Foreman Hiera Usecases Foreman 1.X branch

ikonia · May 21, 2020, 11:42am

I’ve been a long time foreman user with smart variables which has always met my use cases.

Recently I’ve been expanding and varying the way I like to work and some of the implementation patters and I’ve found using hiera with a puppet master, and I’ve seen some usecases where using hiera as a parameter store but keeping foreman as the ENC being actually quite a powerful combination.

I’m trying to use a traditional hiera flat file format to replace smart class parameters so that I can put the hiera parameters under a standard git flow model.

How do I approach this ? eg: what changes do I need to make to the puppet master config and the foreman config to get this working and what are the downsides ?

A concept I had but couldn’t realise would be to still continue to use hostgroups to control the puppet modules that are to be applied to a host which still works, but actually have the hostgroup as a method to pattern match for parameter variation in hiera, for example, instead of matching say an OS type for a hiera parameter,
eg:

name: “OS version”
path “OS.yaml”

have something like

name: “hostgroup”
path: “hostgroup.yaml”

which could contain a mapping to hostgroups as a way to identify the right variables/parameters

I don’t think this is possible though.

web*.domain.com

I’d really like to hear how you use hiera and what problems with smart class params or benifits to hiera made you pick it over smart class parametes

thanks

Dirk · May 24, 2020, 9:16pm

You should be able to make use of the hostgroups as they are available via the ENC as a global parameter, but the string contains the full hierarchy of the hostgroup and replaces characters not allowed.

Its use is perhaps not as common as using information like the domain or other values defined by the host, because many environments do not make a great use of hostgroups at all as its hierarchy is not flexible enough for them.

ikonia · May 26, 2020, 8:22am

this is interesting feedback, and a little surprising, but in a good way.

I didn’t expect hostgroups to be exposed in for use with hiera, I’d love to see some examples / details on how this can be achieved.

I can see the conflict between enviornments and hostgroups in hiera when not using smart class parameters, as one of the positive aspects of hostgroups is the pattern matching/conditional parameters

eg: parameter 1 + environment 1 = $Z
parameter 1 + environment 2 = $X

however I am curious how I could use defined functions (normally covered via hostgroups) with foreman as the ENC and hiera as the backend

for example, how could I approach this use case (genuine one for me - doesn’t mean it’s a good one and maybe I need to change the way I work)

I classify node type via hostgroup

eg:

internet/webserver/apache
internal/webserver/apache
internet/webserver/ngnix/proxy

(just made up examples)

if I have a class that is say configures the certificate chain files for apache and uses different certs depending on if it’s internal / or external - hostgroups are amazing for this

eg:

override default paramter
certficiate_file_name = (internet/webserver/apache = /tmp/public.ca)
certficiate_file_name = (internal/webserver/apache = /tmp/internal.ca)

without using domainnames or configured hostnames eg: intapache* and extapache*

how could I get this sort of functionality with foreman integrated into hiera ?

I do see the complexity though when

certficiate_file_name = (internet/webserver/apache + environment = test = /tmp/public.ca)
certficiate_file_name = (internet/webserver/apache + environment = develop = /tmp/personal.ca)
certficiate_file_name = (internal/webserver/apache + environment = test = /tmp/internal.ca)
certficiate_file_name = (internal/webserver/apache + environment = production = /tmp/prodl.ca)

that feels like a situation hiera could never deal with inside of foreman - I could be wrong though.

Dirk · May 28, 2020, 7:54am

I recognized it is not changing characters, so if you look at the yaml from the enc (YAML button on Host detail page or execute the node.rb script on the Puppetserver) it should look like:

---
parameters:
  hostgroup: Provision from foreman.localdomain/CentOS 7/OpenSCAP

So it is a global parameter which cloud be used in hiera. My bad example shows the problem here depending on your naming schema you will get whitespaces (not good for pathes) and slashes (creating a directory structure for you).

If you can achieve what you need more easy with hiera or within Foreman really depends on your mindset and how you organized things. I have seen both use cases successfully at different customers.

ikonia · May 29, 2020, 12:16pm

this is a really good an interesting response, I’d certainly appreciate a discussion with you if possible to talk about how you’ve approached the differing workflows, but it looks like hostgroups could be really powerful with hiera if you have the right structure.