looking for a better way - hiera / augeas sysctl

I have a 'sysctl' module, using a parameterized class and hiera, and using augeas pretty much as this example shows. The module works fine but there has to be a better way. In this configuration I have to change the yaml file and the code in all 3 classes when I want to add or remove a kernel parameter. One solution I think would be able to pass an array of kernel parameter names and their values as key/value pairs to my module and process everything in the array. I am not sure if that's possible and am looking at doing that. Aside from that thought, I am wondering if there is just a better way to do this. I'm sure there is. I've been teaching myself Puppet for the last 3 months as time allows and I feel like I may be over-complicating things and may have missed a few fundamentals along the way.


 - sysctl
sysctl::kernel_core_uses_pid: 0
sysctl::kernel_sysrq: 1
sysctl::fs_suid_dumpable: 2


class sysctl (
  $kernel_core_uses_pid = $sysctl::params::kernel_core_uses_pid,
  $kernel_sysrq         = $sysctl::params::kernel_sysrq,
  $fs_suid_dumpable     = $sysctl::params::fs_suid_dumpable,
) inherits sysctl::params {

# nested class/define
  define conf ( $value ) {

    # $name is provided by define invocation

    # guid of this entry
    $key = $name

    $context = "/files/etc/sysctl.conf"

     augeas { "sysctl_conf/$key":
       context => "$context",
       onlyif  => "get $key != '$value'",
       changes => "set $key '$value'",
       notify  => Exec["sysctl"],


   file { "sysctl_conf":
      name => $operatingsystem ? {
        default => "/etc/sysctl.conf",

   exec { "/sbin/sysctl -p":
      alias => "sysctl",
      refreshonly => true,
      subscribe => File["sysctl_conf"],
  class { 'sysctl::config': }


class sysctl::config inherits sysctl{

sysctl::conf {
  "kernel.core_uses_pid": value =>  $kernel_core_uses_pid;
  "kernel.sysrq":         value =>  $kernel_sysrq;
  "fs.suid_dumpable":     value =>  $fs_suid_dumpable;


class sysctl::params {
  $fs_suid_dumpable             = 0
  $kernel_core_uses_pid         = 0
  $kernel_sysrq                 = 0
This is how I would do it, as you suggested above. This example is dynamic enough that you only have to edit the class code if/when you need another attribute passed to the sysctl resource.

I implemented the test code directly with Puppet, but there's no reason I couldn't have listed my sysctls in Hiera and pulled them into my wrapper class using automatic parameter binding.

Also, please note that you will have to enable the future parser for the each() function to work. Add the following line to the [main] stanza in your puppet.conf and you should be all set:

parser = future
Thanks! This is just what I was looking for.

I forgot to mention that you will also need to set "parser = future" in your puppet.conf file. When you have a moment, would you mind marking my answer as correct? I appreciate it!

Done, thanks again Greg

