Reputation: 157
global.yaml puppet/hiera with environment management
I'm actually running puppet 3.7.2 and hiera 1.3.4 on my Debian Jessie.
My puppet config is:
[main]
logdir=/var/log/puppet
vardir=/var/lib/puppet
ssldir=/var/lib/puppet/ssl
rundir=/var/run/puppet
factpath=$vardir/lib/facter
#prerun_command=/etc/puppet/etckeeper-commit-pre
#postrun_command=/etc/puppet/etckeeper-commit-post
server = puppetmaster01.prd.lord-y.net
certname = master.localdomain
environment = prod
condir = /etc/puppet
report = false
show_diff = true
trace = true
runinterval=60
usecacheonfailure = false
ignorecache = true
environmentpath=$confdir/environments
[master]
# These are needed when the puppetmaster is run by passenger
# and can safely be removed if webrick is used.
ssl_client_header = SSL_CLIENT_S_DN
ssl_client_verify_header = SSL_CLIENT_VERIFY
certname = master.localdomain
#modulepath=$confdir/environments/$environment/modules:$confdir/modules
[agent]
report = true
show_diff = true
My hiera config:
---
:backends:
- yaml
:yaml:
:datadir: "/etc/puppet/environments/%{::environment}/hieradata"
:hierarchy:
- "%{::fqdn}"
- global
:logger: console
and my puppet environment:
/etc/puppet/environments/{prod,uat,dev} ==> environment.conf hieradata manifests modules
In my environment.conf:
manifest = /etc/puppet/environments/{prod,uat,dev}/manifests/site.pp
modulepath = /etc/puppet/environments/{prod,uat,dev}/modules
In /etc/puppet/environments/{prod,uat,dev}/hieradata, I have my hosts definitions and the global.yaml for each environment.
My problem is that when the master performs Hiera lookups during catalog building, it seems not to obtain data from global.yaml in the cases where it should do so.
For example, if I execute this command on my Puppet master machine, it correctly falls back to global.yaml to provide the right result ...
hiera varnish::dev::settings::site::backend_name ::environment=prod
... but when the same key is looked up in the course of serving a catalog request, no value is found.
Upvotes: 1
Views: 653
Answers (1)
Reputation: 180201
If Hiera lookups via the command-line tool produce different results from equivalent lookups performed by the master in the course of catalog building then the only likely explanations lie in the realms of identity and environment. Inasmuch as Hiera has no documented reliance on environment variables, the most likely conclusion is that your global.yaml files are not readable by the puppet master process, which runs with a non-privileged UID and GID that are probably different from those you use in your interactive shell. Check the permissions on those files, and / or run the command under the master's credentials.
Upvotes: 0
Related Questions
- Removing Conda environment
- puppet: Hiera does not like any sub-directories
- puppet-5 hiera not working
- Puppet - Multiple Roles in Hiera
- hiera CLI lookup fails but puppet agent -t works
- Puppet can't find class firewall
- Puppet environment: Parameter source failed on File
- No value from hiera on puppet manifests when installed foreman
- Basic usage of modules in puppet with hiera