hiera_array, structured data and multiple levels of hierarchy

[David Patterson]

Hi all!  

I'm trying to setup a puppet module for sudo that will write multiple files with separate data for each file, all dependent on the hiera hierarchy.  Here's the relevant portion of my hiera.yaml:

:hierarchy:

  - "datacenter/app/role/node/%{::clientcert}"

  - "datacenter/app/role/%{::server_role}"

  - "datacenter/app/%{::app_name}"

  - "datacenter/%{::datacenter}"

  - common

Basically, a node can have different files in /etc/sudoers.d/ depending on the structure above.  I want each sudoers definition to be in it's own file in /etc/sudoers.d/.

Here's how I have my data files laid out (yaml):

common.yaml:

sudoers:

  - filename: app1_sudo

  - contents: |

                %wheel   ALL=(ALL)   ALL

  - filename: app2_sudo

  - contents: |

                %app2     ALL=(ALL)       ALL

                %app3     ALL=(ALL)       ALL

datacenter/datacenter.yaml:

sudoers:

  - filename: datacenter1_sudo 

  - contents: |

                %datacenter1   ALL=(ALL)   ALL

  - filename: datacenter2_sudo

  - contents: |

                %datacenter2     ALL=(ALL)       ALL

                %datacenter3     ALL=(ALL)       ALL

 This is the closest I've been able to get, however, notice I'm not using 'hiera_array', thus, only 1 level of hierarchy is written.

class sudo_crap {

  # Errors with:

  # Error: Could not run: Hiera type mismatch: expected Array and got Hash

  #create_resources(sudo_crap::sudo_configs, hiera_debug_array('sudoers'))

  # works for only one level of hierarchy

  create_resources(sudo_crap::sudo_configs, hiera_debug('sudoers'))

  # Errors with:

  # Error: Could not run: Hiera type mismatch: expected Array and got Hash

  #create_resources(sudo_crap::sudo_configs, flatten(hiera_debug_array('sudoers')))

}

define sudo_crap::sudo_configs($filename, $contents) {

  file {"/tmp/etc/sudoers.d/$filename":

    owner => root,

    group => root,

    mode  => 644,

    content => $contents,

  }

}

include sudo_crap

 

Any ideas what I'm doing wrong and how I can solve this?  Hopefully with some code examples :)  I've been banging my head on this for the better part of 2 weeks :)

Thanks!

David

 

[Alex Scoble]

I personally couldn't get hiera to work with nested directories in the hiera.yaml.

In my case the hierarchy would look like:

:hierarchy:

  - defaults

  - "%{::clientcert}"

  - "%{::server_role}"

  - "%{::app_name}"

  - "%{::datacenter}"

  - global

You might try it flattened like that and see if that works. Will at least let you know if nesting is the problem.

FYI, I'm using PE 3.0.1 and the version of hiera that comes with that, so there may be some differences with that and the version of hiera that you are using.

Hope that helps at least a little.

Regards,

Alex 

[David Patterson]

Thanks for the reply, Alex!  I'm using puppet-3.3 and the nested directory works fine...at least for more simple modules, heh!

David

[Alex Scoble]

Yeah, I'll have to try again after upgrading to PE 3.1 which was just released.

Thanks,

Alex

[Alex Scoble]

Dumb question...have you tried loading the data into a hiera array since that's apparently what it's looking for?

Another dumb question...what's the pipe (|) for in your yaml data? Unfortunately, the hiera documentation on the Puppet site is a bit thin and I don't see that in the examples.

Thanks,

Alex

On Tuesday, October 15, 2013 3:43:00 PM UTC-7, David Patterson wrote:

[David Patterson]

Yes to the array.  I get this error when I try:

# Error: Could not run: Hiera type mismatch: expected Array and got Hash

As for the pipe, it preserves newlines:

http://en.wikipedia.org/wiki/YAML#Newlines_preserved 

[Alex Scoble]

Great thanks...still learning.

--
You received this message because you are subscribed to a topic in the Google Groups "Puppet Users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/puppet-users/ZQjzAife5-k/unsubscribe.
To unsubscribe from this group and all its topics, send an email to puppet-users...@googlegroups.com.
To post to this group, send email to puppet...@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.