> > If you use many parameterized classes, then Puppet 3's automatic class > parameter binding will tend to aggravate that problem, especially if you > typically allow class parameters to take default values or DSL-specified > values (so that hiera has lots of complete misses on the parameter names). >
Yep this was what I eventually worked out was causing my massive increase in compile times - I wasn't aware of the new data binding stuff in Puppet 3 and was making heavy use of default values in parameterised classes without realizing that each one was triggering a Hiera lookup through all of my yaml and then gpg data files. I ended up changing most of my parameterised classes back to regular classes, and not using any default values in the remaining ones - to be honest with Hiera I didn't really need them any more as I put my default values in common.yaml - and this reduced my catalog compile time back to a tolerable level. That said my compile times are still a lot higher than they were prior to using Hiera and the GPG backend, and I was shocked when I ran Puppetmaster in debug mode to see it opening each file in turn for every single lookup. Caching the data would seem the sensible way to go. On Thursday, May 9, 2013 4:18:21 PM UTC+1, Aaron Mills wrote: > > Hmm..it seems like a pretty basic use case is an accompanying gpg file for > each level of a hierarchy, just to store things like passwords, or > sensitive data. Minimizing the use of things like hiera's 3.x data bindings > to gain speed in hiera-gpg lookups feels like throwing the baby out with > the bathwater. > > I wonder how difficult (read: secure) it would be to cache the data across > calls. An md5sum could be used to determine whether the contents of a .gpg > file have changed since the last lookup. Instead of decrypting each file > for every call, hiera-gpg can do something like: > > - Calculate an md5sum of the .gpg files, and the data from these files > stored in memory, redis, or wherever. > - When asked for a variable, do an md5sum of the .gpg file and, if the > values are the same, return the data from memory > - If the hash values don't match, reload the data from the .gpg file. > > Seems like this would be slightly faster than having to fully decrypt the > contents of each file for every parameter lookup. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
