I am working on a script that would require passing the Instance profile arn. I have been using puppet to retrieve some information using its facter capability. Below is an (snippet)example of a facter output found online, the full output can be found here (https://gist.github.com/cliff-wakefield/b232ef51799908a0264eb7e95af09092). What I'd like to obtain is the "InstanceProfileArn"
ec2_metadata => {
ami-id => "ami-34281c57",
ami-launch-index => "0",
ami-manifest-path => "(unknown)",
block-device-mapping => {
ami => "/dev/sda1",
root => "/dev/sda1"
},
hostname => "ip-10-180-0-40.ap-southeast-2.compute.internal",
iam => {
info => "{
"Code" : "Success",
"LastUpdated" : "2016-08-28T23:12:36Z",
"InstanceProfileArn" : "arn:aws:iam::750105279227:instance-profile/AnexPrereqs-AnexIAMInstanceProfile-11O8QJAS4XO7S",
"InstanceProfileId" : "AIPAI6YKKPRVVX2XD6LCK"
}"
By running facter ec2_metadata.iam.info, I get:
{
"Code" : "Success",
"LastUpdated" : "2016-08-28T23:12:36Z",
"InstanceProfileArn" : "arn:aws:iam::750105279227:instance-profile/AnexPrereqs-AnexIAMInstanceProfile-11O8QJAS4XO7S",
"InstanceProfileId" : "AIPAI6YKKPRVVX2XD6LCK"
}
However, I am struggling to get the "InstanceProfileArn" printed on the console.
So, two things I want to be able to achieve:
By running facter ec2_metadata.iam.info.<InstanceProfileArn>
from within my instance, I want to be able to see instance profile
arn printed in the console.
Secondly, I understand that the way the above command is passed in
puppet will be slightly different and would look something like
$facts[ec2_metadata][iam][info][InstanceProfileArn]. What
would be the correct syntax to then be passed into puppet manifest?
There is a function called parsejson in the Puppet Forge stdlib module. It can be used to parse a string containing JSON into a Puppet hash. An example using your data:
$ cat Puppetfile
forge "https://forgeapi.puppetlabs.com"
mod "puppetlabs-stdlib", "4.25.1"
$ r10k puppetfile install
$ cat foo.pp
include stdlib
# should be $info_json = $facts[ec2_metadata][iam][info], but for this example
# we'll use a literal...
$info_json = #(INFO)
{
"Code" : "Success",
"LastUpdated" : "2016-08-28T23:12:36Z",
"InstanceProfileArn" : "arn:aws:iam::750105279227:instance-profile/AnexPrereqs-AnexIAMInstanceProfile-11O8QJAS4XO7S",
"InstanceProfileId" : "AIPAI6YKKPRVVX2XD6LCK"
}
INFO
$info = parsejson($info_json)
$instance_profile_arn = $info['InstanceProfileArn']
notice($instance_profile_arn)
$ puppet apply --modulepath=modules foo.pp
Notice: Scope(Class[main]): arn:aws:iam::750105279227:instance-profile/AnexPrereqs-AnexIAMInstanceProfile-11O8QJAS4XO7S
[...]
Related
I installed corosync-pacemaker cluster via puppet. Now I would to like keep my data into hiera file. How should I convert cs_primitive section into yaml file?
cs_primitive { 'nfsshare_fs':
primitive_class => 'ocf',
primitive_type => 'Filesystem',
provided_by => 'heartbeat',
parameters => { 'device' => '/dev/disk/lvname', 'directory' =>
'/share', 'fstype' => 'ext4' },
}->
I tried the below code but it didn't work.
corosync::cs_primitive:
'nfsshare_fs':
primitive_class: 'ocf'
primitive_type: 'Filesystem'
provided_by: 'heartbeat'
parameters:
device: '/dev/disk/by-id/lvname'
directory: '/share'
fstype: 'ext4'
It won't work because cs_primitive is a resource type, like, for example, File.
