[Puppet Users] how do you test and release puppet changes?
We are in the process of evaluating our puppet related test and release process and interested in knowing what other folks are doing. We are in a position that is not ideal but is not unique from what I can tell. Our current testing process is basically the responsibility of each person making a change. Small changes are committed and pushed to dev/qa/prod in one swoop with the committer spot checking the results manually.Larger changes are tested by running a node against a puppet environment which is pointed to the change branch and the desired behavior is manually verified. What we would like to do is start with implementing some basic control points which require passing tests before the changes move along. With the goal of being able to increase the test coverage over time to protect ourselves from ourselves. One thought we had as an initial step is to just verify catalog compilation for some number of nodes against the proposed changes and block the changes if catalog compilation fails. This raises the next question around tooling. We could script up a catalog compiler test calling the the puppet binaries but should we use this as an opportunity to get familiar with rspec-puppet? Are people using catalog diffs at all in their release process? It would seem nice to provide an automated catalog diff for people making 'small' changes so they can make sure their change didn't accidentally drop or change a large number of resources. So please share what you find works or doesn't work at your shop. TIA -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Is there any other tool other than mcollective for orchestration..
Rajeev. We run mcollective in a 100% Solaris shop. We have not encountered any Solaris specific issues. Email me if you want the steps we use to build the Solaris packages. Thanks. Derek. On Feb 7, 2:01 am, DreamBig rajeev.n.i...@gmail.com wrote: Thanks.. On Feb 7, 2:31 pm, kavitha.c.k2...@gmail.com wrote: Hi, There is a tools called Ansible , I think it works on solaris Kavitha On Thursday, February 7, 2013 2:28:32 PM UTC+5:30, Rajeev Iyer wrote: Hi, I guess mcollective supports only linux and similar OS. It does not have a package for Solaris or even a way to create a package from standard tar file. Can someone suggest any other tool? Regards, Rajeev -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Where do you store sensitive files with puppet+git approach?
We use hiera-gpg for file type sensitive information as well.For
sensitive information which is actually a file (ssh private keys) we
moved that into hiera-gpg and just set the yaml markup accordingly so
the information could be used to populate the file in question in the
correct format.
For example this is what a private key looks like in yaml. The |
and leading indentation keeps the content in the same format as it
passes through the hands of the different villagers on the way to it's
home in the id_dsa file.
professor_plumbs_private_key: |
-BEGIN DSA PRIVATE KEY-
GOODSTUFFHERE
THEGOODSTUFFCONTINUES
-END DSA PRIVATE KEY-
Then to create the key file. (Hiera call done as part of class param)
file { /blah/blah/.ssh/id_dsa:
content = $professor_plumbs_private_key;
}
I'm sure the same approach could be taken for ssl keys. However we
have been wielding the hiera hammer pretty hard and had to stop short
of using it in place of DNS so you may not like this approach;)
HTH.
On Oct 1, 10:40 am, Aaron Grewell aaron.grew...@gmail.com wrote:
We use hiera-gpg for ours. Files containing sensitive information are
converted into templates so that only the necessary strings are included in
gpg. If we really needed to distribute full files I would probably build a
separate directory tree backed by its own repository for this. It's just
never been necessary for us.
On Oct 1, 2012 6:47 AM, Vaidas Jablonskis jablons...@gmail.com wrote:
Hi People,
I have a quick question, which hopefully you will have an answer to.
I am slowly moving towards puppet and git with multiple branches for
different environments. Things are going pretty well, but now I have a
small issue. The question is where should I store sensitive files, for
instance SSL private keys or some files which contain sensitive data?
I am aware of hiera-gpg storage backend, but that is more suitable for
storing plain text strings rather than actual files - correct me if I am
wrong?
I am looking forward to hear your opinion on this subject.
Thanks in advance.
-- Vaidas
--
You received this message because you are subscribed to the Google Groups
Puppet Users group. To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/DjQqqdK2NJ4J. To post to this
group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com. For more options, visit this
group at
http://groups.google.com/group/puppet-users?hl=en.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
