Post on 16-Jul-2015
Introduction to Hiera
Spencer Krumcc by sa
cc by sa
cc by sa //
Agenda• What is hiera
• Hiera architecture
• Basic examples
• More complicated example
• Trouble points for new users
What is hiera• Software from puppetlabs
• Started in 2011
• Started out as a puppet plugin, corenow
What is hiera• A way to plug data into your puppet
code
• Separate concerns of data andconfiguration
What is hiera• Exposes hiera() function to puppet
• Plugable backend
• Different from PuppetDB
Hiera Architecture
Puppet Architecture
cc by sa
Puppet Architecture w/hiera
cc by sa
# ln -s /etc/hiera.yaml /etc/puppet/hiera.yaml
# cat /etc/puppet/hiera.yaml---:backends:
- yaml
:yaml::datadir: /etc/puppet/hieradata
:hierarchy:- "%{clientcert}/common"- "osfamily/%{osfamily}/common"- common
# find /etc/puppet/hieradata../common.yaml./osfamily./osfamily/RedHat./osfamily/RedHat/common.yaml./osfamily/Debian./osfamily/Debian/common.yaml
Hiera• A place to put your data
• Backend driven
• Function call to lookup on keys
class { 'jenkins::slave':jenkins_ssh_key => 'AAAAB3Nzbu84a....'
}
# cat /etc/puppet/hieradata/common.yaml---jenkins_key: AAAAB3NzaC1yc2EAAAADA......
# hiera -d jenkins_keyDEBUG: Hiera YAML backend startingDEBUG: Looking up jenkins_key in YAML backendDEBUG: Looking for data source commonDEBUG: Found jenkins_key in common
AAAAB3NzaC1yc2EAAAADAQAB...
$ssh_key = hiera('jenkins_key')class { 'jenkins::slave':
jenkins_ssh_key => $ssh_key,}
class { 'mysql::server':root_password => 'hunter2',
}
# cat /etc/puppet/hieradata/common.yaml---...mysql_root_password: hunter2...
# hiera -d mysql_root_passwordDEBUG: Hiera YAML backend startingDEBUG: Looking up mysql_root_password in YAML backendDEBUG: Looking for data source commonDEBUG: Found mysql_root_password in common
hunter2
$password = hiera('mysql_root_password')
class { 'mysql::server':root_password => $password,
}
Questions?
class graphite {if $::osfamily == 'RedHat' {
$pkgs = ['git','python-django','g++','sqlite3',]
...}
}
Hiera• Hierarchy that is facter aware
• Defaults and overrides
# cat /etc/puppet/hiera.yaml---:backends:
- yaml
:yaml::datadir: /etc/puppet/hieradata
:hierarchy:- "%{clientcert}/common"- "osfamily/%{osfamily}/common"- common
# find /etc/puppet/hieradata../common.yaml./osfamily./osfamily/RedHat./osfamily/RedHat/common.yaml./osfamily/Debian./osfamily/Debian/common.yaml
Conditional data in code
class { 'graphite':if $::osfamily == 'RedHat' {
$pkgs = ['git','python-django','g++','sqlite3',]
...}
}
# cat osfamily/Debian/common.yaml---graphite::pkgs:
- graphite- python-django- virtualenv
# cat osfamily/RedHat/common.yaml---graphite::pkgs:
- git- python-django- g++- sqlite3- sqlite3-devel- python26-virtualenv
Hiera data# hiera graphite::pkgs osfamily=RedHat["git","python-django","g++","sqlite3","sqlite3-devel","python26-virtualenv"]
# hiera graphite::pkgs osfamily=Debian["graphite", "python-django", "virtualenv"]
# hiera graphite::pkgsnil
class graphite {if $::osfamily == 'RedHat' {
$pkgs = ['git','python-django','g++','sqlite3',]
...}
}
class graphite {$pkgs = hiera('graphite::pkgs')package { $pkgs:
ensure => latest,}
}
Backends
• yaml, json
• file, ldap
• gpg, eyaml
• mysql, postgres, redis
Pros
• Separation between data and code
• Secret storage
• Backends, integration with existingdatastores
• Some conditional logic irrelevant
• Puppet code sanitized
Cons
• hard to figure out where things comefrom
• hiera-yaml can only support one datadirectory
• debugging
• public modules + hirea is unsolved
User issues• Complicated hierarchy
• Runaway backends
• Latency/Load
• Architecture
Positive note• Use hiera, its awesome
• Start with yaml
• Try and experiment, iterate
Questions on Hiera
Questions?Thanks!
Spencer Krum (nibalizer)irc/twitter/githubnibz@spencerkrum.comnibz@hp.com