I would love to be able to query live system information during the run, instead of having to rely on facts for this in all use cases.
For example, I recently had a case where I wanted to make the code more resilient by using a Windows environment variable instead of a hardcoded path for something, but this variable wasn't available in any facts. So today, that means creating another fact for it, so you can use it in your code. It feels like unnecessary bloat to the PuppetDB to me. With the deferred function (and a function to query Windows environment variables in this case), I can do that live and not burden PE with it at all. Another use case is resource utilization values. Creating facts for CPU or RAM usage is fairly useless as the fact in PuppetDB is out-of-date a minute later. Also since the value keeps changing every run, it unnecessarily taxes the PuppetDB, while there is little value in having the last metric in the database. Instead, if you need to evaluate such a value in a puppet run, it would be much better to do so through a deferred function and query it during the run. The function can also be useful for situations where only the agent is able to reach a specific resource on the network, while the Puppet master isn't. The deferred function allows that processing to happen on the agent side, bypassing the need for PE to be able to reach that network resource. This could be useful in multi-tenant network scenarios, where PE is on an isolated network, with agents on customers networks that use NAT to reach the PE master. -KevinR On Friday, August 31, 2018 at 2:11:52 AM UTC+2, Lindsey Smith wrote: > > Hi all, > > We wanted to let you know about an upcoming capability, the Deferred type, > that is now present in Puppet 6 nightlies and will be part of the Puppet > 6.0 release. > > A longstanding request has been to allow agents to fetch data for > themselves at catalog application time. One key use case for this is > getting secrets directly from a store like Conjur, Vault or Consul. Without > this capability the master has to be in the middle and secret values are > passed in catalogs around more than is necessary. > > The solution in Puppet 6 is the Deferred type. A Deferred value describes > a function call to be made in the future and when placing it in a catalog > the agent will replace it with the result of calling the wrapped function > before it continues with application as normal. > > Of course, for the agent to actually fetch data from a keystore the > function has to exist on the agent side and be loaded during a run. In > Puppet 6.0, these functions will be downloaded from the master via > pluginsync from the lib/puppet/functions directory in modules, then > loaded during an agent run. Though Deferred is intended primarily for > agents running with a master, it does work in the same way with an agent > only. > > https://gist.github.com/turbodog/06d3fecef403bfefd9c8174ede4d9174 has > more explanation and walks you through a simple Deferred function example. > Work on this is tracked in PUP-8711 > <https://tickets.puppetlabs.com/browse/PUP-8711> and updating the Puppet > specification for Deferred is a work in progress happening here: > https://github.com/puppetlabs/puppet-specifications/pull/122 > > If you have other use cases for Deferred we’d love to hear what those are. > > Lindsey > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/2877bdd4-ecae-4c9d-9df5-13622cb03920%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
