Jeremy
I've done the same for our developers here, and rather than pointing them
at the Prod Puppetmaster, they use Vagrant to stand up a local Puppetmaster
in the same way the Live master is deployed.
They can then stand-up any number of local machines against their local
Puppetmaster without any impact on Prod...
HTH
Gav
On Tuesday, 20 October 2015 13:18:00 UTC+1, JeremyCampbell wrote:
>
> We have our production servers fully puppetized and have a team of 12
> developers who need to replicate the production environment locally on
> their workstations. We already have experience using vagrant with shared
> boxes, however the drift from production over time has become an issue. We
> use roles/profiles and use hiera_include to assign roles to machines with
> each machine having its own yaml file at the top of the hierarchy
> %{::clientcert} where the assignment is done e.g. 'role: app_server'. The
> plan to overcome this is to provision each vagrant machine using our
> production puppetmaster, however I'd really appreciate some help with the
> plan as it seems cumbersome.
>
> Since each puppet client requires a unique certname, we need to pre-assign
> a name to each of our developers that they can use in their Vagrantfile
> e.g. *www1.dev.acme.com <http://www1.dev.acme.com>*, *www2.dev.acme.com
> <http://www2.dev.acme.com>* and then create a hiera yaml file for the
> certname and assign the the correct role. And since we are using the
> production puppetmaster we need to manually sign each cert request. Any
> configuration that is specific to the developers would go into the hiera
> data file with name of certname.yaml. The process for a new developer would
> be:
>
> 1. Clone the repo (which includes the Vagrantfile).
> 2. Contact devops to get a unique certname, edit Vagrantfile with assigned
> certname.
> 3. Run vagrant up, when puppet provisioning fails (because it is waiting
> for the signed certificate from the puppetmaster) contact devops again to
> manually sign the cert request on the puppetmaster.
> 4. ssh into the vagrant box and manually 'run puppet agent -t' to
> provision the vagrant machine.
>
> I would imagine this scenario/use case for vagrant + puppetmaster is very
> common. I feel like we must be missing something. Does anyone have any
> advice on how to improve this process?
>
>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/75308f67-ddc9-4ac9-bde6-353a94e9d37d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
