Hiera Setup Lookup Complaining

[Dan Crisp]

Hello all,

Strugling to get started with Hiera (all new to me):

# more /etc/puppetlabs/puppet/hiera.yaml

---

# Hiera 5 Global configuration file

version: 5

# defaults:

#   data_hash: yaml_data

# hierarchy:

#  - name: Common

#    data_hash: yaml_data

hierarchy: []

# more environments/production/hiera.yaml

---

version: 5

defaults:

  # The default value for "datadir" is "data" under the same directory as the hiera.yaml

  # file (this file)

  # When specifying a datadir, make sure the directory exists.

  # See https://puppet.com/docs/puppet/latest/environments_about.html for further details on environments.

   datadir: data

   data_hash: yaml_data

hierarchy:

  - name: "Per-node data"                   # Human-readable name.

    path: "nodes/%{trusted.certname}.yaml"  # File path, relative to datadir.

  - name: "Per-OS defaults"

    path: "os/%{facts.os.family}.yaml"

  - name: "Common data"

    path: "common.yaml"

# more environment/production/data/nodes/nodename.domain.com.yaml

---

sshdconfig:

  match_address: "xx.xx.xx.xx"

  permit_root_login: without-password

I don't have many modules:

# puppet module list

Warning: Module 'puppetlabs-stdlib' (v6.1.0) fails to meet some dependencies:

  'saz-timezone' (v5.1.1) requires 'puppetlabs-stdlib' (>=2.6.0 < 6.0.0)

Warning: Missing dependency 'stm-debconf':

  'saz-timezone' (v5.1.1) requires 'stm-debconf' (>= 2.0.0 < 3.0.0)

/etc/puppetlabs/code/environments/production/modules

├── fixnetix-base (v0.1.0)

├── puppet-selinux (v3.0.0)

├── puppetlabs-stdlib (v6.1.0)

└── saz-timezone (v5.1.1)

/etc/puppetlabs/code/modules (no modules installed)

/opt/puppetlabs/puppet/modules (no modules installed)

# ls environments/production/modules/base/

appveyor.yml  CHANGELOG.md  data  examples  files  Gemfile  Gemfile.lock  hiera.yaml  manifests  metadata.json  Rakefile  README.md  spec  tasks  templates

The modules hiera.yaml is as follows:

# cat environments/production/modules/base/hiera.yaml

---

version: 5

defaults:  # Used for any hierarchy level that omits these keys.

  datadir: data         # This path is relative to hiera.yaml's directory.

  data_hash: yaml_data  # Use the built-in YAML backend.

hierarchy:

  - name: "osfamily/major release"

    paths:

      - "os/%{facts.os.family}/%{facts.os.release.major}.yaml"

        # Used for Solaris

      - "os/%{facts.os.family}/%{facts.kernelrelease}.yaml"

        # Used to distinguish between Debian and Ubuntu

      - "os/%{facts.os.name}/%{facts.os.release.major}.yaml"

  - name: "nodes"

      - "nodes/%{trusted.certname}.yaml"

  - name: "osfamily"

    paths:

      - "os/%{facts.os.family}.yaml"

      - "os/%{facts.os.name}.yaml"

  - name: 'common'

    path: 'common.yaml'

I get following returned when I lookup:

# puppet lookup match_address --node nodename.domain.com.yaml --explain

Searching for "lookup_options"

  Global Data Provider (hiera configuration version 5)

    No such key: "lookup_options"

  Environment Data Provider (hiera configuration version 5)

    Using configuration "/etc/puppetlabs/code/environments/production/hiera.yaml"

    Merge strategy hash

      Hierarchy entry "Per-node data"

        Path "/etc/puppetlabs/code/environments/production/data/nodes/.yaml"

          Original path: "nodes/%{trusted.certname}.yaml"

          Path not found

      Hierarchy entry "Per-OS defaults"

        Path "/etc/puppetlabs/code/environments/production/data/os/.yaml"

