Hello all,
I'm running puppet 3.7.5 + hiera 1.3.4 and facter 2.3.0 .
My site.pp:
$ cat manifests/site.pp
node default {
hiera_include('classes')}
in *hiera, *I've defined the default classes to be included:
$ cat hieradb/defaults.yaml
---#Default classes
classes:
- profiles::base
and the *base proflie *includes few classes like:
class profiles::base {
contain ntp
contain resolv
contain smtp
contain ssh
contain common
contain puppet::agent
contain repos
contain nagios::client
...}
in hiera *defaults.yaml *I've also defined a couple of *nagios::client*[1]
variables (for not including selinux):
$cat hieradb/defaults.yaml[...]
nagios::client::selinux: 'false'
nagios::client::selinux_enforced: 'false'[...]
**Default for selinux is true.*
the relevant code from *nagios*[1] module:
# nagios/manifests/client.pp
[...]
# With selinux, some nrpe plugins require additional rules to work
if $selinux and $::selinux_enforced {
selinux::audit2allow { 'nrpe':
source => "puppet:///modules/${module_name}/messages.nrpe",
}
}[...]
*and ONLY NTP class has the tag kickstart::bootstrap defined.*
** Hiera works and returns the expected values:*
# hiera -c /etc/puppet/hiera.yaml -d classes environment=basic_conf
clientcert=XX
DEBUG: Tue Nov 10 14:14:39 +0100 2015: Hiera YAML backend starting
DEBUG: Tue Nov 10 14:14:39 +0100 2015: Looking up classes in YAML backend
DEBUG: Tue Nov 10 14:14:39 +0100 2015: Looking for data source
basic_conf/hieradb/global
DEBUG: Tue Nov 10 14:14:39 +0100 2015: Looking for data source
basic_conf/hieradb/cert/XX
DEBUG: Tue Nov 10 14:14:39 +0100 2015: Looking for data source
basic_conf/hieradb/env/basic_conf
DEBUG: Tue Nov 10 14:14:39 +0100 2015: Cannot find datafile
/var/lib/puppet-deploy/.../basic_conf.yaml, skipping
DEBUG: Tue Nov 10 14:14:39 +0100 2015: Looking for data source
basic_conf/hieradb/defaults
DEBUG: Tue Nov 10 14:14:39 +0100 2015: Found classes in
basic_conf/hieradb/defaults["profiles::cb::base"]
# hiera -c /etc/puppet/hiera.yaml -d nagios::client::selinux
environment=basic_cb_conf clientcert=inhas01883.eu.boehringer.com
[...]
false
My kickstart posinstall section runs puppet like:
puppet agent --test --tags=kickstart::bootstrap --report --pluginsync --no-noop
*I expect puppet to run, not include selinux and ONLY configure ntp*
But it gives me an error (failed catalog) because
*selinux::audit2allow *is an invlaid resource type. (which means that
the nagios variables are not picked up from hiera (false) so selinux
is included)
If I reboot the node, and run the same exact puppet agent line, then
puppet runs (no selinux complain) and only NTP class is configured:
# /usr/bin/puppet agent --test --environment=basic_cb_conf
--tags=kickstart::bootstrap
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Info: Caching catalog for XXX
Info: Applying configuration version '....'
Notice: /Stage[main]/Ntp/File[/etc/ntp.conf]/content:
--- /etc/ntp.conf 2015-11-10 12:23:14.946909373 +0000
+++ /tmp/puppet-file20151110-5619-gw8wio-0 2015-11-10
12:24:05.208909327 +0000
@@ -1,54 +1,10 @@
-# For more information about this file, see the man pages
-# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5),
ntp_mon(5).[...]
the expected behaivour.
So, what are (or could be) the differences between puppet runs inside the
kickstart postinstall process and puppet runs outside it?
Why is hiera ignored?
[1] (https://forge.puppetlabs.com/thias/nagios)
TIA,
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/CAM69jx_uAbfBc1aU0hYUv%3DGfkGu1oTCx%3D1%3DkgS1JUE1ifsxMxQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
