Skip to content

Implement a Puppet ENC and move node roles into it

The standard roles/profiles pattern we are working towards in Puppet requires an ENC, short for External Node Classifier, to work well. An ENC will allow us to define/override configuration data, in a role context, in Hiera. Furthermore, it will bring us a little closer to being able to use multiple Puppet environments, as nodes are usually assigned an environment via the ENC.

There are several ENC options available but the simplest is probably https://github.com/Zetten/puppet-hiera-enc which is something I have used personally in multiple deployments.

Our new hiera.yml look something like (click to expand) 
---
version: 5
defaults:
  datadir: hiera
  data_hash: yaml_data
hierarchy:
  - name: "Per-node data"
    path: "node/%{trusted.certname}.yaml"

  - name: "Per-role data"
    path: "role/%{role}.yaml"

  - name: "Per-hoster data"
    path: "node/%{hoster}.yaml"

  - name: "Common data"
    path: "common.yaml"

  - name: "Trocla data"
    lookup_key: trocla_lookup_key
    options:
      trocla_hierarchy:
        - hosts/%{facts.fqdn}
        - roles/%{::role}
        - defaults
      config: /etc/puppet/troclarc.yaml

And a sample node definition:

---
environment: production
parameters:
  role: gitlab::runner
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information