Puppet : Hiera
bogotobogo.com site search:
Puppet
Introduction
In this chapter, we'll setup ntp using Hiera.
With puppet 3, then we do not need to install anything to get hiera working.
Here is the current puppet structure:
Hiera's configuration file is hiera.yaml where we define the hierarchy we want to use. Hiera's configuration file path is different according to how it's invoked:
- From the Command Line and Ruby code:
Default path: /etc/hiera.yaml - From Puppet
- Default path for Puppet OpenSource: /etc/puppet/hiera.yaml
- Default path for Puppet Enterprise: /etc/puppetlabs/puppet/hiera.yaml
In order to avoid inconsistencies when using Hiera from the shell line or within Puppet manifests, we may want to soft link:
ln -s /etc/hiera.yaml /etc/puppet/hiera.yaml
default Hiera configuration and Hierarchy setup
If the config file exists but has no data, by default, Hiera does not provide a configuration file and the default settings are look like this:
---
:backends:
- yaml
:hierarchy:
- defaults
- "%{clientcert}"
- "%{environment}"
- global
:yaml:
# datadir is empty here, so hiera uses its defaults:
# - /var/lib/hiera on *nix
# - %CommonAppData%\PuppetLabs\hiera\var on Windows
# When specifying a datadir, make sure the directory exists.
:datadir:
The file must be valid YAML, but may contain no data. Note that each top-level key in the hash must be a Ruby symbol with a colon (:) prefix.
Actually, the default settings are equivalent to this:
--- :backends: yaml :yaml: :datadir: /var/lib/hiera :hierarchy: common :logger: console
- :backends: tells Hiera what kind of data sources it should process. In this case, we'll be using YAML files.
- A single node/ directory will contain any number of files named after some node's fqdn (fully qualified domain name) fact. This lets us specifically configure any given node with Hiera. Not every node needs to have a file in node/ - if it's not there, Hiera will just move onto the next hierarchy level.
- Next, the common data source (the /etc/puppet/hieradata/common.yaml file) will provide any common or default values we want to use when Hiera can't find a match for a given key elsewhere in our hierarchy. In this case, we're going to use it to set common ntp servers and default configuration options for the ntp module.
installing ntp
# puppet module search ntp Notice: Searching https://forgeapi.puppetlabs.com ... NAME DESCRIPTION AUTHOR KEYWORDS thias-ntp Network Time Protocol module @thias ntp ntpd ghoneycutt-ntp Manage NTP @ghoneycutt ntp time services sync diskstats-ntp Lean RedHat NTP module, with the most common settings. @diskstats redhat ntp time rhel ntpd hiera puppetlabs-ntp NTP Module @puppetlabs ntp time rhel ntpd centos gentoo aix dhoppe-ntp This module installs, configures and manages the NTP service. @dhoppe debian ubuntu ntp saz-ntp UNKNOWN @saz ntp time fedora ntpd gentoo oel suse example42-ntp Puppet module for ntp @example42 ntp example42 erwbgy-ntp configure and manage ntpd @erwbgy ntp time services rhel centos mthibaut-ntp NTP Module @mthibaut ntp hiera kickstandproject-ntp UNKNOWN @kickstandproject ntp aageyev-ntp Install ntp on ubuntu @aageyev ubuntu ntp a2tar-ntp Install ntp on ubuntu @a2tar ubuntu ntp csail-ntp Configures NTP servers and clients @csail debian ubuntu ntp ntpd freebsd warriornew-ntp ntp setup @warriornew ntp mmitchell-puppetlabs_ntp UNKNOWN @mmitchell xucchini-ntp @xucchini ubuntu ntp time kvm virtual DavidSchmitt-ntp @DavidSchmitt ntp time synchronisation tohuwabohu-openntp Puppet module for OpenNTPD @tohuwabohu ntp time openntp ringingliberty-chrony Manages the chrony network time daemon @ringingliberty debian ubuntu redhat ntp fedora adenning-winntp Manage the win32time service. @adenning ntp windows win32time example42-openntpd Puppet module for openntpd @example42 ntp example42 openntpd evenup-time Manages the timezone and ntp. @evenup ntp oppegaard-ntpd OpenNTP module for OpenBSD @oppegaard ntp ntpd openbsd openntpd erwbgy-system Manage Linux system resources and services from hiera configuration @erwbgy ntp rhel cron sshd user host fact mikegleasonjr-server The Server module serves as a base configuration for all your managed s... @mikegleasonjr ntp rsyslog firewall timezone swap hunner-mcollective MCollective module for managing the MC daemon and deploying MCollective... @hunner mcollective ntp
puppetlabs-ntp is the module we want to install:
