Ask Your Question

Infrastructure-wide Facts?

asked 2018-09-13 09:09:17 -0600

coofercat gravatar image

I'm wondering what is the best way to define an infratructure-wide fact? For example, that fact might be my company name, or maybe the datacentre name.

I'm able to set that fact on the Puppet Master, but I don't want to have to manually set it on the clients (indeed, I'd like to be able to create clients with no information and have Puppet send it to them on the first run). What I can't figure out is how to disseminate that information out to the clients in a sensible way. Options I've considered are:

1) Exported resources. This seems great, but it means setting a fact on the client (based on the exported resource) during the first puppet run. This means the first run will (probably) do things it shouldn't because it doesn't yet know the facts.

2) Trusted facts. I thought about baking the information into every cert that is generated - that way, it's present when Puppet runs the first time. However, without Authentication turned on, I can't put anything into the cert extensions, so this option isn't really open to me.

3) Hiera. I haven't looked too closely to this one, but this seems like it could be a way forward.

My question is... what should I be doing? What is the best approach to take?

If it matters, my use-case is in AWS. We use Terraform to create most of the infrastructure, and we use Terraform 'workspaces' so that several of us can use the same AWS account and yet be completely separate from each other. I want to avoid putting "call home" style agents, like NewRelic/DataDog/SolarWinds etc on any of our nodes if they're created in a workspace. I can tell a Puppet master what workspace it's on, so hoped I could use that to define it on the clients so they'd say "if not on a workspace, then install agent".

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2018-09-13 11:31:05 -0600

DarylW gravatar image

I would personally just define it in hiera and be done with it. You can even use different values for testing or other environments if required

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2018-09-13 09:09:17 -0600

Seen: 117 times

Last updated: Sep 13