If you want to use it from Hiera, then you could create a class that wraps cs_primitive applying and then connect this class with Hiera.
classes:
- my_class
my_class::param1: value1
my_class::param2: value2
Useful links:
https://puppet.com/docs/puppet/7/lang_defined_types.html
https://puppet.com/docs/puppet/7/lang_classes.html
I am trying to create a custom fact I can use as the value for a class parameter in a hiera yaml file.
I am using the openstack/puppet-keystone module and I want to use fernet-keys.
According to the comments in the module I can use this parameter.
# [*fernet_keys*]
# (Optional) Hash of Keystone fernet keys
# If you enable this parameter, make sure enable_fernet_setup is set to True.
# Example of valid value:
# fernet_keys:
# /etc/keystone/fernet-keys/0:
# content: c_aJfy6At9y-toNS9SF1NQMTSkSzQ-OBYeYulTqKsWU=
# /etc/keystone/fernet-keys/1:
# content: zx0hNG7CStxFz5KXZRsf7sE4lju0dLYvXdGDIKGcd7k=
# Puppet will create a file per key in $fernet_key_repository.
# Note: defaults to false so keystone-manage fernet_setup will be executed.
# Otherwise Puppet will manage keys with File resource.
# Defaults to false
So wrote this custom fact ...
[root#puppetmaster modules]# cat keystone_fernet/lib/facter/fernet_keys.rb
Facter.add(:fernet_keys) do
setcode do
fernet_keys = {}
puts ( 'Debug keyrepo is /etc/keystone/fernet-keys' )
Dir.glob('/etc/keystone/fernet-keys/*').each do |fernet_file|
data = File.read(fernet_file)
if data
content = {}
puts ( "Debug Key file #{fernet_file} contains #{data}" )
fernet_keys[fernet_file] = { 'content' => data }
end
end
fernet_keys
end
end
Then in my keystone.yaml file I have this line:
keystone::fernet_keys: '%{::fernet_keys}'
But when I run puppet agent -t on my node I get this error:
Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Evaluation Error: Error while evaluating a Function Call, "{\"/etc/keystone/fernet-keys/1\"=>{\"content\"=>\"xxxxxxxxxxxxxxxxxxxx=\"}, \"/etc/keystone/fernet-keys/0\"=>{\"content\"=>\"xxxxxxxxxxxxxxxxxxxx=\"}}" is not a Hash. It looks to be a String at /etc/puppetlabs/code/environments/production/modules/keystone/manifests/init.pp:1144:7 on node mgmt-01
I had assumed that I had formatted the hash correctly because facter -p fernet_keys output this on the agent:
{
/etc/keystone/fernet-keys/1 => {
content => "xxxxxxxxxxxxxxxxxxxx="
},
/etc/keystone/fernet-keys/0 => {
content => "xxxxxxxxxxxxxxxxxxxx="
}
}
The code in the keystone module looks like this (with line numbers)
1142
1143 if $fernet_keys {
1144 validate_hash($fernet_keys)
1145 create_resources('file', $fernet_keys, {
1146 'owner' => $keystone_user,
1147 'group' => $keystone_group,
1148 'subscribe' => 'Anchor[keystone::install::end]',
1149 }
1150 )
1151 } else {
Puppet does not necessarily think your fact value is a string -- it might do, if the client is set to stringify facts, but that's actually beside the point. The bottom line is that Hiera interpolation tokens don't work the way you think. Specifically:
Hiera can interpolate values of any of Puppet’s data types, but the
value will be converted to a string.
(Emphasis added.)
My puppet config is:
class { 'elasticsearch':
java_install => true,
manage_repo => true,
repo_version => '2.x',
version => "2.4.4",
}
elasticsearch::instance { 'es-01': }
After running puppet agent got this error:
Error: Failed to apply catalog: Section "base" is already defined, cannot redefine in /etc/yum.repos.d/centos.repo
Elasticsearch is running on centos-7
This is caused by puppet pre-fetching the yum repos.
If there are more than one repository with the same label you will see your already defined error when puppet is set to use Yumrepo. The error will show the first duplicate alphabetically and abort.
