I''m trying to come up with a way to manage /etc/puppet on the Puppet server from my workstation. My idea was to place all of /etc/puppet into subversion, check it out to my workstation, commit via ssh, and then use a post-commit to update /etc/puppet. That way any time I made a change in /etc/puppet it would be immediately updated and ready for the next puppetd run. Problem is the post-commit script runs commands as the user you are committing from. That doesn''t work too well when /etc/puppet is owned by root. My next thought is to use a cron job or puppetd to update /etc/puppet. The disadvantage here, which was mostly mitigated with my first configuration, is timing. Lets say the clients are running puppetd every half hour. To simulate what I outlined above I would need to run cron or puppetd on the server every 5 minutes or so, in the hope the "svn update" would occur before the next client called for the manifest. This doesn''t seem like a very elegant solution to me. My question is, how do you all handle this scenario? I''d just like to know if there''s something I''m missing. Is there anyway to tell the Puppet server to check for an "svn update" to /etc/puppet when a client calls for a manifest, update the manifest on the server, and then allow the client to pull the updated manifest? Thanks, Kent
> My question is, how do you all handle this scenario? I''d just like to > know if there''s something I''m missing.My subversion server is separate from my puppetmaster, and (for a variety of reasons) cannot do a sync push from the svn server. I wrote a small daemon that queries the repository every 5 seconds to see if the revision number on the repo has updated. When it sees that, it does a local update. We''re also running with multiple puppetmasters for different network segments. The nice part of the above is that it also triggers and rsync push out to the other puppetmasters. I can post it to the wiki later today - I just have to remove $employer specific parts from it.> Is there anyway to tell the Puppet server to check for an "svn update" > to /etc/puppet when a client calls for a manifest, update the manifest > on the server, and then allow the client to pull the updated manifest?I didn''t see a mechanism for that - but given our multiple puppetmaster setup, it wouldn''t work for us, so I didn''t go digging. --mac
--On Friday, March 30, 2007 10:34 AM -0500 Kenton Brede <kbrede@gmail.com> wrote:> Is there anyway to tell the Puppet server to check for an "svn update" > to /etc/puppet when a client calls for a manifest, update the manifest > on the server, and then allow the client to pull the updated manifest?This might be a good feature request. I wonder if the puppet client shouldn''t first worry about its own config first and if it has changed, update it and restart itself. -- Digant C Kasundra <digant@stanford.edu> Technical Lead, ITS Unix Systems and Applications, Stanford University
Most of us are doing it the other way around. Putting in an svn post-commit hook to update the puppet files using the just checked in stuff. That scales better. :) Kevin On Fri, 2007-03-30 at 10:50 -0700, Digant C Kasundra wrote:> --On Friday, March 30, 2007 10:34 AM -0500 Kenton Brede <kbrede@gmail.com> > wrote: > > > Is there anyway to tell the Puppet server to check for an "svn update" > > to /etc/puppet when a client calls for a manifest, update the manifest > > on the server, and then allow the client to pull the updated manifest? > > This might be a good feature request. I wonder if the puppet client > shouldn''t first worry about its own config first and if it has changed, > update it and restart itself. >
On Mar 30, 2007, at 11:43 AM, Chris McEniry wrote:> >> Is there anyway to tell the Puppet server to check for an "svn >> update" >> to /etc/puppet when a client calls for a manifest, update the >> manifest >> on the server, and then allow the client to pull the updated >> manifest? > > I didn''t see a mechanism for that - but given our multiple > puppetmaster setup, it wouldn''t work for us, so I didn''t go > digging.You could pretty easily extend the ''freshness'' method in network/ handler/master.rb to be able to do svn updates. Then, instead of keeping track of the compile time it could keep track of the version of the repository. I''ve been meaning to switch the client to use the server''s compile time (bug #570); this would enable the server to either use the last time the configuration was