Iterating a Hiera Hash

By Paul Heinlein | Mar 31, 2017

I’m in the process of learning about and porting some rules to Puppet 4.9. One task that had eluded me was integrating custom Hiera data into modules. I used the saz-rsyslog module and discovered that it largely turned off local logging, so it became a good time to discover how to define logging policy.

My hieradata/common.yaml file includes a list of logging rules modeled as a yaml hash:

  '100-messages': "*.info;mail.none;authpriv.none;cron.none  /var/log/messages"
  '110-secure': "authpriv.*  /var/log/secure"
  '120-maillog': "mail.*  -/var/log/maillog"
  '130-cron': "cron.*  /var/log/cron"
  '140-boot': "local7.*  /var/log/boot.log"

The m:: prefix is just something I use to define a local namespace; there’s nothing special about it.

The manifest for a host that wants to use those rules adds a short loop that defines a set of rsyslog::snippet rules:

lookup('m::logging').each |String $n, String $v| {
  rsyslog::snippet { $n: content => $v }

In the rsyslog module implementation, each of those snippets becomes a separate file, e.g.,

[root]# cat /etc/rsyslog.d/120-maillog.conf
# This file is managed by Puppet, changes may be overwritten
mail.*  -/var/log/maillog