On Monday, May 19, 2014 6:06:45 AM UTC-5, Boyan Tabakov wrote: > > Hi, > > The variable I want to access is not defined in a module/class. It's the > globally defined $::environment. Since facts are also exposed as global > variables, the server-defined $::environment gets overridden when > there's a fact with the same name. > > So any ideas on how to avoid that? As it is, it looks like a module > can't reliably detect environment, because a (potentially malicious) > client can send an 'environment' fact with arbitrary value. > >
If you do not trust your nodes to specify their own environment, then you should set up an ENC that specifies the correct environment for each node to Puppet. That can be the only thing it does. The environment specified by an ENC will be used instead of the one (if any) specified by the agent. More generally, you should avoid declaring global variables in your Puppet manifests, and especially you should avoid declaring globals that collide with facts or with variables provided by the master itself. Such collisions *should* cause catalog compilation to fail with an error message, but conceivably could fail silently instead. Puppet variables cannot be changed once set. John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/af02d5fa-d002-4950-bfa4-7ce63b8de981%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
