Introduction to Hiera
-
Upload
nibalizer -
Category
Technology
-
view
50 -
download
1
Transcript of Introduction to Hiera
![Page 1: Introduction to Hiera](https://reader033.fdocuments.net/reader033/viewer/2022042817/55a786861a28ab84188b4637/html5/thumbnails/1.jpg)
Introduction to Hiera
![Page 2: Introduction to Hiera](https://reader033.fdocuments.net/reader033/viewer/2022042817/55a786861a28ab84188b4637/html5/thumbnails/2.jpg)
Spencer Krumcc by sa
![Page 3: Introduction to Hiera](https://reader033.fdocuments.net/reader033/viewer/2022042817/55a786861a28ab84188b4637/html5/thumbnails/3.jpg)
![Page 4: Introduction to Hiera](https://reader033.fdocuments.net/reader033/viewer/2022042817/55a786861a28ab84188b4637/html5/thumbnails/4.jpg)
cc by sa
![Page 5: Introduction to Hiera](https://reader033.fdocuments.net/reader033/viewer/2022042817/55a786861a28ab84188b4637/html5/thumbnails/5.jpg)
![Page 6: Introduction to Hiera](https://reader033.fdocuments.net/reader033/viewer/2022042817/55a786861a28ab84188b4637/html5/thumbnails/6.jpg)
cc by sa //
![Page 7: Introduction to Hiera](https://reader033.fdocuments.net/reader033/viewer/2022042817/55a786861a28ab84188b4637/html5/thumbnails/7.jpg)
Agenda• What is hiera
• Hiera architecture
• Basic examples
• More complicated example
• Trouble points for new users
![Page 8: Introduction to Hiera](https://reader033.fdocuments.net/reader033/viewer/2022042817/55a786861a28ab84188b4637/html5/thumbnails/8.jpg)
What is hiera• Software from puppetlabs
• Started in 2011
• Started out as a puppet plugin, corenow
![Page 9: Introduction to Hiera](https://reader033.fdocuments.net/reader033/viewer/2022042817/55a786861a28ab84188b4637/html5/thumbnails/9.jpg)
What is hiera• A way to plug data into your puppet
code
• Separate concerns of data andconfiguration
![Page 10: Introduction to Hiera](https://reader033.fdocuments.net/reader033/viewer/2022042817/55a786861a28ab84188b4637/html5/thumbnails/10.jpg)
What is hiera• Exposes hiera() function to puppet
• Plugable backend
• Different from PuppetDB
![Page 11: Introduction to Hiera](https://reader033.fdocuments.net/reader033/viewer/2022042817/55a786861a28ab84188b4637/html5/thumbnails/11.jpg)
Hiera Architecture
![Page 12: Introduction to Hiera](https://reader033.fdocuments.net/reader033/viewer/2022042817/55a786861a28ab84188b4637/html5/thumbnails/12.jpg)
Puppet Architecture
cc by sa
![Page 13: Introduction to Hiera](https://reader033.fdocuments.net/reader033/viewer/2022042817/55a786861a28ab84188b4637/html5/thumbnails/13.jpg)
Puppet Architecture w/hiera
![Page 14: Introduction to Hiera](https://reader033.fdocuments.net/reader033/viewer/2022042817/55a786861a28ab84188b4637/html5/thumbnails/14.jpg)
cc by sa
![Page 15: Introduction to Hiera](https://reader033.fdocuments.net/reader033/viewer/2022042817/55a786861a28ab84188b4637/html5/thumbnails/15.jpg)
# ln -s /etc/hiera.yaml /etc/puppet/hiera.yaml
![Page 16: Introduction to Hiera](https://reader033.fdocuments.net/reader033/viewer/2022042817/55a786861a28ab84188b4637/html5/thumbnails/16.jpg)
# cat /etc/puppet/hiera.yaml---:backends:
- yaml
:yaml::datadir: /etc/puppet/hieradata
:hierarchy:- "%{clientcert}/common"- "osfamily/%{osfamily}/common"- common
![Page 17: Introduction to Hiera](https://reader033.fdocuments.net/reader033/viewer/2022042817/55a786861a28ab84188b4637/html5/thumbnails/17.jpg)
# find /etc/puppet/hieradata../common.yaml./osfamily./osfamily/RedHat./osfamily/RedHat/common.yaml./osfamily/Debian./osfamily/Debian/common.yaml
![Page 18: Introduction to Hiera](https://reader033.fdocuments.net/reader033/viewer/2022042817/55a786861a28ab84188b4637/html5/thumbnails/18.jpg)
Hiera• A place to put your data
• Backend driven
• Function call to lookup on keys
![Page 19: Introduction to Hiera](https://reader033.fdocuments.net/reader033/viewer/2022042817/55a786861a28ab84188b4637/html5/thumbnails/19.jpg)
class { 'jenkins::slave':jenkins_ssh_key => 'AAAAB3Nzbu84a....'
