Seems like your clientcert is different during the puppet run than the
command line since your explicitly passing in the clientcert. I would
change clientcert in your hiera config to fqdn. You are not guaranteed to
have a client cert, but all hosts will have a fqdn. You can also use the
hiera function in your puppet code so it makes that "automatic" lookup
easier to understand since you control the lookup key. Although, I don't
recommend this since automated lookups are preferred as two lookups would
actually occur if myfoo::bar doesn't exist. If you run your puppet master
in debug mode, it will actually detail when it can't find a lookup key, so
have a look at the logs.
- hosts/%{fqdn}
ie.
class foo(
$bar = hiera('myfoo::bar', 'defaultvalue')
# if the hiera function I specified as the default value for foo
returns nil, the puppet automated lookup will occur and use 'foo::bar'
lookup key
}
Hiera is pretty easy once you know the rules and I bet that your puppet
agent clientcert must be different than what you have in your hiera
datastore.
On Wednesday, October 8, 2014 6:44:56 AM UTC-7, Stack Kororā wrote:
>
> Greetings,
>
> I don't know why, but I am having a rough time trying to get hiera to
> work. It seems to me that all the examples I see online are either absurdly
> complex or so stupidly simple that they are absolutely useless. Either way
> I have found the documentation for hiera completely lacking (it doesn't
> help that there is a lot of bad information pertaining old puppet releases
> that is no longer the correct way to do things...at least according to
> other sources which may or may not be the correct way either...bleck...).
> Of all the documentation/blogs/examples/ect I have been pouring over the
> last 2 hours, not one has given me a useful hint at getting this working.
>
>
> *deep breath in an attempt to control my frustration so I can
> communicate on a somewhat intelligent level*
>
> Whew...
>
> OK. Lets start.
>
>
> $ puppet -V
>
> 3.7.1
>
> $ hiera -V
>
> 1.3.4
>
> $ hostname
>
> puppet.test.vm
>
> $ sudo puppet cert list --all
>
> + "puppet.test.vm" <snip blah blah string>
>
>
> This is as simple as I can make it.
>
>
> $ cd /etc/puppet
>
> $ find . -type f
>
> ./modules/testhiera/manifests/init.pp
>
> ./manifests/site.pp
>
> ./puppet.conf <- did not touch after test vm install
>
> ./auth.conf <- did not touch after test vm install
>
> $ cat manifests/site.pp
>
> node 'puppet.test.vm' {
>
> class { 'testhiera': }
>
> }
>
> $ cat modules/testhiera/manifests/init.pp
>
> class testhiera ( $test="blah") {
>
> file { "/tmp/$test" : ensure => present}
>
> }
>
> $ puppet agent -t
>
> Info: Retrieving pluginfacts
>
> Info: Retrieving plugin
>
> Info: Caching catalog for puppet.test.vm
>
> Info: Applying configuration version '1412771807'
>
> Notice: /Stage[main]/Testhiera/File[/tmp/blah]/ensure: created
>
> Notice: Finished catalog run in 0.04 seconds
>
> $ rm /tmp/blah
>
>
> Hooray! That works. Can't get much simpler then that, right? OK, lets add
> in hiera. Should be simple right? Ha!
>
>
> $ sudo ln -s /etc/puppet/hiera.yaml /etc/hiera.yaml
>
> $ find . -type f
>
> ./hiera.yaml
>
> ./hosts/puppet.test.vm.yaml
>
> ./modules/testhiera/manifests/init.pp
>
> ./manifests/site.pp
>
> ./puppet.conf
>
> ./auth.conf
>
> # Only added these two files below; made no other changes
>
> $ cat hiera.yaml
>
> ---
>
> :hierarchy:
>
> - hosts/%{clientcert}
>
> :backends:
>
> - yaml
>
> :yaml:
>
> :datadir: '/etc/puppet/'
>
> $ cat hosts/puppet.test.vm.yaml
>
> ---
>
> hieratest::test: yadda
>
> $ hiera hieratest::test clientcert=puppet.test.vm
>
> yadda
>
> # Hiera on the command line works. I must be making progress!!
