add puppet code role to host metadata?

[falconburrow]

Can you add the puppet5 code role to the host metadata (from the node enc yamls)? Maybe the data role/variant as well, if it doesn't make it visually confusing, that is.

[tymees]

Okay because I've encountered multiple blockers I'm gonna work on this in the new year.

For now, some info dump for if/when I forget:

Data role (variant) (and any other parameter) can be retrieved from facts, which is trivial to add. Code role is going to be a pain.

There are two ways to retrieve that:

1. Patch the enc to provide code-role as a parameter, allowing retrieval as a fact
2. Figure out a way for Humitifier to read files in /opt/puppetlabs/puppet/cache/state. I can retrieve it from both classes.txt and last_run_report.yaml.

The first option is relatively trivial, but kinda hacky. The second option would be the holy grail, as I can also retrieve a lot more useful puppet info using those files. (Agent disabled, last run timestamp, last run status (failed or not))

Some ideas on how to accomplish the second option:

1. Add a sudo role specifically for the humitifier user to cat files in that dir.
2. Make the dir owned by root:humitifier (or create a puppet group and add the humitifier user to said group, for slightly less wierd ownership)

[tymees]

Okay option 2.2 will not work, but 2.1 does work with the following puppet config:

  'humitifier':
    runas: 'root'
    command: "/usr/bin/cat /opt/puppetlabs/puppet/cache/state/last_run_report.yaml, /usr/bin/cat /opt/puppetlabs/puppet/cache/state/classes.txt, /usr/bin/test ! -f /opt/puppetlabs/puppet/cache/state/agent_disabled.lock"
    password_required: false

There probably is a better way to write that allow-list