Given these files:
# find /etc/puppetlabs/code -type f | grep -v modules | xargs head -n 100
==> /etc/puppetlabs/code/environments/production/hieradata/common.yaml <==
pgwatch:
password: "mypass1"
puppetdb:
password: "mypass2"
==> /etc/puppetlabs/code/environments/production/manifests/site.pp <==
node "todd.ca.seevibes.com" {
class { 'postgresql::globals':
encoding => 'UTF-8',
locale => 'en_US.UTF-8',
manage_package_repo => true,
version => '9.1',
} -> class{'postgresql::server':
} -> postgresql::server::db{'puppetdb':
user => 'puppetdb',
password => postgresql_password('puppetdb', hiera('puppetdb::password')),
} -> postgresql::server::db{'pgwatch':
user => 'pgwatch',
password => postgresql_password('pgwatch', hiera('pgwatch::password')),
}
postgresql::server::pg_hba_rule{'allow pgwatch from anywhere':
address => '0.0.0.0/32',
auth_method => 'md5',
database => 'pgwatch',
user => 'pgwatch',
}
}
==> /etc/puppetlabs/code/hiera.yaml <==
---
:backends:
- json
- yaml
:yaml:
# Use the default value for datadir
:datadir:
:json:
# Use the default value for datadir
:datadir:
:hierarchy:
- "node/%{::fqdn}"
- "node/%{::hostname}"
- "%{::domain}"
- common
I expected the following to return the pgwatch::password
value:
# hiera --debug pgwatch::password
DEBUG: 2015-12-09 22:35:06 +0000: Hiera JSON backend starting
DEBUG: 2015-12-09 22:35:06 +0000: Looking up pgwatch::password in JSON backend
DEBUG: 2015-12-09 22:35:06 +0000: Looking for data source common
DEBUG: 2015-12-09 22:35:06 +0000: Cannot find datafile /etc/puppetlabs/code/environments//hieradata/common.json, skipping
DEBUG: 2015-12-09 22:35:06 +0000: Hiera YAML backend starting
DEBUG: 2015-12-09 22:35:06 +0000: Looking up pgwatch::password in YAML backend
DEBUG: 2015-12-09 22:35:06 +0000: Looking for data source common
DEBUG: 2015-12-09 22:35:06 +0000: Cannot find datafile /etc/puppetlabs/code/environments//hieradata/common.yaml, skipping
nil
The same query from Puppet fails as well:
# puppet agent -t
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Evaluation Error: Error while evaluating a Function Call, Could not find data item puppetdb::password in any Hiera data file and no default supplied at /etc/puppetlabs/code/environments/production/manifests/site.pp:10:49 on node todd.ca.seevibes.com
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
In the debug log for hiera, we can clearly see the missing environment in the search paths: /etc/puppetlabs/code/environments//hieradata/common.json
(notice the double //
before hieradata
).
I have found How do I specify $environment to Hiera on the command line? whose best answer says to pass ::environment=production
, which changes nothing. When I pass environment=production
, then the lookup "succeeds" but returns nothing:
# hiera --debug pgwatch::password 'environment=production'
DEBUG: 2015-12-09 22:42:12 +0000: Hiera JSON backend starting
DEBUG: 2015-12-09 22:42:12 +0000: Looking up pgwatch::password in JSON backend
DEBUG: 2015-12-09 22:42:12 +0000: Looking for data source common
DEBUG: 2015-12-09 22:42:12 +0000: Cannot find datafile /etc/puppetlabs/code/environments/production/hieradata/common.json, skipping
DEBUG: 2015-12-09 22:42:12 +0000: Hiera YAML backend starting
DEBUG: 2015-12-09 22:42:12 +0000: Looking up pgwatch::password in YAML backend
DEBUG: 2015-12-09 22:42:12 +0000: Looking for data source common
nil
I'm guessing that this time around, the path was correct, and the datafile was found, but the value wasn't returned.
I was expecting a Puppet run to find the value. What am I doing wrong?
# uname -a
Linux todd 3.10.23-xxxx-grs-ipv6-64 #1 SMP Mon Dec 9 16:02:37 CET 2013 x86_64 x86_64 x86_64 GNU/Linux
# puppet --version
4.3.1
# hiera --version
3.0.5
# puppet agent --configprint environment
production
# which puppet
/opt/puppetlabs/bin/puppet
# which hiera
/opt/puppetlabs/bin/hiera
Best Answer
in your file
/etc/puppetlabs/code/environments/production/hieradata/common.yaml
you need to writepuppetdb::password: mypass2
In yaml syntax this is a hash not a simple variable
In this way you have a simple variable