parsed, or use the server-side version number. Then, the server would just check svn each time freshness() was called (or probably with some timeout, so it''s not happening 10 times a second). If the most recent version in svn is different from the version in memory, then it could do an svn update. Then you''d just need an abstract adapter that with the ability to get the current version from disk, the current version from the repository, and update the checked-out code. -- People are more violently opposed to fur than leather because it is safer to harrass rich women than motorcycle gangs. --------------------------------------------------------------------- Luke Kanies | http://reductivelabs.com | http://madstop.com
On 3/30/07, Chris McEniry <cmceniry@scea.com> wrote:> > My question is, how do you all handle this scenario? I''d just like to > > know if there''s something I''m missing. > > My subversion server is separate from my puppetmaster, and (for a > variety of reasons) cannot do a sync push from the svn server. I > wrote a small daemon that queries the repository every 5 seconds > to see if the revision number on the repo has updated. When it > sees that, it does a local update.Thanks that gave me just the bump on the head I needed :) This is a quick hack but it seems to work OK. I''ll fine tune it next week. I created a post-commit hook: /usr/bin/svn info file:///var/svn/p_config | /bin/grep "Revision:" &> /tmp/svnr Then a little daemon to check if "/tmp/svnr" exists and kick off "svn update" if it does. This way I''m not hitting the repository every 5 seconds. ------------------------------------------------------------------------------------------ #!/usr/bin/ruby while true do # if file exists run svn update if FileTest.file?( "/tmp/svnr" ) system("/usr/bin/svn -q update /etc/puppet") system("/bin/rm /tmp/svn_revision") sleep 10 else # if file doesn''t exist continue to check sleep 5 end end ------------------------------------------------------------------------------------------> I can post it to the wiki later today - I just have to remove > $employer specific parts from it.I''d certainly like to see what you have. Thanks, Kent
I have a very small udp server running on the puppet master and the commit hook sends a little "poke" packet over to the puppet master saying, something might have changed, check to see if things changed. The same script can be used to poke individual clients and force them to do a puppet update too. Kevin On Fri, 2007-03-30 at 15:40 -0500, Kenton Brede wrote:> On 3/30/07, Chris McEniry <cmceniry@scea.com> wrote: > > > My question is, how do you all handle this scenario? I''d just like to > > > know if there''s something I''m missing. > > > > My subversion server is separate from my puppetmaster, and (for a > > variety of reasons) cannot do a sync push from the svn server. I > > wrote a small daemon that queries the repository every 5 seconds > > to see if the revision number on the repo has updated. When it > > sees that, it does a local update. > > Thanks that gave me just the bump on the head I needed :) This is a > quick hack but it seems to work OK. I''ll fine tune it next week. > > I created a post-commit hook: > > /usr/bin/svn info file:///var/svn/p_config | /bin/grep "Revision:" &> /tmp/svnr > > Then a little daemon to check if "/tmp/svnr" exists and kick off "svn > update" if it does. This way I''m not hitting the repository every 5 > seconds. > > ------------------------------------------------------------------------------------------ > #!/usr/bin/ruby > > while true do > # if file exists run svn update > if FileTest.file?( "/tmp/svnr" ) > system("/usr/bin/svn -q update /etc/puppet") > system("/bin/rm /tmp/svn_revision") > sleep 10 > else > # if file doesn''t exist continue to check > sleep 5 > end > end > ------------------------------------------------------------------------------------------ > > > I can post it to the wiki later today - I just have to remove > > $employer specific parts from it. > > I''d certainly like to see what you have. > Thanks, > Kent > _______________________________________________ > Puppet-users mailing list > Puppet-users@madstop.com > https://mail.madstop.com/mailman/listinfo/puppet-users
> > I can post it to the wiki later today - I just have to remove > > $employer specific parts from it. > > I''d certainly like to see what you have.Added to the wiki: http://reductivelabs.com/trac/puppet/wiki/UpdateFromSubversionRepo --mac