The puppet-catalog-compiler tool is great. This task tries to describe a new feature that I think would be great to have to improve even more the usefulness of this tool.
Description:
The catalog compiler should print/output/report (somehow) the interactions with hiera, for lookup operations in concrete.
I would like to have more information on 2 questions:
- which hiera keys were used to build a catalog?
The answer to this question is a list of key/values as returned by hiera, those used to build the catalog:
profile:xxx::key1: value1 profile:xxx::key2: value2 profile:xxx::key3: value3 [...]
- where did hiera find those keys?
We already have similar feature in the utils/hiera_lookuptool, which prints exactly where hiera found a given key for a given role.
Use cases:
My main uses cases are from the WMCS point of view.
We rely on hiera a lot for building our CloudVPS/Toolforge services, for Openstack roles/profiles and for SonOfGridEngine/Kubernetes roles/profiles.
As we extend our services and handle upgrades of the different software stacks, hiera management is becoming more complex every day.
We need to have a crystal clear view of how hiera is behaving in the different datacenters/deployments/roles/profiles/components we have.
Also, another interesting use case, is when testing production HW roles/profiles in CloudVPS VM instances, i.e, applying a role/profile in a VM instance which is originally meant for production HW, for testing/developing purposes.
Since hiera keys aren't set in ops/puppet.git for CloudVPS VM instances, but in horizon or other places, this requires a lot guessing and back-and-forth until you know all required hiera keys to build the catalog. We need to know all hiera keys in use by the given role/profile and manually enter them in horizon, since currently most profiles don't contain default values.
In addition, I believe all OpsEng/SRE people from the WMF working with ops/puppet.git can benefit of this new feature, not only WMCS, because they may have similar use cases.
The process for getting information about how hiera is behaving can be done manually, but is currently tedious. Automating it, for example in a puppet-catalog-compiler report could speed up our work a lot.
Output proposal:
Right now the puppet catalog compiler, as used from jenkins (https://integration.wikimedia.org/ci/view/operations/job/operations-puppet-catalog-compiler/), outputs several files related to the catalog compilation job:
Relevant files
Production catalog
Change catalog
Production errors/warnings
Change errors/warningsI would suggest having several more files:
Relevant files
Production catalog
Change catalog
Production errors/warnings
Change errors/warnings
+ Production hiera keys
+ Change hiera keys
+ Production hiera lookup information
+ Change hiera lookup informationThe Production hiera keys file contains a simple text file containing all hiera keys used for building the production catalog (ie, before the patch). Likewise, the Change hiera keys references the changed catalog:
profile:xxx::key1: value1 profile:xxx::key2: value2 profile:xxx::key3: value3 [...]
Ideally, a diff will be auto-generated as well.
The Production hiera lookup information file contains an output similar to utils/hiera_lookup for each hiera key used to build the production catalog. Same for Change hiera lookup information.