class profile::jenkins { $jenkins_port = hiera(’jenkins_port’) $java_dist = hiera(’java_dist’) $java_version = hiera(’java_version’)
class { ’::jenkins’: install_java => false, port => $jenkins_port, }
class { ’::java’: distribution => $java_dist, version => $java_version, before => Class[‘jenkins’], }}
Best Practice-ish: Roles & Profiles 16
● Focus on having a “complexity escalation path”
● Module in Control Repo? Module in its own Repo?
● Package in profile::mycorp::packages -> package in its own module
● Team interoperability and comprehension
● i.e. “Do we need a profile for simple, one-module tech?”
● Minimize magic
Your Standard
Best Practice-ish: Roles & Profiles 18
● In the Control Repo
● Escalation: Separate module
● Escalation: Separate module for each profile
Profiles - storage
Best Practice-ish: Roles & Profiles 18
● In the Control Repo
● Escalation: Separate module
● Escalation: Separate module for each profile
Profiles - storage
Best Practice-ish: Roles & Profiles 18
● In the Control Repo
● Escalation: Separate module
● Escalation: Separate module for each profile
Profiles - storage
Best Practice-ish: Roles & Profiles 19
● Name the module “profile” ● Or “profiles” ● Or “lamp” ● (i.e. It doesn’t matter because I don’t work with you) ●Escalation: prepend each profile module ●wrapper_apache●profile_apache
Profiles - naming
Best Practice-ish: Roles & Profiles 20
● Name each profile according to tech
● profile::{nginx,apache}● Escalation: May extend to implementation if it makes
sense
● profile::ssh::{server,client}
Profiles - naming
Best Practice-ish: Roles & Profiles 21
Profiles may be parameterized to provide an API to the implementation
Profiles - usage
Best Practice-ish: Roles & Profiles 22
Limit resource-style declaration of a profile
Profiles - usage
class { ‘profile::ntp’: }
include profile::ntp
Best Practice-ish: Roles & Profiles 24
●Only site-specific resources declared in profiles ●Certificates ●Credentials ●Customizations
Profiles - usage
Best Practice-ish: Roles & Profiles 26
Profiles may be platform-based
Profiles - usage
● profile::windows::iis● profile::linux::ntp● profile::osx::loginwindow
Best Practice-ish: Roles & Profiles 27
Profiles may be single-point-of-entry
Profiles - usage
profile::dns_nameservers -> profile::dns_nameservers::{linux,windows}
Best Practice-ish: Roles & Profiles 37
Roles may be namespaced for clarity
Roles - naming
● role::app_server::pci● These names are to assist YOU
Best Practice-ish: Roles & Profiles 38
Roles - storage● In the Control Repo
● Single ‘role’ module
● Escalation: Separate module
● Escalation: Separate module for each role
Best Practice-ish: Roles & Profiles 40
Can roles contain conditional logic?
Roles - naming
● If Windows then IIS profile, if Linux then JBoss
● Separate roles per platform
●What’s more important to track/visualize?
Best Practice-ish: Roles & Profiles 42
Summary
DO WHAT CAUSES LESS FRICTION BETWEEN TEAMS AND IS EASY TO
FOLLOW!