1

I have a puppet setup where each node manifest is named something like

/^web-\d+\.example\.com$/

We do this so we can spin up new servers for additional capacity and give each one a unique certname using the timestamp from when it was launched.

This is causing problems with the Hiera part of our Puppet setup since we can't do

:hierarchy:
  - "nodes/%{::trusted.certname}"
  - common

since we can't predict what all the certnames will be. Right now we're just specifying each node type in the hierarchy, but we'd like to be able to add new node types without editing our hiera.yaml each time.

Is it possible to have some sort of dynamic lookup in our hierarchy that will allow us to have dynamically generated certnames without specifying every node type?

  • 2
    What about using a custom `facter` fact `role` for these machines (which might be `web`, for example) and extending the `hiera` hierarchy to match these? – gxx Oct 31 '17 at 00:13
  • That's what I ended up doing and it worked. –  Nov 08 '17 at 21:05

1 Answers1

0

I've updated both our hierarchy and custom facts to make this work. The hierarchy now includes

roles/%{::role}/${::environment}

and our nodes now include the following in /etc/facter/facts/role.yaml:

---
role: web