Ask Your Question

How to define class in base profile with hiera

asked 2015-04-06 06:17:00 -0600

maxwell gravatar image

We're using roles + profiles pattern + hiera and have a base profile that is applied to all nodes. In this base profile I have a class which manages the shorewall firewall. However the parameters that are required depend on the server role. For example all nodes need the interface parameter defined however the tunnel parameter is only required in the openvpn profile. The solution to this would appear to have a class with all parameters required defined in the base class e.g.

   $shorewall_interfaces = hiera('profiles::base::shorewall_interfaces')
   $shorewall_zones      = hiera('profiles::base::shorewall_zones')
   $shorewall_tunnels    = hiera('profiles::base::shorewall_tunnels')

    class { '::shorewall':
      interfaces => $shorewall_interfaces,
      zones      => $shorewall_zones,
      tunnels    => $shorewall_tunnels,

And then in the base level hiera file e.g. global.yaml we would have no value for the tunnels parameter


And in the hiera file for openvpn servers e.g. vpn_server.yaml we should specify the value e.g.

profiles::base::shorewall_tunnels: 'openvpn:443'

Is this the correct way? i.e. to have classes in base profiles lookup hiera keys that have no value where they are not used and then override them in more specific hiera files?

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2015-04-06 22:53:04 -0600

GregLarkin gravatar image

The answer to your final question is "YES", but you don't need to provide Hiera keys with empty values throughout your Hiera data files. So leave out the profiles::base::shorewall_tunnels key in global.yaml, and you should be all set.

The only thing to make sure of is that your base class (or the ::shorewall class) can handle a nil/undef value for that key. Otherwise, I think you should be all set.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2015-04-06 06:17:00 -0600

Seen: 247 times

Last updated: Apr 06 '15