On Thursday, August 2, 2018 at 8:36:06 AM UTC-5, John wrote: > > I've got a puppet instance where I'm trying to setup a hiera job to modify > a file managed by puppet. >
"Hiera job" is not a meaningful term. Hiera's job is to provide data (as specified by you) to the catalog builder. It has no control over how or whether any particular data are used to build catalogs. It is your Puppet manifests that play the central role in how your machines are managed. > The file is /etc/security/access.conf. The file looks like (some details > removed): > > [root@util nodes]# more hostx.yaml > XXXXX::os::auth::access: '+ : USERACCOUNT : ALL' > XXXXX::os::auth::access: '- :ALL EXCEPT root wheel jboss GGGGG XXXXX-wheel > XXXXX-local-it XXXXX-net-admin XXXXX-app-admin XXXXX-app-support : ALL > EXCEPT LOCAL' > Since you feel the need to redact the name of the module with which you are using the data, I suppose that it's a local one. We really can't say what it expects or requires. I can, however, observe that your Hiera data appear to be providing two different mappings for the same key. That's not valid YAML. Perhaps you wanted the value associated with that key to be an array of strings; that could be spelled like this: XXXXX::os::auth::access: - '+ : USERACCOUNT : ALL' - '- :ALL EXCEPT root wheel jboss GGGGG XXXXX-wheel XXXXX-local-it XXXXX-net-admin XXXXX-app-admin XXXXX-app-support : ALL EXCEPT LOCAL' > If I run puppet agent with a --verbose I get the following (snippet) in > the output: > > Debug: > /Stage[main]/XXXXX::Os::Auth::App/XXXXX::Os::Auth::Access[app_access]/Concat::Fragment[frag_sec_access_app_access]/File[/opt/puppetlabs/puppet/cache/concat/_etc_security_access.conf/fragments/200_frag_sec_access_app_access]: > > Adding autorequire relationship with > File[/opt/puppetlabs/puppet/cache/concat/_etc_security_access.conf/fragments] > That tells us that the agent is applying a catalog that contains the named resources, and not much else. Inasmuch as that could be a cached catalog, it doesn't even tell us whether catalog building succeeded on the master. If catalog building did succeed, it tells us nothing about how the Hiera data were used. If a YAML syntax correction does not solve the problem for you, then we'll probably need to see the relevant parts or your manifests in order to render any assistance. John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/d68448e3-c4c5-44f7-af6f-a645be1e94a1%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
