multi level hiera only uses top set of rich_rules

[matanders]

Using multi level hiera only one set of rules seems to be picked up.
For example in the hiera.yaml, I have a hierachy like:

• types/database/common.yaml
• types/webserver/common.yaml
• common.yaml

In the last common.yaml could have general firewall rules, for allowing ssh into all hosts.
in types/webserver/common.yaml I would have rules to allow access to port 80/443

When puppet runs, it seems to only apply the rules from types/webserver/common.yaml related to firewalld::rich_rules:, the ones from common.yaml are not loaded.
If I concat the rich_rules from the common.yaml into the types/common.yaml it loads everything.

Suggestions on how I can split up firewalld::rich_rules: in to multiple yaml files based on my hierarchy?

[crayfishx]

Hi @matanders

This is something I will be addressing in the next release for users of Hiera 5 natively out of the box - but in the mean time you should be able to use Hiera's lookup_options in your common.yaml adding something like;

lookup_options:
  firewalld::rich_rules:
    merge: hash

That should cause hiera to do a recursive lookup through your hierarchy levels and return one combined hash. See https://puppet.com/docs/puppet/5.3/hiera_merging.html

Hope this helps

[matanders]

Thank you. That helps quite a bit!