All geek questions in one place

How can I split my hiera configuration by roles?

I use hiera to assign classes to my nodes, such as webserver or dbserver . The webserver class includes only apache and sets up some configuration for it (for example, port). Obviously, I do not want to replicate this configuration for each node, so I put it in common.yaml. However, my common.yaml is getting big, so I want to split it. I would like to have one file containing the configuration for the webserver role, another for the dbserver role, etc. I imagine that my hiera.yaml looks something like this:

 :hierarchy: - "fqdn/%{::fqdn}" - "role/%{ROLE}" - common

If the role folder contains files like webserver.yaml , appserver.yaml , dbserver.yaml . I saw various blog posts saying that the solution is to create a personalized β€œrole” fact, but most of them achieve this by loading this fact from a file on the node agent (for example, from /etc/role ), which seems to me that he defeats the puppet point (I use the puppet specifically, so I do not need to go into each node and change the configuration every time I want her to have some new role).

To be clear, I do not want to edit the files in the agent to make this work, I want all this to be done using the configuration located on the main server.

I assume that I could have something like the following and exhaustively list each role as an element in the hierarchy, but this does not seem manageable.

 :hierarchy: - "fqdn/%{::fqdn}" - "webserver" - "appserver" - "dbserver" - common

Is there any way to solve this?

+6
source share
2 answers

In order to be able to use $Role in your hiera configurator, it must be provided as a fact / variable, however there is a way to do this on the main device, and not on the node. This is one of the things that External Node classifiers can be used for.

Basically, you need to write a script that takes the name Node and displays yaml, which includes the value of the Role parameter. For example, you might have one yaml file, which is just a Node name map for roles, and then the script searches and prints the result (as a parameter in the linked schema). Here is an example .

There is a more reliable ENC if you are interested in a new tooling. For example, Foreman gives you a web interface for grouping hosts together into similar roles, setting parameters for input into puppet runs, etc.

+3
source

I have a solution for this. The only drawback is that the maximum number of roles is hard-coded. This will be better with hiera 3 until you try this:

/etc/puppet/hiera.yaml

  --- :backends: - yaml :yaml: :datadir: /etc/puppet/hieradata :hierarchy: - 'nodes/%{::clientcert}' - 'roles/%{::role_4}' - 'roles/%{::role_3}' - 'roles/%{::role_2}' - 'roles/%{::role_1}' - common

/etc/puppet/manifests/site.pp

 # Get roles $roles = hiera_array('roles', []) # Declare Roles in vars (not needed in puppet 4) $role_1 = $roles[0] $role_2 = $roles[1] $role_3 = $roles[2] $role_4 = $roles[3] # Include Classes hiera_include('classes')

/etc/puppet/hieradata/roles/webserver.yaml

 --- classes: - nginx # put nginx config here

/etc/puppet/hieradata/nodes/your_node_name.yaml

 --- roles: - webserver classes: # put node specific stuff here
+1
source

Source: https://habr.com/ru/post/987257/

More articles:


All Articles