In 2014, we set up our puppet environment and we’ve spent the first half of 2015 improving the configuration. In that time, we installed hiera, were introduced to it through the role/profile pattern, focused on separating the data from the code and moving it into hiera, and most recently on an improved controlrepo that modified the hiera layout. We have been using hiera the whole time, and there’s a lot we can do to improve how we use it still.

Manage Hiera with Puppet

Our initial hiera.yaml was simple and static. With our improved controlrepo layout, the new hiera.yaml file is more dynamic. A problem still remains: we are configuring hiera manually! You may have a hiera.yaml in your controlrepo or even a bootstrap.pp file for your initial puppet master. We have also been managing the hiera package manually in profile::hiera. This addresses the problem in the short term but adds to our administrative overhead – anytime we update the hiera config, we need to do so in these files as well as on the master itself.

Continue reading →

Now that we have a unified controlrepo, we need to set up an r10k webhook. I have chosen to implement the webhook from zack/r10k. There are other webhooks out there – I’m a huge fan of Reaktor – but I chose this because I’m already using this module and because it is recommended by Puppet Labs. It’s an approved module, to boot!

Update: The zack/r10k module has migrated to puppet/r10k, which should be used instead. I’ve commented out sections that are incompatible with the most recent versions of the module, but as this article is now 2 years old, there may be other changes in surrounding modules you will become aware of, too.

Module Setup

The first step is to make sure the module is installed along with its dependencies. There are no conditional dependencies in a Puppet module’s metadata.json, so you can skip puppetlabs/pe_gem and gentoo/portage if you’d like. On the other hand, there are no ill side effects from having the modules present unless you were to use them for some reason. This is an opportunity to up the version on some pinned modules as well, such as stdlib, as long as you do not increment the major version. If the major version increases, there’s a significant chance your code will have some breakage, it’s best to do that in a separate branch.

I encountered a bug with zack/r10k v2.7.3 (#162). This bug is fixed in v2.7.4. Be sure to upgrade!

Continue reading →

Over the past few days, I’ve been working on a project. I call it puppetinabox and it includes a consolidate controlrepo with a Puppetfile of curated collection of forge modules and config repository. If you have an existing Linux OS template and basic skills with linux and git, you can quickly deploy a network managed by puppet and r10k. This curated collection can be used as is, to learn Puppet or stand up a basic network, or fork the code and start customizing your network, using it as the foundation for a more complex configuration.

This project grew out of the 12 Days of Commitmas and my own desire to puppetize my home network. Over the holiday break, there was a lot of streaming media going on and I started to see failures on my services. Refreshing the services, which were entirely too coupled on mostly one VM, was looking pretty daunting. Puppetizing the network was slightly daunting, but far preferable to doing it by hand. I decided to put what I had learned and practiced to good use and thus, puppetinabox was born!

Puppetinabox includes everything required to provide puppet, puppetdb, r10k, dns and dhcp services, a yum repository, and a build server. The only thing you need to provide is a gateway device and you have a functional network. If you already have a working network and you want to puppetize it, never fear – you can tweak the provided material to fit or use puppetinabox to start refreshing the services one at a time.

I created the puppetinabox GitHub organization to house all the repositories. You can read the documentation here. I’d love to hear what you think, whether this will help you or what improvements might make it better. Let me know in comments, on twitter, or as a GitHub issue. If anyone is graphically inclined, I could really use a nice looking avatar for the organization, too!

If you’d like some more information, I presented on the 1/15/2015 vBrownBag DevOps Series. Watch the video and check out the slides!

Editor’s note: Please check out the much newer article Configuring Travis CI on a Puppet Module Repo for the new “best practices” around setting up rspec-puppet. You are encouraged to use the newer setup, though everything on this page will still work!

I’ve covered puppet unit tests with rspec and beyond before. What if you need to go even further and test data from hiera? There’s a way to do that with rspec as well, and it only requires a few extra lines to your spec config – plus the hiera data, of course.

Use hiera in your class

We’ve covered a number of ways to use hiera in your class. You can use hiera lookups (hiera(), hiera_hash(), etc.) and automatic parameter lookups with classes. We’ll look specifically at hiera_hash() and the create_resources() it is commonly paired with. You cannot simply test that create_resources() was called because you need to know the resulting title of the generated resource. Here’s a simple DHCP profile class I created:

class profile::dhcp {
  # DHCP service and host reservations
  include dhcp::server
  $dhcp_server_subnets = hiera_hash('dhcp_server_subnets', undef)
  if ($dhcp_server_subnets) {
    create_resources('dhcp::server::subnet', $dhcp_server_subnets)
  }

  $dhcp_server_hosts = hiera_hash('dhcp_server_hosts', undef)
  if ($dhcp_server_hosts) {
    create_resources('dhcp::server::host', $dhcp_server_hosts)
  }
}

Continue reading →