Hello experts,
I'm struggling with some node specific heria. I basically want to add the following lines to a number of nodes:
Match Address xx.xx.xx.xx
PermitRootLogin without-password
I have the following in place in an attempt to acheive this:
# pwd
/etc/puppetlabs/code/environments/production/modules/permitroot/manifests
# more *
::::::::::::::
config.pp
::::::::::::::
class permitroot::config (
$config_path = $permitroot::params::config_path
) inherits permitroot::params {
if $facts['os']['release']['major'] =~ /7/ {
file { 'Update SSHD PermitRoot':
ensure => $permitroot::config_present,
path => $permitroot::config_path,
content => $permitroot::permitroot_config.join("\n"),
owner => root,
group => root,
mode => '0600'
}
} else {
notice ('Assuming RHEL 6.x thus taking no action')
}
}
::::::::::::::
init.pp
::::::::::::::
class permitroot (
$service_name = $permitroot::params::service_name,
$config_path = $permitroot::params::config_path,
Array[String] $permitroot_config,
String $service_ensure,
Boolean $service_enable,
Boolean $service_hasrestart,
) inherits permitroot::params {
contain permitroot::config
contain permitroot::service
Class['permitroot::config']
-> Class['permitroot::service']
}
::::::::::::::
params.pp
::::::::::::::
class permitroot::params {
$service_name = 'sshd'
$config_path = '/etc/ssh/sshd_config'
}
::::::::::::::
service.pp
::::::::::::::
class permitroot::service (
$service_name = $permitroot::params::service_name,
) inherits permitroot::params {
service {'permitroot_service':
name => $service_name,
ensure => $permitroot::service_ensure,
enable => $permitroot::service_enable,
hasrestart => $permitroot::service_hasrestart,
}
}
This is probably not the best method and I'm still learning and don't want to use a module that has already been created by someone else at this point.
Here is the node specific heria:
# pwd
/etc/puppetlabs/code/environments/production/nodes
# more *
permitroot::permitroot_config:
- 'Match Address xx.xx.xx.xx
- 'PermitRootLogin without-password'
Hiera file:
# pwd
/etc/puppetlabs/code/environments/production
# more hiera.yaml
---
version: 5
defaults:
# The default value for "datadir" is "data" under the same directory as the hiera.yaml
# file (this file)
# When specifying a datadir, make sure the directory exists.
#datadir: data
data_hash: yaml_data
hierarchy:
- name: "Per-node data" # Human-readable name.
path: "nodes/%{trusted.certname}.yaml" # File path, relative to datadir.
- name: "Per-OS defaults"
path: "os/%{facts.os.family}.yaml"
- name: "Common data"
path: "common.yaml"
Site.pp file:
# more site.pp
...
...
...
When I run the puppet agent on the server about were I want the new vaules added, I see the see returned the following:
# puppet agent --no-daemonize --onetime --verbose --noop
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Retrieving locales
Info: Loading facts
Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Evaluation Error: Error while evaluating a Resource Statement, Class[Permitroot]: expects a value for parameter 'permitroot_config' (file: /etc/puppetlabs/code/environments/production/manifests/site.pp, line: 49, column: 3) on node lhcsrvprdcms01.fixnetix.com Info: Using cached catalog from environment 'production'
Info: Applying configuration version '1596101172'
Notice: Applied catalog in 2.39 seconds
Any help here would be appreciated.
Thanks,
Dan.