}
![Page 20: Introduction to Hiera](https://reader033.fdocuments.net/reader033/viewer/2022042817/55a786861a28ab84188b4637/html5/thumbnails/20.jpg)
# cat /etc/puppet/hieradata/common.yaml---jenkins_key: AAAAB3NzaC1yc2EAAAADA......
# hiera -d jenkins_keyDEBUG: Hiera YAML backend startingDEBUG: Looking up jenkins_key in YAML backendDEBUG: Looking for data source commonDEBUG: Found jenkins_key in common
AAAAB3NzaC1yc2EAAAADAQAB...
![Page 21: Introduction to Hiera](https://reader033.fdocuments.net/reader033/viewer/2022042817/55a786861a28ab84188b4637/html5/thumbnails/21.jpg)
$ssh_key = hiera('jenkins_key')class { 'jenkins::slave':
jenkins_ssh_key => $ssh_key,}
![Page 22: Introduction to Hiera](https://reader033.fdocuments.net/reader033/viewer/2022042817/55a786861a28ab84188b4637/html5/thumbnails/22.jpg)
class { 'mysql::server':root_password => 'hunter2',
}
![Page 23: Introduction to Hiera](https://reader033.fdocuments.net/reader033/viewer/2022042817/55a786861a28ab84188b4637/html5/thumbnails/23.jpg)
# cat /etc/puppet/hieradata/common.yaml---...mysql_root_password: hunter2...
# hiera -d mysql_root_passwordDEBUG: Hiera YAML backend startingDEBUG: Looking up mysql_root_password in YAML backendDEBUG: Looking for data source commonDEBUG: Found mysql_root_password in common
hunter2
![Page 24: Introduction to Hiera](https://reader033.fdocuments.net/reader033/viewer/2022042817/55a786861a28ab84188b4637/html5/thumbnails/24.jpg)
$password = hiera('mysql_root_password')
class { 'mysql::server':root_password => $password,
}
![Page 25: Introduction to Hiera](https://reader033.fdocuments.net/reader033/viewer/2022042817/55a786861a28ab84188b4637/html5/thumbnails/25.jpg)
Questions?
![Page 26: Introduction to Hiera](https://reader033.fdocuments.net/reader033/viewer/2022042817/55a786861a28ab84188b4637/html5/thumbnails/26.jpg)
class graphite {if $::osfamily == 'RedHat' {
$pkgs = ['git','python-django','g++','sqlite3',]
...}
}
![Page 27: Introduction to Hiera](https://reader033.fdocuments.net/reader033/viewer/2022042817/55a786861a28ab84188b4637/html5/thumbnails/27.jpg)
Hiera• Hierarchy that is facter aware
• Defaults and overrides
![Page 28: Introduction to Hiera](https://reader033.fdocuments.net/reader033/viewer/2022042817/55a786861a28ab84188b4637/html5/thumbnails/28.jpg)
# cat /etc/puppet/hiera.yaml---:backends:
- yaml
:yaml::datadir: /etc/puppet/hieradata
:hierarchy:- "%{clientcert}/common"- "osfamily/%{osfamily}/common"- common
![Page 29: Introduction to Hiera](https://reader033.fdocuments.net/reader033/viewer/2022042817/55a786861a28ab84188b4637/html5/thumbnails/29.jpg)
# find /etc/puppet/hieradata../common.yaml./osfamily./osfamily/RedHat./osfamily/RedHat/common.yaml./osfamily/Debian./osfamily/Debian/common.yaml
![Page 30: Introduction to Hiera](https://reader033.fdocuments.net/reader033/viewer/2022042817/55a786861a28ab84188b4637/html5/thumbnails/30.jpg)
Conditional data in code
class { 'graphite':if $::osfamily == 'RedHat' {
$pkgs = ['git','python-django','g++','sqlite3',]
...}
}
