Ask Your Question
0

Iterate nested hash from hiera based on puppet environment and facter variable

asked 2015-01-19 16:33:13 -0500

victorbrca gravatar image

I'm trying to clean up my code and move my ssh key data to hiera. I have the following setup, where lms_environment is a custom facter variable (dev, sit, int, uat, prd, etc...):

Ssh_authorized_key {
    ensure => present,
    user   => 'server_admin',
    target => '/home/server_admin/.ssh/authorized_keys',
    type   => 'ssh-rsa',
}

case $::lms_environment {
    'dev': {
        ssh_authorized_key { 'devuser@server1':
            name => 'devuser@server1',
            key  => 'ABZF...',
        }

        ssh_authorized_key { 'devuser@server2':
            name => 'devuser@server2',
            key  => 'ABZF...',
        }
    }
    'int': {
        ssh_authorized_key { 'intuser@server1':
            name => 'intuser@server1',
            key  => 'ABZF...',
        }

        ssh_authorized_key { 'intuser@server2':
            name => 'intuser@server2',
            key  => 'ABZF...',
        }
    'sit': {
        ssh_authorized_key { 'situser@server1':
            name => 'situser@server1',
            key  => 'ABZF...',
        }

        ssh_authorized_key { 'situser@server2':
            name => 'situser@server2',
            key  => 'ABZF...',
        }
    'prd': {
        ssh_authorized_key { 'prduser@server1':
            name => 'prduser@server1',
            key  => 'ABZF...',
        }

        ssh_authorized_key { 'prduser@server2':
            name => 'prduser@server2',
            key  => 'ABZF...',
        }
    }
...
}

I know I can create a hiera yaml file similar to the solution here and loop through create_resources. But how do I specify $lms_environment as a parameter for hiera?

Here's my hiera file. I would be using puppet's environment variable to look for the hiera yaml data file (my puppet environments are dev, uat and prd):

# cat ../hiera.yaml
---
:backends:
  - yaml
:hierarchy:
  - "%{environment}"

:yaml:
# datadir is empty here, so hiera uses its defaults:
# # - /var/lib/hiera on *nix
# # - %CommonAppData%\PuppetLabs\hiera\var on Windows
# # When specifying a datadir, make sure the directory exists.
  :datadir: '/etc/puppet/hieradata'

This is what I'm assuming the hiera data file for puppet enviroment dev would look like:

# cat dev.yaml
---
ssh_keys:
  dev:
    server1:
      name: devuser@server1
      key: key1
    server2:
      name: devuser@server2
      key: key2
  int:
    server1:
      name: intuser@server1
      key: key1
    server2:
      name: intuser@server2
      key: key2
  sit:
    server1:
      name: situser@server1
      key: key1
    server2:
      name: situser@server2
      key: key2

And here's for puppet environment prd:

# cat prd.yaml
---
ssh_keys:
  prd: # I'm assuming I would need this not to break the hiera lookup, depending on how it would be done
    server1:
      name: prduser@server1
      key: key1
    server2:
      name: prduser@server2
      key: key2

And uat:

# cat prd.yaml
---
ssh_keys:
  uat: # I'm assuming I would need this not to break the hiera lookup, depending on how it would be done
    server1:
      name: uatuser@server1
      key: key1
    server2:
      name: uatuser@server2
      key: key2

Thanks.

edit retag flag offensive close merge delete

2 Answers

Sort by ยป oldest newest most voted
1

answered 2015-01-21 22:00:05 -0500

GregLarkin gravatar image

updated 2015-01-21 22:01:40 -0500

Is your lms_environment fact value at all related to the Puppet environment value? If you are already setting the Puppet environment to dev, sit, int, etc., then your current hiera.yaml file will work fine.

If those 2 variables are not related, then you can modify your hiera.yaml like so in order to use the lms_environment fact to lookup from the correct Hiera data file:

---
:backends:
  - yaml
:hierarchy:
  - "%{lms_environment}"

:yaml:
# datadir is empty here, so hiera uses its defaults:
# # - /var/lib/hiera on *nix
# # - %CommonAppData%\PuppetLabs\hiera\var on Windows
# # When specifying a datadir, make sure the directory exists.
  :datadir: '/etc/puppet/hieradata'
edit flag offensive delete link more

Comments

The environments are different. And I tried that. Because of the level on the yaml files, I can't just specify '$servers = hiera("ssh_keys")'. I need to be able to specify the hiera data file, and the subvalue (which is $lms_environment).

victorbrca gravatar imagevictorbrca ( 2015-01-21 23:59:48 -0500 )edit
0

answered 2015-01-22 23:25:00 -0500

victorbrca gravatar image

This is what I have found to be the best solution. I have modified my hiera config to look at "sshkeys" first:

$ cat ../hiera.yaml 
---
:backends:
  - yaml
:hierarchy:
  - sshkeys
  - "%{environment}"
  - common
:yaml:
# datadir is empty here, so hiera uses its defaults:
# - /var/lib/hiera on *nix
# - %CommonAppData%\PuppetLabs\hiera\var on Windows
# When specifying a datadir, make sure the directory exists.
  :datadir: /etc/puppetlabs/puppet/hieradata

I have created the sshkeys.yaml file as follow. This way I can use dev|uat|prd.yaml for other configs.

$ cat sshkeys.yaml 
---
sshkeys::dev:
  server1:
    name: devuser@server1
    key: key1
  server2:
    name: devuser@server1
    name: devuser@server2
    key: key2
sshkeys::int:
  server1:
    name: devuser@server1
    name: intuser@server1
    key: key1
  server2:
    name: intuser@server2
    key: key2
sshkeys::sit:
  server1:
    name: situser@server1
    key: key1
  server2:
    name: situser@server2
    key: key2

And I loop though the value as follows:

define ssh_loop ($name, $key) {
    ssh_authorized_key { "$name":
        ensure => present,
        user   => 'root',
        key    => "$key",
        target => '/root/.ssh/authorized_keys',
        type   => 'ssh-rsa',
    }
}

$values = hiera("sshkeys::${lms_environment}")
create_resources( ssh_loop , $servers )
edit flag offensive delete link more

Comments

Interesting solution... I think I prefer @GregLarkin's solution below, as you are using the lms_environment value to let hiera decide which data to pick directly in your hierachy

DarylW gravatar imageDarylW ( 2017-01-12 13:58:18 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2015-01-19 16:33:13 -0500

Seen: 1,912 times

Last updated: Jan 22 '15