On Tue, Sep 09, 2014 at 02:34:52AM -0700, JeremyCampbell wrote:
> We are implementing the profiles/roles pattern with hiera and using hiera
> to assign roles i.e. hiera_include('classes'). Current hierarchy:
>
> :hierarchy:
> - "%{clientcert}"
> - "%{environment}"
> - global
> We have several roles which require their own configuration data. e.g.
> Firewall role, VPN role (each include several profiles). For example,
> using the logrotate module we need to add different defines for the
> Firewall role and the VPN role.
>
> The most obvious solution is to create a new hierarchy level e.g.
> "%{role}" but then we need to assign machines to a role outside of hiera.
> I'm guessing the best way to do this is with a custom fact during the
> initial provisioning but I'm not sure.
>
> What would be the best solution for looking up role specific data using
> the roles/profiles pattern with hiera?
Here we're using an ENC to look up the server type, analogous to the role part
of the model. The ENC is also the component that builds a machine from bare
metal so keep inventory as well. We decided we didn't trust machines exposed to
the outside world to always be honest about their server type hence ENC usage
rather than custom fact.
https://docs.puppetlabs.com/guides/external_nodes.html
As a bonus we use the servertype yaml to define which class to load first. That
class is the role, which includes profiles, etc. etc.
> Thank you for your time!
>
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [1][email protected].
> To view this discussion on the web visit
>
> [2]https://groups.google.com/d/msgid/puppet-users/6510ddf4-2a0b-4a1e-abb8-8d0244ba48f3%40googlegroups.com.
> For more options, visit [3]https://groups.google.com/d/optout.
>
> References
>
> Visible links
> 1. mailto:[email protected]
> 2.
> https://groups.google.com/d/msgid/puppet-users/6510ddf4-2a0b-4a1e-abb8-8d0244ba48f3%40googlegroups.com?utm_medium=email&utm_source=footer
> 3. https://groups.google.com/d/optout
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/20140909143913.GA27205%40iniquitous.heresiarch.ca.
For more options, visit https://groups.google.com/d/optout.