![Page 31: Introduction to Hiera](https://reader033.fdocuments.net/reader033/viewer/2022042817/55a786861a28ab84188b4637/html5/thumbnails/31.jpg)
# cat osfamily/Debian/common.yaml---graphite::pkgs:
- graphite- python-django- virtualenv
![Page 32: Introduction to Hiera](https://reader033.fdocuments.net/reader033/viewer/2022042817/55a786861a28ab84188b4637/html5/thumbnails/32.jpg)
# cat osfamily/RedHat/common.yaml---graphite::pkgs:
- git- python-django- g++- sqlite3- sqlite3-devel- python26-virtualenv
![Page 33: Introduction to Hiera](https://reader033.fdocuments.net/reader033/viewer/2022042817/55a786861a28ab84188b4637/html5/thumbnails/33.jpg)
Hiera data# hiera graphite::pkgs osfamily=RedHat["git","python-django","g++","sqlite3","sqlite3-devel","python26-virtualenv"]
![Page 34: Introduction to Hiera](https://reader033.fdocuments.net/reader033/viewer/2022042817/55a786861a28ab84188b4637/html5/thumbnails/34.jpg)
# hiera graphite::pkgs osfamily=Debian["graphite", "python-django", "virtualenv"]
![Page 35: Introduction to Hiera](https://reader033.fdocuments.net/reader033/viewer/2022042817/55a786861a28ab84188b4637/html5/thumbnails/35.jpg)
# hiera graphite::pkgsnil
![Page 36: Introduction to Hiera](https://reader033.fdocuments.net/reader033/viewer/2022042817/55a786861a28ab84188b4637/html5/thumbnails/36.jpg)
class graphite {if $::osfamily == 'RedHat' {
$pkgs = ['git','python-django','g++','sqlite3',]
...}
}
![Page 37: Introduction to Hiera](https://reader033.fdocuments.net/reader033/viewer/2022042817/55a786861a28ab84188b4637/html5/thumbnails/37.jpg)
class graphite {$pkgs = hiera('graphite::pkgs')package { $pkgs:
ensure => latest,}
}
![Page 38: Introduction to Hiera](https://reader033.fdocuments.net/reader033/viewer/2022042817/55a786861a28ab84188b4637/html5/thumbnails/38.jpg)
Backends
• yaml, json
• file, ldap
• gpg, eyaml
• mysql, postgres, redis
![Page 39: Introduction to Hiera](https://reader033.fdocuments.net/reader033/viewer/2022042817/55a786861a28ab84188b4637/html5/thumbnails/39.jpg)
Pros
• Separation between data and code
• Secret storage
• Backends, integration with existingdatastores
• Some conditional logic irrelevant
• Puppet code sanitized
![Page 40: Introduction to Hiera](https://reader033.fdocuments.net/reader033/viewer/2022042817/55a786861a28ab84188b4637/html5/thumbnails/40.jpg)
Cons
• hard to figure out where things comefrom
• hiera-yaml can only support one datadirectory
• debugging
• public modules + hirea is unsolved
![Page 42: Introduction to Hiera](https://reader033.fdocuments.net/reader033/viewer/2022042817/55a786861a28ab84188b4637/html5/thumbnails/42.jpg)
User issues• Complicated hierarchy
• Runaway backends
• Latency/Load
• Architecture
![Page 43: Introduction to Hiera](https://reader033.fdocuments.net/reader033/viewer/2022042817/55a786861a28ab84188b4637/html5/thumbnails/43.jpg)
Positive note• Use hiera, its awesome
• Start with yaml
• Try and experiment, iterate
![Page 44: Introduction to Hiera](https://reader033.fdocuments.net/reader033/viewer/2022042817/55a786861a28ab84188b4637/html5/thumbnails/44.jpg)
Questions on Hiera