Hello,
You are describing a problem we run into every now and then. Your default profile is what we call "mandatory" here, and then you have an edge case where 99% of your servers have Postfix the same way, and a couple have it a different way. Unfortunately that 99% means Postfix is not mandatory and so can't live in your default profile.
If you use smart class inheritance to structure your roles you should be able to remove most of the places you need to include postfix. Something like this:
class role::base {
include profile::mandatory
include profile::somethingelse
include postifx
}
class role::anotherserver inherits role::base {
include profile::anotherprofile
}
class role::postfixrelay {
include profile::mandatory
include profile::postfixrelay
}
Or another way would be move the majority of your postfix business logic out of Hiera (which as you describe is not working for you) and handle it in a profile. The below code introduces a simple Enum on your profile to control what "type" of postfix you want:
class profile::mail(
$type = 'normal',
) {
if ($type == 'normal') {
class { 'postfix':
... normal stuff ...
}
}
elsif ($type == 'relay') {
class { 'postfix':
... relay stuff ...
} else {
fail("Type '$type' is not supported")
}
}
$ cat /etc/puppet/hiera/networks/192.168.155.0.yaml
...
profile::mail::type: 'relay'
I personally would prefer the second option. It enforces the same postfix config on almost all your servers (looking at your Hiera hierarchy there are plenty of levels to make your servers' Postfix "different" from each other). It's also easy to test with rspec.
-Luke