          Original path: "os/%{facts.os.family}.yaml"

          Path not found

      Hierarchy entry "Common data"

        Path "/etc/puppetlabs/code/environments/production/data/common.yaml"

          Original path: "common.yaml"

          Path not found

Searching for "match_address"

  Global Data Provider (hiera configuration version 5)

    No such key: "match_address"

  Environment Data Provider (hiera configuration version 5)

    Using configuration "/etc/puppetlabs/code/environments/production/hiera.yaml"

    Hierarchy entry "Per-node data"

      Path "/etc/puppetlabs/code/environments/production/data/nodes/.yaml"

        Original path: "nodes/%{trusted.certname}.yaml"

        Path not found

    Hierarchy entry "Per-OS defaults"

      Path "/etc/puppetlabs/code/environments/production/data/os/.yaml"

        Original path: "os/%{facts.os.family}.yaml"

        Path not found

    Hierarchy entry "Common data"

      Path "/etc/puppetlabs/code/environments/production/data/common.yaml"

        Original path: "common.yaml"

        Path not found

Function lookup() did not find a value for the name 'match_address'

[Henrik Lindberg]

On 2020-02-24 17:06, Dan Crisp wrote:
> Hello all,
>
> Strugling to get started with Hiera (all new to me):
>

First glance that looks ok, as you can see it is not finding your key in
any of the resulting paths. From where (which data file) was it supposed
to find the key you looked up?

Best,
- henrik


> # more /etc/puppetlabs/puppet/hiera.yaml
> ---
> *# Hiera 5 Global configuration file*

> The moduleshiera.yaml is as follows:

> --
> You received this message because you are subscribed to the Google
> Groups "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to puppet-users...@googlegroups.com
> <mailto:puppet-users...@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/795b8faa-ab78-4576-b8b8-ad31eba2c4e8%40googlegroups.com
> <https://groups.google.com/d/msgid/puppet-users/795b8faa-ab78-4576-b8b8-ad31eba2c4e8%40googlegroups.com?utm_medium=email&utm_source=footer>.


--

Visit my Blog "Puppet on the Edge"
http://puppet-on-the-edge.blogspot.se/

[Dan Crisp]

Hello Henrik, thanks for your reply.  This file:

environment/production/data/nodes/nodename.domain.com.yaml 

> an email to puppet...@googlegroups.com
> <mailto:puppet-users+unsub...@googlegroups.com>.

[Henrik Lindberg]

Dan Crisp wrote:
> environment/production/data/nodes/nodename.domain.com.yaml
As you can see in the output - the hiera path expanded to:

Path "/etc/puppetlabs/code/environments/production/data/nodes/.yaml"

Meaning that trusted.certname was empty. It would be empty if the node
"nodename.domain.com" never checked in with the puppet server to deposit
any facts. It will do that on its first agent run though.

Meanwhile you have to supply your own facts (and trusted) to do lookups
as it will be done when the node later requests a catalog. Look at the
help for the various flags to the lookup command to learn how to give it
values for facts and trusted information.

- henrik

[Dan Crisp]

I included the --compile option.  Now (not sure whether as a result of use --option) I can see /etc/puppetlabs/code/environments/production/data/nodes/nodename.domain.com.yaml in the output:

Searching for "lookup_options"

  Global Data Provider (hiera configuration version 5)

    No such key: "lookup_options"

  Environment Data Provider (hiera configuration version 5)

    Using configuration "/etc/puppetlabs/code/environments/production/hiera.yaml"

    Merge strategy hash

      Hierarchy entry "Per-node data"

        Path "/etc/puppetlabs/code/environments/production/data/nodes/nodename.fixnetix.com.yaml"

          Original path: "nodes/%{trusted.certname}.yaml"

          No such key: "lookup_options"

      Hierarchy entry "Per-OS defaults"

        Path "/etc/puppetlabs/code/environments/production/data/os/RedHat.yaml"

