如何按角色划分我的hiera配置? [英] How can I split my hiera config by role?
问题描述
我正在使用hiera将诸如webserver或dbserver之类的类分配给我的节点. webserver类仅包含apache并在其上设置一些配置(例如port).显然,我不想为每个节点复制此配置,因此将其放在common.yaml中.但是,我的common.yaml越来越大,所以我想将其拆分.我想要一个文件包含webserver角色的配置,另一个文件包含dbserver角色的配置,等等.我在想我的hiera.yaml看起来像这样:
I'm using hiera to assign classes like webserver or dbserver to my nodes. The webserver class just includes apache and sets some config on it (e.g. port). Obviously I don't want to replicate this config for every node, so I put it in common.yaml. However, my common.yaml is getting big, so I want to split it up. I'd like to have one file containing the config for the webserver role, another for the dbserver role etc. I'm imagining my hiera.yaml to look something like this:
:hierarchy:
- "fqdn/%{::fqdn}"
- "role/%{ROLE}"
- common
role文件夹中将包含webserver.yaml,appserver.yaml,dbserver.yaml之类的文件.我见过很多博客文章都说解决方案是创建一个自定义的角色"事实,但是大多数人都是通过从代理节点上的文件(例如,来自/etc/role)加载该事实来实现的,这在我看来击败puppet的观点(我专门使用puppet,所以我不必每次都希望登录新节点时便登录到每个节点并更改一些配置).
Where the role folder would contain files like webserver.yaml, appserver.yaml, dbserver.yaml. I've seen various blog posts saying that the solution is to create a custom 'role' fact, but most of them achieve this by loading that fact from a file on the agent node (e.g from /etc/role), which to me seems to defeat the point of puppet (I use puppet specifically so I don't have to log into each node and change some config every time I want it to have some new role).
为了清楚起见,我不需要在代理上编辑文件就可以使它正常工作,我希望所有这些都使用主服务器上的配置完成.
To be clear, I don't want to have to edit files on the agent to get this to work, I want it all done using the config that's on the master.
我想我可能会有类似以下内容,并且将每个角色都作为层次结构中的一个元素详尽列出,但这似乎不是很容易处理.
I guess I could have something like the following and exhaustively list every role as an element in the hierarchy, but that doesn't seem that manageable.
:hierarchy:
- "fqdn/%{::fqdn}"
- "webserver"
- "appserver"
- "dbserver"
- common
有什么办法解决这个问题?
Is there any way to solve this?
推荐答案
要在您的hiera配置中使用$Role,需要将其作为事实/变量提供,但是有一种方法可以在主节点而不是节点上.这是外部节点分类器可以使用的东西之一.
To be able to use $Role in your hiera config, it needs to be supplied as a fact/variable, however there is a way to do this on the master instead of on the node. This is one of the things that External Node Classifiers can be used for.
基本上,您需要编写一个使用节点名称并打印出包含Role参数值的yaml的脚本.例如,您可能有一个yaml文件,它只是节点名称到角色的映射,然后脚本进行查找并打印结果(作为链接模式中的参数).这是示例.
Basically, you need to write a script that takes the node name and prints out yaml that includes the Role parameter's value. For example, you could have one yaml file that is just a map of node names to roles, and then the script does a lookup and prints the result (as a parameter in the linked schema). Here is an example.
如果您对新工具感兴趣,那么还有更强大的ENC.例如,领班为您提供了一个Web界面,用于将主机分组为相似的角色,设置参数以注入木偶运行等等.
There are also more robust ENC's out there, if you are interested in new tooling. For example, Foreman gives you a web interface for grouping hosts together into similar roles, setting parameters to inject into puppet runs, etc.
这篇关于如何按角色划分我的hiera配置?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
