This is the talk I gave at Config Management Camp 2016 in Ghent introducing Jerakia as a lookup tool that can be used in place of, or along side of hiera to solve some of the edge cases around data separation
Testing tools and AI - ideas what to try with some tool examples
Solving real world data problems with Jerakia
1. Solving real world data
problems with Jerakia
Craig Dunn, Config Management Camp, Ghent 2016
2. • Best practice
• Code base design
• Workflow mangement
• Scaling Puppet
• Installation and support
• Module writing
• Throughout Europe
www.enviatics.com
3. • Puppet user since 2008
• IT consultant for 15+ years
• Active community member
• The “Roles and Profiles” guy
• Problem solver
• Lives in Málaga, Spain.
• …. and hotels
• Daddy!
www.craigdunn.org
Craig Dunn
@crayfishx
9. • Separation of data from code
• Module authors could write sharable re-usable code
• Code was less complex and more readable
• The Forge became useful
• Managing data became a lot easier
16. • Different teams and customers require different hierarchies
• A particular application needs to source data from a different place
• Control access to sub-sets of data for teams within an organisation
• Dynamically generate the lookup hierarchy at runtime
• Group together application specific data into separate files
• Manage encrypted data from any data source
• Global hiera.yaml file creates restrictions
26. • A request is received containing a key and a namespace
• A policy is chosen to perform the request
• One or more lookups are called to act on the request
• A response is sent back to the requestor
• Container for lookups
• Written in Ruby DSL
• Different policies for different apps
Policy File
27. An Example Jerakia Policy File
policy :main do
lookup :default do
datasource :file, {
:docroot => "/var/jerakia/data",
:format => :yaml,
:searchpath => [
"host/#{scope[:hostname]}",
"env/#{scope[:env]}",
"common",
]
}
end
end
28. An Example Jerakia Policy File
policy :main do
lookup :default do
datasource :file, {
:docroot => "/var/jerakia/data",
:format => :yaml,
:searchpath => [
"host/#{scope[:hostname]}",
"env/#{scope[:env]}",
"common",
]
}
end
end
29. An Example Jerakia Policy File
policy :main do
lookup :default do
datasource :file, {
:docroot => "/var/jerakia/data",
:format => :yaml,
:searchpath => [
"host/#{scope[:hostname]}",
"env/#{scope[:env]}",
"common",
]
}
end
end
30. An Example Jerakia Policy File
policy :main do
lookup :default do
datasource :file, {
:docroot => "/var/jerakia/data",
:format => :yaml,
:searchpath => [
"host/#{scope[:hostname]}",
"env/#{scope[:env]}",
"common",
]
}
end
end
31. • Lookups are contained within policies
• A policy can contain multiple lookups
• A lookup always contains at least a data source
Lookups
39. confine / exclude
Invalidates a lookup unless/if the criteria is met
confine request.namespsace[0], "apache"
confine request.namespsace[0], [
/website_.*/,
"apache",
"php"
]
40. Stop
Do not proceed to the next lookup if this lookup is valid
lookup :special do
…
confine request.namespsace[0], "apache"
stop
end
lookup :main do
…
50. lookup :main, :use => :mything do
plugin.mything.do_something
…
end
Using plugins
• Plugins are loaded into the lookup
• Referenced as plugin.name.method
lookup :main, :use => [ :mything, :foo ] do
…
end
51. lookup :main, :use => :hiera do
plugin.hiera.rewrite_lookup
datasource :file, {
:docroot => "/var/lib/jerakia",
:format => :yaml,
:searchpath => [
"env/#{scope[:environment]}",
"common",
]
end
The hiera plugin
• Provides compatibility to hiera filesystem layouts
• Shipped with Jerakia
# cat /var/lib/jerakia/env/dev.yaml
—-
apache::port: 80
56. Example User Story
• Team in Ireland manage PHP/Apache
• Autonomous team that don’t manage infra
• Their optimal hierarchy is different from “ours”
• “We” need to service them from Puppet
• They must not modify infra services
• “We” also manage PHP/Apache for other clients
57. policy :default do
lookup :main, do
datasource :file, {
:format => :yaml,
:docroot => "/var/lib/jerakia",
:searchpath => [
"hostname/#{scope[:fqdn]}",
"environment/#{scope[:environment]}",
"common"
],
}
end
end
Our main lookup is
responsible for the entire
infrastructure
58. policy :default do
lookup :ireland do
datasource :file, {
:format => :yaml,
:docroot => "/var/external/data/ie",
:searchpath => [
"project/#{scope[:project]}",
"common",
]
}
end
lookup :main, do
datasource :file, {
:format => :yaml,
:docroot => "/var/lib/jerakia",
:searchpath => [
"hostname/#{scope[:fqdn]}",
"environment/#{scope[:environment]}",
"common"
],
}
end
end
Lookup for the Ireland
team added above the
main lookup with
separate docroot and
searchpath
59. policy :default do
lookup :ireland do
datasource :file, {
:format => :yaml,
:docroot => "/var/external/data/ie",
:searchpath => [
"project/#{scope[:project]}",
"common",
]
}
confine scope[:location], "ie"
confine request.namespace[0], [
"apache",
"php",
]
end
lookup :main, do
datasource :file, {
:format => :yaml,
:docroot => "/var/lib/jerakia",
:searchpath => [
"hostname/#{scope[:fqdn]}",
"environment/#{scope[:environment]}",
"common"
],
}
end
end
Only use this lookup if the
requestor location is IE
and the namespace is
apache or php
60. policy :default do
lookup :ireland do
datasource :file, {
:format => :yaml,
:docroot => "/var/external/data/ie",
:searchpath => [
"project/#{scope[:project]}",
"common",
]
}
confine scope[:location], "ie"
confine request.namespace[0], [
"apache",
"php",
]
stop
end
lookup :main, do
datasource :file, {
:format => :yaml,
:docroot => "/var/lib/jerakia",
:searchpath => [
"hostname/#{scope[:fqdn]}",
"environment/#{scope[:environment]}",
"common"
],
}
end
end
If this lookup is valid then
do not proceed to the
main lookup, even if data
is not found.
61. Command line
$ jerakia lookup port —namespace apache
$ jerakia help lookup
Usage:
jerakia lookup [KEY]
Options:
c, [--config=CONFIG] # Configuration file
p, [--policy=POLICY] # Lookup policy
# Default: default
n, [--namespace=NAMESPACE] # Lookup namespace
t, [--type=TYPE] # Lookup type
# Default: first
s, [--scope=SCOPE] # Scope handler
# Default: metadata
[--scope-options=key:value] # Key/value pairs to be passed to the scope handler
m, [--merge-type=MERGE_TYPE] # Merge type
# Default: array
l, [--log-level=LOG_LEVEL] # Log level
v, [--verbose], [--no-verbose] # Print verbose information
D, [--debug], [--no-debug] # Debug information to console, implies --log-level debug
d, [--metadata=key:value] # Key/value pairs to be used as metadata for the lookup
Lookup [KEY] with Jerakia