On Tuesday, May 20, 2014 6:02:17 AM UTC-5, Boyan Tabakov wrote: > > Hi, > > On Mon May 19 16:39:25 2014, jcbollinger wrote: > > > > > > On Monday, May 19, 2014 6:06:45 AM UTC-5, Boyan Tabakov wrote: > > > > Hi, > > > > The variable I want to access is not defined in a module/class. > > It's the > > globally defined $::environment. Since facts are also exposed as > > global > > variables, the server-defined $::environment gets overridden when > > there's a fact with the same name. > > > > So any ideas on how to avoid that? As it is, it looks like a module > > can't reliably detect environment, because a (potentially malicious) > > client can send an 'environment' fact with arbitrary value. > > > > > > > > If you do not trust your nodes to specify their own environment, then > > you should set up an ENC that specifies the correct environment for > > each node to Puppet. That can be the only thing it does. The > > environment specified by an ENC will be used instead of the one (if > > any) specified by the agent. > > > > More generally, you should avoid declaring global variables in your > > Puppet manifests, and especially you should avoid declaring globals > > that collide with facts or with variables provided by the master > > itself. Such collisions /should/ cause catalog compilation to fail > > with an error message, but conceivably could fail silently instead. > > Puppet variables cannot be changed once set. > > That is exactly what I try to do. > > Still, this is what happens (puppetmaster 3.5.1, puppet agent 3.4.3): > > Agent's configured environment is "agent_env". Agent also has a fact > called "environment" with value "agent_env_fact". There is ENC, > enforcing environment for that node to be "enc_env". The node's catalog > gets compiled in the "enc_env", as it should. For example the node > reports: > > Local environment: "agent_env" doesn't match server specified node > environment "enc_env", switching agent to "enc_env". > > However if any of the modules use the $::environment variable, it's > value is "agent_env_fact". So the agent's fact masks the real value and > any modules/manifests that make decisions based on the environment can > be fooled. > > This means that any conditionals that are based on $::environment are > not reliable. It would be totally fine, if that's documented and people > are discouraged to use the $::environment variable, but I could not > find anything like that. So, my original question still stands: is > there a reliable way to find out the current node's environment in a > module/manifest? > >
Per the docs<http://docs.puppetlabs.com/puppet/latest/reference/lang_facts_and_builtin_vars.html#variables-set-by-the-puppet-master>, the $::environment variable should do what you want. That it is not doing so is a bug (at minimum, it is a documentation bug, but I think the behavior is wrong). I recommend you file a ticket<http://tickets.puppetlabs.com/>. I'm afraid I don't have a workaround to offer. John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/5d5a4d3e-6ecb-49af-8744-b6d6ffa41a4e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