# puppet module install puppetlabs-ntp
note
With /manifests/site.pp:
node "agent-node" {
class { "ntp":
servers => [ '0.us.pool.ntp.org','1.us.pool.ntp.org','2.us.pool.ntp.org','3.us.pool.ntp.org'],
autoupdate => false,
}
}
When we apply this with "noop", we get "Could not find init script or upstart conf file for ntp" error:
ubuntu@agent-node:~$ sudo puppet agent --test --noop Info: Retrieving pluginfacts Info: Retrieving plugin Info: Loading facts Info: Caching catalog for agent-node.us-west-1.compute.internal Info: Applying configuration version '1426608788' Notice: /Stage[main]/Ntp::Install/Package[ntp]/ensure: current_value purged, should be present (noop) Notice: Class[Ntp::Install]: Would have triggered 'refresh' from 1 events Notice: /Stage[main]/Ntp::Config/File[/etc/ntp.conf]/ensure: current_value absent, should be file (noop) Notice: Class[Ntp::Config]: Would have triggered 'refresh' from 1 events Info: Class[Ntp::Config]: Scheduling refresh of Class[Ntp::Service] Notice: Class[Ntp::Service]: Would have triggered 'refresh' from 1 events Info: Class[Ntp::Service]: Scheduling refresh of Service[ntp] Error: /Stage[main]/Ntp::Service/Service[ntp]: Could not evaluate: Could not find init script or upstart conf file for 'ntp' Notice: /Stage[main]/Ntp::Service/Service[ntp]: Would have triggered 'refresh' from 1 events Notice: Class[Ntp::Service]: Would have triggered 'refresh' from 1 events Notice: /Stage[main]/Ntp/Anchor[ntp::end]: Dependency Service[ntp] has failures: true Warning: /Stage[main]/Ntp/Anchor[ntp::end]: Skipping because of failed dependencies Notice: Stage[main]: Would have triggered 'refresh' from 3 events Notice: Finished catalog run in 0.26 seconds
We can modify the site.pp like this:
node "agent-node" {
class { "::ntp":
servers => [ '0.us.pool.ntp.org','1.us.pool.ntp.org','2.us.pool.ntp.org','3.us.pool.ntp.org'],
autoupdate => false,
}
}
We're referring ntp in our modules, and we get:
ubuntu@agent-node:~$ sudo puppet agent --test --noop Info: Retrieving pluginfacts Info: Retrieving plugin Info: Loading facts Info: Caching catalog for agent-node.us-west-1.compute.internal Info: Applying configuration version '1426610307' Notice: Finished catalog run in 0.28 seconds
So, to use the previous site.pp, we need to install npt:
ubuntu@puppet:~$ sudo apt-get install ntp
Then, we'll have /etc/init.d/ntp which was not there before the install.
Before Hiera
How do things look before Hiera? Classes are assigned to nodes via the puppet site manifest (/etc/puppet/manifests/sites.pp), so here's how our site manifest currently looks:
node "agent-node" {
class { "ntp":
servers => [ '0.us.pool.ntp.org','1.us.pool.ntp.org','2.us.pool.ntp.org','3.us.pool.ntp.org'],
autoupdate => false,
}
}
Hiera data - Making Decisions and Expressing Them in Hiera
Let's start making decisions about the nodes on our system, then expressing those decisions as Hiera data:
--- ntp::autoupdate: false ntp::servers: - 0.us.pool.ntp.org - 1.us.pool.ntp.org - 2.us.pool.ntp.org - 3.us.pool.ntp.org
Since we want to provide the data for a specific node, and we're using the fqdn fact to identify unique nodes in our hierarchy, we need to save this data in the /etc/puppet/hieradata/node directory as agent-node.yaml.
Classifying Nodes With Hiera
We can also use Hiera to assign classes to nodes using the hiera_include function, adding a single line to our site.pp manifest, then assigning classes to nodes within Hiera instead of within our site manifests.
node inheritance
Puppet
Ph.D. / Golden Gate Ave, San Francisco / Seoul National Univ / Carnegie Mellon / UC Berkeley / DevOps / Deep Learning / Visualization
My YouTube channel