          Original path: "os/%{facts.os.family}.yaml"

          Path not found

      Hierarchy entry "Common data"

        Path "/etc/puppetlabs/code/environments/production/data/common.yaml"

          Original path: "common.yaml"

          Path not found

Searching for "match_address"

  Global Data Provider (hiera configuration version 5)

    No such key: "match_address"

  Environment Data Provider (hiera configuration version 5)

    Using configuration "/etc/puppetlabs/code/environments/production/hiera.yaml"

    Hierarchy entry "Per-node data"

      Path "/etc/puppetlabs/code/environments/production/data/nodes/lhcsrvmtrrsl01.fixnetix.com.yaml"

        Original path: "nodes/%{trusted.certname}.yaml"

        No such key: "match_address"

    Hierarchy entry "Per-OS defaults"

      Path "/etc/puppetlabs/code/environments/production/data/os/RedHat.yaml"

        Original path: "os/%{facts.os.family}.yaml"

        Path not found

    Hierarchy entry "Common data"

      Path "/etc/puppetlabs/code/environments/production/data/common.yaml"

        Original path: "common.yaml"

        Path not found

Function lookup() did not find a value for the name 'match_address'

Still no luck finding the requested value though.

Thanks,

Dan.

[Henrik Lindberg]

On 2020-02-25 13:42, Dan Crisp wrote:
> I included the --compile option.  Now (not sure whether as a result of
> use --option) I can
> see/etc/puppetlabs/code/environments/production/data/nodes/nodename.domain.com.yaml
> in the output:
>

Probably because you got a run done by the agent?
Anyway - first step, make sure you see the expected paths being read.
Then, for the file where you expect the key to be found and produce a
value, do check the content of that file - is it valid yaml, is it
representing what you think it represents?

best,
- henrik

> "nodename.domain.com <http://nodename.domain.com>" never checked in

> with the puppet server to deposit
> any facts. It will do that on its first agent run though.
>
> Meanwhile you have to supply your own facts (and trusted) to do lookups
> as it will be done when the node later requests a catalog. Look at the
> help for the various flags to the lookup command to learn how to
> give it
> values for facts and trusted information.
>
> - henrik
>
>
> --
>
> Visit my Blog "Puppet on the Edge"
> http://puppet-on-the-edge.blogspot.se/

> <http://puppet-on-the-edge.blogspot.se/>

>
> --
> You received this message because you are subscribed to the Google
> Groups "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send

> an email to puppet-users...@googlegroups.com
> <mailto:puppet-users...@googlegroups.com>.

> To view this discussion on the web visit

> https://groups.google.com/d/msgid/puppet-users/51b5a4bd-0e18-42c9-8cc3-9b77bcfd4218%40googlegroups.com
> <https://groups.google.com/d/msgid/puppet-users/51b5a4bd-0e18-42c9-8cc3-9b77bcfd4218%40googlegroups.com?utm_medium=email&utm_source=footer>.

[Bart-Jan Vrielink]

Hello,

I see you are looking for 'match_address', but in Hiera it is stored as 'sshdconfig::match_address'.

-----Original message-----
From: Dan Crisp <djc...@gmail.com>
Sent: Tuesday 25th February 2020 13:42
To: Puppet Users <puppet...@googlegroups.com>
Subject: Re: [Puppet Users] Hiera Setup Lookup Complaining

I included the --compile option.  Now (not sure whether as a result of use --option) I can see /etc/puppetlabs/code/environments/production/data/nodes/nodename.domain.com.yaml in the output:

"nodename.domain.com" never checked in with the puppet server to deposit

any facts. It will do that on its first agent run though.

Meanwhile you have to supply your own facts (and trusted) to do lookups
as it will be done when the node later requests a catalog. Look at the
help for the various flags to the lookup command to learn how to give it
values for facts and trusted information.

- henrik


--

Visit my Blog "Puppet on the Edge"
http://puppet-on-the-edge.blogspot.se/

--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.

