Ask Your Question
0

Configure GCE instances after GCE-tags with hiera

asked 2017-10-16 07:46:27 -0600

Hi,

I have just started with GCE. I noticed that you can specify certain tags to your instances. I would like that for example all instances that are tagged with the tag "webserver" will get the webserver.yaml file included with hiera. My hiera.yaml looks as follow.


:backends:
- yaml
:hierarchy:
- 'fqdn/%{fqdn}'
- 'hostname/%{hostname}'
- 'operatingsystem/%{operatingsystem}/tags/%{gce.instance.tags}'
- 'operatingsystem/%{operatingsystem}/role/%{role}'
- 'operatingsystem/%{operatingsystem}/common'
:yaml:
:datadir: '/path/to/hiera/datadir/'
:merge_behavior: :deeper


So if I put a yaml file in the operatingsystem/%{operatingsystem}/tags/%{gce.instance.tags}/ folder called webserver.yaml and I have added the tag webserver to that specific instance it will pick up that yaml file and apply the configuration.

Thanks in advance - Alexander

edit retag flag offensive close merge delete

Comments

2 Answers

Sort by » oldest newest most voted
0

answered 2017-10-17 21:23:37 -0600

DarylW gravatar image

updated 2017-10-19 07:16:40 -0600

I have used a technique similar to (https://logz.io/blog/using-amazon-ec2...) for aws, I created a custom fact that could discern the tags on my own instance, and made that a part of my default node.

If you can create the same custom fact, the rest of that post will work for you.

I realize that you already have access to the information, but you don't have it cleanly available. How are facts done in GCE, is it just a collection of tags, not 'key/value' pairs? How do you know which tag is relevant for your classifications? If it's just a 'tag' and not a key/value pair, I guess you could make a tag like 'puppetrole-myrole', and then look for a match in the tag array that starts with puppetrole-, and extract the second toke as your role reference.

There are a few ways that you can extract this information. You can either create a custom fact that would pick out the right tag(s) from the configuration, and make it into it's own explicit fact that you can reference if you wanted to use it in hiera lookups similar to the article I linked, or you could extract out the fact in puppet code in your 'default' node, and use that to include the appropriate role based on your tags.

In another answer, I had an example of the 'default profile' that I used to access roles based on a fact value:

node default {   
  if defined "roles::${tag_role}" {
    include "roles::${tag_role}"   
  } else {
    notify {"WARN: Unable to apply role::${tag_role}, applying base role instead":}
         include "roles::base"   
  }
}

As a note... If your tags were in some sort of key/value setup, you would be able to use the . notation to access through a hash inside of hiera, as described in the docs. For example, if you wanted to access your machine name in hiera, you could use the following in your hiera.yaml: {%facts.gce.instance.name}

edit flag offensive delete link more
0

answered 2017-10-18 03:13:28 -0600

Thank you very much for your answer. The thing is that I already have that data but it is in the form of a nested hash. Below is the output of $ facter --json gce

 {
   "gce": {
    "instance": {
      "attributes": {
    },
  "description": "",
     "disks": [
    {
      "deviceName": "persistent-disk-0",
      "index": 0,
      "mode": "READ_WRITE",
      "type": "PERSISTENT"
    }
  ],
  "hostname": "instance-1.c.myproject-182613.internal",
  "id": 1828547723990316492,
  "image": "ubuntu-1604-xenial-v20171002",
  "licenses": [
    {
      "id": "1000201"
    }
  ],
  "machineType": "n1-standard-1",
  "maintenanceEvent": "NONE",
  "name": "instance-1",
  "networkInterfaces": [
    {
      "accessConfigs": [
        {
          "externalIp": "123.123.123.123",
          "type": "ONE_TO_ONE_NAT"
        }
      ],
      "forwardedIps": [

      ],
      "ip": "11.132.11.12",
      "ipAliases": [

      ],
      "mac": "42:01:0a:84:00:02",
      "network": "default",
      "targetInstanceIps": [

      ]
    }
  ],
  "preempted": "FALSE",
  "scheduling": {
    "automaticRestart": "TRUE",
    "onHostMaintenance": "MIGRATE",
    "preemptible": "FALSE"
  },
  "serviceAccounts": {
    "compute@developer.gserviceaccount.com": {
      "aliases": [
        "default"
      ],
      "email": "compute@developer.gserviceaccount.com",
      "scopes": [
        "https://www.googleapis.com/auth/cloud.useraccounts.readonly",
        "https://www.googleapis.com/auth/devstorage.read_only",
        "https://www.googleapis.com/auth/logging.write",
        "https://www.googleapis.com/auth/monitoring.write",
        "https://www.googleapis.com/auth/pubsub",
        "https://www.googleapis.com/auth/service.management.readonly",
        "https://www.googleapis.com/auth/servicecontrol",
        "https://www.googleapis.com/auth/trace.append"
      ]
    },
    "default": {
      "aliases": [
        "default"
      ],
      "email": "compute@developer.gserviceaccount.com",
      "scopes": [
        "https://www.googleapis.com/auth/cloud.useraccounts.readonly",
        "https://www.googleapis.com/auth/devstorage.read_only",
        "https://www.googleapis.com/auth/logging.write",
        "https://www.googleapis.com/auth/monitoring.write",
        "https://www.googleapis.com/auth/pubsub",
        "https://www.googleapis.com/auth/service.management.readonly",
        "https://www.googleapis.com/auth/servicecontrol",
        "https://www.googleapis.com/auth/trace.append"
      ]
    }
  },
  "tags": [
    "http-server",
    "https-server",
    "test-tag",
  ],
  "zone": "europe-west1-c"
},
"project": {
  "attributes": {
    "google-compute-default-region": "europe-west1",
    "google-compute-default-zone": "europe-west1-c",
    "ssh-keys": "myuser:ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8dllcRpIypkIJPXzfknHyhdUE1coMcADNsg4Pi+TVyiBRpo/MVzKNtgs/eKE0OkxAy4ZPF8EFiw7mL2NNSePDXl772Rfvn4uZRBiu1pleWLcPX+kB7n1ou/Lj+ZzwNkpGGm/AHbtI0HJIkOHA5hNCIVpnBL4vyqucYE1goKU+qSfrJQtVY+U4SgnGDX+HmnUNM6rCUvyA24C+u0SQcDzxKIN76crLsBUAKlwmntEXW90ONCudCZm+dpqZNkjxEt0p/rTMdOUwaiRfCQLhaXJVXQA4aEwtcNDBRYXyjFuWc+skDIsXTN6y268x8S10kheQIfI3X2vTvKypNB2Kdx5B mysuer@mycomputer"
  },
  "numericProjectId": 123123123123,
  "projectId": "myproject-123123123"
     }
  }
}

Thank you in advance - Alexander

edit flag offensive delete link more

Comments

If you already have the data, you can just extract it from that hash, and use it in the same way that I just referenced! The hard work is already done!

DarylW gravatar imageDarylW ( 2017-10-18 20:22:59 -0600 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2017-10-16 07:46:27 -0600

Seen: 20 times

Last updated: Oct 19