Ask Your Question

Are Hiera and Foreman Parameters Mutually Exclusive?

asked 2013-02-28 02:24:05 -0500

Ancillas gravatar image

I've been using Hiera for awhile, but Foreman's new support for parameterized classes seems to be on track to fully replace Hiera.

Are Foreman and Hiera mutually exclusive, or is it better to use them together?

edit retag flag offensive close merge delete

5 answers

Sort by ยป oldest newest most voted

answered 2013-02-28 05:18:51 -0500

domcleal gravatar image

updated 2014-11-18 08:08:48 -0500

(Disclaimer: I work on the Foreman project.. please comment if I get anything wrong about Hiera.)

You're right, there is a lot of overlap between Foreman's smart class parameters feature and Hiera, and for most users it makes sense to use one or the other.

There might be a feature or goal of each project that sways you towards one, for example:

  • Foreman is about providing a single web UI and API to the data it stores, Hiera is free-form allowing use of various backends and integration with other systems
  • Hiera specifies one hierarchy, Foreman specifies the hierarchy per parameter
  • Data binding (with Hiera) applies to all classes (and hiera() can be used anywhere), while Foreman's smart class parameters are limited to the classes included by the ENC. This makes it hard to implement roles/profiles with smart class parameters, as parameters need to be explicitly passed to the next level of classes.
  • Foreman parses classes and parameters upfront, so you have an index of what parameters you can set, validation etc.

Which solution works better for you comes down to how and where you want to manage your data. If the single interface is more important then Foreman may work better, but it won't match the flexibility that Hiera provides with different backends, version controlling data etc.

As I think you implied in the title, you can use Foreman and Hiera together, by using Foreman to only include classes on the node, then use Hiera to provide the data. There are a number of users doing just this, and I think this works much better when implementing roles/profiles.

Lastly, there are some ideas that muddle the situation a little more:

  • foreman_data_binding (video) plugs Foreman into Puppet 3 data binding, so it can resolve parameters in classes not explicitly included by the ENC
  • hiera-foreman is a backend for Hiera that can query Foreman smart parameters, which would let you split data between the two, or aide migration
  • Foreman 1.1 has plugin support, so it'd be feasible to write a UI plugin to manage data in a Hiera backend, giving you the single interface but with Hiera's capabilities
edit flag offensive delete link more


Thank you very much for this excellent breakdown.

Ancillas gravatar imageAncillas ( 2013-02-28 11:14:05 -0500 )edit

answered 2013-09-23 04:30:46 -0500

updated 2013-09-23 04:32:05 -0500

Unfortunately there is a serious impediment for using Hiera and Foreman: Import Classes fails when using parser = future (

And this bug doesn't even have a target version. It was Foreman 1.3 (next minor) until a week ago when it was removed from that release.

This is really annoying for me. I can use only simple flat data structure and not hierarchical data, e.g. a list of hashes, that would make more sense from a modeling perspective and be more versatile.

edit flag offensive delete link more

answered 2013-04-21 08:42:16 -0500

due to the fact, that modules of 'foreman' can be enabled/disabled nicely it should be possible to use 'hiera' as ENC but use 'foreman' as a replacement for puppet-dashboard and use it for reporting, statistics and such...

edit flag offensive delete link more

answered 2015-04-17 12:03:48 -0500

Hi - do you need to do anything special to get Hiera to work with Foreman. Should I be able to see the class parameters specified in my hieradata/node.yaml files in Foreman? Currently my nodes are no longer picking up the data set in their yaml files.

edit flag offensive delete link more



No need to do anything except *don't* override those parameters in Foreman. If Foreman doesn't send them (click the YAML button on the host page to see) then Puppet will fall back to Hiera by default if /etc/puppet/hiera.yaml is appropriately configured. Foreman will not show Hiera data in the UI.

domcleal gravatar imagedomcleal ( 2015-07-11 14:26:47 -0500 )edit

answered 2016-04-22 10:47:49 -0500

DJ gravatar image


bit of old thread but i would like to put my thoughts, i would say go for puppet smart classes.

Lot of time ppl says smart classes does not have version contorl, but i will argue and say, what's the purpose of version control, so it will be like, to audit changes, version/tag data, roll back to previous version in case of an issue.

but in my view, all of the above things are possible with smart classes, or i will say, audit is very easy with smart classes and UI/API allows you to make changes easily and permission model also works very nicely.

Now mostly i would use GIT for my puppet code ( which grows very rapidly, and lot of ppl make changes to same code ), where i want to monitor my code changes and review, where GIT gives nice visibility and differences between commits,

most of the time with puppet data, not everyone is making change to single data ? and they are once defined mostly they are not going to change very frequently?, smart classes you have single UI page per puppet class, so in case you are making change to ntp::server, hardly it will affect other puppet smart class ntp::driftfile or resolv::servers, so changes can be made without involving version control, and you already have audit.

you need GIT expertise when you use GIT, like if you are in 4th commit and you want to rollback to 4th commit preserving 1,2,3 commit, how easily you would do that ? i would prefer just look at 4th commit and make changes and do new commit which will be 5th commit, that looks easier to me, bcz in case of data, it will only be related to some puppet class and that will be of single line change or may be 5-6 line, which can be easily done with smartclasse UI/API without putting in GIT.

all above are my thought, you might have different opinions

Regards, DJ

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools



Asked: 2013-02-28 02:24:05 -0500

Seen: 10,314 times

Last updated: Nov 18 '14