NFS with Puppet and an ENC

By

- 3 minutes read - 478 words

Ages ago (it seems) I posted a howto on configure NFS using Puppet and Hiera. I have been using this happily for several months and adding a new share was is as simple as adding a line to a YAML file. I was never completely happy with it though, especially after I decided to deploy The Foreman in my lab.

The reason I was never satisfied is because The Foreman makes a really good ENC. I wanted to use this, so I have modified my module to use an ENC rather than Hiera directly.

OK, first I we need to get the module into a position where it uses parameterized classes. This is actually quite simple.

My original manifest is here. The key item is the $exports variable, which is hiera data. All I did was create a class parameter called exports and removed the variable within the class. You can see the new code here. I have also moved the list_exports function out into a seperate file. Apparently this makes it more readable, although I am not convinced in this instance.

I also took the chance to update my module a bit so that it was not hard-coded to my own lab network. To that end, it will automatically pull out the IP address and netmask of eth0. You can edit this easily enough using your ENC.

manifests/server.pp class nfs::server ( $exports = [ '/srv/share'], $networkallowed = $::network_eth0, $netmaskallowed = $::netmask_eth0, ) { // Code here }

Next we need a simple ENC to supply the data. An ENC is actually just any script that returns YAML. It has a single parameter, which is the FQDN of the node. I use this:

#!/bin/bash
DATADIR="/var/local/enc"
NODE=$1

cat "${DATADIR}/${NODE}.yaml"

Next you need a YAML file that looks like:

---
environment: production
classes:
  nfs::server:
    exports:
      - /srv/share1
      - /srv/share3
    networkallowed: 192.168.0.0
    netmaskallowed: 255.255.255.0
parameters:

Finally, you need to enable this on your Puppet master. Add this to /etc/puppet/puppet.conf:

[master]
    node_terminus = exec
    external_nodes = /usr/local/bin/simple-enc.sh

Now whenever a node with the FQDN nfs.example.lan syncs with the master it runs /usr/local/bin/simple-enc.sh nfs.examle.lan.yaml. This returns the contents of the YAML file above. The layout of it is pretty logical, but I suggest reading Puppetlabs docs.

How is this better than the previous Hiera setup? First I can now use my module with The Foreman which answers my immediate need. Second I can now submit this module to the Forge with a warm fuzzy feeling inside as I am a good citizen. not only does it work with Puppet 3, but also really old versions of Puppet that do not support an ENC or Hiera. It can do this because the user can still edit the class parameters directly, or set the in site.pp (DON'T DO THAT).

You can install the module on your own Puppet master with:

git clone https://gitlab.chriscowley.me.uk/puppet/chriscowley-nfs.git \
    /etc/puppet/modules/nfs/
    comments powered by Disqus