To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/51b5a4bd-0e18-42c9-8cc3-9b77bcfd4218%40googlegroups.com.

[Dan Crisp]

This is what I have:

---

sshdconfig:

  match_address: "xx.xx.xx.xx"

  permit_root_login: without-password

YAML Lint validates the YAML ok.

However, it doesn't matter what I put in this file (Non YAML or a bunch of random characters ) the result is the same so I suspect it's not being read.  How can I confirm that the file is actualy being read rather than simply sucessfully displayed in the lookup output.

> an email to puppet...@googlegroups.com
> <mailto:puppet-users+unsub...@googlegroups.com>.

[Dan Crisp]

Hello Bart,

Thanks for your reply.  Yes that threw me also.  I was originally looking for sshdconfig::match_adddress however the output from lookup returned:

Searching for "sshdconfig::match_address"

  Global Data Provider (hiera configuration version 5)

    Using configuration "/etc/puppetlabs/puppet/hiera.yaml"

    No such key: "sshdconfig::match_address"

  Environment Data Provider (hiera configuration version 5)

    Using configuration "/etc/puppetlabs/code/environments/production/hiera.yaml"

    Hierarchy entry "Per-node data (yaml version)"

      Path "/etc/puppetlabs/code/environments/production/data/nodes/lhcsrvmtrrsl01.fixnetix.com.yaml"

        Original path: "nodes/%{::trusted.certname}.yaml"

        Path not found

    Hierarchy entry "Other YAML hierarchy levels"

      Path "/etc/puppetlabs/code/environments/production/data/common.yaml"

        Original path: "common.yaml"

        Path not found

  Module "sshdconfig" not found

Function lookup() did not find a value for the name 'sshdconfig::match_address'

Suggesting that it was expecting sshdconfig to be be a module.  Not the case in this instance.  In fact, the hiera in question is not refferenced in any module or class etc.  Is that the issue?

To unsubscribe from this group and stop receiving emails from it, send an email to puppet...@googlegroups.com.

[Bart-Jan Vrielink]

Hello,

What you have in Hiera is the following:

---
sshdconfig:
  match_address: "xx.xx.xx.xx"
  permit_root_login: without-password

This is a single key sshdconfig with the value:

{
          "match_address" => "xx.xx.xx.xx",
          "permit_root_login" => "without-password"
}

If you want to use the contents of match_address in your Puppet code, you would need to lookup sshdconfig and then access $sshconfig['match_address'], or rewrite your yaml into something like:

---
sshdconfig::match_address: "xx.xx.xx.xx"
sshdconfig::permit_root_login: without-password

Where you can lookup sshdconfig::match_address

As you've already noted, this naming convention is most appropriate for a module sshdconfig. If there is such a module, its parameters match_address and permit_root_login would be automatically looked up in Hiera.

 

To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/b14bdcca-7a45-45b7-9045-749c6633ae0e%40googlegroups.com.

[Henrik Lindberg]

On 2020-02-25 16:51, Dan Crisp wrote:
> This is what I have:
>
> ---
> sshdconfig:
>   match_address: "xx.xx.xx.xx"
>   permit_root_login: without-password
>
> YAML Lint validates the YAML ok.
>
> However, it doesn't matter what I put in this file (Non YAML or a bunch
> of random characters ) the result is the same so I suspect it's not
> being read.  How can I confirm that the file is actualy being read
> rather than simply sucessfully displayed in the lookup output.

Check permissions on files, it may be silently skipping files that
cannot be read.
- henrik

> > an email to puppet...@googlegroups.com <javascript:>
> > <mailto:puppet-users...@googlegroups.com <javascript:>>.

