We have our production servers fully puppetized and have a team of 12
developers who need to replicate the production environment locally on
their workstations. We already have experience using vagrant with shared
boxes, however the drift from production over time has become an issue. We
use roles/profiles and use hiera_include to assign roles to machines with
each machine having its own yaml file at the top of the hierarchy
%{::clientcert} where the assignment is done e.g. 'role: app_server'. The
plan to overcome this is to provision each vagrant machine using our
production puppetmaster, however I'd really appreciate some help with the
plan as it seems cumbersome.
Since each puppet client requires a unique certname, we need to pre-assign
a name to each of our developers that they can use in their Vagrantfile
e.g. *www1.dev.acme.com*, *www2.dev.acme.com* and then create a hiera yaml
file for the certname and assign the the correct role. And since we are
using the production puppetmaster we need to manually sign each cert
request. Any configuration that is specific to the developers would go into
the hiera data file with name of certname.yaml. The process for a new
developer would be:
1. Clone the repo (which includes the Vagrantfile).
2. Contact devops to get a unique certname, edit Vagrantfile with assigned
certname.
3. Run vagrant up, when puppet provisioning fails (because it is waiting
for the signed certificate from the puppetmaster) contact devops again to
manually sign the cert request on the puppetmaster.
4. ssh into the vagrant box and manually 'run puppet agent -t' to provision
the vagrant machine.
I would imagine this scenario/use case for vagrant + puppetmaster is very
common. I feel like we must be missing something. Does anyone have any
advice on how to improve this process?
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/d97f3ef5-5eee-4dc0-b85c-be13e16d4285%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
