Skip to main content
Gå til innhold

Hiera

Hiera is a key/value store to keep configuration parameters. It is hierichal allowing values to be set at different level affecting different number of hosts. Currently hiera is configured with the following levels:

  1. Fqdn - The top level, contains per host overrides.
  2. Host groups - Allows you to apply a configuration to several hosts.
  3. Domain - Allows setting values per domain. Useful in conjunction with the server naming convention, where servers with similar purpose should have the same domain.
  4. Common - Fallback values used by everyone else.

Lookup

The lookup function uses Hiera to retrieve a value for a given key. See the official lookup documentation for usage.

The hiera, hiera_array, hiera_hash, and hiera_include functions are deprecated and should not be used any more.

Instead use the equivalent call to the lookup function. See the "Updated classic Hiera function calls" section in the Hiera migration documentation for more details.

Useful hieradata keys

For all nodes

  • role: Specifies which puppet role module to use for the given node/domain

For nodes inheriting the server role

  • accessgroups: Which ldap groups are allowed to log in on this server
  • sudogroups: Which ldap groups have sudo access on this server
  • sudousers: Users that have sudo access on this server
  • nameservers: List of name servers to use on this host
  • sshd_pwlogin: Whether or not to allow login using password authentication over ssh. Defaults to true
  • sshd_rootlogin: Whether or not to allow root login over ssh. Root user must still be part of a group in accessgroups. Defaults to true
  • sshd_use_duo_twofactor: Whether or not to enable Duo Security 2FA. Defaults to false

Hostgroups

If you wish to use the same configuration for multiple similar hosts you can use hostgroups.

Hostgroups are defined in hieradata/hostgroups. To assign a hostgroup to a node you reference the hostgroup in a node hiera data file.

Example where a Puppet Master node hiera data file reference the puppet.uninett.no hostgroup:

$ cat nodes/vlarn076.oam.uninett.no.yaml
---
hostgroups:
  - puppet.uninett.no

A node can have up to 3 hostgroups as defined in hiera.yaml.