A Puppet server provides several features above and beyond what’s possible in a
puppet apply environment. Let’s review each of these server-based features.
When using a Puppet server you gain several data sources not available to you with
When a node connects to the server it transmits a list of facts about the node. Unfortunately, there is no way to validate that these facts are correct. If you have conditions in your code based on node information that provide access to security-related data, the data could be accessed by a compromised node that forged its facts.
There is a new hash available named
$trusted. It contains facts that have been validated by the server, and can be trusted to be correct.
The possible values are:
puppet applyis being used and validation is unavailable
$certnamein the Puppet configuration if local.
hostnamewill contain the part before the first period of the certificate name, and
domainwill contain the remainder. This is useful when you’re using FQDN
certnames, and ...