From 1624692402d2148ab7d6dd9e5642fb0b34ec7209 Mon Sep 17 00:00:00 2001
From: Spencer Krum <nibz@spencerkrum.com>
Date: Fri, 24 Apr 2015 08:36:46 -0700
Subject: [PATCH] Convert hiera configuration to support public data

This moves the hiera root under /opt/system-config so it can reach
into both private and public hiera directories. This implies that
hiera data will live in a hiera/ directory in system-config.

Manual: This requires a manual change to the puppetmaster system. A
rooter must move /etc/puppet/hieradata to /opt/system-config/hieradata

Spec: http://specs.openstack.org/openstack-infra/infra-specs/specs/public_hiera.html

Change-Id: I1736759ee9ac7cd0c206538ed0a2f6d0d71ea440
---
 .../files/puppetmaster/hiera.yaml             | 31 +++++++++++++------
 1 file changed, 22 insertions(+), 9 deletions(-)

diff --git a/modules/openstack_project/files/puppetmaster/hiera.yaml b/modules/openstack_project/files/puppetmaster/hiera.yaml
index f039df5647..d97f36acd7 100644
--- a/modules/openstack_project/files/puppetmaster/hiera.yaml
+++ b/modules/openstack_project/files/puppetmaster/hiera.yaml
@@ -1,16 +1,29 @@
 ---
 :hierarchy:
-  - fqdn/"%{::fqdn}"
-  - group/"%{group}" # no :: because group is set at nodescope
-  - common
+  # Use private hieradata first
+  - "hieradata/%{::environment}/fqdn/%{::fqdn}"
+  - "hieradata/%{::environment}/group/%{group}" # no :: because group is set at nodescope
+  - "hieradata/%{::environment}/common"
+  # Use public hieradata second, also be environmentally aware
+  - "%{::environment}/hiera/fqdn/%{::fqdn}"
+  - "%{::environment}/hiera/group/%{group}" # no :: because group is set at nodescope
+  - "%{::environment}/hiera/common"
 :backends:
   - yaml
 :yaml:
-  :datadir: "/etc/puppet/hieradata/%{environment}"
+  :datadir: "/opt/system-config/"
 
 
-# File directory structure
-# /etc/puppet/hieradata/production/
-# /etc/puppet/hieradata/production/fqdn/afs01.openstack.org.yaml  #highest priority
-# /etc/puppet/hieradata/production/group/afs.yaml                 #middle priority
-# /etc/puppet/hieradata/production/common.yaml                    #lowest priority
+# File directory structure:
+# Secret data:
+# /opt/system-config/hieradata/
+# /opt/system-config/hieradata/production
+# /opt/system-config/hieradata/production/fqdn/afs01.openstack.org.yaml  #highest priority
+# /opt/system-config/hieradata/production/group/afs.yaml                 #middle priority
+# /opt/system-config/hieradata/production/common.yaml                    #lowest priority
+# Public data
+# /opt/system-config/production
+# /opt/system-config/production/hiera/fqdn/afs01.openstack.org.yaml #highest priority
+# /opt/system-config/production/hiera/group/afs.yaml                #middle priority
+# /opt/system-config/production/hiera/common.yaml                   #lowest priority
+