to work. My real problem was that my site manifest for the node didn't include hiera_include('classes'), which I got to because of the lookup.

geoffjay
  • 131
  • 5