Best method to query role specific data when using roles/profiles + hiera as an ENC
108 views
Skip to first unread message
JeremyCampbell
Sep 9, 2014, 5:34:52 AM9/9/14
to puppet...@googlegroups.com
We are implementing the profiles/roles pattern with hiera and using hiera to assign roles i.e. hiera_include('classes'). Current hierarchy:
We have several roles which require their own configuration data. e.g. Firewall role, VPN role (each include several profiles). For example, using the logrotate module we need to add different defines for the Firewall role and the VPN role.
The most obvious solution is to create a new hierarchy level e.g. "%{role}" but then we need to assign machines to a role outside of hiera. I'm guessing the best way to do this is with a custom fact during the initial provisioning but I'm not sure.
What would be the best solution for looking up role specific data using the roles/profiles pattern with hiera?
Thank you for your time!
:hierarchy:
- "%{clientcert}"
- "%{environment}"
- global
We have several roles which require their own configuration data. e.g. Firewall role, VPN role (each include several profiles). For example, using the logrotate module we need to add different defines for the Firewall role and the VPN role.
The most obvious solution is to create a new hierarchy level e.g. "%{role}" but then we need to assign machines to a role outside of hiera. I'm guessing the best way to do this is with a custom fact during the initial provisioning but I'm not sure.
What would be the best solution for looking up role specific data using the roles/profiles pattern with hiera?
Thank you for your time!
Christopher Wood
Sep 9, 2014, 10:39:27 AM9/9/14
to puppet...@googlegroups.com
https://docs.puppetlabs.com/guides/external_nodes.html
As a bonus we use the servertype yaml to define which class to load first. That class is the role, which includes profiles, etc. etc.
> Thank you for your time!
>
>
>
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [1]puppet-users...@googlegroups.com.
> To view this discussion on the web visit
> [2]https://groups.google.com/d/msgid/puppet-users/6510ddf4-2a0b-4a1e-abb8-8d0244ba48f3%40googlegroups.com.
> For more options, visit [3]https://groups.google.com/d/optout.
>
> References
>
> Visible links
> 1. mailto:puppet-users...@googlegroups.com
> 2. https://groups.google.com/d/msgid/puppet-users/6510ddf4-2a0b-4a1e-abb8-8d0244ba48f3%40googlegroups.com?utm_medium=email&utm_source=footer
> 3. https://groups.google.com/d/optout
Poil
Sep 9, 2014, 1:37:51 PM9/9/14
to puppet...@googlegroups.com
Hi,
I think this is what you want : https://docs.puppetlabs.com/hiera/1/hierarchy.html "Data Source Resolution"
We are replacing our ENC with this "full hiera" method
Best regards
I think this is what you want : https://docs.puppetlabs.com/hiera/1/hierarchy.html "Data Source Resolution"
We are replacing our ENC with this "full hiera" method
Best regards
--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/6510ddf4-2a0b-4a1e-abb8-8d0244ba48f3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
José Luis Ledesma
Sep 9, 2014, 2:11:08 PM9/9/14
to puppet...@googlegroups.com
You can hace %{role} in your hierarchy setting in your site.pp:
$role=hiera('role')
Regards
--
JeremyCampbell
Sep 9, 2014, 5:02:12 PM9/9/14
to puppet...@googlegroups.com
I believe I understand 'Data Source Resolution' but it doesn't address our issue unless I'm missing something. The question is how to assign a role to a server so that we can use a new role level in our hierarchy.
JeremyCampbell
Sep 9, 2014, 5:03:46 PM9/9/14
to puppet...@googlegroups.com
I would expect that the role has to be set before hiera is queried or am I missing something? I don't understand how that would work.
Poil
Sep 9, 2014, 5:12:53 PM9/9/14
to puppet...@googlegroups.com
You have 2 hierarchies, one flat that
is the classifier that contains fqdn.yaml; each "fqdn.yaml"
defined what is the role of the current fqdn.
This hierarchy is filled when you deploy a server (via a webservice, manually or what you want)
The 2nd hierarchy is what you have today.
This hierarchy is filled when you deploy a server (via a webservice, manually or what you want)
The 2nd hierarchy is what you have today.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/b4b53515-8858-4419-be07-5d7aee9720dd%40googlegroups.com.
José Luis Ledesma
Sep 9, 2014, 5:41:51 PM9/9/14
to puppet...@googlegroups.com
Hiera is called each time you query it, or because of the auto lookup, so if you set up a role variable in site.pp you can use it in next queries.
I use this method ;)
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/08a5666e-e035-46b3-8e9a-7fec33ceda18%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages