Skip to content


Folders and files

Last commit message
Last commit date

Latest commit



2 Commits

Repository files navigation

Puppet hiera-based roles

There are a lot of approaches on abstraction layers towards puppet, often called roles or profiles. Most of these boil down to creating manifests (.pp-file) of classes. At Bitbrains we didn't think this was falling in line with our separation of configuration data (parameters) and code (manifests). We wanted all configuration data within hiera including things like webserver and forthcoming things like IP addresses and portnumbers.

Jeroen and Tom drafted a working solution for the role-approach and presented this (including the so-called meta-puppet-master - or MPM for short - concept on the spring-conference of the NLUUG which can be found in the repository as well or the Dutch version of the talk captured in video here.


As explained in our talk, Bitbrains hosts a large number of customers in their own separated environments. As such these might or might not be split in more functional sub- or standalone environments (think in DTAP-terms or HA-setups regarding locations). Managing all of this through puppet was our design decision but while our MPM-concept saved the hassle the ever growing amount of linked roles/profiles through manifests was a burden for both engineers and operators.

Our basic concept revolves around puppet and GIT/SVN where modules (i.e. manifests) are the same piece of code on every DTAP environment. They are DTAP-separated by versions. So the same apache-module runs everywhere, although the version might be different. Configuration data, stored currently in yaml-files still, lives in a separate repository per environment! As such each environment will have it's own configuration data that, together with the modules comprises the current state of all targets for puppet.

Basic concept

Our basic concept wraps around having no host-based manifests at all (which might be striving, but that's a working concept within the Bitbrains environment as we speak).

Our site.pp contains minimal information and just calls hiera_include and stitches the requested roles into a field-separated string. This as facter (at time of writing) couldn't handle arrays/hashes and as such hiera woudn't either. Note that you probably do want an array instead of a hash as roles might be stacked and then order does matter!

Provided files

Along we provide several (example) files on how to set this up, our generic directory structure looks like

  • /etc/puppet/
  • /etc/puppet/puppet.conf (main puppet configuration file, < 3.5 add parser=future for each())
  • /etc/puppet/hiera.yaml (hiera file with adjusted backend and role-variable)
  • /etc/puppet/environments/
  • /etc/puppet/environments/prd
  • /etc/puppet/environments/prd/site.pp (adjusted non-manifest driven site.pp)
  • /etc/puppet/environments/prd/forge (modules)
  • /etc/puppet/environments/prd/hieradata (configuration data)
  • /etc/puppet/environments/prd/hieradata/deltaforge (bitbrains sensible defaults)
  • /etc/puppet/environments/prd/hieradata/deltaforge/common.yaml
  • /etc/puppet/environments/prd/hieradata/localized (customer environment specific data)
  • /etc/puppet/environments/prd/hieradata/localized/common.yaml
  • /etc/puppet/environments/prd/hieradata/localized/role_webserver.yaml
  • /etc/puppet/environments/prd/hieradata/localized/web001.yaml
  • /etc/puppet/environments/prd/hieradata/localized/web002.yaml
  • /etc/puppet/environments/prd/localized (customer specific or non-forge modules)
  • /etc/puppet/environments/acc/
  • (repeats ...)

About us

Bitbrains is a company offering Cloud Platforms and High Performance computing to a diversity of customers from their offices in Amstelveen, the Netherlands. Bitbrains has merged with ASP4All in january of 2014 becoming ASP4All Bitbrains BV. More about Bitbrains


Our approach has been

  • created december 2013 and taken into our MPM environment january 2014
  • discussed with a puppet trainer during education early 2014 via Bitbrains
  • discussed during puppetcamp berlin early 2014 via ASP4all
  • presented at the forementioned NLUUG conference spring 2014 slidedeck
  • added to HI-257 upon request by wvl
  • published (github) as of spring 2014


We based our approach on

Similar or likewise issues


Sample code of yaml-based (file) roles using hiera






No releases published


No packages published
