[Puppet Users] Re: What's your hiera tree look like?

2013-10-15 Thread Alex Scoble 
I couldn't get hiera integrated with PE 3.0.1 to work with nested 
hierarchies, so this is what my hierarchy looks like:

:hierarchy:
  - defaults
  - %{clientcert}
  - %{domain}
  - %{osfamily}
  - %{environment}
  - global

Regards,

Alex

On Tuesday, March 19, 2013 2:30:16 PM UTC-7, Larry Fast wrote:

 My Hiera tree is turning into a chaotic mess. I'm guessing that my tree 
 structure is one problem source. So I'm wondering how other real users have 
 setup hiera.  Here are the core problems that are giving me headaches.
 # I need to version control my modules separately but hiera data is 
 monolithic.  If I need to change anything anywhere, I need to release a new 
 version of the whole tree.
 # I can't easily review the final output from hiera within puppet because 
 the traversal is dependent on facts. I need to feed the facts into Hiera 
 before I get anything meaningful.
 # Can't easily compare the config of two different servers. (really the 
 same as the previous)

 Here's my Hiera tree.  I'm very interested to know how others deal with 
 these issues.  Does Puppet Enterprise include Hiera mgmt tools?
 - %{environment}/%{project}/%{server_env}/%{module_name}
 - %{environment}/%{project}/%{server_env}/common
 - %{environment}/%{project}/%{role_name}-role/%{module_name}
 - %{environment}/%{project}/%{role_name}-role/common
 - %{environment}/%{project}/%{module_name}
 - %{environment}/%{location}/%{module_name}
 - %{environment}/%{module_name}
 - %{environment}/common

 NOTES:
 Each Environment is a copy of our git repo and includes the hiera tree.
 Project, Server_env, Role_name  Location are custom facts


-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Re: What's your hiera tree look like?

2013-03-25 Thread Klavs Klavsen 
I use Netgroups (with LDAP as backend) to group my nodes.

Netgroups is an old NIS thing, which works beautifully. You can group 
hosts, and each netgroup, can contain other netgroups, users or hosts.

This way, a host can be a member of several netgroups - and I use netgroup 
membership to determine something akin to roles. Currently I have to use 
IN and netgroups.include in my templates.

$netgroups - is a paramater my script adds (by way of external_nodes = 
/path/to/script).

One thing I would very much like, is to hiera to support lookup, based on 
netgroups (which is an array). That is definetely the missing part in my 
puzzle.

I use the same netgroups for many other things (such as access control - I 
have a central file (used by PAM) which defines which groups can access 
which netgroups).

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Re: What's your hiera tree look like?

2013-03-24 Thread Robin Lee Powell 
On Fri, Mar 22, 2013 at 04:22:19PM -0700, Aaron Mills wrote:
 
 The biggest pain point for us is that having hiera + puppet in the
 same repo feels like extra work. If they're going to live
 together, why even use hiera? Why not just set variables at the
 node level?

For me, here are some reasons to want to do it that way (I'm looking
at moving to Hiera right now):

1.  Hiera stuff is set before everything, which fixes a lot of
scoping issues in puppet.

2.  You can drive other tools off the Hiera YAML; you can basically
use it as an inventory system.  Multiple sources of truth is *bad*.
Alternatively, you can have an inventory system generate Hiera YAML
very easily; generating well-formed puppet instructions with
reasonable flexibility is *HARD* (I've written a system to do this,
trust me).

3.  Tweaking a YAML value means you are, in some sense at least,
tweaking *data*, but if you're messing with puppet variables you're
always messing with *code*, with all the joy that entails.

-Robin

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Re: What's your hiera tree look like?

2013-03-24 Thread Peter Brown 
On 25 March 2013 10:12, Robin Lee Powell rlpow...@digitalkingdom.orgwrote:

 On Fri, Mar 22, 2013 at 04:22:19PM -0700, Aaron Mills wrote:
 
  The biggest pain point for us is that having hiera + puppet in the
  same repo feels like extra work. If they're going to live
  together, why even use hiera? Why not just set variables at the
  node level?

