I've been wanting to get us on an ENC, but haven't had time to do that, either

WHen the time presents itself

Just a note: If they know what they’re doing, a Puppet consultant could convert you in a day or two max.

There’s a lot of people classifying with Hiera, too. You don’t need an ENC, it just automagically knows

This is the entirety of my site.pp:

node default {

  lookup('classes', {merge => 'unique', default_value => []}).include

}

I'd like to get to that point

(I recommend using trusted facts if you want to ENC with hiera)

This is the entirety of my Hiera class:

classes: 'sscg_roles::server'

The entire role:

# Main SSCG Server Role
class sscg_roles::server {

  include sscg_profiles::base
  include sscg_profiles::lampstack
  include sscg_profiles::sscgatl
  include sscg_profiles::mvcf

}

The entirety of the base profile:

# Base profile for all nodes
class sscg_profiles::base {

  include sscg_profiles::hardening
  include sscg_profiles::ntp

}

the others are self-explanatory. By using automatic parameter lookup, I can just wantonly include modules, and make sure the settings I want are in Hiera, and it “jsut works”™

I do something slightly different, in that I have

classes_main: # main is a stage, which we do use
  - 'profile_linux'
  - 'profile_nginx'
  - 'profile_monitoring'

but with a hiera lookup_options that merges the key

You’ve just made Hiera your role designator, it looks like

but we version all our profiles same as modules

I try to follow the full roles/profiles spec because if I don’t, it’s hard to convince my customers to

I think if we had more people or a dedicated puppet team we could pull this off

yea, I am both the dev and the customer so 😄

Yeah, it’s that whole “hockey stick” graph where the effort at the beginning is crazy, but the more you do, the less work you have

our current approach is an improvement. We were originally using only node declarations, which just didn't scale well, like the windows update scenario I shared above

what’s your host naming look like (out of curiosity)?

it's much easier to declare an array of hosts to exclude and then check for their hostname than sift through all of the node declarations

eh, pretty mixed. we have a standard, but about 25% of our machines are still legacy

ah… yeah, that solves a big part of what you’re conditional-ing around

servers are cattle, not pets 🙂

a lot of times people will do platform/purpose/location/number in their hostname so they can just regex against it to glob a class at a whole host of machines at once

yea, although I think I'd still prefer conditionals over node declarations, again the array of hosts is easier to verify than needing to sort through all node declarations

wwebhrea02

Windows - Platform Web - function HR - purpose East - location 02 - host number Then you can do things like:

node /^w$/ {
  include foo::blah
}

yea, enforcing a hostname standard is 80% of the battle, we use role-nodeid.qualifier.dc.tier.product.company.tld now, (qualifier is optional, and only used for some specific products like our CI platform)

also, windows hostnames suck terribly