>
>
> $ sudo puppet agent -t
>
> Info: Retrieving pluginfacts
>
> Info: Retrieving plugin
>
> Info: Caching catalog for puppet.test.vm
>
> Info: Applying configuration version '1412771807'
>
> Notice: /Stage[main]/Testhiera/File[/tmp/blah]/ensure: created
>
> Notice: Finished catalog run in 0.03 seconds
>
>
> What??? That is absolutely contrary to the documentation! It should have
> created /tmp/yadda! I am looking at the official docs right now on using a
> hiera variable with a default variable and I don't see how my example is
> any different in the slightest! Blah should have only been used as a
> default if the host wasn't found. Clearly either puppet can't find hiera
> and used default, or it simply ignored the hiera data.
>
>
> Fine. We will take out the default blah and force it to use something
> from hiera.
>
>
> $ rm /tmp/blah
>
> $ cat modules/testhiera/manifests/init.pp
>
> class testhiera ( ) {
>
> file { "/tmp/$test" : ensure => present}
>
> }
>
> $ sudo puppet agent -t
>
> Info: Retrieving pluginfacts
>
> Info: Retrieving plugin
>
> Info: Caching catalog for puppet.test.vm
>
> Info: Applying configuration version '1412773578'
>
> Notice: Finished catalog run in 0.04 seconds
>
>
> What? No blah, no yadda, nothing! I don't even get an error!!
>
>
> OK. OK. Fine. Maybe it doesn't like something in hiera. I will give hiera
> a default.
>
>
> $ find . -type f
>
> ./hiera.yaml
>
> ./modules/testhiera/manifests/init.pp
>
> ./puppet.conf
>
> ./hosts/common.yaml
>
> ./hosts/puppet.test.vm.yaml
>
> ./auth.conf
>
> ./manifests/site.pp
>
> $ cat hiera.yaml
>
> ---
>
> :hierarchy:
>
> - hosts/%{clientcert}
>
> - hosts/common
>
> :backends:
>
> - yaml
>
> :yaml:
>
> :datadir: '/etc/puppet/'
>
> $ cat hosts/common.yaml
>
> ---
>
> hieratest::test: blarg
>
> $ hiera hieratest::test clientcert=puppet.test.vm
>
> yadda
>
> $ hiera hieratest::test clientcert=some.thing.else
>
> blarg
>
>
> Yeah...alright...hiera on the command line is giving me exactly what I
> want. I have feeling good about this one...
>
>
> $ sudo puppet agent -t
>
> Info: Retrieving pluginfacts
>
> Info: Retrieving plugin
>
> Info: Caching catalog for puppet.test.vm
>
> Info: Applying configuration version '1412773578'
>
> Notice: Finished catalog run in 0.06 seconds
>
> $ ls /tmp/blah /tmp/yadda /tmp/blarg
>
> ls: cannot access /tmp/blah: No such file or directory
>
> ls: cannot access /tmp/yadda: No such file or directory
>
> ls: cannot access /tmp/blarg: No such file or directory
>
>
> ACK!!!! What the hell?!?!! Nothing? Not even an error?? Even running
> –debug on that puppet run gives me jack-squat of information. There isn't
> anything in the puppet master logs either.
>
>
> I have tried doing the hiera_include (even though several places say don't
> though they fail to mention why not). I have tried doing $t2 =
> hiera('test') and creating /tmp/$t2 and that still gave me nothing. I have
> tried referencing it by full scope hieradata::test (again, even though the
> docs say don't do this) and still nothing.
>
>
> Clearly, the hiera data works because it gives me exactly what I want on
> the command line. Puppet just seems to flat out ignore it. I can't get any
> of the examples to work.
>
>
> HOWEVER, I tested a few of the puppet forge programs and THEY can
> reference their hiera data just fine! Oh that really got me riled up...So
> it isn't puppet because it works with their code. It has to be something in
> my code. So I reset the VM back to my code and I fail to understand why my
> incredibly simple code isn't working and I am seriously frustrated why I
> can't get any of the official documentation examples to work either.
>
>
> I need to go take a break from this...but I would be so very very
> grateful if someone could point out where I am going wrong. Hiera works,
> but Puppet+Hiera doesn't and I just don't understand why...Since the puppet
> forge code works, it *must* be something I have/haven't done but I can not
> seem to find it. The docs certainly aren't helping either. Any
> pointers/tips/examples/information would be greatly appreciated.
>
>
> Thanks!
>
> ~Stack~
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/c96c4753-2f40-49f6-b9e0-4e9a2bb0ecc2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
