distribute custom fact built from hiera data with plugin-sync
I need a custom fact to access resources which require user credentials unique to each agent. For contractual reasons I can not use the "normal" way of pushing a custom fact file and then do another run to read it (I also had fun with /var/lib/puppet for the same reason). What I'd like to do is have the plugin-sync mechanics evaluate a templated ruby fact on the master and populate it with the credentials based on the node name (puppet does know it, it is talking to it).
A) Any idea where to look? I could not find the point where custom facts are distributed.
B) Anybody else interested in this? I'd like to make a feature request.
The credentials are stored in a hiera backend.
--- my_module::access: nodename00: [ <list of credentials 00 >] nodename01: [ <list of credentials 01 >]
The requirements for the agents explicitly state that management credentials must not be permanently stored on agents (don't ask, already tried; btw this makes things like the forge mysql module unusable for me). So the usual answer with two puppet runs is not an option. I already had to implement clean-up for the leftovers in /var/lib/puppet, so the fact will be gone after the run which deployed and used it.