How to exclude Puppet modules for a few nodes

hierapuppetpuppetmaster

I have 80 nodes, 78 need to have a specific module, except for 2.

[root@puppetmaster puppet]# cat hiera.yaml
:backends:
    - yaml

:hierarchy:
    - environment/%{::environment}/%{::hostname}
    - environment/%{::environment}
    - common

:logger: console

:yaml:
    :datadir: '/etc/puppet/hieradata'
[root@puppetmaster puppet]# cat hieradata/common.yaml
---
classes:
  - ldap
  - motd
  - ntp
  - puppet-conf
[root@puppetmaster puppet]# cat hieradata/environment/tst/tst-01.yaml
---
classes:
  - puppet-update
  - public-keys
[root@puppetmaster puppet]#

I want all nodes to have the ldap module, except for the tst-01 and tst-02 server.

How do I exclude this module from these 2 servers?

A solution would be to use 80 .yaml-files for all nodes and add "- ldap" to 78 of these .yaml-files, but this seems poor design. It would be cleaner to exclude the modules from the inherited list.

Best Answer

The issue is that hiera_include will use the classes from all levels (probably uses hiera_array).

This will probably work:

[root@puppetmaster puppet]# cat hieradata/common.yaml
---
classes:
  - ldap
  - motd
  - ntp
  - puppet-conf
[root@puppetmaster puppet]# cat hieradata/environment/tst/tst-01.yaml
---
classes:
  - puppet-update
  - public-keys
  - motd
  - ntp
  - puppet-conf

In the node-def:

class { hiera('classes'): }

Downside is that you would have to specify all classes in the host-specific hiera file, if you override the default.

Does that help?

Related Topic