Using ENC and node defintion for configuration

[Richard Rechenberg]

Hello Puppet Users,

for handling my different environments I'am using directory environments. Every environment has its own node definiton stored in the nodes.pp. For only one of the environments I want to use an ENC. Caused by this I added the following inside the masters puppet.conf:

node_terminus = exec
external_nodes = /opt/getClasses.sh

Using this configuration only the environment which nodes are known by the ENC get ther configuration all other nodes which are still stored inside node.pp files only get a 404 error.

Has someone done this mix before?


Thanks for giving me a hand.

Richi

[Christopher Wood]

In a similar situation (multiple sets of node data) I put the hiera node yaml in its own r10k branch/environment and use that as the canonical source of node hiera data for all environments in /etc/puppet/hiera.yaml. (These node files are also the data source for the ENC.)

Then /etc/puppet/hiera.yaml looks thematically to this:

:yaml:
:datadir: '/etc/puppet'

:hierarchy:
- 'environments/nodes/hieradata/nodes/%{fqdn}'
- 'environments/%{environment}/hieradata/server_types/%{role}'
- 'environments/%{environment}/hieradata/common'

To wit:

adopt roles/profiles
use a common set of hiera node data
have the ENC read the common node files
bonus: use r10k, it's very useful

Further reading:

https://puppetlabs.com/presentations/designing-puppet-rolesprofiles-pattern
http://www.craigdunn.org/2012/05/239/
http://garylarizza.com/blog/2014/02/17/puppet-workflow-part-2/

https://docs.puppetlabs.com/guides/external_nodes.html
https://docs.puppetlabs.com/puppet/latest/reference/environments_assigning.html

https://github.com/puppetlabs/r10k/tree/master/doc
http://somethingsinistral.net/blog/rethinking-puppet-deployment/
http://garylarizza.com/blog/2014/08/31/r10k-plus-directory-environments/

> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [1]puppet-users...@googlegroups.com.
> To view this discussion on the web visit
> [2]https://groups.google.com/d/msgid/puppet-users/c086653a-1698-4a4e-9308-d8957a4d3cc5%40googlegroups.com.
> For more options, visit [3]https://groups.google.com/d/optout.
>
> References
>
> Visible links
> 1. mailto:puppet-users...@googlegroups.com
> 2. https://groups.google.com/d/msgid/puppet-users/c086653a-1698-4a4e-9308-d8957a4d3cc5%40googlegroups.com?utm_medium=email&utm_source=footer
> 3. https://groups.google.com/d/optout

[jcbollinger]

If you configure an ENC on the master, it will be consulted for every catalog request, and it must return a valid result and exit with a success code (0).  That output can be devoid of data, but it must be provided for every node.  If there is also a node block for any node, then every node must have a corresponding node block, (even if it is a default node block).  Classification information from an ENC, if any, is merged with classification data from the appropriate node block, if any, as described in the ENC general documentation.

The bottom line is that if your master is going to use an ENC for some clients and node blocks for some clients, then it will expect to use both classification approaches together for all clients.  It is trivial to back up an ENC with an empty default node block to pick up clients that don't otherwise have a matching node block.  How you get your ENC to provide empty responses for nodes it doesn't otherwise want to classify depends on your ENC, but if there's no better alternative then you should be able to wrap the real ENC in a script that handles it.


John

[Richard Rechenberg]

Hi John, hi Christopher,

thanks for the explanation. I decided not to use hiera. I will expand my script and return in case of known hosts a valid but empty output like that:
####
classes:
environment:
####

Thanks and regards,

Richi