Ask Your Question
1

fact before catalog

asked 2017-04-27 04:42:08 -0500

Jonathan Schaeffer gravatar image

Hi,

I'm looking for a way to tell the puppet server some business logic about a group of nodes before the first puppet run. This business logic affects the parameters of the profiles and the classes. It's an information telling who is the owner of a node, and it implies many configuration changes. There is no way to guess this information from the base facts.

For now, to achieve this, we put manually a fact in /etc/puppetlabs/facter/facts.d/owner.yaml containing the fact "owner" with some value This means that the node is property of an "owner" and will affect the catalog in many ways, defined in a hierarchy (hiera/labo/{%facts.owner}..yaml)

It works but with the precondition that someone manually set this file with the right value. And if not, the profiles would be realized by the puppet server with wrong parameters.

One solution is to rewrite the profiles for each owner, but this would duplicate the code a lot and I'm trying to avoid this. The same drawback happens if I set the configurations in hiera at a node level (hiera/nodes/{%facts.fqdn}.yaml).

Is there another way to set this business logic before a first puppet run ?

edit retag flag offensive close merge delete

Comments

Are there some cases where it is appropriate to not set an owner?

smarlow gravatar imagesmarlow ( 2017-05-01 21:41:04 -0500 )edit

I think that we could set an owner on each and every node.

Jonathan Schaeffer gravatar imageJonathan Schaeffer ( 2017-06-08 02:18:23 -0500 )edit

1 Answer

Sort by ยป oldest newest most voted
1

answered 2017-05-03 23:23:26 -0500

WhatsARanjit gravatar image

Take a look at Trusted Facts. You can embed metadata in the initial certificate request. So when the node's cert is signed, the data is already present.

edit flag offensive delete link more

Comments

This doesn't preclude the chicken/egg problem of needing to bootstrap the appropriate information on the server, but it is the 'right way' to set information like this, assuming a node won't change owners

DarylW gravatar imageDarylW ( 2017-05-04 10:19:45 -0500 )edit

Thanks, I did'nt know about this feature. I'll have a look at it.

Jonathan Schaeffer gravatar imageJonathan Schaeffer ( 2017-06-08 02:17:12 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

Stats

Asked: 2017-04-27 04:42:08 -0500

Seen: 123 times

Last updated: May 03