Hi
Looking for some feed back on this. master puppet setup. Open source install using R10K and the control-repo gone with 2 envirenments production testing using a ENC at the global level /etc/puppetlabs/puppet/puppet.conf This is where I use the company classifier. for environments and other company wide attributes - like company env... << I am thinking this could probably go into the production ENC ??? But my plan is to keep this simple following the guildlines we use to name vm's - which should id what type of server and service it has. Here is a my /etc/puppetlabs/puppet/hiera.yaml --- :backends: - yaml # Hierarchy # First takes precedence ??? I think :hierarchy: # node specific - "nodes/%{::trusted.certname}" #### <<< So node specific configs come in first # OS specific - "os/%{::osfamily}" ### << then any OS specific # Envornment - YB - "abenv/%{::abenv}" #### << then any environment ones # common to all - common ### then common :yaml: # datadir is empty here, so hiera uses its defaults: # - /etc/puppetlabs/code/environments/%{environment}/hieradata on *nix # - %CommonAppData%\PuppetLabs\code\environments\%{environment}\hieradata on Windows # When specifying a datadir, make sure the directory exists. :datadir: # https://docs.puppet.com/hiera/3.1/configuring.html :merge_behavior: deeper Think this gives me the flexibility I want.. Not sure I might swap OS and ADEnv around ... going to try and setup with roles / profiles ... My first try at this is profile::absshd - the aim he is to setup ssh as per company standards and enforce it every where site/profile/manifests/absshd.pp class profile::absshd { class { '::ssh': # import info from hiera hiera_merge => true, sshd_config_permitemptypasswords => no, sshd_config_strictmodes => yes, sshd_password_authentication => yes, sshd_allow_tcp_forwarding => yes, sshd_use_pam => yes, permit_root_login => 'without-password', } } I have this in my hieradata/os/RedHat.yaml --- message: "This node is using Redhat data" # common include for all node classes: - profile::ybsshd ## ## Data ## My only thought it here is if I have the config in the profile then I can't over write it or testing ... (I think). if I want to place a hiera node file for node a.b.c with ssh config info I am not sure what would happen. My hope is that the node hiera would take precedence of the class variables - but I think not. I think I have to move the setup into common.yaml .. So i have to do more testing with this. once I have more profiles I will group them together as a role and then allocate roles to nodess... Any thoughts ? Alex -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/1cbf1444-b74f-498c-9605-4ce043d21de9%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.