Hi, I am currently looking to move away from node inheritance towards hiera, and I have a question how to achieve merge/overloading functionality with hiera. I have written an elaborate example below, but let me just quickly summarize all that into a question:
With hiera: - How would you go about when certain nodes need data merged from all scopes, but other nodes need data from just the last scope? - What backend would you use? - How would you best mimic the behaviour or node inheritance (regarding array appends and replacements)? - Probably I am looking towards custom backend, right? :) Thank you for your opinions, b. Full example goes like this: - there is a 'tpl_base' node template definition with all default variables - there is a 'tpl_base_dc1' node template which appends to inherited values from 'tpl_base' - there is a 'tpl_base_dc1_special' node template which REPLACES certain values from 'tpl_base_dc1' Let's implement this with node inheritance: ----------------------------------------------------------------------------------------- node 'tpl_base' { #...(other vars)... $syslog_servers = [ '9.9.9.51', '9.9.9.52' ] # Global syslog servers } node 'tpl_base_dc1' inherits 'tpl_base' { #...(other vars)... $syslog_servers += [ '1.1.1.53', '1.1.1.54' ] # Additional syslog servers for nodes in DC1 } node 'tpl_base_dc1*_special*' inherits 'tpl_base_dc1' { #...(other vars)... $syslog_servers = [ '1.1.1.55', '1.1.1.56' ] *# REPLACE syslog servers (note the = vs += operator)* } node 'srv-0.no-dc' inherits 'tpl_base' { include 'syslog_ng' } node 'srv-1.dc1' inherits 'tpl_base_dc1' { include 'syslog_ng' } node 'srv-2-special.dc1' inherits 'tpl_base_dc1_special' { include 'syslog_ng' } ----------------------------------------------------------------------------------------- The result is: - nodes from all datacenters log to 9.9.9.51 and 9.9.9.52 syslog servers - nodes from dc1 additionaly log to dc1-specific logservers, 1.1.1.53 and 1.1.1.54 - SPECIAL nodes from dc1 log do specially designated log servers (.55 and .56) and not to other log servers (consider they are logging security-sensitive data which must not be visible on common log servers - this aligns neatly with module/class definitions, as they do not have to care about how data arrays are costructed (defined, appended, replaced, whatever), they just use whatever is given to them Now lets remodel this into hiera scopes: ----------------------------------------------------------------------------------------- # /etc/hiera.yaml --- :hierarchy: - "%{::clientcert}" - "tpl_%{::domain}" <-- one way to include dcX-specific configuration - "tpl_base" # tpl_base.yaml syslog_servers: - 9.9.9.51 - 9.9.9.52 # tpl_dc1.yaml syslog_servers: - 1.1.1.53 - 1.1.1.54 # tpl_dc1-special.yaml syslog_servers: - 1.1.1.55 - 1.1.1.56 ----------------------------------------------------------------------------------------- When data is ported into hiera, there are two options available for retrieving data: a) hiera() b) hiera_merge() These would be the results: 1. hiera() would work fine for srv-0.no-dc (just global syslog servers) 2. hiera() would work fine for srv-2-special (just specific servers for special nodes) 3. hiera_merge() would work fine for srv-0 4. hiera_merge() would work fine for srv-1 (merges base and dc1-specific syslog servers) 5. hiera() would NOT work fine for srv-1 (gets just dc1-specific syslog servers, as it is the most specific match) 5. hiera_merge() would NOT work fine for srv-2 (gets ALL syslog servers, despite only last two being a reqirement) Problematic are last two cases, which (as it seems) are not supported with current hiera backends. Or am I wrong? b. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/7205e414-506f-41b4-8c5d-c1e0a9da1d4e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.