> > To view this discussion on the web visit
> >
> https://groups.google.com/d/msgid/puppet-users/51b5a4bd-0e18-42c9-8cc3-9b77bcfd4218%40googlegroups.com
> <https://groups.google.com/d/msgid/puppet-users/51b5a4bd-0e18-42c9-8cc3-9b77bcfd4218%40googlegroups.com>
>
> >

> <https://groups.google.com/d/msgid/puppet-users/51b5a4bd-0e18-42c9-8cc3-9b77bcfd4218%40googlegroups.com?utm_medium=email&utm_source=footer

> <https://groups.google.com/d/msgid/puppet-users/51b5a4bd-0e18-42c9-8cc3-9b77bcfd4218%40googlegroups.com?utm_medium=email&utm_source=footer>>.
>
>
>
> --
>
> Visit my Blog "Puppet on the Edge"
> http://puppet-on-the-edge.blogspot.se/

> <http://puppet-on-the-edge.blogspot.se/>
>
> --
> You received this message because you are subscribed to the Google
> Groups "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send

> an email to puppet-users...@googlegroups.com
> <mailto:puppet-users...@googlegroups.com>.

> To view this discussion on the web visit

> https://groups.google.com/d/msgid/puppet-users/25c608f0-78db-4b67-b563-de872b7a2d36%40googlegroups.com
> <https://groups.google.com/d/msgid/puppet-users/25c608f0-78db-4b67-b563-de872b7a2d36%40googlegroups.com?utm_medium=email&utm_source=footer>.

[Dan Crisp]

Look all good to me:

puppet@puppet:/etc/puppetlabs/puppet$ ls -ltr

total 40

-rw-r--r--. 1 puppet puppet 5487 Sep 23 22:22 auth.conf

-rw-r--r--. 1 puppet puppet  657 Sep 24 12:17 puppet.conf

drwxrwx--x. 1 puppet puppet 4096 Sep 27 16:22 ssl

drwxr-x---. 2 puppet puppet 4096 Sep 27 22:32 devices

-rw-r--r--. 1 puppet puppet  219 Feb 26 13:43 hiera.yaml

puppet@puppet:/etc/puppetlabs/puppet$ more hiera.yaml

---

# Hiera 5 Global configuration file

version: 5

#defaults:

#data_hash: yaml_data

#  datadir: /etc/puppetlabs/code/environments/production/data

# hierarchy:

#  - name: Common

#    data_hash: yaml_data

#hierarchy: []

puppet@puppet:/etc/puppetlabs/code/environments/production$ ls -ltr

total 16

drwxr-xr-x. 6 root root 4096 Oct 22 14:06 modules

drwxr-xr-x. 2 root root 4096 Feb 18 16:04 manifests

-rw-r--r--. 1 root root  618 Feb 26 12:40 hiera.yaml

drwxr-xr-x. 3 root root 4096 Feb 26 13:07 data

puppet@puppet:/etc/puppetlabs/code/environments/production$ more hiera.yaml

---

version: 5

defaults:

  # The default value for "datadir" is "data" under the same directory as the hiera.yaml

  # file (this file)

  # When specifying a datadir, make sure the directory exists.

  # See https://puppet.com/docs/puppet/latest/environments_about.html for further details on environments.

  #datadir: data

  data_hash: yaml_data

hierarchy:

  - name: "Per-node data"                   # Human-readable name.

    path: "nodes/%{trusted.certname}.yaml"  # File path, relative to datadir.

  - name: "Per-OS defaults"

    path: "os/%{facts.os.family}.yaml"

  - name: "Common data"

    path: "common.yaml"

puppet@puppet:/etc/puppetlabs/code/environments/production/data/nodes$ ls -ltr

total 8

-rw-r--r--. 1 root root 31 Feb 25 15:42 nodename.domain.com.yaml

puppet@puppet:/etc/puppetlabs/code/environments/production/data/nodes$ more nodename.domain.com.yaml

---

sshdconfig::match_address: "xx.xx.xx.xx"

sshdconfig::permit_root_login: without-password

Some files above are onwned by root however, have sufficient permissions to be at least read.

