我正在使用工头,Puppet和Hiera为我的节点提供参数数据。 每个节点都在/ etc / puppet / hieradata的Puppet Master上有自己的node.yaml文件。 还有一个global.yaml文件,它定义了node.yaml文件中找不到的其他一些参数。 看来,当我做一个puppet运行,pi_firewall :: global :: loghash参数不是从global.yaml拉入。
下面是实际的错误信息,我已经在节点和PM以及hiera.yamlconfiguration文件和global.yaml上运行了一些CLItesting。
==错误信息==
root@door0036:~# puppet agent -t Warning: Local environment: "production" doesn't match server specified node environment "development", switching agent to "development". Info: Retrieving pluginfacts Info: Retrieving plugin Info: Loading facts Error: Could not retrieve catalog from remote server: Error 400 on SERVER: create_resources(): second argument must be a hash at /etc/puppet/environments/development/modules/pi_firewall/manifests/init.pp:52 on node door0036.domain.com Warning: Not using cache on failed catalog Error: Could not retrieve catalog; skipping run ==冉应用节点(Puppet)==
root@door0036:~# puppet apply -e '$loghash = hiera(pi_firewall::global::loghash) notify { $loghash: }' Error: Could not find data item pi_firewall::global::loghash in any Hiera data file and no default supplied at line 1 on node door0036.neardesk.com Error: Could not find data item pi_firewall::global::loghash in any Hiera data file and no default supplied at line 1 on node door0036.neardesk.com
PM(CLI)== Ran Ran Hiera
ubuntu@foreman:/etc/puppet/hieradata$ hiera pi_firewall::global::loghash ::fqdn=door0036.neardesk.com{"000 accept all icmp"=> {"proto"=>"icmp", "action"=>"accept", "chain"=>"INPUT"}, "000 allow any related or established"=> {"proto"=>"all", "state"=>["RELATED", "ESTABLISHED"], "action"=>"accept", "chain"=>"INPUT"}, "002 accept dst_type MULTICAST"=> {"dst_type"=>"MULTICAST", "chain"=>"INPUT", "action"=>"accept"}, "002 accept dst_type BROADCAST"=> {"dst_type"=>"BROADCAST", "chain"=>"INPUT", "action"=>"accept"}, "501 allow ssh access to unit"=> {"port"=>22, "proto"=>"tcp", "action"=>"accept", "chain"=>"INPUT"}, "100 allow http access to this device"=> {"port"=>80, "proto"=>"tcp", "action"=>"accept", "chain"=>"INPUT"}, "101 allow monit http access to this device"=> {"port"=>2812, "proto"=>"tcp", "action"=>"accept", "chain"=>"INPUT"}, "999 drop all"=>{"proto"=>"all", "action"=>"drop"}}
在PM == hiera.yaml
--- :backends: - yaml :yaml: :datadir: /etc/puppet/hieradata :hierarchy: - "%{::clientcert}" - global
== global.yaml(/ etc / puppet / hieradata /)==
pi_firewall::global::loghash: '000 accept all icmp': proto: icmp action: accept chain: INPUT '000 allow any related or established': proto: all state: ['RELATED', 'ESTABLISHED'] action: accept chain: 'INPUT' '002 accept dst_type MULTICAST': dst_type: MULTICAST chain: INPUT action: accept '002 accept dst_type BROADCAST': dst_type: BROADCAST chain: INPUT action: accept '501 allow ssh access to unit': port: 22 proto: tcp action: accept chain: INPUT '100 allow http access to this device': port: 80 proto: tcp action: accept chain: INPUT '101 allow monit http access to this device': port: 2812 proto: tcp action: accept chain: INPUT '999 drop all': proto: all action: drop pi_ssh::sshd_enabled: 'no' pi_cardreader::nd_byip: 'value' pi_cardreader::nd_id: 'value2' pi_cardreader::nd_password: 'value3' pi_cardreader::nd_mode: 'value4' pi_wallboard::url: 'http://tv.neardesk.com/?mac='