You can reproduce the error following these steps: duplicate a .repo, apply manifest with yumrepo
Initial Repo:
puppet apply -e "yumrepo { 'test': ensure => 'present', baseurl => 'http://test/repourl', descr => 'test' }"
Then duplicate the repo so you have two [test] repos:
cp -p /etc/yum.repos.d/test.repo /etc/yum.repos.d/test2.repo
Now any attempt to use puppet with Yumrepo fails, reproduced below:
# puppet apply -e "yumrepo { 'someapp': ensure => 'present', baseurl => 'http://test/repourl', descr => 'some app' }"
...which yields the following error:
Error: Failed to apply catalog: Section "test" is already defined, cannot redefine in /etc/yum.repos.d/test2.repo
For your error, see which files are duplicating [base]:
grep '^\[base]$' /etc/yum.repos.d/*.repo
I seem to have run into a syntax error on a previously-working puppet manifest. This is running on a local vagrant box with Ubuntu 12.04, and Puppet version 3.4.2. The puppet stuff was all generated at puphpet.com.
The error I'm getting is:
Error: Could not parse for environment production: Syntax error at '|'
at /tmp/vagrant-puppet/manifests/default.pp:263:29 on node
vagrant.example.com
Line 263 of default.pp is the second line of this snippet:
if count($php_values['ini']) > 0 {
$php_values['ini'].each { |$key, $value|
puphpet::ini { $key:
entry => "CUSTOM/${key}",
value => $value,
php_version => $php_values['version'],
webserver => $php_webserver_service
}
}
}
It looks like you haven't set parser to future.
Run this command:
puppet config print parser
If it returns current, you don't have access to the .each function. To change this, edit /etc/puppet/puppet.conf, and put parser = future under the [main] block. The above command should then return future.
Reference: http://docs.puppetlabs.com/references/latest/function.html#each
I am trying to provision a vagrant VM to allow users to supply their own bash_profile.local but I don't want this file tracked in the vm's vcs repo. I have a tracked bash_profile.local.dist file that they can rename. How can I tell puppet to only create a file if the source file exists? It is currently working correctly but logs an error during provisioning and this is what I'm trying to avoid.
This is the manifest:
class local
{
file { '.bash_profile.local':
source => 'puppet:///modules/local/bash_profile.local',
path => '/home/vagrant/.bash_profile.local',
replace => false,
mode => 0644,
owner => 'vagrant',
group => 'vagrant',
}
}
You could abuse file in this way :
$a = file('/etc/puppet/modules/local/files/bash_profile.local','/dev/null')
if($a != '') {
file { '.bash_profile.local':
content => $a,
...
}
}
This is not exactly what you asked but you can supply multiple paths in the source, so you can have a default empty file if the user didn't supplied his own.
class local
{
file { '.bash_profile.local':
source => [
'puppet:///modules/local/bash_profile.local',
'puppet:///modules/local/bash_profile.local.default'
],
path => '/home/vagrant/.bash_profile.local',
replace => false,
mode => 0644,
owner => 'vagrant',
group => 'vagrant',
}
}
You can try something like this:
file { 'bash_profile.local':
ensure => present,
source => ['puppet:///modules/local/bash_profile.local', '/dev/null'],
path => '/home/vagrant/.bash_profile.local',
before => Exec['clean-useless-file'],
}
exec { 'clean-useless-file':
command => 'rm .bash_profile.local',
onlyif => 'test -s .bash_profile.local',
cwd => '/home/vagrant',
path => '/bin:/usr/bin',
}
If the admin don't make a copy of ".bash_profile.local" available in "modules/local/bash_profile.local", the file resource will use the second source and then create a blank file. Then, the "onlyif" test fails and the exec will remove the useless blank file.
Used this way this code can be a little cumbersome, but it's better than a provisioning failure. You may evaluate if retaining a blank .bash_profile.local file can be okay in your case. I normally use a variation of this, with wget instead of rm, to get a fresh copy of the file from the internet if it was not already made available as a source.
If you're using puppetmaster, be aware you can use it to provision the own server, presenting two versions of the catalog, according to the .bash_profile.local is present or not.