I installed puppet 5 on master and server and setup/signed certificate from agent...now i wanted to try a simple agent run...
i followed the puppet official docs which test Hiera 5 as well (link below): https://docs.puppet.com/puppet/5.0/hiera_quick.html
But the agent never applies the changes when i run:
# puppet agent -t
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for xxxxxx.xxx.xxx
Info: Applying configuration version '1504530655'
Notice: Applied catalog in 0.04 seconds
on the master when i run puppet apply /[manifest-location]/manifest.pp it works fine.
my master puppet.conf:
[main]
server = puppet-master-test.xxx.xxx
dns_alt_names = puppet-master-test.xxx.xxxx
certificate_revocation = false
modulepath = /etc/puppetlabs/code/environments/production/modules
[master]
certname = puppet-master-test.xxx.xxx
vardir = /opt/puppetlabs/server/data/puppetserver
logdir = /var/log/puppetlabs/puppetserver
rundir = /var/run/puppetlabs/puppetserver
pidfile = /var/run/puppetlabs/puppetserver/puppetserver.pid
codedir = /etc/puppetlabs/code
environment_timeout = unlimited
Agent's puppet.conf:
[main]
server = puppet-master-test.xxx.xxx
[master]
certname = puppet-master-test.xxx.xxx
[agent]
environment = production
certname = puppet-client.xxx.xxx
server = puppet-master-test.xxx.xxx
can someone advise on this? Thanks in advance.
EDIT:
i created a simple module:
#/etc/puppetlabs/code/environments/production/modules/profile/manifests/hiera_test.pp
class profile::test {
file { '/tmp/hiera_test.txt':
ensure => file,
owner => root,
mode => '0755',
}
}
init.pp:
#/etc/puppetlabs/code/environments/production/modules/profile/manifests/init.pp
include profile::test
i have a site.pp under: /etc/puppetlabs/code/environments/production/manifests/site.pp
node 'puppet-client.xxx.xxx' {
include profile
}
output of:
#puppet config print modulepath --section master --environment production
/etc/puppetlabs/code/environments/production/modules
#puppet config print manifest --section master --environment production
/etc/puppetlabs/code/environments/production/manifests/site.pp
On the master when i use:
#puppet apply /etc/puppetlabs/code/environments/production/modules/profile/manifests/init.pp
Notice: Compiled catalog for puppet-master-test.xxx.xxx in environment production in 0.07 seconds
Notice: /Stage[main]/Profile::Test/File[/tmp/hiera_test.txt]/ensure: created
Notice: Applied catalog in 0.11 seconds
but, puppet agent -t on agent doestn't create the file under /tmp.../tmp permissions are 1777, can you let me know if you need more info?
Thanks.
As I said from the beginning in comments, if, on a given catalog run, the agent does not make any attempt to apply any resources to the target machine and does not emit any diagnostics then it follows that the target machine is already fully in sync with the catalog served to it. The agent caches the catalog (details depend on Puppet version), so you can check what resources are actually included. One of the problems that sometimes afflicts Puppet sites, especially new ones, is that agents receive effectively empty catalogs. This is usually attributable to flaws in the relevant manifest set at the master.
It is important to understand that the master builds a catalog starting from the site manifest for the agent's environment (which is not necessarily the way puppet apply does it), and that only the classes and resources declared for a given node, as discovered via that process, are included in its catalog. It is also important to understand that agent and master both perform caching of various forms -- the former to be able to enforce configuration if the master happens to become unavailable, and the latter to improve capacity and performance.
Supposing that the node block in your site manifest designates as node name the same identifier that the agent in question is configured to use as its certname, your manifest set -- though it is indeed flawed -- should not successfully yield an empty catalog for that target node. You could consider taking the node name out of play while you debug by adding or switching to a default node block:
node default {
include profile
}
Since you've set the master's environment cache timeout to be unlimited (the default), however, the server may nevertheless serve an empty catalog if you've modified the manifest set since starting the master. You can manually cause the master to expire its cache, or, perhaps more easily, you can just restart the master service. If you wish, you can also disable environment caching by setting the cache timeout to 0 (and restarting the service).
As for flaws in your manifest set, there are at least three key issues:
Puppet's include function declares classes. In support of that, it may cause manifest files to be evaluated, but it should not be interpreted as performing lexical interpolation of manifests álà the C preprocessor's #include directive. It is more analogous to Python's import command.
Outside the site manifest, no manifest should contain anything other than class or defined type definitions at top scope. They especially should not contain class or resource declarations at that scope; such declarations in those manifests should appear only inside the bodies of class or defined type definitions. Declarations may appear at any scope inside the site manifest, but in that context they usually should appear in node blocks.
For Puppet to find class and defined type definitions, they must reside in a correctly located and named file.
With respect to (1), your site manifest contains a node block that performs include profile. This declares that class 'profile' should be included in the target node's catalog, but no such class exists. The contents of the manifest where Puppet will look for the class definition (production/modules/profile/manifests/init.pp) instead contains a declaration of class profile::test at top scope (see (2)). The catalog builder should fail over the absence of the requested class. That it does not do so tells me that either it is not looking at your node block at all (maybe the node name doesn't match), or else that it is using a cached version of the environment that does not suffer from that problem in the first place (but also doesn't result in the wanted class being included).
What you appear to have wanted in modules/profile/manifests/init.pp is
class profile {
include profile::test
}
Note that the include statement appears inside the definition of class 'profile', which in turn is the name of the class that Puppet will look for in that particular file. This differs from what you would want for applying this manifest directly with puppet apply.
Alternatively, you could skip this simple 'profile' class altogether and just have the node block declare 'profile::test' directly, though some might criticize that approach on stylistic grounds.
But that's not all. You do provide a viable definition of class profile::test, but you describe it residing in a file whose name does not correspond. Puppet will not find it in production/modules/profile/manifests/hiera_test.pp; it needs to be in production/modules/profile/manifests/test.pp instead (3).