Ask Your Question

hiera dynamic lookup with external facts

asked 2016-02-12 11:09:01 -0600

grandmastertime gravatar image

It might be the day or the unstable caffeine levels, but this one is bugging me for more than a day now so I decided to ask here. The set up is simple:

In datadir:

In the first iteration of 'puppet agent -t' my site class creates an external fact based on the information in "nodes/%{::fqdn}". This works.

In the second iteration I expect hiera to load values from 'groups/service.yaml' and printout 'message' (also defined in the site class). However, when that happens I see the value from common.yaml. Clearly hiera did not its job.

It becomes more confusing if instead I try 'puppet apply -e "notice hiera('message')" which prints correctly the value from groups/service.yaml.

So the fact itself works, but hiera does not make any decisions on it. From and I would have expected this to work.

What am I doing wrong?

edit retag flag offensive close merge delete


<insert swear-words="" here="">.... so turns out that this lookup did not work because of SELINUX. Turned it off, restarted the machine, and everything is fine. Now I will have to lookup how to configure SELINUX properly on Centos 7.

grandmastertime gravatar imagegrandmastertime ( 2016-02-16 05:56:27 -0600 )edit

1 Answer

Sort by ยป oldest newest most voted

answered 2016-02-16 06:12:13 -0600

grandmastertime gravatar image

Since the comment section is too short for a full answer, here are some details. I was running on Scientific Linux 7.2 pretty much out-of-the-box, which had SELINUX enabled.

I only thought about checking this after I saw the following messages when running puppet agent -t -d

Debug: /File[/etc/puppetlabs/code/hiera.yaml]/seluser: Found seluser default 'system_u' for /etc/puppetlabs/code/hiera.yaml
Debug: /File[/etc/puppetlabs/code/hiera.yaml]/selrole: Found selrole default 'object_r' for /etc/puppetlabs/code/hiera.yaml
Debug: /File[/etc/puppetlabs/code/hiera.yaml]/seltype: Found seltype default 'etc_t' for /etc/puppetlabs/code/hiera.yaml
Debug: /File[/etc/puppetlabs/code/hiera.yaml]/selrange: Found selrange default 's0' for /etc/puppetlabs/code/hiera.yaml

with similar ones for facter. I changed SELINUX=enforcing to SELINUX=disabled in /etc/sysconfig/selinux and restarted the server. Everything worked as expected afterwards.

I've found some blog post which discuss how to make use Puppet to set up mysql without disabling SELINUX but nothing specific to my case. I assume hiera must have the permission to execute the custom facts, possibly. It is one of the things I would investigate further if I had the time for it.

For now, SELINUX will stay disabled.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2016-02-12 11:09:01 -0600

Seen: 3,188 times

Last updated: Feb 16 '16