We are trying to figure out how to integrate Puppet’s Roles and Profiles pattern with Foreman, and are trying to understand how to use Host Groups or Config Groups with this pattern, and also how to override parameters for a group of hosts.
My question is based on these Puppet Enterprise documents:
- https://puppet.com/docs/pe/2019.8/the_roles_and_profiles_method.html
- https://puppet.com/docs/pe/2019.8/roles_and_profiles_example.html
For background, here’s how that example works:
-
A profile uses multiple component modules to configure a layered technology stack. In this case, it sets a default parameter for the Docker version.
# /etc/puppetlabs/code/environments/production/site/profile/manifests/kubernetes/worker.pp class profile::docker ( $docker_version = "present", ) { package { 'docker': ensure => present, version => $docker_version, } }
-
A role use multiple profiles to build a complete system configuration.
-
Here’s a development role, which includes a set of tools for development:
# /etc/puppetlabs/code/environments/production/site/role/manifests/kubecluster/dev class role::kubecluster::dev { include profile::base include profile::docker include profile::developer_tools }
-
And here’s a production role, which does not include development tools:
# /etc/puppetlabs/code/environments/production/site/role/manifests/kubecluster/prod class role::kubecluster::prod { include profile::base include profile::docker }
-
-
Component modules are normal modules (from Puppet Forge, Github, etc) that manage one particular technology, for example,
puppetlabs/docker
-
In Puppet’s examples, they store configuration parameters such as an IP address or a special Docker package version in Hiera or the Puppet Enterprise ‘console’ (I don’t know what the Console is).
Our strategy is to populate /etc/puppetlabs/code/environments/production/site/
with roles and profiles as described. We do not plan to use Hiera, and instead, want to store configuration parameters as data in Foreman.
In Foreman, we will create Host Groups for groups of similar hosts. In each host group, we assign a single role.
- The
Kubecluster::production
host group includes therole::kubecluster::prod
class - The
Kubecluster::development
hostgroup includes therole::kubecluster::dev
class - The
webserver::customer_a
hostgroup includes therole::webserver
class, etc.
Our questions:
How do we accomplish the data lookups without Hiera?
- Should we be able to override the default Docker version by setting a parameter in the host group,
such as simply settingdocker_version = 19.09
? I tried this, and it didn’t work and I’m sure if I am understanding the purpose of host groups. - In rare cases, we might want to temporarily override the parameter from the host group. In that case, would we set a temporary parameter in the Host configuration?
Are Hostgroups intended to manage a set of servers that all have the same application? Or are they intended to be used to manage similar sets of hosts (Hostgroup A are VMs, Hostgroup B is Bare Metal in Datacenter A, Hostgroup C are nodes in AWS)?
Do people use Config Groups for this instead of Host Groups to apply application configuration to a group of hosts?