On Sat, Sep 25, 2010 at 6:57 AM, Brice Figureau <[email protected]> wrote: > Hi Nigel, > > On 24/09/10 23:46, Nigel Kersten wrote: >> Is there any way I can feasibly access a parameter that was set in a >> node definition provided by an external node classifier from inside a >> fact? > > Out of the box I don't think it is possible, since the facts run in > puppetd and the node classifier on the master.
Yeah. :( > >> The problem I'm facing is that I have several teams who wish to share >> a modulepath, but don't want the facts checked in by one team to >> module A to be evaluated on clients who are not applying module A. >> >> Thus I would like to be able to confine the facts to only be evaluated >> on those hosts that are actually including those modules. > > To my knowledge the facts are evaluated prior to the node catalog > evaluation so we don't yet know this information. > > The only way I can think about it is to have your facts query your node > classifier out of band of puppet. Which kind of sucks :) I feel like our pluginsync model is really problematic for trying to share modulepaths amongst separate groups and services. If you're not the only person checking code into a modulepath, then you're essentially allowing arbitrary code execution on your clients, even if you're not consuming the modules that provide such plugins. Also, given that it's possible to take a core puppet provider, modify it, distribute it via pluginsync, and override the core provider... you're even allowing the possibility of someone checking something into a module you don't consume that actually changes the way your puppet client works. This infers that modulepaths are not to be shared, but the consequence here is that you end up with an explosion of environments to cope with modulepath permutations. > -- > Brice Figureau > My Blog: http://www.masterzen.fr/ > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Developers" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/puppet-dev?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-dev?hl=en.
