Pete, thank you for suggestions. As for my environments: the users example is just an example. The same problem exists when I want to apply other config settings to subset of servers. We use The Foreman so this is one option. In general I wanted to ask you if you could share your experience regarding deploying hiera based puppet in more diverse environments.
On Friday, May 31, 2013 1:36:52 AM UTC+1, Pete wrote: > > On 31 May 2013 01:02, przemol <p....@cmcmarkets.com <javascript:>> wrote: > >> Hello, >> >> we have been using puppet 3 with hiera based config and several (usually >> "typical") environments: >> test >> predev >> dev >> preprod >> prod >> ... >> Basically we apply the puppet config to test, then predev, then dev, etc >> But within each environment we have quite a large number of hosts >> (20/50/100/300/...). >> We would like to "group" them into sort of subgroups. For example "dev" >> hosts >> are for developers from different applications teams: app1, app2, app3, >> appN. >> > > If you have that many nodes I would suggest an ENC like Foreman and use > host groups to include the classes you want for each group. > Foreman also talks to puppetdb to get facts and the like and you can send > puppet reports to it which will also be handy for that many nodes. > Using an enc also gives you a centralised way of managing which host group > or environment a node uses. > In fact if you use a ENC it ignores the environment setting on the node > and only uses the one set in the enc. > > >> We need to create accounts (user accounts are just an example - there are >> other similar tasks) on all servers from dev environments: >> user accounts for dev team app1 don't need to be on all dev servers - >> just on the following nodes: node10 - node20 >> user accounts for dev team app2 should be just on the following nodes: >> node35 - node88 >> > > Also given the number of nodes you have I would also suggest some form of > centralised user management like FreeIPA, LDAP or AD. > Then you can define the access rights you want for each use or use group. > > (if you are tricky you can also use LDAP as an ENC but that may be an > exercise for the future.) > > etc >> (and I can't use any regular expressions to select nodes - the same >> servers in each group could have quite different FQDN) >> Can you recommend what puppet/hiera feature could I use to group servers ? >> It would be good if I could use it just on central puppet master server >> and not need to login to every node >> and assign it locally to a group. >> >> Regards >> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to puppet-users...@googlegroups.com <javascript:>. >> To post to this group, send email to puppet...@googlegroups.com<javascript:> >> . >> Visit this group at http://groups.google.com/group/puppet-users?hl=en. >> For more options, visit https://groups.google.com/groups/opt_out. >> >> >> > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
