Ask Your Question
0

Why does the keystone module think my custom fact is a String and not a Hash?

asked 2017-07-31 18:42:47 -0500

Red Cricket gravatar image

updated 2017-07-31 18:45:28 -0500

Hi,

I am trying to create a custom fact I can use as the value for a class parameter in a hiera yaml file.

I am using the openstack/puppet-keystone module and I want to use fernet-keys. According to the comments in the module I can use this parameter.

# [*fernet_keys*]
#   (Optional) Hash of Keystone fernet keys
#   If you enable this parameter, make sure enable_fernet_setup is set to True.
#   Example of valid value:
#   fernet_keys:
#     /etc/keystone/fernet-keys/0:
#       content: c_aJfy6At9y-toNS9SF1NQMTSkSzQ-OBYeYulTqKsWU=
#     /etc/keystone/fernet-keys/1:
#       content: zx0hNG7CStxFz5KXZRsf7sE4lju0dLYvXdGDIKGcd7k=
#   Puppet will create a file per key in $fernet_key_repository.
#   Note: defaults to false so keystone-manage fernet_setup will be executed.
#   Otherwise Puppet will manage keys with File resource.
#   Defaults to false

So wrote this custom fact ...

[root@puppetmaster modules]# cat keystone_fernet/lib/facter/fernet_keys.rb
Facter.add(:fernet_keys) do
  setcode do
    fernet_keys = {}

    puts ( 'Debug keyrepo is /etc/keystone/fernet-keys' )
    Dir.glob('/etc/keystone/fernet-keys/*').each do |fernet_file|
      data = File.read(fernet_file)
      if data
    content = {}
        puts ( "Debug Key file #{fernet_file} contains #{data}" )
        fernet_keys[fernet_file] = { 'content' => data }
      end
    end
    fernet_keys
  end
end

Then in my keystone.yaml file I have this line:

keystone::fernet_keys: '%{::fernet_keys}'

But when I run puppet agent -t on my node I get this error:

Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Evaluation Error: Error while evaluating a Function Call, "{\"/etc/keystone/fernet-keys/1\"=>{\"content\"=>\"xxxxxxxxxxxxxxxxxxxx=\"}, \"/etc/keystone/fernet-keys/0\"=>{\"content\"=>\"xxxxxxxxxxxxxxxxxxxx=\"}}" is not a Hash.  It looks to be a String at /etc/puppetlabs/code/environments/production/modules/keystone/manifests/init.pp:1144:7 on node mgmt-01

I had assumed that I had formatted the hash correctly because facter -p fernet_keys output this on the agent:

{
  /etc/keystone/fernet-keys/1 => {
    content => "xxxxxxxxxxxxxxxxxxxx="
  },
  /etc/keystone/fernet-keys/0 => {
    content => "xxxxxxxxxxxxxxxxxxxx="
  }
}

The code in the keystone module looks like this (with line numbers)

1142
1143   if $fernet_keys {
1144       validate_hash($fernet_keys)
1145       create_resources('file', $fernet_keys, {
1146           'owner'     => $keystone_user,
1147           'group'     => $keystone_group,
1148           'subscribe' => 'Anchor[keystone::install::end]',
1149         }
1150       )
1151     } else {
edit retag flag offensive close merge delete

Comments

Just to sort out easy things first: You're _not_ using some old version of Puppet, are you (in conjunction with `parser = future`). Because there was `stringify_facts` https://docs.puppet.com/puppet/3.8/configuration.html#stringifyfacts

Kai Burghardt gravatar imageKai Burghardt ( 2017-08-01 04:01:46 -0500 )edit

I am using opensource puppet 4.10.

Red Cricket gravatar imageRed Cricket ( 2017-08-01 13:02:17 -0500 )edit

1 Answer

Sort by » oldest newest most voted
1

answered 2017-09-14 12:18:08 -0500

Emerson Prado gravatar image

updated 2017-09-14 12:19:29 -0500

Probably, it's Hiera that converting your hash to string: https://docs.puppet.com/puppet/4.10/h...
"Hiera can interpolate values of any of Puppet’s data types, and converts them to strings if necessary". The docs aren't clear to me on when the conversion is done.

But I noticed you don't need to interpolate your fact in a string, but just use the plain fact instead. Did you try to reference in Hiera without quoting? I risk saying the quoting itself is converting the hash to string.
keystone::fernet_keys: %{::fernet_keys}

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2017-07-31 18:42:47 -0500

Seen: 66 times

Last updated: Sep 14