# How to define class in base profile with hiera

We're using roles + profiles pattern + hiera and have a base profile that is applied to all nodes. In this base profile I have a class which manages the shorewall firewall. However the parameters that are required depend on the server role. For example all nodes need the interface parameter defined however the tunnel parameter is only required in the openvpn profile. The solution to this would appear to have a class with all parameters required defined in the base class e.g.

   $shorewall_interfaces = hiera('profiles::base::shorewall_interfaces')$shorewall_zones      = hiera('profiles::base::shorewall_zones')
$shorewall_tunnels = hiera('profiles::base::shorewall_tunnels') class { '::shorewall': interfaces =>$shorewall_interfaces,
zones      => $shorewall_zones, tunnels =>$shorewall_tunnels,
}


And then in the base level hiera file e.g. global.yaml we would have no value for the tunnels parameter

profiles::base::shorewall_tunnels:


And in the hiera file for openvpn servers e.g. vpn_server.yaml we should specify the value e.g.

profiles::base::shorewall_tunnels: 'openvpn:443'


Is this the correct way? i.e. to have classes in base profiles lookup hiera keys that have no value where they are not used and then override them in more specific hiera files?

edit retag close merge delete

Sort by » oldest newest most voted

The answer to your final question is "YES", but you don't need to provide Hiera keys with empty values throughout your Hiera data files. So leave out the profiles::base::shorewall_tunnels key in global.yaml, and you should be all set.

The only thing to make sure of is that your base class (or the ::shorewall class) can handle a nil/undef value for that key. Otherwise, I think you should be all set.

more