Separate ENC per environment

asked 2015-05-21

Hypnoz

I'm trying to set my ENC as a simple script inside each $environment directory, like so:

external_nodes       = $confdir/environments/$environment/bin/enc.rb

but when I run a puppet agent, setting the environment from the CLI, like so:

puppet agent --environment=testing123 --test

it wants to use "production" environment anyways:

Warning: Error 400 on SERVER: Failed to find via exec: Execution of '/etc/puppet/environments/production/bin/enc.rb' returned 1

The puppet master is not reading the $environment that the puppet agent is sending, and is instead using the "environment" variable set in the [master] section on the puppet master (which is "production" by default).

I use git branch environments, so I'd really like to have my enc script, hieradata, and modules all in /etc/puppet/environments/$environment/ so I can test and merge those changes to production when I'm ready.

Thanks, Colin

I don't believe what I am asking is possible, so I opened a feature request to have it added:

Hypnoz ( 2015-05-21 )

answered 2015-05-22

millerjl1701

The external_nodes configuration parameter is part of the [master] section in the puppet.conf file and a paramater allowed in environment.conf.... It might be possible to write a wrapper script/enc that takes the node name, finds the environment it belongs, queries the ENC for the environment, and then returns the yaml output generated by the environment enc to the puppet master... I haven't tried that though.

If the purpose for using separate environments is to implement some sort of RBAC, use an ENC which is environment aware and can do RBAC based on that such as theForeman (

