如何在 Puppet 环境中测试/排除 hiera 故障

tag-icon tag-icon puppet hiera puppet-foreman
如何在 Puppet 环境中测试/排除 hiera 故障

我正在使用 Puppet 和 Foreman 来配置主机,目前我已经将所有 Puppet 配置作为模块保存在存储库中。我想使用 Hiera,但我从来没能从.yaml我添加的文件中获取哪怕是最简单的东西。我的主人puppet.conf是:

[main]
    basemodulepath = /etc/puppetlabs/code/environments/common:/etc/puppetlabs/code/modules:/opt/puppetlabs/puppet/modules:/usr/share/puppet/modules
    codedir = /etc/puppetlabs/code
    environmentpath = /etc/puppetlabs/code/environments
    hiera_config = /etc/puppetlabs/code/environments/production/hiera.yaml
    hostprivkey = $privatekeydir/$certname.pem { mode = 640 }
    logdir = /var/log/puppetlabs/puppet
    pluginfactsource = puppet:///pluginfacts
    pluginsource = puppet:///plugins
    privatekeydir = $ssldir/private_keys { group = service }
    reports = foreman
    rundir = /var/run/puppetlabs
    server = foreman.domain.net
    show_diff = false
    ssldir = /etc/puppetlabs/puppet/ssl
    vardir = /opt/puppetlabs/puppet/cache

[agent]
    certname = foreman.domain.net
    classfile = $statedir/classes.txt
    default_schedules = false
    environment = production
    listen = false
    localconfig = $vardir/localconfig
    masterport = 8140
    noop = false
    pluginsync = true
    report = true
    runinterval = 1800
    splay = false
    splaylimit = 1800
    usecacheonfailure = true

[master]
    autosign = /etc/puppetlabs/puppet/autosign.conf { mode = 0664 }
    ca = true
    certname = foreman.domain.net
    external_nodes = /etc/puppetlabs/puppet/node.rb
    logdir = /var/log/puppetlabs/puppetserver
    node_terminus = exec
    parser = current
    rundir = /var/run/puppetlabs/puppetserver
    ssldir = /etc/puppetlabs/puppet/ssl
    strict_variables = false
    vardir = /opt/puppetlabs/server/data/puppetserver

内容/etc/puppetlabs/code/environments/production/hiera.yaml

---
version: 5
defaults:
  datadir: hieradata
  data_hash: yaml_data
hierarchy:
  - name: "Per-node data"
    path: "nodes/%{trusted.certname}.yaml"
  - name: "Per-domain data"
    path: "domains/%{facts.networking.domain}.yaml"
  - name: "OS family"
    path: "os/%{facts.os.family}.yaml"
  - name: "Other hierarchy levels"
    path: "common.yaml"

和结构hieradata

hieradata/
├── common.yaml
├── domains
│   └── domain.net.yaml
├── nodes
│   ├── foreman.domain.net.yaml
│   └── test.domain.net.yaml
└── os
    └── Debian.yaml

例如领班具体数据文件的内容:

---
environment: production
classes:
  - roles::default

最后,看起来相关的版本:

$ puppet --version
5.5.3
$ facter --version
3.11.3 (commit 1854ababc68ec12ca40bdc143e46c3d5434b92ba)
$ hiera --version
3.4.3

我觉得我已经遵循了互联网上的各种指南,但我的主机似乎都没有使用文件中的设置.yaml。你如何测试hiera?我希望有一些合理的方法来解决哪些文件应用于单个节点,但我找不到可以做到这一点的命令,甚至无法搜索我在环境中创建的一些类。我还认为我可以使用类似的东西hiera -c hiera.yaml --hash profiles,但这会给出有关 v5 语法的错误。

答案1

我认为这个问题的答案实际上就是我在评论中所表达的内容。

puppet lookup --node test.domain.net --explain classes

在服务器上执行该命令表明它应该可以工作。我真正的问题是我的节点站点清单未包含hiera_include('classes'),我通过查找找到了它。

相关内容