The first goal you want to achieve when you move your infrastructure provisioning/configuration to Puppet code is to start thinking about this: "Puppet code declares the final state of my server(s)"
For instance, if I want a user "glarkin" to exist on a system, I would apply the following Puppet code:
user { 'glarkin':
ensure => present,
}
That's all I need to do, and Puppet will take care of executing the OS-dependent commands needed to check if that user exists, and if it doesn't, the commands to create the user.
I could also expand the example to include the use of Hiera to manage a number of users at once like so:
defaults.yaml:
---
userlist:
- glarkin
- chutki
- bob
- jane
users.pp
$userlist = hiera('userlist')
user { [ $userlist ]:
ensure => present,
}
Now let's expand this to your situation and to what I think you're trying to achieve. It appears that your goal is to create some Puppet code that sets the kernel.sem value in /etc/sysctl.conf and also allows you to manage the individual values as needed. To do that, let's think about using a similar set of constructs as our examples above.
First, always always look to the Puppet Forge to see if there are pre-written modules that help you achieve your goal. There is no reason to re-invent the wheel and especially if there are supported and/or approved modules already available for use.
So going with my first thought of "always check the Puppet Forge before re-inventing the wheel", I am going to search for "sysctl" and see what comes up. As a matter of fact, there are many modules to manage the sysctl.conf file. If I limit my search to show me approved and/or supported modules, there is one in that category.
My next step would be to install the module according to the instructions presented in its description:
puppet module install herculesteam-augeasproviders_sysctl
Once I've done that, I can see that I now have access to a new Puppet resource type named sysctl. This makes it very easy to manage entries in the /etc/sysctl.conf file as shown here:
sysctl { "net.ipv4.ip_forward":
ensure => present,
value => "1",
}
You have a requirement to manage the kernel.sem entry in the /etc/sysctl.conf file, so your Puppet code could look like this:
sysctl { "kernel.sem":
ensure => present,
value => "345 765 9378 128",
}
That's pretty good, but you still have to edit your Puppet code to change the value, and that value may not be appropriate for all of your machines. When you notice a situation like that and want to avoid it, immediately think of using Hiera to manage the data portion of your infrastructure and feed the values into your Puppet code.
You have done some of that in your code example, but let's take it further like so. I will show an example Hiera data file defaults.yaml and the associated Puppet manifest code. You ... (more)
Please describe where you get the values of kernel.sem. For instance, are they set in a Hiera data file, are they hard-coded in your Puppet code, etc.? For instance, I can install http://bit.ly/1zZ8bfB, then write sysctl { 'kernel.sem': ensure => present, value => '345 765 9378 128', }
That works fine, but better would be to set the values in Hiera, then change the Hiera data file when necessary. If you do that, you don't have to worry about setting individual values, just set the entire set of values as a unit.
Yes Greg. I am working the hardcoded value in hiera
Sorry, I should have reviewed the code above more closely, since you are using hiera_hash() there. I will add an answer below.