We are deploying Puppet Enterprise, and are loosely following the "roles and profiles" module pattern- except we are using the Enterprise Console's node classifier in place of a "roles" module.
What we are trying to do now, is come up with a means of providing group-specific overrides within Hiera- but using PE Console as our classifier. In other words, nodes that are in XYZ classification group (or 'role') in the Puppet Console, would pull their hiera data from "roles/XYZ.yaml" first. Our Hiera tree would look something like:
:hierarchy:
- "nodes/%{::trusted.certname}"
- "roles/${role}"
- "%{facts.osfamily}_%{facts.os.release.major}"
- common
I have seen design patterns that involve assigning 'role' as an external fact on the node, and then referencing it in Hiera... but that seems to introduce its own complexities. We could have a set of classes that pushes the needed facts, and then assign those classes to the relevant classification groups in PE Console... but then we get a chicken-and-egg situation where a new node would need multiple puppet runs before Hiera can pick up on the custom facts. We could push the facts ourselves when we first provision the server, but I'm trying to avoid manual hackery as much as possible during the provisioning process.
I was wondering if there was a more graceful way to give Hiera the group-specific info it needs from PE Console Group assignments, rather than working around the PE Console to assign custom facts first?
↧