Ask Your Question
1

How to reference Hiera data based on group classification in Puppet Enterprise?

asked 2016-05-18 10:28:17 -0500

jkups gravatar image

We are deploying Puppet Enterprise, and are loosely following the "roles and profiles" module pattern- except we are using the Enterprise Console's node classifier in place of a "roles" module.

What we are trying to do now, is come up with a means of providing group-specific overrides within Hiera- but using PE Console as our classifier. In other words, nodes that are in XYZ classification group (or 'role') in the Puppet Console, would pull their hiera data from "roles/XYZ.yaml" first. Our Hiera tree would look something like:

 :hierarchy:
  - "nodes/%{::trusted.certname}"
  - "roles/${role}"
  - "%{facts.osfamily}_%{facts.os.release.major}"
  - common

I have seen design patterns that involve assigning 'role' as an external fact on the node, and then referencing it in Hiera... but that seems to introduce its own complexities. We could have a set of classes that pushes the needed facts, and then assign those classes to the relevant classification groups in PE Console... but then we get a chicken-and-egg situation where a new node would need multiple puppet runs before Hiera can pick up on the custom facts. We could push the facts ourselves when we first provision the server, but I'm trying to avoid manual hackery as much as possible during the provisioning process.

I was wondering if there was a more graceful way to give Hiera the group-specific info it needs from PE Console Group assignments, rather than working around the PE Console to assign custom facts first?

edit retag flag offensive close merge delete

2 Answers

Sort by ยป oldest newest most voted
0

answered 2016-05-18 16:41:19 -0500

mike.r gravatar image

whats the use case of using console over Role to classify nodes?

edit flag offensive delete link more
0

answered 2016-05-18 17:15:37 -0500

turbodog gravatar image

One thing to consider is using trusted facts (https://docs.puppet.com/puppet/latest/reference/sslattributesextensions.html) on newly provisioned nodes. Then you have a fact readily available for the PE NC and Hiera that is immutable. The downside is that it can only be set a CSR creation time.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2016-05-18 10:28:17 -0500

Seen: 98 times

Last updated: May 18 '16