How can I override/set parameters for base profiles from a role or another profile?

asked 2016-07-17 10:48:31 -0500

drb16 gravatar image

Assume an open source Puppet deployment using the roles and profiles paradigm and Heira (https://puppet.com/presentations/desi...)

Lets say I have a role module called 'roleapplicationX' which includes two profile modules - "profileoracleserver" and "profiletomcat".

Now also assume that all my systems, via the external node classifier, loads a series of base profile modules, such as "tuned" (a Red Hat tool for managing kernel settings). In this list of base profile modules is "profile_tuned".

The profile_tuned class defaults to a tuned system profile of 'virtual' if it finds that the system is virtual based on Facts.

What I want to be able to do is inside the "profileoracleserver" in some way signal or change "profiletuned" to use the oracle tuned profile. You can't redefine classes using 'resource-like' syntax, so I can't just change parameters to "profiletuned". Variables are actually constants, so a profile can't change an existing variable.

Heira doesn't solve this problem, although I'm told that it should, because including profileoracleserver cannot have any bearing on Heira. Heira is great at letting you change the functionality of classes/modules per-node, but I cannot find a way for 'role' modules to change what a profile module does, without every role having to define all of my base profiles. I'm told that an ENC should only ever set a 'role' for a node, and nothing else, and yet it seems pretty clear to me I also have to store configuration for a role in the node's heira configuration, so I have to change things in multiple places.

What I'd like to do is assign a role to a node and that should alter the base configuration as needed.

The only other option I can think of is a horrible "if not defined define the base profile module" hack where base profiles are only declared via resource-like syntax if a role doesn't define them (i.e. with specific parameters). I'm pretty sure Heira was created to avoid this, and yet it seems the only in-puppet-code option I can think of.

Any help and advice would be much appreciated.

edit retag flag offensive close merge delete

Comments

1

This question is difficult to follow and could use some reformatting and rewording to clearly and simply define the problem faced. That said, I think you may find a few possible answers in my recent question: https://ask.puppet.com/question/26929/how-can-i-do-conditional-logic-based-on-a-role/

Rob Ogilvie gravatar imageRob Ogilvie ( 2016-07-18 09:57:50 -0500 )edit

Many thanks for your reply, I will attempt to better explain what I mean. We have about 20 'base' modules/classes that we apply to all our servers, covering all the things we want to apply to all our servers, such as DNS, NTP, Kerberos, LDAP, etc. These are all sent by our ENC to all our servers.

drb16 gravatar imagedrb16 ( 2016-07-19 04:56:12 -0500 )edit

These modules have parameters, some of them are important like setting the system-wide tuned profile, or setting up the settings for the Postfix mail server. I want to attach a single role to a node, and that role pulls in profile modules it needs. Some of these profiles need to instruct the base...

drb16 gravatar imagedrb16 ( 2016-07-19 04:57:39 -0500 )edit

...modules to change some of their parameters. For example, if I have a role "java_app_foo" which includes two profiles - tomcat and oracle. Oracle now needs to set a different tuned profile. A module though (the profile module) can't change parameters to an existing defined class, it can't set...

drb16 gravatar imagedrb16 ( 2016-07-19 04:58:39 -0500 )edit

...hiera variables, it can't essentially change the base system, but I need it to do so. I know how to use Hiera to, per-node change variables, but there doesn't seem to be a way for profile modules to request changes to the 'base' modules all our linux systems apply.

drb16 gravatar imagedrb16 ( 2016-07-19 04:59:29 -0500 )edit