This is a facilitator module that allows the creation of built-in resource types instances from Hiera data.
Those are the resource types currently supported. More types will be added as we find the need, or someone does a request (PRs welcome!).
- users, groups and ssh keys
- packages
- hosts
- files
- execs
In addition to basic resource types, there's also support for some common needs:
- certificates: Copy certificate files (pem, cert, ca, key) and set permissions
- scripts: Copy scripts and configure cronjobs on them
In general we apply this pattern:
$host_defaults = hiera('defaults::host::defaults', {})
$hosts         = hiera_hash('defaults::hosts', {})
create_resources('host', $hosts, $host_defaults)That is, there's a hiera key (defaults::host::defaults) to define defaults
applicable to any resource of the given type, and another key to actually
define the resources (defaults::hosts).
In general all parameters are passed directly to the resource without any processing.
There're some exceptions, for example for users we provide a useraccount
defined type that manages the user, its groups and ssh keys all together.
This is an example of some supported resource types. See manifests/init.pp for details on each type.
defaults::packages:
  molly-guard:
    provider: 'rpm'
    source: "https://github.com/tmhorne/molly-guard/blob/master/rpmbuild/RPMS/noarch/molly-guard-0.4.5-1.1.el6.noarch.rpm?raw=true"
  setuptools:
    provider: 'pip'
    ensure: 'latest'
defaults::groups :
  - 'teamA'
  - 'teamB'
# User accounts with groups and keys.
defaults::useraccount :
  scott:
    groups   : ['teamA', 'admin']
    password : '$6$6xLYYiQw$1y0AjVObt2iSX3bL....................'
    ssh_keys :
      desktop :
        type : 'ssh-rsa'
        key  : 'AAAA.....=='
      laptop  :
        type : 'ssh-rsa'
        key  : 'AAAA.....=='
      stolen  :
        ensure : absent
  tiger:
    ensure: absent
# Hosts.
defaults::host::defaults:
  ip : 172.16.1.1
# `puppet` and `puppetdb` hosts uses default ip.
defaults::hosts :
  puppet   : {}
  puppetdb : {}
  another  :
    ip     : 172.16.1.2
  legacy   :
    ensure : absent
# Certificates.
defaults::certs :
  sbit.io :
    ca   : "puppet:///files/certs/sbit.io.ca"
    cert : "puppet:///files/certs/sbit.io.cert"
    key  : "puppet:///files/certs/sbit.io.key"
  sbitmedia.com :
    ca    : "puppet:///files/certs/sbitmedia.com.ca"
    pem   : "puppet:///files/certs/sbitmedia.com.pem"
MIT License, see LICENSE file
Use contact form on http://sbit.io
Please log tickets and issues on GitHub