Ask Your Question
0

how to use hiera_include with a device?

asked 2015-09-22 23:20:03 -0500

CWakefield gravatar image

Puppet Enterprise 3.8

Trying to classify a device such as an F5 BigIP F5 PuppetForge module

At present I am making use of hiera_include in my default node definition in site.pp as per the documentation.

I am looking for 'profiles' key.

This works for normal nodes such as other Linux servers, but doesn't get picked up by devices.

My hiera.yaml has in it (just an extract not whole file)

:hierarchy:
...
 - "devices/%{::fqdn}"
 - "devices/%{::clientcert}"
...

The values for the facts %{::fqdn} and %{::clientcert} as seen in the PE console is f5ltm.local

My device yaml file is entitled f5ltm.local and has the following content

---
profiles:
 - profile::f5ltm_local

A hiera command line lookup finds the profiles hash

# hiera -d profiles ::clientcert=f5ltm.local ::environment=production
DEBUG: 2015-09-23 14:09:35 +1000: Hiera YAML backend starting
DEBUG: 2015-09-23 14:09:35 +1000: Looking up profiles in YAML backend
DEBUG: 2015-09-23 14:09:35 +1000: Looking for data source devices/f5ltm.local
DEBUG: 2015-09-23 14:09:35 +1000: Found profiles in devices/f5ltm.local
["profile::f5ltm_local"]

Or

# hiera -d profiles ::fqdn=f5ltm.local ::environment=production
DEBUG: 2015-09-23 14:10:50 +1000: Hiera YAML backend starting
DEBUG: 2015-09-23 14:10:50 +1000: Looking up profiles in YAML backend
DEBUG: 2015-09-23 14:10:50 +1000: Looking for data source devices/f5ltm.local
DEBUG: 2015-09-23 14:10:50 +1000: Found profiles in devices/f5ltm.local
["profile::f5ltm_local"]

And the class is define properly

class profile::f5ltm_local
{
 f5_node {'/Common/webserver01':
  ensure => 'present',
  address => '192.168.1.139',
  description => 'webserver01',
  availability_requirement => 'all',
  health_monitors => ['/Common/icmp'],
 }->
 f5_node {'/Common/webserver02':
  ensure => 'present',
  address => '192.168.1.140',
  description => 'webserver02',
  availability_requirement => 'all',
  health_monitors => ['/Common/icmp'],
 }
}

However runs of puppet command line have no affect on the F5 BigIP

# puppet device --verbose
Info: starting applying configuration to f5ltm.local at https://f5ltm.local:443/
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for f5ltm.local
Info: Applying configuration version '1442981699'
Notice: Finished catalog run in 0.11 seconds

Any idea why devices are not being handled by the default node definition in site.pp?

edit retag flag offensive close merge delete

Comments

1

Possibly dumb question, but have you done this? "You must install the faraday gem into the Puppet Ruby environment on the proxy host (Puppet agent). You can do this by declaring the f5 class on that host. If you do not install the faraday gem, the module will not work."

GregLarkin gravatar imageGregLarkin ( 2015-09-23 18:41:11 -0500 )edit

Can you also run "puppet device --verbose --debug" and post the output of that? Can you log into the F5 device and tell if the connection from the proxy agent node was successful or not or if there are any errors? I don't know anything about F5, so these suggestions may not make sense.

GregLarkin gravatar imageGregLarkin ( 2015-09-23 18:42:43 -0500 )edit

If I add a specific node definition site.pp or add hiera_include to the end of site.pp (rather than in the default node) definition then the catalog picks up my changes without issue. But not sure why it doesn't work within the default node.

CWakefield gravatar imageCWakefield ( 2015-09-27 19:35:48 -0500 )edit

The faraday gem is indeed deployed onto the PuppetMaster which is acting as the proxy host in my simple lab setup.

CWakefield gravatar imageCWakefield ( 2015-09-28 00:21:54 -0500 )edit

1 Answer

Sort by ยป oldest newest most voted
0

answered 2015-09-28 00:19:34 -0500

CWakefield gravatar image

At present the only way that I can get this to work is to

  1. Moved the hiera_include() out of the default node definition in site.pp to the end of site.pp
  2. Create a specific node definition for f5ltm.local and do the hiera_include

Neither of these are attractive.

  1. The act of moving hiera_include() out of the default node means that it will be applied to all nodes, even those with specific definitions
  2. The specific node definition moves away from using hiera_include() and profiles hiera data to classify and assign profiles to a node

Even with --debug enable I am not sure how to find out why the default node definition doesn't get applied to a device node.

edit flag offensive delete link more

Comments

Not sure why the default node declaration isn't working, but here's a crazy idea. Does it work if you create a node declaration like "node /^.+$/ { ... }"? That regexp should match on all hostnames and work just like the "node default" declaration. I'm interested to know if that fails or not.

GregLarkin gravatar imageGregLarkin ( 2015-09-29 09:54:02 -0500 )edit

Please post a link to the output from running with the debug flag, too. It may provide some clues.

GregLarkin gravatar imageGregLarkin ( 2015-09-29 09:54:33 -0500 )edit

Run with default node using hiera_include() http://pastebin.com/iJ1zRgEi

CWakefield gravatar imageCWakefield ( 2015-09-30 00:13:09 -0500 )edit

Run with hiera_include() at the end of site.pp http://pastebin.com/Bw2G2nr1

CWakefield gravatar imageCWakefield ( 2015-09-30 00:18:19 -0500 )edit

Can you post your site.pp and device.conf files? Also, have tried increasing verbose logging on the F5 device to see if a connection is made from your Puppet master and if any commands are issued to the F5 device? Finally, did my idea of creating a separate "match all" node declaration work?

GregLarkin gravatar imageGregLarkin ( 2015-09-30 11:47:48 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2015-09-22 23:20:03 -0500

Seen: 232 times

Last updated: Sep 28 '15