Puppet Community #puppet-enterprise

todd.seidenberg

05/01/2023, 4:49 PM

and the place where I'd want to use this info is the control repo

todd.seidenberg

05/01/2023, 4:50 PM

before, we were using

server_facts[environment]

but I'm attempting to only have a single environment and make things less complicated

vchepkov

05/01/2023, 4:50 PM

that is what hiera is for, in general, to get different values

todd.seidenberg

05/01/2023, 4:51 PM

ok - i thought about that, but was wondering if there was a way to do it with PE

todd.seidenberg

05/01/2023, 4:51 PM

I'll happily do it with hiera, if that's the only way

vchepkov

05/01/2023, 4:51 PM

conceptually it's the right way

vchepkov

05/01/2023, 4:53 PM

think of puppet environment as 'maturity' of the code

todd.seidenberg

05/01/2023, 4:53 PM

right. that's a good thought.

vchepkov

05/01/2023, 4:54 PM

you should have one development environment and alpha, beta, sandbox, whatever tiers in it

vchepkov

05/01/2023, 4:54 PM

so define your fact - tier

vchepkov

05/01/2023, 4:54 PM

or specify it in a certificate

todd.seidenberg

05/01/2023, 4:54 PM

Yes - that's what I'm doing - actually going to a single PRD environemnt and a dynamic canary environment.

todd.seidenberg

05/01/2023, 4:54 PM

how do I specify it in a certificate?

todd.seidenberg

05/01/2023, 4:54 PM

I'm not sure I follow that. I do follow the hiera part

vchepkov

05/01/2023, 4:55 PM

When you issue a certificate request, you can supply a lot of data to the puppet server

vchepkov

05/01/2023, 4:56 PM

that data can be accessible from

trusted

hash one certificate is signed

vchepkov

05/01/2023, 4:56 PM

https://www.puppet.com/docs/puppet/7/ssl_attributes_extensions.html

vchepkov

05/01/2023, 4:57 PM

just an example

Copy code

# cat /etc/puppetlabs/puppet/csr_attributes.yaml
---
extension_requests:
  pp_apptier: 'dev'
  pp_environment: 'development'

vchepkov

05/01/2023, 4:58 PM

hence you set environment, which you can use in the console for classification and apptier that you can use in your hiera

todd.seidenberg

05/01/2023, 5:01 PM

i see.

todd.seidenberg

05/01/2023, 5:01 PM

Well my boxes already have certs.

todd.seidenberg

05/01/2023, 5:01 PM

That's fascinating.

todd.seidenberg

05/01/2023, 5:01 PM

I can just use hiera.

todd.seidenberg

05/01/2023, 5:02 PM

And actually - as I see it - I can still make my puppet code agnostic by using the same regex that I'm using to assign membership to my dynamic group and use it to determine the value of the variable during a puppet run.

vchepkov

05/01/2023, 5:03 PM

ideally not

vchepkov

05/01/2023, 5:03 PM

proper way to make a fact out of your regex

vchepkov

05/01/2023, 5:03 PM

call it tier, apptier, up to you

vchepkov

05/01/2023, 5:03 PM

then add hierarchy to hiera, based on that fact

bastelfreak

05/01/2023, 5:08 PM

nods

todd.seidenberg

05/01/2023, 5:08 PM

I'm sorry - i'm confused. My current puppet code has this: