I have good proof-of-concept patches for this, but there are some open questions.
[x] Does it work to add .eqiad.wmflabs facts to the existing clients? It does.
[x] Won't this break puppetdb-populate? It does not.
 Some cloud puppetmasters (including the central one) don't have puppetdb. This is addressed by https://gerrit.wikimedia.org/r/#/c/operations/puppet/+/499007/ but we could adopt a more clever approach so the update-facts script doesn't have to know where puppetdb is or isn't.
 The manual sync of facts currently involves ssh'ing into everywhere from a local laptop. Adding more places to gather facts means a slower sync, and requires additional local keys.
 The wildcard "" hostname should probably only include prod hosts and exclude wmflabs hosts; otherwise, wildcard runs will take FOREVER
 We need to a way to enumerate fact sources. Currently we do this with a clever hiera pull for the production puppetmasters. @herron suggests we just replace this with a simple flat file for everything.
 Adding puppetmasters from other environments to the existing sync script model means users of the sync script will need access to all the puppet masters involved, or some way to exclude/select master. Otherwise the script will fail, and the number of people able to sync facts will be few.