Puppet, Hiera and hashes
Puppet is a rapidly evolving tool, since we started using it a couple of years ago the language and tools have improved hugely and so has the community around it.
I’ve recently found some more time to moved our data into yaml to be used by hiera (we might change some of this to JSON shortly). We have have found using the create_resources function combined with hashes from Hiera to be a really clean and simple way to get our resources configured.
For example:
---
classes:
- role::web::python::staging
pythonapps:
myapp:
appname: myapp
gitremote: 'git@github.com:pancentric/myapp.git'
uwsgiapps:
myapp:
processes: 2
enabled: true
broodlord: true
envs_myapp:
DJANGO_SETTINGS_MODULE: myapp.settings
DJANGO_SECRET_KEY: 'secretkey'
DJANGO_CONFIGURATION: StagingSettings
POSTGRES_PASSWORD: mypassword
# other params...Then we can query Hiera for the hashes and pass them to the exceedingly useful create_resources function which will loop over each hash passing the nested hashes to the function specified.
class profile::web::python {
# other classes...
include ::uwsgi
include ::pythonenv
$pythonenvs = hiera('pythonenvs')
$uwsgiapps = hiera('uwsgiapps')
create_resources(::pythonenv::app, $pythonenvs)
create_resources(::uwsgi::app, $uwsgiapps)
}This method also a great way of passing a larger number of key/value pairs into your code. In our instance we have a number of common environment variables for our Django app which both pythonenv::app and uwsgi::app need to use. We define these once as a hash in our yaml and then do a hiera_hash('env_myapp') lookup in the puppet code of both modules. This can then be used by the templates as needed.
If you had common and node specific environment variables by using the hiera_hash() function hiera will merge all matching results into one hash with the node specific overriding the common.
All of this allows for not only great separation of data and code, but a much more DRY configuration.