Re: [Puppet Users] profiles/hiera, defalults and defined

2016-11-07 Thread Lindsey Smith
On Mon, Nov 7, 2016 at 3:44 AM, Bjørge Solli wrote: > Hi > > I do not wish for my juniors to need to learn Puppet at all:-) Hint: They > work in support center and mostly on windows. > Puppet Enterprise gives you a web GUI and role-based access control so that you can

Re: [Puppet Users] profiles/hiera, defalults and defined

2016-11-07 Thread Bjørge Solli
Hi I do not wish for my juniors to need to learn Puppet at all:-) Hint: They work in support center and mostly on windows. We think we can expand our hiera hierarchy like this to achieve separation in a non-complicated way: :hierarchy: - "customers/%{::domain}/%{::hostname}" -

Re: [Puppet Users] profiles/hiera, defalults and defined

2016-11-03 Thread Andrew Grimberg
Sounds like you could use a little code-review process (such as Gerrit) managing the hiera repo. That coupled with something like hiera-eyaml-gpg (or similar) would allow you to have your junior admins submit changes for review allowing such hiera configs to be worked on by multiple parties and

Re: [Puppet Users] profiles/hiera, defalults and defined

2016-11-03 Thread Bjørge Solli
Hi Rob, thanks for your reply. The main defaults is for every host (all customers, datacenters, etc), but some, like a jump-host or managed-file-transfer-host, will need to have different values. Doing this in hiera is fine for those who are allowed to edit hiera, but setting up machines for

Re: [Puppet Users] profiles/hiera, defalults and defined

2016-11-03 Thread Rob Nelson
You mentioned that a specific role would like a different value, but is there another logical division between the two configs? Perhaps per-datacenter, or per-network, or some other differentiator? At a worst case scenario, per individual node? You could add whatever that differentiator is to your

[Puppet Users] profiles/hiera, defalults and defined

2016-11-03 Thread Bjørge Solli
Hi Setup: Puppet 4, profiles and roles, hiera Trying to understand what is the best way to solve this problem: I have a base-profile that includes default setup of sshd. The sshd-profile sets up sane defaults, reads specific setups from hiera and uses separate resources to manage each