trusted server facts are not taken into account

[tuxmea]

Using the latest version from rubygems (1.5.2) with trusted_server_facts set (in master section of puppet.conf) results in lookup error on $::server_facts variable.

Is there a way to pass server_facts as an option to octocatalog-diff?

[kpaulisse]

@tuxmea we don't currently have this fully enabled in our setup, so I would need to see what the facts look like when they come out of puppetdb in order to add support for this (or figure out why it is not working now). Here is a small script - could you adjust the variables and run it, remove any sensitive or unneeded information, and post the result either here or in a gist?

#!/usr/bin/env ruby

require 'octocatalog-diff'

node = 'some-host-name.example.net'
puppetdb_url = 'https://puppetdb.example.net:8081'

fact_obj = OctocatalogDiff::Facts.new(
  node: node.strip,
  backend: :puppetdb,
  puppetdb_url: puppetdb_url,
)
facts = fact_obj.facts(node)
puts fact_obj.facts_to_yaml(node)

[vinzent]

@kpaulisse $server_facts is a IMHO compile time top-scope variable only.

https://puppet.com/docs/puppet/latest/lang_facts_and_builtin_vars.html#serverfacts-variable

[vinzent]

@kpaulisse and the setting is deprecated and always true:

https://github.com/puppetlabs/puppet/blob/master/lib/puppet/defaults.rb#L654

what puppet apply does with server_facts seems to be this: https://github.com/puppetlabs/puppet/blob/master/lib/puppet/application/apply.rb#L238

[kpaulisse]

A possibility with the current code might be to do a --fact-override of $server_facts with JSON. See: https://github.com/github/octocatalog-diff/blob/master/doc/advanced-override-facts.md#advanced-usage

Example:

octocatalog-diff -n <node> --debug --display-detail-add --to-fact-override 'server_facts=(json){"testfact":"Hello there"}'

+

file { '/etc/foo': content => $server_facts['testfact'] }

=

+ File[/etc/foo] =>
   parameters =>
     "backup": false,
     "content": "Hello there",
     "group": "root",
     "mode": "0440",
     "owner": "root",
     "source_permissions": "ignore"

I realize this isn't ideal, and that another command line option would be handy. @tuxmea and anyone else who may use this -- What would be the easiest way for you to have this data conveyed to octocatalog-diff? A JSON file? Something else?

[tuxmea]

I thought that --fact-override removes all existing facts. I was unaware of --to-fact-override.
I can give it a try. If this is working, I am fine with that solution.
If it is not working, I would prefer an option to set server_facts explicitly (e.g. --server-facts '...' which can either take the JSON directly or pointed to a json file)

[kpaulisse]

--fact-override is one of those options that can be used either as:

• --fact-override = do for both "from" and "to"
• --to-fact-override = do for "to" only
• --from-fact-override = do for "from" only

--from-fact-override and --to-fact-override take precedence over --fact-override if there is a conflict. Both take precedence over the facts that are read from PuppetDB or a file.

I think that --server-facts is probably the best way to go, because to use --*-fact-override you'll need to supply JSON on the command line, and that could get messy. What's the easiest way to feed in the server facts -- a JSON file (or maybe a JSON ERB), or a ruby file which basically lets you do whatever you want to long as you supply a hash?