Puppet 节点未从 global.yaml 文件中获取 hiera 参数

Puppet 节点未从 global.yaml 文件中获取 hiera 参数

我正在使用 Foreman、Puppet 和 Hiera 为我的节点提供参数数据。每个节点在 Puppet Master 上的 /etc/puppet/hieradata 中都有自己的 node.yaml 文件。还有一个 global.yaml 文件,它定义了在 node.yaml 文件中找不到的一些其他参数。似乎当我运行 puppet 时,pi_firewall::global::loghash 参数没有从 global.yaml 中提取出来。

下面是实际的错误消息,我在节点和 PM 以及 hiera.yaml 配置文件和 global.yaml 上运行了一些 CLI 测试。

== 错误消息 ==

root@door0036:~# puppet agent -t
Warning: Local environment: "production" doesn't match server specified node environment "development", switching agent to "development".
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Error: Could not retrieve catalog from remote server: Error 400 on SERVER: create_resources(): second argument must be a hash at /etc/puppet/environments/development/modules/pi_firewall/manifests/init.pp:52 on node door0036.domain.com
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run

== 在节点 (Puppet) 上运行应用 ==

root@door0036:~# puppet apply -e '$loghash = hiera(pi_firewall::global::loghash) notify { $loghash: }'
Error: Could not find data item pi_firewall::global::loghash in any Hiera data file and no default supplied at line 1 on node door0036.neardesk.com
Error: Could not find data item pi_firewall::global::loghash in any Hiera data file and no default supplied at line 1 on node door0036.neardesk.com

== Ran Hiera 在 PM(CLI)上 ==

ubuntu@foreman:/etc/puppet/hieradata$ hiera pi_firewall::global::loghash ::fqdn=door0036.neardesk.com{"000 accept all icmp"=>
  {"proto"=>"icmp", "action"=>"accept", "chain"=>"INPUT"},
 "000 allow any related or established"=>
  {"proto"=>"all",
   "state"=>["RELATED", "ESTABLISHED"],
   "action"=>"accept",
   "chain"=>"INPUT"},
 "002 accept dst_type MULTICAST"=>
  {"dst_type"=>"MULTICAST", "chain"=>"INPUT", "action"=>"accept"},
 "002 accept dst_type BROADCAST"=>
  {"dst_type"=>"BROADCAST", "chain"=>"INPUT", "action"=>"accept"},
 "501 allow ssh access to unit"=>
  {"port"=>22, "proto"=>"tcp", "action"=>"accept", "chain"=>"INPUT"},
 "100 allow http access to this device"=>
  {"port"=>80, "proto"=>"tcp", "action"=>"accept", "chain"=>"INPUT"},
 "101 allow monit http access to this device"=>
  {"port"=>2812, "proto"=>"tcp", "action"=>"accept", "chain"=>"INPUT"},
 "999 drop all"=>{"proto"=>"all", "action"=>"drop"}}

== PM 上的 hiera.yaml ==

---
:backends:
  - yaml
:yaml:
  :datadir: /etc/puppet/hieradata
:hierarchy:
  - "%{::clientcert}"
  - global

==global.yaml(/etc/puppet/hieradata/)==

pi_firewall::global::loghash:
  '000 accept all icmp':
    proto: icmp
    action: accept
    chain: INPUT
  '000 allow any related or established':
    proto: all
    state: ['RELATED', 'ESTABLISHED']
    action: accept
    chain: 'INPUT'
  '002 accept dst_type MULTICAST':
    dst_type: MULTICAST
    chain: INPUT
    action: accept
  '002 accept dst_type BROADCAST':
    dst_type: BROADCAST
    chain: INPUT
    action: accept
  '501 allow ssh access to unit':
    port: 22
    proto: tcp
    action: accept
    chain: INPUT
  '100 allow http access to this device':
    port: 80
    proto: tcp
    action: accept
    chain: INPUT
  '101 allow monit http access to this device':
    port: 2812
    proto: tcp
    action: accept
    chain: INPUT
  '999 drop all':
    proto: all
        action: drop
pi_ssh::sshd_enabled: 'no'
pi_cardreader::nd_byip: 'value'
pi_cardreader::nd_id: 'value2'
pi_cardreader::nd_password: 'value3'
pi_cardreader::nd_mode: 'value4'
pi_wallboard::url: 'http://tv.neardesk.com/?mac='

相关内容