Puppet "autoconfigured" clients on AWS - classes from EC2 tags/userdata

[Martin Langhoff]

Hi Puppeteers,

folks are mapping "role" from EC2 tags or userdata into a `case`
statement in site.pp to choose a pre-built configuration.

I wonder whether there is a way to bring in a listing of classes, as
can be done with hiera (`hiera_include("classes")`).

thoughts?



m
--
martin....@gmail.com
- ask interesting questions
- don't get distracted with shiny stuff - working code first
~ http://docs.moodle.org/en/User:Martin_Langhoff

[Gareth Rushgrove]

On 26 May 2016 at 22:11, Martin Langhoff <martin....@gmail.com> wrote:
> Hi Puppeteers,
>
> folks are mapping "role" from EC2 tags or userdata into a `case`
> statement in site.pp to choose a pre-built configuration.
>
> I wonder whether there is a way to bring in a listing of classes, as
> can be done with hiera (`hiera_include("classes")`).
>

There are lots of hints and tips in this white paper.

https://puppet.com/blog/making-life-puppet-and-aws-or-other-cloud-services-easier

In particular it covers using the policy based autosigning and trusted
facts to secure doing what I think you're doing.

Obviously I'm biased as I now work at Puppet, but it's definitely worth a read.

Gareth

> thoughts?
>
>
>
> m
> --
> martin....@gmail.com
> - ask interesting questions
> - don't get distracted with shiny stuff - working code first
> ~ http://docs.moodle.org/en/User:Martin_Langhoff
>

> --
> You received this message because you are subscribed to the Google Groups "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CACPiFCJK%2BAAVgpdo7LBi_H1AGfKyuF9HJbPaD21FMn_dcQzFDg%40mail.gmail.com.
> For more options, visit https://groups.google.com/d/optout.



--
Gareth Rushgrove
@garethr

devopsweekly.com
morethanseven.net
garethrushgrove.com

[Martin Langhoff]

On Fri, May 27, 2016 at 6:51 AM, Gareth Rushgrove <gar...@morethanseven.net> wrote:

There are lots of hints and tips in this white paper.

https://puppet.com/blog/making-life-puppet-and-aws-or-other-cloud-services-easier

In particular it covers using the policy based autosigning and trusted
facts to secure doing what I think you're doing.

Thank you. It mostly covers other topics around these practices, but not the specific point I am trying to figure out. At least not that I can see (maybe it's hiding somewhere?).

To recap what I am looking for: I want to build VMs (on AWS or something else) that Puppet has no name for, using EC2 tags and userdata (and similar facilities on RHEV-M, VMWare etc) _to list a number of puppet modules and puppet variables_.

What I have seen proposed/used is to read in data from EC2 tags and userdata via facter, and use conditionals in puppet code. While workable, this means writing a lot of pointless conditionals in puppet code.

What I would prefer is a bit of magic "include all classes listed by name in this variable", like it's done with hiera classes.

cheers,

m

--

 martin....@gmail.com

 - ask interesting questions  ~  http://linkedin.com/in/martinlanghoff

 - don't be distracted        ~  http://github.com/martin-langhoff

   by shiny stuff