Pete, thank you for suggestions. As for my environments: the users example is just an example. The same problem exists when I want to apply other config settings to subset of servers. We use The Foreman so this is one option. In general I wanted to ask you if you could share your experience regarding deploying hiera based puppet in more diverse environments.
On Friday, May 31, 2013 1:36:52 AM UTC+1, Pete wrote: > > On 31 May 2013 01:02, przemol <[email protected] <javascript:>> wrote: > >> Hello, >> >> we have been using puppet 3 with hiera based config and several (usually >> "typical") environments: >> test >> predev >> dev >> preprod >> prod >> ... >> Basically we apply the puppet config to test, then predev, then dev, etc >> But within each environment we have quite a large number of hosts >> (20/50/100/300/...). >> We would like to "group" them into sort of subgroups. For example "dev" >> hosts >> are for developers from different applications teams: app1, app2, app3, >> appN. >> > > If you have that many nodes I would suggest an ENC like Foreman and use > host groups to include the classes you want for each group. > Foreman also talks to puppetdb to get facts and the like and you can send > puppet reports to it which will also be handy for that many nodes. > Using an enc also gives you a centralised way of managing which host group > or environment a node uses. > In fact if you use a ENC it ignores the environment setting on the node > and only uses the one set in the enc. > > >> We need to create accounts (user accounts are just an example - there are >> other similar tasks) on all servers from dev environments: >> user accounts for dev team app1 don't need to be on all dev servers - >> just on the following nodes: node10 - node20 >> user accounts for dev team app2 should be just on the following nodes: >> node35 - node88 >> > > Also given the number of nodes you have I would also suggest some form of > centralised user management like FreeIPA, LDAP or AD. > Then you can define the access rights you want for each use or use group. > > (if you are tricky you can also use LDAP as an ENC but that may be an > exercise for the future.) > > etc >> (and I can't use any regular expressions to select nodes - the same >> servers in each group could have quite different FQDN) >> Can you recommend what puppet/hiera feature could I use to group servers ? >> It would be good if I could use it just on central puppet master server >> and not need to login to every node >> and assign it locally to a group. >> >> Regards >> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> To post to this group, send email to [email protected]<javascript:> >> . >> Visit this group at http://groups.google.com/group/puppet-users?hl=en. >> For more options, visit https://groups.google.com/groups/opt_out. >> >> >> > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
