Puppet 6 and module puppetlabs/accounts does not create user account in Hiera YAML format

Question

When I run puppet agent --test I have no errors output but the user did not create.

My puppet hira.yaml configuration is:

---
version: 5
  datadir: "/etc/puppetlabs/code/environments"
  data_hash: yaml_data
hierarchy:
  - name: "Per-node data (yaml version)"
    path: "%{::environment}/nodes/%{::trusted.certname}.yaml"
  - name: "Common YAML hierarchy levels"
    paths:
      - "defaults/common.yaml"
      - "defaults/users.yaml"

users.yaml is:

accounts::user:
  joed:
    locked: false
    comment: System Operator
    uid: '1700'
    gid: '1700'
    groups:
    - admin
    - sudonopw
    sshkeys:
    - ssh-rsa ...Hw== sysop+moduledevkey@puppetlabs.com

I use this module

It should be `accounts::user` and even it works as they writing in manual, but I do not know how it run as YAML/Hiera — Rostyslav Malenko, Feb 25 '19 at 20:17

score 4 · Accepted Answer · answered Feb 25 '19 at 23:29

Nothing in Hiera data itself causes anything to be applied to target nodes. Some kind of declaration is required in a manifest somewhere or in the output of an external node classifier script. Moreover, the puppetlabs/accounts module provides only defined types, not classes. You can store defined-type data in Hiera and read it back, but automated parameter binding via Hiera applies only to classes, not defined types.

In short, then, no user is created (and no error is reported) because no relevant resources are declared into the target node's catalog. You haven't given Puppet anything to do.

If you want to apply the stored user data presented to your nodes, you would want something along these lines:

$user_data = lookup('accounts::user', Hash[String,Hash], 'hash', {})

$user_data.each |$user,$props| {
  accounts::user { $user: * => $props }
}

That would go into the node block matched to your target node, or, better, into a class that is declared by that node block or an equivalent. It's fairly complicated for so few lines, but in brief:

the lookup function looks up key 'accounts::user' in your Hiera data
- performing a hash merge of results appearing at different levels of the hierarchy
- expecting the result to be a hash with string keys and hash values
- and defaulting to an empty hash if no results are found;
the mappings in the result hash are iterated, and for each one, an instance of the accounts::user defined type is declared
- using the (outer) hash key as the user name,
- and the value associated with that key as a mapping from parameter names to parameter values.

Alex Harvey · Answer 2 · 2019-03-14T10:28:54.460

There are a few problems here.

You are missing a line in your hiera.yaml namely the defaults key. It should be:

---
version: 5
defaults:  ## add this line
  datadir: "/etc/puppetlabs/code/environments"
  data_hash: yaml_data
hierarchy:
  - name: "Per-node data (yaml version)"
    path: "%{::environment}/nodes/%{::trusted.certname}.yaml"
  - name: "Common YAML hierarchy levels"
    paths:
      - "defaults/common.yaml"
      - "defaults/users.yaml"

I detected that using the puppet-syntax gem (included if you use PDK, which is recommended):

▶ bundle exec rake validate            
Syntax OK
---> syntax:manifests
---> syntax:templates
---> syntax:hiera:yaml
ERROR: Failed to parse hiera.yaml: (hiera.yaml): mapping values are not allowed in this context at line 3 column 10

Also, in addition to what John mentioned, the simplest class to read in your data would be this:

class test (Hash[String,Hash] $users) {
  create_resources(accounts::user, $users)
}

Or if you want to avoid using create_resources*:

class test (Hash[String,Hash] $users) {
  $users.each |$user,$props| {
    accounts::user { $user: * => $props }
  }
}

Note that I have relied on the Automatic Parameter Lookup feature for that. See the link below.

Then, in your Hiera data, you would have a key named test::users to correspond (class name "test", key name "users"):

---
test::users:  ## Note that this line changed.
  joed:
    locked: false
    comment: System Operator
    uid: '1700'
    gid: '1700'
    groups:
    - admin
    - sudonopw
    sshkeys:
    - ssh-rsa ...Hw== sysop+moduledevkey@puppetlabs.com

Use of automatic parameter lookup is generally the more idiomatic way of writing Puppet code compared to calling the lookup function explicitly.

For more info:

(*Note that create_resources is "controversial". Many in the Puppet community prefer not to use it.)

Thank you, I tried this variant but the user wasn't added. Perhaps, I did something wrong. ` class test (Hash [String,Hash] $users) { $users.each |$user,$props| { accounts::user { $user: * => $props } } } ` — Rostyslav Malenko, Feb 26 '19 at 15:51
I just tested and the code works- feel free to ask a new question? — Alex Harvey, Feb 27 '19 at 08:17
Thank you. Could you help me, please? From yaml content filled by strings `accounts/shell/bash....` `bashrc_content: file('accounts/shell/bashrc')` `bash_profile_content: file('accounts/shell/bash_profile')` From .pp content filled by content from these files `bashrc_content => file('accounts/shell/bashrc'),` `bash_profile_content => file('accounts/shell/bash_profile'),` [Gist](https://gist.github.com/rmalenko/50fce66076fb94635544f70b1ae195a1) — Rostyslav Malenko, Mar 01 '19 at 15:31
I am happy to help but you need to ask a new question and show all the relevant code. — Alex Harvey, Mar 02 '19 at 03:05
I have created another question. Thank you for advance for your response. https://stackoverflow.com/questions/55058734/puppet-6-and-module-puppetlabs-accounts-hiera-yaml-does-not-fill-content — Rostyslav Malenko, Mar 08 '19 at 07:44

Puppet 6 and module puppetlabs/accounts does not create user account in Hiera YAML format

2 Answers2

Linked