为什么木偶认为我的自定义事实是一个字符串?

时间:2017-08-01 03:01:29

标签: ruby puppet

我正在尝试创建一个自定义事实,我可以将其用作hiera yaml文件中类参数的值。

我正在使用openstack/puppet-keystone模块,我想使用fernet-keys。 根据模块中的注释,我可以使用此参数。

# [*fernet_keys*]
#   (Optional) Hash of Keystone fernet keys
#   If you enable this parameter, make sure enable_fernet_setup is set to True.
#   Example of valid value:
#   fernet_keys:
#     /etc/keystone/fernet-keys/0:
#       content: c_aJfy6At9y-toNS9SF1NQMTSkSzQ-OBYeYulTqKsWU=
#     /etc/keystone/fernet-keys/1:
#       content: zx0hNG7CStxFz5KXZRsf7sE4lju0dLYvXdGDIKGcd7k=
#   Puppet will create a file per key in $fernet_key_repository.
#   Note: defaults to false so keystone-manage fernet_setup will be executed.
#   Otherwise Puppet will manage keys with File resource.
#   Defaults to false

所以写了这个自定义事实...... 

[root@puppetmaster modules]# cat keystone_fernet/lib/facter/fernet_keys.rb
Facter.add(:fernet_keys) do
  setcode do
    fernet_keys = {}

    puts ( 'Debug keyrepo is /etc/keystone/fernet-keys' )
    Dir.glob('/etc/keystone/fernet-keys/*').each do |fernet_file|
      data = File.read(fernet_file)
      if data
    content = {}
        puts ( "Debug Key file #{fernet_file} contains #{data}" )
        fernet_keys[fernet_file] = { 'content' => data }
      end
    end
    fernet_keys
  end
end

然后在我的keystone.yaml文件中,我有这一行:

keystone::fernet_keys: '%{::fernet_keys}'

但是当我在我的节点上运行puppet agent -t时,我收到此错误:

Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Evaluation Error: Error while evaluating a Function Call, "{\"/etc/keystone/fernet-keys/1\"=>{\"content\"=>\"xxxxxxxxxxxxxxxxxxxx=\"}, \"/etc/keystone/fernet-keys/0\"=>{\"content\"=>\"xxxxxxxxxxxxxxxxxxxx=\"}}" is not a Hash.  It looks to be a String at /etc/puppetlabs/code/environments/production/modules/keystone/manifests/init.pp:1144:7 on node mgmt-01

我原以为我已经正确格式化了哈希,因为facter -p fernet_keys在代理上输出了这个:

{
  /etc/keystone/fernet-keys/1 => {
    content => "xxxxxxxxxxxxxxxxxxxx="
  },
  /etc/keystone/fernet-keys/0 => {
    content => "xxxxxxxxxxxxxxxxxxxx="
  }
}

keystone模块中的代码如下所示(带行号)

1142
1143   if $fernet_keys {
1144       validate_hash($fernet_keys)
1145       create_resources('file', $fernet_keys, {
1146           'owner'     => $keystone_user,
1147           'group'     => $keystone_group,
1148           'subscribe' => 'Anchor[keystone::install::end]',
1149         }
1150       )
1151     } else {

1 个答案:

答案 0 :(得分:2)

Puppet并不一定认为你的事实值是一个字符串 - 如果客户端设置为字符串化事实,它可能会这样做,但实际上这不是重点。底线是Hiera interpolation tokens不像你想象的那样工作。具体做法是:

  

Hiera可以插入任何Puppet数据类型的值,但是   value将转换为字符串

(强调补充。)

相关问题
最新问题