Cannot merge mobileconfig hashes

[groob]

If I have a hierarchy like

:hierarchy:
  - "%{clientcert}"
  - "%{operatingsystem}"
  - global

and would like to apply a profile to only a specific client, while having a default set of profiles for all my Macs. Only the profiles at the top of the hierarchy(clientcert) are applied, and anything in Darwin.yaml is ignored.

Here's a sample:

# Darwin.yaml

---
classes:
  - managedmac
managedmac::mobileconfigs::defaults:
  description:  'Installed by Puppet.'
  organization: 'MyOrg'
managedmac::mobileconfigs::payloads:
  'com.apple.Safari':
    content:
      HomePage: 'http://google.com/'
      NewWindowBehavior: '0'
      DomainsToNeverSetUp:
        - google.com
      PayloadType: 'com.apple.Safari'
    displayname: 'Managed Mac: Safari Settings'

# myclientcert.yaml

---

managedmac::mobileconfigs::payloads:
 'com.google.Chrome':
   content:
     EnabledPlugins:
       - 'Box Edit'
     PayloadType: 'com.google.Chrome'
   displayname: 'Managed Mac: Chrome Settings

Only the payload for the clientcert is executed. I thought I could use the hash merging functionality to get this to work. Currently I can only apply profiles on a global level.

Not sure if this is a bug or if I'm doing something wrong.

[dayglojesus]

This isn't a managedmac "bug", it's just the way Hiera works. If you want merging, you need to configure :merge_behavior. https://docs.puppetlabs.com/hiera/1/configuring.html#mergebehavior

Still, even then, if I recall correctly, you may not get the result you want unless you leverage the Hiera related lookup functions listed here...

https://docs.puppetlabs.com/references/latest/function.html#hiera https://docs.puppetlabs.com/references/latest/function.html#hiera_array https://docs.puppetlabs.com/references/latest/function.html#hiera_hash

In any case, try configuring the :merge_behavior and let me know if that makes a difference.

[groob]

I assumed that merge_behavior: native wad a default, so I never set it. I use this with create_resources and hiera_hash to manage printers succesfuly: https://github.com/whitby/puppet-module-profile/blob/master/manifests/printers/printers.pp

Unfortunately setting :merge_behavior: native in my hiera file had no effect. Looks like hiera_hash must be used.

[dayglojesus]

Did you try setting :merge_behavior to deep?

[dayglojesus]

FWIW: I find this behaviour pretty non-intuitive. When we were setting things up around here, we wrote a custom Hiera backend to handle lookups in the manner that made the most sense for us.

[Ginja]

It was so fancy.

[dayglojesus]

It still is...