using hiera with puppet
DESCRIPTION
Scott Lackey presents how to get started with hiera and puppet using many of the popular hiera backends.TRANSCRIPT
Puppet with HieraUsing hiera for variable management
and encryption
Scott Lackey 2014
Who’s this guy?From: Nashville/SeattleSchool: CS dropoutWork: IBM, NASA, Sprint, SalesForceLanguages: Spanish, Russian
Hiera is a framework for hierarchically organizing data, and abstracting it from your manifests.
What’s a Hiera?
Sticking value pairs into yaml files to play puppet plinko
With Hiera, you can externalize your data and
easily understand how configuration values are
assigned to your servers.
Node inheritance: node mysql01.domain.com { $user = 'dbauser' $password = 'ermahgerd'}
Puppet’s recent evolution
Parameterized classes:class mysql( $user = $mysql::params::dbauser, $password = $mysql::params::password
Hiera:user : 'dbauser'password : 'ermahgerd'
Hiera is now the default in Puppet version 3+
*You don’t need to install anything!
You only need
two things
The Hiera config + A Yaml file/etc/puppet/hiera.yaml /etc/puppet/hieradata/environment/prod/main.yaml
example:yaml
example:yaml
ls /environment/production:cache.yaml ldap.yaml main.yaml
example:yaml
ls /environment/staging:cache.yaml ldap.yaml main.yaml
example:yaml
ntp/manifests/init.pp
example:yaml
special calling_module variable
example:yaml
ls /environment/staging: ldap.yaml mysql.yaml
Hiera can get data from more than just yaml files
eyamlHTTPmySQLPostgres
MongoJSONredismore..
example:Postgres
example:Postgres
path key value
'fqdn/foo.example.com' 'ntp::servers' 'ntp.mydomain.com’
'fqdn/bar.example.com' 'ntp::servers' ‘ntp2.mydomain.com’
'environment/production' 'ntp::servers' '[ prodntp1.mydomain.com, prodntp2.
mydomain.com ]'
'environment/staging' 'ntp::servers' 'stagingntp.mydomain.com'
The Postgres config table layout
How do you manage credentials in Puppet?
Shared manifests secret credentials manifests
Puppet repo
Hiera-eyaml
example:eyaml
example:eyaml
eyaml edit /puppet/hieradata/environment/staging/main.yaml --pkcs7-public-key public_key.pkcs7.pem-staging --pkcs7-private-key private_key.pkcs7.pem-staging
example:erb templating
#manifest
#erb template
Question/Answer
● Hiera-eyaml encryption https://github.com/TomPoulton/hiera-eyaml
● When to Hiera: http://garylarizza.com/blog/2013/12/08/when-to-hiera/
● Hiera Postgres: https://github.com/dalen/hiera-psql
Further reading