ReleaseEngineering/PuppetAgain/Aspects
Taking a page from Aspect Oriented Programming, PuppetAgain implements Aspect Oriented Puppet.
Summary
The primary axis along which hosts are distinguished in PuppetAgain is the toplevel hierarchy. Every host in the toplevel::server::puppetmaster class is also in the toplevel::server and toplevel classes. This maps nicely to most of the ways we think about hosts, but there are some aspects of hosts that apply across multiple branches of the toplevel tree, but do not apply to all hosts in a particular toplevel class. For example, whether a host is a staging host, whether it is loaned out, etc. These aspects also cut across multiple Puppet classes, e.g., altering a user's password or the root directory for application installs.
In PuppetAgain, we implement these as "aspects". Aspects are short strings that are used to label hosts that have that aspect; see the full list below.
Usage
To assign one or more aspects to a node, set its $aspects node-scope variable, noting that variables must come *before* includes:
node "foo" { $aspects = [ "orange", "loaner" ] include toplevel::server::foo }
Within a module, you can test whether this host has an aspect with has_aspect:
if (has_aspect("loaner")) { ... }
You can also assert that the host has a specific aspect. This is useful in toplevel classes that should only be applied in conjunction with an aspect:
assert_aspect("high-security")
Both of these functions are implemented in the shared module.
Finally, note that the secret() function includes a hosts aspects in its search path. See ReleaseEngineering/PuppetAgain/Secrets.
Aspects
- staging
- This host is in a staging environment, isolated from production
- loaner
- This host (usually a slave) is configured to be loaned to a user, and will have any production secrets stripped.
- high-security
- This is a high-security host. With this aspect, access to the host is limited and extra protections are enabled.