Ask Your Question

looking for a better way - hiera / augeas sysctl

asked 2015-02-20 11:21:46 -0500

EricL gravatar image

I have a 'sysctl' module, using a parameterized class and hiera, and using augeas pretty much as this example shows. The module works fine but there has to be a better way. In this configuration I have to change the yaml file and the code in all 3 classes when I want to add or remove a kernel parameter. One solution I think would be able to pass an array of kernel parameter names and their values as key/value pairs to my module and process everything in the array. I am not sure if that's possible and am looking at doing that. Aside from that thought, I am wondering if there is just a better way to do this. I'm sure there is. I've been teaching myself Puppet for the last 3 months as time allows and I feel like I may be over-complicating things and may have missed a few fundamentals along the way.


 - sysctl
sysctl::kernel_core_uses_pid: 0
sysctl::kernel_sysrq: 1
sysctl::fs_suid_dumpable: 2


class sysctl (
  $kernel_core_uses_pid = $sysctl::params::kernel_core_uses_pid,
  $kernel_sysrq         = $sysctl::params::kernel_sysrq,
  $fs_suid_dumpable     = $sysctl::params::fs_suid_dumpable,
) inherits sysctl::params {

# nested class/define
  define conf ( $value ) {

    # $name is provided by define invocation

    # guid of this entry
    $key = $name

    $context = "/files/etc/sysctl.conf"

     augeas { "sysctl_conf/$key":
       context => "$context",
       onlyif  => "get $key != '$value'",
       changes => "set $key '$value'",
       notify  => Exec["sysctl"],


   file { "sysctl_conf":
      name => $operatingsystem ? {
        default => "/etc/sysctl.conf",

   exec { "/sbin/sysctl -p":
      alias => "sysctl",
      refreshonly => true,
      subscribe => File["sysctl_conf"],
  class { 'sysctl::config': }


class sysctl::config inherits sysctl{

sysctl::conf {
  "kernel.core_uses_pid": value =>  $kernel_core_uses_pid;
  "kernel.sysrq":         value =>  $kernel_sysrq;
  "fs.suid_dumpable":     value =>  $fs_suid_dumpable;


class sysctl::params {
  $fs_suid_dumpable             = 0
  $kernel_core_uses_pid         = 0
  $kernel_sysrq                 = 0
edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2015-02-20 13:17:06 -0500

GregLarkin gravatar image

updated 2015-02-20 15:08:28 -0500

This is how I would do it, as you suggested above. This example is dynamic enough that you only have to edit the class code if/when you need another attribute passed to the sysctl resource.

I implemented the test code directly with Puppet, but there's no reason I couldn't have listed my sysctls in Hiera and pulled them into my wrapper class using automatic parameter binding.

Also, please note that you will have to enable the future parser for the each() function to work. Add the following line to the [main] stanza in your puppet.conf and you should be all set:

parser = future
edit flag offensive delete link more


Thanks! This is just what I was looking for.

EricL gravatar imageEricL ( 2015-02-20 14:31:12 -0500 )edit

I forgot to mention that you will also need to set "parser = future" in your puppet.conf file. When you have a moment, would you mind marking my answer as correct? I appreciate it!

GregLarkin gravatar imageGregLarkin ( 2015-02-20 15:07:23 -0500 )edit

Done, thanks again Greg

EricL gravatar imageEricL ( 2015-02-20 16:39:57 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2015-02-20 11:21:46 -0500

Seen: 873 times

Last updated: Feb 20 '15