Date post: | 07-Jul-2015 |
Category: |
Technology |
Upload: | scott-lackey |
View: | 278 times |
Download: | 0 times |
Puppet with HieraUsing hiera for variable management
and encryption
Scott Lackey 2014
Who’s this guy?From: Nashville/SeattleSchool: CS dropoutWork: IBM, NASA, Sprint, SalesForceLanguages: Spanish, Russian
Hiera is a framework for hierarchically organizing data, and abstracting it from your manifests.
What’s a Hiera?
Sticking value pairs into yaml files to play puppet plinko
With Hiera, you can externalize your data and
easily understand how configuration values are
assigned to your servers.
Node inheritance: node mysql01.domain.com { $user = 'dbauser' $password = 'ermahgerd'}
Puppet’s recent evolution
Parameterized classes:class mysql( $user = $mysql::params::dbauser, $password = $mysql::params::password
Hiera:user : 'dbauser'password : 'ermahgerd'
Hiera is now the default in Puppet version 3+
*You don’t need to install anything!
You only need
two things
The Hiera config + A Yaml file/etc/puppet/hiera.yaml /etc/puppet/hieradata/environment/prod/main.yaml
example:yaml
example:yaml
ls /environment/production:cache.yaml ldap.yaml main.yaml
example:yaml
ls /environment/staging:cache.yaml ldap.yaml main.yaml
example:yaml
ntp/manifests/init.pp
example:yaml
special calling_module variable
example:yaml
ls /environment/staging: ldap.yaml mysql.yaml
Hiera can get data from more than just yaml files
eyamlHTTPmySQLPostgres
MongoJSONredismore..
example:Postgres
example:Postgres
path key value
'fqdn/foo.example.com' 'ntp::servers' 'ntp.mydomain.com’
'fqdn/bar.example.com' 'ntp::servers' ‘ntp2.mydomain.com’
'environment/production' 'ntp::servers' '[ prodntp1.mydomain.com, prodntp2.
mydomain.com ]'
'environment/staging' 'ntp::servers' 'stagingntp.mydomain.com'
The Postgres config table layout
How do you manage credentials in Puppet?
Shared manifests secret credentials manifests
Puppet repo
Hiera-eyaml
example:eyaml
example:eyaml
eyaml edit /puppet/hieradata/environment/staging/main.yaml --pkcs7-public-key public_key.pkcs7.pem-staging --pkcs7-private-key private_key.pkcs7.pem-staging
example:erb templating
#manifest
#erb template
Question/Answer
● Hiera-eyaml encryption https://github.com/TomPoulton/hiera-eyaml
● When to Hiera: http://garylarizza.com/blog/2013/12/08/when-to-hiera/
● Hiera Postgres: https://github.com/dalen/hiera-psql
Further reading