[Puppet Users] puppet, hiera, and overrides

Mon, 08 Dec 2014 12:56:21 -0800 

Hi, I think I'm misunderstanding either Hiera data bindings or the hash 
merge functions, but I'm not sure which.

When I override a Hiera setting in a more specific level of the heriarchy, 
only that setting gets applied. In fact, settings from more general levels 
get removed.

Example:
I'm using the saz-ssh module to set SSH server options.

Testing with a simple Hierarchy like so:
- %{::osfamily}
  - %{::kernel}
  - common


Linux.yaml:
ssh::server_options:
  TCPKeepAlive: 'yes'
  ClientAliveInterval: 540
  PermitRootLogin: 'no'


RedHat.yaml
ssh::server_options:
  TCPKeepAlive: 'yes'
  ClientAliveInterval: 540
  PermitRootLogin: 'yes'



Gives me the expected sshd_config:
# File is managed by Puppet

AcceptEnv LANG LC_*
ChallengeResponseAuthentication no
ClientAliveInterval 540
PermitRootLogin yes
PrintMotd no
Subsystem sftp /usr/libexec/openssh/sftp-server
TCPKeepAlive yes
UsePAM yes
X11Forwarding yes



If I change the RedHat.yaml to include ONLY the setting I want to override 
(Linux.yaml is unchanged):
ssh::server_options:
  PermitRootLogin: 'yes'



After puppet agent runs, sshd_config is missing the other two settings 
(ClientAliveInterval and TCPKeepAlive) settings:
AcceptEnv LANG LC_*
ChallengeResponseAuthentication no
PermitRootLogin yes
PrintMotd no
Subsystem sftp /usr/libexec/openssh/sftp-server
UsePAM yes
X11Forwarding yes




Hiera lookups from the command line work as I expect them to, returning a 
has of all three settings with the overridden one correct:

 sudo -u puppet hiera --hash ssh::server_options environment=test 
::kernel=Linux ::osfamily=RedHat
 
{"PermitRootLogin"=>"yes", "TCPKeepAlive"=>"yes", 
"ClientAliveInterval"=>540}


sudo -u puppet hiera --hash ssh::server_options environment=test 
::kernel=Linux
{"PermitRootLogin"=>"no", "ClientAliveInterval"=>540, "TCPKeepAlive"=>"yes"}


I have tried this with AND without :merge_behavior: deeper set in the 
hiera.yaml file.

Any ideas of what I am missing?

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/05da44a4-7fb6-454b-b769-942fb023d095%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to