Introduction to Hiera

Spencer Krumcc by sa

cc by sa

cc by sa //

Agenda• What is hiera

• Hiera architecture

• Basic examples

• More complicated example

• Trouble points for new users

What is hiera• Software from puppetlabs

• Started in 2011

• Started out as a puppet plugin, corenow

What is hiera• A way to plug data into your puppet

code

• Separate concerns of data andconfiguration

What is hiera• Exposes hiera() function to puppet

• Plugable backend

• Different from PuppetDB

Hiera Architecture

Puppet Architecture

cc by sa

Puppet Architecture w/hiera

cc by sa

# ln -s /etc/hiera.yaml /etc/puppet/hiera.yaml

# cat /etc/puppet/hiera.yaml---:backends:

- yaml

:yaml::datadir: /etc/puppet/hieradata

:hierarchy:- "%{clientcert}/common"- "osfamily/%{osfamily}/common"- common

# find /etc/puppet/hieradata../common.yaml./osfamily./osfamily/RedHat./osfamily/RedHat/common.yaml./osfamily/Debian./osfamily/Debian/common.yaml

Hiera• A place to put your data

• Backend driven

• Function call to lookup on keys

class { 'jenkins::slave':jenkins_ssh_key => 'AAAAB3Nzbu84a....'

}

# cat /etc/puppet/hieradata/common.yaml---jenkins_key: AAAAB3NzaC1yc2EAAAADA......

# hiera -d jenkins_keyDEBUG: Hiera YAML backend startingDEBUG: Looking up jenkins_key in YAML backendDEBUG: Looking for data source commonDEBUG: Found jenkins_key in common

AAAAB3NzaC1yc2EAAAADAQAB...

$ssh_key = hiera('jenkins_key')class { 'jenkins::slave':

jenkins_ssh_key => $ssh_key,}

class { 'mysql::server':root_password => 'hunter2',

}

# cat /etc/puppet/hieradata/common.yaml---...mysql_root_password: hunter2...

# hiera -d mysql_root_passwordDEBUG: Hiera YAML backend startingDEBUG: Looking up mysql_root_password in YAML backendDEBUG: Looking for data source commonDEBUG: Found mysql_root_password in common

hunter2

$password = hiera('mysql_root_password')

class { 'mysql::server':root_password => $password,

}

Questions?

class graphite {if $::osfamily == 'RedHat' {

$pkgs = ['git','python-django','g++','sqlite3',]

...}

}

Hiera• Hierarchy that is facter aware

• Defaults and overrides

# cat /etc/puppet/hiera.yaml---:backends:

- yaml

:yaml::datadir: /etc/puppet/hieradata

:hierarchy:- "%{clientcert}/common"- "osfamily/%{osfamily}/common"- common

# find /etc/puppet/hieradata../common.yaml./osfamily./osfamily/RedHat./osfamily/RedHat/common.yaml./osfamily/Debian./osfamily/Debian/common.yaml

Conditional data in code

class { 'graphite':if $::osfamily == 'RedHat' {

$pkgs = ['git','python-django','g++','sqlite3',]

...}

}

# cat osfamily/Debian/common.yaml---graphite::pkgs:

- graphite- python-django- virtualenv

# cat osfamily/RedHat/common.yaml---graphite::pkgs:

- git- python-django- g++- sqlite3- sqlite3-devel- python26-virtualenv

Hiera data# hiera graphite::pkgs osfamily=RedHat["git","python-django","g++","sqlite3","sqlite3-devel","python26-virtualenv"]

# hiera graphite::pkgs osfamily=Debian["graphite", "python-django", "virtualenv"]

# hiera graphite::pkgsnil

class graphite {if $::osfamily == 'RedHat' {

$pkgs = ['git','python-django','g++','sqlite3',]

...}

}

class graphite {$pkgs = hiera('graphite::pkgs')package { $pkgs:

ensure => latest,}

}

Backends

• yaml, json

• file, ldap

• gpg, eyaml

• mysql, postgres, redis

Pros

• Separation between data and code

• Secret storage

• Backends, integration with existingdatastores

• Some conditional logic irrelevant

• Puppet code sanitized

Cons

• hard to figure out where things comefrom

• hiera-yaml can only support one datadirectory

• debugging

• public modules + hirea is unsolved

In module data:puppet-module-data

User issues• Complicated hierarchy

• Runaway backends

• Latency/Load

• Architecture

Positive note• Use hiera, its awesome

• Start with yaml

• Try and experiment, iterate

Questions on Hiera

Questions?Thanks!

Spencer Krum (nibalizer)irc/twitter/githubnibz@spencerkrum.comnibz@hp.com