Foreman parameter precedence

Hi all,

This might seem like a silly question, but I'm having a parameter collision
problem…

What is the precedence for parameters defined in Foreman Objects as they
filter down to a host?

  1. Set a global param firewall = false
  2. For EL7 platforms in the Operating System object set firewall = false
  3. Somewhere in the nesting of host groups, firewall = true
  4. The EL7 host sees firewall = true

I assume that Operating System's params appear somewhere between global and
host groups, so the host group's params take the highest precedence as I
laid out above. Beyond making a host group just for EL7 servers to set the
param, is there a good way to ensure this param is false for ALL EL7
systems?

The firewalling integration in the puppet modules I'm using doesn't yet
support firewalld, but I'm working on that, so in the mean time, I need to
simply conditionally disable the firewall module on EL7 systems.

Thanks!

You're correct, hostgroups have higher precedence that operating
systems. IIRC, the order is

global
domain
operatingsystem
hostgroup
host

(I may have domain / os reversed…)

You might be able to do something with a matcher attached to a smart
variable (which itself would be attached to some class that all the
servers have, since they must be attached to a class). You could
potentially have a smartvar called "firewall" with a matcher like
"operatingsystem = EL7". Somewhat clunky, and I've no idea how a
smartvar will interact with a simple parameter, but it's worth a try.

HTH,
Greg