- Description
- Setup - The basics of getting started with safe_roles
- Usage - Configuration options and additional functionality
- Limitations - OS compatibility, etc.
- Development - Guide for contributing to the module
Just a very simple module to convert:
-
A role fact
role
into asafe_role
-
A trusted fact role
pp_role
intosafe_pp_role
Warning:
safe_pp_role
is NOT a trusted fact and can be overwritten by the agent!
The conversion process is to convert double colons (::
) into slashes (/
).
- A normalised
safe_os
fact:- All values lowercased (eg:
RedHat
->redhat
) - All spaces removed from values (eg
2012 R2
->2012_r2
)
- All values lowercased (eg:
This lets us write hiera.yaml
files that look like this:
:hierarchy:
- "node/%{clientcert}".yaml
- "%{safe_role}".yaml
- "app_tier/%{app_tier}".yaml
- "datacenter/%{datacenter}".yaml
- "env/%{environment}".yaml
- "os/%{facts.safe_os.family}_%{facts.safe_os.release.major}.yaml"
- common.yaml
This means that:
- A node that has a
role
orpp_role
value offoo::bar::baz
will attempt to read hiera data fromrole/foo/bar/baz.yaml
(instead ofrole/foo::bar::baz.yaml
) - A windows 2012 R2 node would attempt to read from
os/windows_2012_r2.yaml
(instead ofos/windows_2012 R2.yaml
) - A RHEL 7 node would attempt to read read from
os/redhat_7.yaml
(instead ofos/RedHat_7.yaml
)
This resolves the problems that:
::
in filenames only works on linux- Windows and MacOS have case insensitive filesystems which can result in broken git repositories when files are checked in accidentally that differ only by case
- Filenames need spaces when dealing with some Windows variants
Just install the module and the facts will be created if applicable
- Requires
openssl
in thePATH
- Feel free to PR