Hi
Looking for some feed back on this.
master puppet setup. Open source install using R10K and the control-repo
gone with 2 envirenments
production
testing
using a ENC at the global level
/etc/puppetlabs/puppet/puppet.conf
This is where I use the company classifier. for environments and other
company wide attributes - like company env... << I am thinking this could
probably go into the production ENC ??? But my plan is to keep this simple
following the guildlines we use to name vm's - which should id what type of
server and service it has.
Here is a my
/etc/puppetlabs/puppet/hiera.yaml
---
:backends:
- yaml
# Hierarchy
# First takes precedence ??? I think
:hierarchy:
# node specific
- "nodes/%{::trusted.certname}" #### <<< So node specific configs
come in first
# OS specific
- "os/%{::osfamily}" ### << then any OS specific
# Envornment - YB
- "abenv/%{::abenv}" #### << then any environment ones
# common to all
- common ### then common
:yaml:
# datadir is empty here, so hiera uses its defaults:
# - /etc/puppetlabs/code/environments/%{environment}/hieradata on *nix
# - %CommonAppData%\PuppetLabs\code\environments\%{environment}\hieradata
on Windows
# When specifying a datadir, make sure the directory exists.
:datadir:
# https://docs.puppet.com/hiera/3.1/configuring.html
:merge_behavior: deeper
Think this gives me the flexibility I want.. Not sure I might swap OS and
ADEnv around ...
going to try and setup with roles / profiles ...
My first try at this is profile::absshd - the aim he is to setup ssh as per
company standards and enforce it every where
site/profile/manifests/absshd.pp
class profile::absshd {
class { '::ssh':
# import info from hiera
hiera_merge => true,
sshd_config_permitemptypasswords => no,
sshd_config_strictmodes => yes,
sshd_password_authentication => yes,
sshd_allow_tcp_forwarding => yes,
sshd_use_pam => yes,
permit_root_login => 'without-password',
}
}
I have this in my
hieradata/os/RedHat.yaml
---
message: "This node is using Redhat data"
# common include for all node
classes:
- profile::ybsshd
##
## Data
##
My only thought it here is if I have the config in the profile then I can't
over write it or testing ... (I think). if I want to place a hiera node
file for node a.b.c with ssh config info I am not sure what would happen.
My hope is that the node hiera would take precedence of the class variables
- but I think not. I think I have to move the setup into common.yaml ..
So i have to do more testing with this. once I have more profiles I will
group them together as a role and then allocate roles to nodess...
Any thoughts ?
Alex
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/1cbf1444-b74f-498c-9605-4ce043d21de9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
