Changes between Initial Version and Version 5 of Ticket #30020

Apr 23, 2019, 8:06:56 PM (16 months ago)

i did more work here. the following macros have now been safely removed:


This also led to the removal of a custom SSH keys generation template (modules/roles/templates/weblog_sink/webstats-authorized_keys.erb), although it hasn't been converted to the native ssh_authorized_keys because of the format difference between the custom fact we use to export the ssh keys and the one expected by the type. This could be fixed in another refactoring at some other time.

Now, I'm working on the static_* stuff, which is like weblog_* but a little more complicated because the config files are not (yet) built with config::fragment. The SSH firewall configuration was a little more complicated but it's been migrated already. Next up is the authorized_keys which should follow the same pattern as the weblog stuff and then the config::fragment conversion. There are also corner cases with more sub-roles for that one that will need to be taken into account, but those can hopefully be converted into class parameters.

There are now 36 roles left in the roles class. There were about 50 roles, split between site.pp and the roles class, when I started this, about a week ago, so i think it would be fair to assume this first part of the conversion will be done in a week or two.


  • Ticket #30020 – Description

    initial v5  
    55We should therefore switch to using Hiera instead of our homegrown solution.
     7This involves converting:
     9 * `if has_role('foo') { include foo }` into `classes: [ 'foo' ]` in hiera
     10 * hardcoded macros in the ferm module's `me.conf.erb` into exported resources
     11 * templates looping over allnodeinfo into exported resources
     12 * the `$roles` array into Hiera
     13 * the `$localinfo` into Hiera (assuming all the data is there)
     14 * the `$nodeinfo` and `$allnodeinfo` arrays into Hiera (assuming we can switch from LDAP for host inventory)
     15 * basically any other stuff of the kind
     17Ideally, all YAML data should end up in the hiera/ directory somehow. This is the first step in making our repository public (#29387) but also using Hiera as a more elaborate inventory system (#30273).
     19The idea of switching from LDAP to Hiera for host inventory will definitely need to be evaluated more thoroughly before going ahead with that part of the conversion, but YAML stuff in Puppet should definitely be converted.
     21The general goal of this is both to allow for a better inventory system but also make it easier for people to get onboarded with Puppet. By using community standards like Hiera, we make it easier for new people to get familiar with the puppet infrastructures and do things meaningfully.