Linux
Satellite 6 的傀儡無法找到 hiera 數據源
使用 Foreman 1.6.0.53 附帶的 Satellite 6。
預設情況下,Puppetlabs 的文件指出 hiera 配置應該在
$config/hiera.yaml.# puppet config print confdir hiera_config confdir = /etc/puppet hiera_config = /etc/puppet/hiera.yaml查看我們的 hiera 配置:
# cat /etc/puppet/hiera.yaml --- :backends: yaml :yaml: :datadir: /var/lib/hiera :hierarchy: - users - groups - global數據文件存在:
# cat /var/lib/hiera/users.yaml --- users: bfernandez: uid: 300 fullname: Belmin Fernandez而且,為了測試它,我使用了 hiera 的 CLI 和一個
puppet apply:# hiera --conf=/etc/puppet/hiera.yaml --debug -h users DEBUG: 2015-05-06 14:11:37 -0400: Hiera YAML backend starting DEBUG: 2015-05-06 14:11:37 -0400: Looking up users in YAML backend DEBUG: 2015-05-06 14:11:37 -0400: Looking for data source users DEBUG: 2015-05-06 14:11:37 -0400: Found users in users DEBUG: 2015-05-06 14:11:37 -0400: Looking for data source groups DEBUG: 2015-05-06 14:11:37 -0400: Looking for data source global {"bfernandez"=>{"uid"=>300, "fullname"=>"Belmin Fernandez"}} # puppet apply -e '$foo = hiera_hash(users) notify { $foo: }' Notice: Compiled catalog for foosat.example.com in environment production in 0.08 seconds Notice: {"bfernandez"=>{"uid"=>300, "fullname"=>"Belmin Fernandez"}} Notice: /Stage[main]/Main/Notify[{"bfernandez"=>{"uid"=>300, "fullname"=>"Belmin Fernandez"}}]/message: defined 'message' as '{"bfernandez"=>{"uid"=>300, "fullname"=>"Belmin Fernandez"}}' Notice: Finished catalog run in 0.30 seconds到目前為止,一切看起來都不錯。但是,當我
hiera_hash('users')在模組中引用並將其應用於節點時,我收到此錯誤:May 6 13:49:04 foo1 puppet-agent[8688]: Could not retrieve catalog from remote server: Error 400 on SERVER: Could not find data item users in any Hiera data file and no default supplied at /etc/puppet/modules/accounts/manifests/init.pp:10 on node foo1.example.com關於我應該看什麼的任何想法?感覺好像我在工頭方面錯過了一些東西。
更新1:
根據@lsd,嘗試
/etc/hiera.yaml通過創建符號連結來代替配置。使用 hiera CLI 對其進行測試以確認配置:# hiera --conf=/etc/hiera.yaml --debug -h users DEBUG: 2015-05-06 14:31:13 -0400: Hiera YAML backend starting DEBUG: 2015-05-06 14:31:13 -0400: Looking up users in YAML backend DEBUG: 2015-05-06 14:31:13 -0400: Looking for data source defaults DEBUG: 2015-05-06 14:31:13 -0400: Cannot find datafile /var/lib/hiera/defaults.yaml, skipping DEBUG: 2015-05-06 14:31:13 -0400: Looking for data source users DEBUG: 2015-05-06 14:31:13 -0400: Found users in users DEBUG: 2015-05-06 14:31:13 -0400: Looking for data source groups DEBUG: 2015-05-06 14:31:13 -0400: Looking for data source global {"bfernandez"=>{"uid"=>300, "fullname"=>"Belmin Fernandez"}}但是仍然在代理上出現錯誤,因此無法解決問題。
在我的通勤路上思考之後,決定查看 SELinux,結果如下:
[root@foosat hiera]# grep yaml /var/log/audit/audit.log | head -n1 type=AVC msg=audit(1430926955.728:75727): avc: denied { getattr } for pid=17099 comm="ruby" path="/var/lib/hiera/users.yaml" dev="dm-2" ino=25185161 scontext=system_u:system_r:passenger_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file將 hiera 文件上的文件上下文更改為
puppet_etc_t(如果有人知道更合適的內容,請發表評論):[root@foosat hiera]# semanage fcontext -a -s system_u -t puppet_etc_t "/var/lib/hiera(/.*)?" [root@foosat hiera]# restorecon -R -v . restorecon reset /var/lib/hiera/users.yaml context unconfined_u:object_r:var_lib_t:s0->unconfined_u:object_r:puppet_etc_t:s0現在工作。希望這對其他人有幫助。