On Thursday, July 12, 2012 6:04:17 PM UTC-5, Jo wrote: > > On Jul 12, 2012, at 2:26 PM, jcbollinger wrote: > > I would avoid that variation on this approach if at all possible. You > would sidestep multiple pitfalls if you could determine up front, based on > node name and facts, which groups are *supposed* to be present, instead > of attempting to determine after the fact which were realized. Indeed, you > might even find it convenient to use that information to drive group > realization. > > If nothing else, doing so would ensure that users aren't assigned to > secondary groups that don't get realized. > > > This is what policy as expressed in the puppet manifests does. I don't see > how to avoid the unrealized problem here. > > What's funny is that you are expressing exactly what puppet does today, > but it appears you are suggesting that I need to create another data source > and mirror the information out of puppet manifests into that for comparison > purposes. Huh? > > I'm a bit baffled by the fairly constant suggestion by people here that I > keep spreading out the places where information is stored. The point is to > centralize the data, not provide more sources to grow inconsistent with > each other. > > Relying on a single source of information is *exactly* what what I have suggested you do, specifically by using an up-front group list both to filter users' declared secondary groups and to drive which groups get realized. I have described that three times now, and it's included in the example code I posted earlier. You can populate such a list by whatever means you want and from whatever source you want, and you can store it wherever you want, so long as you produce the entire list before any part of it is needed.
So no, I'm not suggesting you mirror information from your puppet manifests. Rather, I am suggesting that you *move* implicit information out of your manifests to someplace more accessible. Study my example if you still don't understand what I mean by that. The "someplace" where the information lands could be an explicit expression elsewhere in your manifests, or it could be external, as seems best to you. The information implicitly encoded in the structure of your manifests and/or developed during compilation is inherently difficult to use from within the manifests themselves, and if you insist on using it anyway then you're choosing to be stuck in an uncomfortable position. More generally, people recommending various possible data sources to you -- hiera, ENC, etc. -- are not implying that you should "spread out" your data. That's a function of your own manifest designs and how you use the data. You do a disservice to those volunteering their help to you by criticizing them for deficiencies in *your imagined applications* of their suggestions. John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/ldsUjX6CCy0J. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
