卫星 6 的傀儡无法找到 hiera 数据源

tag-icon tag-icon linux puppet foreman hiera satellite
卫星 6 的傀儡无法找到 hiera 数据源

使用 Foreman 1.6.0.53 附带的 Satellite 6。

默认情况下,Puppetlabs 的文档指出 hiera 配置应该在 中$config/hiera.yaml

# puppet config print confdir hiera_config
confdir = /etc/puppet
hiera_config = /etc/puppet/hiera.yaml

查看我们的 hiera 配置:

# cat /etc/puppet/hiera.yaml
---
:backends: yaml
:yaml:
  :datadir: /var/lib/hiera
:hierarchy:
  - users
  - groups
  - global

数据文件存在:

# cat /var/lib/hiera/users.yaml
---
users:
  bfernandez:
    uid: 300
    fullname: Belmin Fernandez

为了测试它,我使用了 hiera 的 CLI 和puppet apply

# hiera --conf=/etc/puppet/hiera.yaml --debug -h users
DEBUG: 2015-05-06 14:11:37 -0400: Hiera YAML backend starting
DEBUG: 2015-05-06 14:11:37 -0400: Looking up users in YAML backend
DEBUG: 2015-05-06 14:11:37 -0400: Looking for data source users
DEBUG: 2015-05-06 14:11:37 -0400: Found users in users
DEBUG: 2015-05-06 14:11:37 -0400: Looking for data source groups
DEBUG: 2015-05-06 14:11:37 -0400: Looking for data source global
{"bfernandez"=>{"uid"=>300, "fullname"=>"Belmin Fernandez"}}

# puppet apply -e '$foo = hiera_hash(users) notify { $foo: }'
Notice: Compiled catalog for foosat.example.com in environment production in 0.08 seconds
Notice: {"bfernandez"=>{"uid"=>300, "fullname"=>"Belmin Fernandez"}}
Notice: /Stage[main]/Main/Notify[{"bfernandez"=>{"uid"=>300, "fullname"=>"Belmin Fernandez"}}]/message: defined 'message' as '{"bfernandez"=>{"uid"=>300, "fullname"=>"Belmin Fernandez"}}'
Notice: Finished catalog run in 0.30 seconds

到目前为止,一切看起来都很好。但是,当我引用hiera_hash('users')模块并将其应用于节点时,出现此错误:

May  6 13:49:04 foo1 puppet-agent[8688]: Could not retrieve catalog from remote server: Error 400 on SERVER: Could not find data item users in any Hiera data file and no default supplied at /etc/puppet/modules/accounts/manifests/init.pp:10 on node foo1.example.com

有什么想法我应该看看吗?感觉我可能错过了 Foreman 方面的一些东西。

更新 1:

根据 @lsd,尝试/etc/hiera.yaml通过创建符号链接来使用它进行配置。使用 hiera CLI 进行测试以确认配置:

# hiera --conf=/etc/hiera.yaml --debug -h users
DEBUG: 2015-05-06 14:31:13 -0400: Hiera YAML backend starting
DEBUG: 2015-05-06 14:31:13 -0400: Looking up users in YAML backend
DEBUG: 2015-05-06 14:31:13 -0400: Looking for data source defaults
DEBUG: 2015-05-06 14:31:13 -0400: Cannot find datafile /var/lib/hiera/defaults.yaml, skipping
DEBUG: 2015-05-06 14:31:13 -0400: Looking for data source users
DEBUG: 2015-05-06 14:31:13 -0400: Found users in users
DEBUG: 2015-05-06 14:31:13 -0400: Looking for data source groups
DEBUG: 2015-05-06 14:31:13 -0400: Looking for data source global
{"bfernandez"=>{"uid"=>300, "fullname"=>"Belmin Fernandez"}}

但是代理上仍然出现错误,因此问题并未得到解决。

答案1

在上下班途中考虑了这个问题之后,我决定检查一下 SELinux,结果如下:

[root@foosat hiera]# grep yaml /var/log/audit/audit.log | head -n1
type=AVC msg=audit(1430926955.728:75727): avc:  denied  { getattr } for  pid=17099 comm="ruby" path="/var/lib/hiera/users.yaml" dev="dm-2" ino=25185161 scontext=system_u:system_r:passenger_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file

将 hiera 文件上的文件上下文更改为puppet_etc_t(如果有人知道更合适的内容,请评论):

[root@foosat hiera]# semanage fcontext -a -s system_u -t puppet_etc_t "/var/lib/hiera(/.*)?"
[root@foosat hiera]# restorecon -R -v .
restorecon reset /var/lib/hiera/users.yaml context unconfined_u:object_r:var_lib_t:s0->unconfined_u:object_r:puppet_etc_t:s0

现在正在工作。希望这对其他人有帮助。

相关内容