... | ... | @@ -1120,12 +1120,18 @@ All paths below are relative to the root of that git repository. |
|
|
- `modules` includes roles, profiles, and classes that make the bulk
|
|
|
of our configuration.
|
|
|
|
|
|
- each node is assigned a "role" through Hiera, in
|
|
|
`hiera/nodes/$FQDN.yaml`
|
|
|
- each node is assigned a "role" through the ENC, in
|
|
|
`hiera-enc/nodes/$FQDN.yaml`
|
|
|
|
|
|
To be more accurate, Hiera assigns a Puppet class to each node,
|
|
|
although each node should have only one special purpose class, a
|
|
|
"role", see [issue 40030][] for progress on that transition.
|
|
|
To be more accurate, the ENC assigns top-scope `$role` variable to
|
|
|
each node, which is in turn used to include a `role::$rolename`
|
|
|
class on each node. This occurs in the default node definition in
|
|
|
`manifests/site.pp`.
|
|
|
|
|
|
Some nodes include a list of classes, inherited from the previous
|
|
|
Hiera-based setup, but we're in the process of transitioning all
|
|
|
nodes to single role classes, see [issue 40030][] for progress on
|
|
|
this work.
|
|
|
|
|
|
[issue 40030]: https://gitlab.torproject.org/tpo/tpa/team/-/issues/40030
|
|
|
|
... | ... | @@ -1146,8 +1152,9 @@ All paths below are relative to the root of that git repository. |
|
|
- `ferm`'s `def.conf` template (`modules/ferm/templates/defs.conf.erb`)
|
|
|
|
|
|
- The root of definitions and execution is in Puppet is found in
|
|
|
the `manifests/site.pp` file, but this file is now mostly empty, in
|
|
|
favor of Hiera.
|
|
|
the `manifests/site.pp` file. Its purpose is to include a role class
|
|
|
for the node as well as a number of other classes which are common
|
|
|
for all nodes.
|
|
|
|
|
|
Note that the above is the current state of the file hierarchy. As
|
|
|
part Hiera transition ([issue 30020][]), a lot of the above
|
... | ... | |