我正在使用 Foreman、Puppet 和 Hiera 为我的节点提供参数数据。每个节点在 Puppet Master 上的 /etc/puppet/hieradata 中都有自己的 node.yaml 文件。还有一个 global.yaml 文件,它定义了在 node.yaml 文件中找不到的一些其他参数。似乎当我运行 puppet 时,pi_firewall::global::loghash 参数没有从 global.yaml 中提取出来。
下面是实际的错误消息,我在节点和 PM 以及 hiera.yaml 配置文件和 global.yaml 上运行了一些 CLI 测试。
== 错误消息 ==
root@door0036:~# puppet agent -t
Warning: Local environment: "production" doesn't match server specified node environment "development", switching agent to "development".
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Error: Could not retrieve catalog from remote server: Error 400 on SERVER: create_resources(): second argument must be a hash at /etc/puppet/environments/development/modules/pi_firewall/manifests/init.pp:52 on node door0036.domain.com
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
== 在节点 (Puppet) 上运行应用 ==
root@door0036:~# puppet apply -e '$loghash = hiera(pi_firewall::global::loghash) notify { $loghash: }'
Error: Could not find data item pi_firewall::global::loghash in any Hiera data file and no default supplied at line 1 on node door0036.neardesk.com
Error: Could not find data item pi_firewall::global::loghash in any Hiera data file and no default supplied at line 1 on node door0036.neardesk.com
== Ran Hiera 在 PM(CLI)上 ==
ubuntu@foreman:/etc/puppet/hieradata$ hiera pi_firewall::global::loghash ::fqdn=door0036.neardesk.com{"000 accept all icmp"=>
{"proto"=>"icmp", "action"=>"accept", "chain"=>"INPUT"},
"000 allow any related or established"=>
{"proto"=>"all",
"state"=>["RELATED", "ESTABLISHED"],
"action"=>"accept",
"chain"=>"INPUT"},
"002 accept dst_type MULTICAST"=>
{"dst_type"=>"MULTICAST", "chain"=>"INPUT", "action"=>"accept"},
"002 accept dst_type BROADCAST"=>
{"dst_type"=>"BROADCAST", "chain"=>"INPUT", "action"=>"accept"},
"501 allow ssh access to unit"=>
{"port"=>22, "proto"=>"tcp", "action"=>"accept", "chain"=>"INPUT"},
"100 allow http access to this device"=>
{"port"=>80, "proto"=>"tcp", "action"=>"accept", "chain"=>"INPUT"},
"101 allow monit http access to this device"=>
{"port"=>2812, "proto"=>"tcp", "action"=>"accept", "chain"=>"INPUT"},
"999 drop all"=>{"proto"=>"all", "action"=>"drop"}}
== PM 上的 hiera.yaml ==
---
:backends:
- yaml
:yaml:
:datadir: /etc/puppet/hieradata
:hierarchy:
- "%{::clientcert}"
- global
==global.yaml(/etc/puppet/hieradata/)==
pi_firewall::global::loghash:
'000 accept all icmp':
proto: icmp
action: accept
chain: INPUT
'000 allow any related or established':
proto: all
state: ['RELATED', 'ESTABLISHED']
action: accept
chain: 'INPUT'
'002 accept dst_type MULTICAST':
dst_type: MULTICAST
chain: INPUT
action: accept
'002 accept dst_type BROADCAST':
dst_type: BROADCAST
chain: INPUT
action: accept
'501 allow ssh access to unit':
port: 22
proto: tcp
action: accept
chain: INPUT
'100 allow http access to this device':
port: 80
proto: tcp
action: accept
chain: INPUT
'101 allow monit http access to this device':
port: 2812
proto: tcp
action: accept
chain: INPUT
'999 drop all':
proto: all
action: drop
pi_ssh::sshd_enabled: 'no'
pi_cardreader::nd_byip: 'value'
pi_cardreader::nd_id: 'value2'
pi_cardreader::nd_password: 'value3'
pi_cardreader::nd_mode: 'value4'
pi_wallboard::url: 'http://tv.neardesk.com/?mac='