>      > <mailto:puppet-users+unsub...@googlegroups.com <javascript:>>.

>      > To view this discussion on the web visit
>      >
>     https://groups.google.com/d/msgid/puppet-users/51b5a4bd-0e18-42c9-8cc3-9b77bcfd4218%40googlegroups.com
>     <https://groups.google.com/d/msgid/puppet-users/51b5a4bd-0e18-42c9-8cc3-9b77bcfd4218%40googlegroups.com>
>
>      >
>     <https://groups.google.com/d/msgid/puppet-users/51b5a4bd-0e18-42c9-8cc3-9b77bcfd4218%40googlegroups.com?utm_medium=email&utm_source=footer
>     <https://groups.google.com/d/msgid/puppet-users/51b5a4bd-0e18-42c9-8cc3-9b77bcfd4218%40googlegroups.com?utm_medium=email&utm_source=footer>>.
>
>
>
>     --
>
>     Visit my Blog "Puppet on the Edge"
>     http://puppet-on-the-edge.blogspot.se/
>     <http://puppet-on-the-edge.blogspot.se/>
>
> --
> You received this message because you are subscribed to the Google
> Groups "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send

> an email to puppet...@googlegroups.com
> <mailto:puppet-users+unsub...@googlegroups.com>.

[Dan Crisp]

Still no joy with lookup despite re-writing Hiera as per you example. 

To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/b14bdcca-7a45-45b7-9045-749c6633ae0e%40googlegroups.com.

[Becca Robinson]

Hi Dan,

I see that you have this `puppet lookup match_address --node nodename.domain.com.yaml —explain` .

Might want to ditch the .yaml from the node name.

-- 
Becca Robinson
Senior Professional Services Engineer
be...@puppet.com | @_itgrl_
cell: (913) 752-7084
Puppet The shortest path to better software.

[Dan Crisp]

Thanks all.  Have this working now.  

[Dirk Heinrichs]

Am Mittwoch, den 26.02.2020, 05:57 -0800 schrieb Dan Crisp:

sshdconfig::match_address: "xx.xx.xx.xx"

Just to clarify: Is "puppet lookup" supposed to find "sshdconfig::match_address" when only "match_address" was given?

Bye...

	Dirk

-- 

Dirk Heinrichs

Senior Systems Engineer, Delivery Pipeline

OpenText ™ Discovery | Recommind

Phone: +49 2226 15966 18

Email: dhei...@opentext.com

Website: www.recommind.de

Recommind GmbH, Von-Liebig-Straße 1, 53359 Rheinbach

Vertretungsberechtigte Geschäftsführer Gordon Davies, Madhu Ranganathan, Christian Waida, Registergericht Amtsgericht Bonn, Registernummer HRB 10646

This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden

Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail sind nicht gestattet.

[Martin Alfke]

Hi,

Am Mittwoch, den 26.02.2020, 05:57 -0800 schrieb Dan Crisp:

sshdconfig::match_address: "xx.xx.xx.xx"

Just to clarify: Is "puppet lookup" supposed to find "sshdconfig::match_address" when only "match_address" was given

No!

Hiera looks for a string based key, not regex.

You must specify the full string when using puppet lookup

puppet lookup sshdconfig::match_address —explain …

Same is for Puppet Code:

$match_address = lookup(’sshdconfig::match_address’)

Consider the following: you have 3 classes which use a $port parameter.

Which one to take? The one for ssh Class, apache class, postfix class?

That is the reason why you must provide a parameter with its namespace (=class name).

Hth,

Martin

[Dirk Heinrichs]

Am Dienstag, den 03.03.2020, 11:14 +0100 schrieb Martin Alfke:

sshdconfig::match_address: "xx.xx.xx.xx"

Just to clarify: Is "puppet lookup" supposed to find "sshdconfig::match_address" when only "match_address" was given

No!

That was my thought, too. So the "puppet lookup" command (see first post) was (also) wrong.