 For me, here are some reasons to want to do it that way (I'm looking
 at moving to Hiera right now):


These are exactly the reasons I moved to hiera when I switched my
environment over to puppet 3 from 2.6.
It was mostly about separating my data from the code and making my modules
easy to read and portable.
My modules and node templates were getting insane and so hard to read (I
started using puppet 0.24 so it was the only way to do it at the time apart
from setting up and ENC)

Nail all this to a puppetmaster with a puppetdb backend and set up foreman
as an ENC and everything is lovely.
Especially my node definitions which are only used for adding the
occasional define and occasionally adding a module include for testing
before I add it to my nodes in foreman.

1.  Hiera stuff is set before everything, which fixes a lot of
 scoping issues in puppet.

 2.  You can drive other tools off the Hiera YAML; you can basically
 use it as an inventory system.  Multiple sources of truth is *bad*.
 Alternatively, you can have an inventory system generate Hiera YAML
 very easily; generating well-formed puppet instructions with
 reasonable flexibility is *HARD* (I've written a system to do this,
 trust me).

 3.  Tweaking a YAML value means you are, in some sense at least,
 tweaking *data*, but if you're messing with puppet variables you're
 always messing with *code*, with all the joy that entails.

 -Robin

 --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To unsubscribe from this group and stop receiving emails from it, send an
 email to puppet-users+unsubscr...@googlegroups.com.
 To post to this group, send email to puppet-users@googlegroups.com.
 Visit this group at http://groups.google.com/group/puppet-users?hl=en.
 For more options, visit https://groups.google.com/groups/opt_out.




-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Re: What's your hiera tree look like?

2013-03-22 Thread Aaron Mills 
Late to the party, but wanted to add my $.02

We also keep hiera, manifests, and modules in a single repository at the 
moment. Since we use dynamic environments for development (as outlined 
here: https://puppetlabs.com/blog/git-workflow-and-puppet-environments), we 
also have a node-level variable called $our_environment that specifies 
whether a box lives in dev/test/prod (We talk about environment being 
where the puppet manifest is in the development cycle, and 
$our_environment being where the node is in the development cycle). So 
our hierarchy looks like this:

- %{our_environment}/%{fqdn}
- %{our_environment}/role_%{role}
- %{our_environment}
- common

Hiera finds its data in: /usr/local/puppet/%{environment}/hieradata

A node definition would look like:

  node 'foo' {
$our_environment = 'development'
include mysql
include some::submodule
  }

When in doubt, we set hiera variables at the %{fqdn} level. So there's some 
duplication of common settings, but we avoid having too many questions 
about where variables are getting set.  Putting too many search layers into 
hiera just reintroduces the problems that were supposed to be solved by 
hiera in the first place (i.e. getting rid of the inherits stuff).

The biggest pain point for us is that having hiera + puppet in the same 
repo feels like extra work. If they're going to live together, why even use 
hiera? Why not just set variables at the node level? Rhetorical questions, 
to be sure. But we have to live with hiera + puppet in the same repo since 
otherwise we wouldn't be able to do dynamic environments (at least not 
while developing modules that use hiera).

By the way - if you're asking for a wish list. I'd REALLY like to have 
hiera be able to look in more than one directory path for configuration 
variables. This way we could keep secure configuration information separate 
from our normal DVCS. hiera-gpg ameliorates this somewhat, but I'd prefer 
to solve that problem with plain YAML and a separate, secure path on the 
puppet master.

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Re: What's your hiera tree look like?

2013-03-21 Thread Larry Fast 
Hi Andy,
I guess my most important request for Hiera 2 is diagnostic information. 
It's probably a broader request for better diagnostics in puppet as a 
whole.  Here's what I dream of ...

1. The ability to run Puppet on the puppetmaster using the cached Facts 
from a server.
2. A postmortem (sorry, retrospective) output that includes a dump of all 
internal variables. Probably a .yaml file.  Ideally each variable should be 
able to state how it was set. Eg. Came from 
Hiera/qa_env/zookeeper_role/zabbix_module  OR set at file:line   
 module/zabbix/manifest/init.pp:136

To answer some questions about how we are using Hiera  more generally 
Puppet
- we only use the yaml backend
- we create custom facts for each server inside a puppet module (soon to be 
an ENC):  location, project, role  server_env.  The last could be renamed 
as server_collection or service_group.
- Each Puppet Environment is a git clone of our repo.  
- Development activity is delivered into the tip and then we create a 
branch for the deployment pipeline: integration=staging=production.  IMO, 
we need the branch because our puppet code is still young.  When things are 
more stable we may be able to push straight from the tip.


-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.