How robust and secure is the embedded fileserver in puppet? So far my environment consists of 15 nodes with about 80 checks per node. I''m doing alot of md5 checks on files. I anticipate ~150 nodes. I am currently using autofs and the source for my files is /net/netapp/puppet/files/........ Right now I''m not compelled to change this but I was just wondering... Thanks, /Chris Callegari -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
On Dec 9, 2010, at 9:45 AM, Chris C wrote:> How robust and secure is the embedded fileserver in puppet? > > So far my environment consists of 15 nodes with about 80 checks per node. I''m doing alot of md5 checks on files. I anticipate ~150 nodes. I am currently using autofs and the source for my files is /net/netapp/puppet/files/........ > > Right now I''m not compelled to change this but I was just wondering...In my experience, Webrick (the default webserver) will fail very badly under that load meaning you''ll need to move to Mongral or Passenger. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
I planned on moving to Passenger very soon. What about the file server? Is there any worth in moving from nfs/autofs to puppet fileserver? /C On Thu, Dec 9, 2010 at 2:25 PM, Patrick <kc7zzv@gmail.com> wrote:> > On Dec 9, 2010, at 9:45 AM, Chris C wrote: > > > How robust and secure is the embedded fileserver in puppet? > > > > So far my environment consists of 15 nodes with about 80 checks per node. > I''m doing alot of md5 checks on files. I anticipate ~150 nodes. I am > currently using autofs and the source for my files is > /net/netapp/puppet/files/........ > > > > Right now I''m not compelled to change this but I was just wondering... > > In my experience, Webrick (the default webserver) will fail very badly > under that load meaning you''ll need to move to Mongral or Passenger. > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscribe@googlegroups.com<puppet-users%2Bunsubscribe@googlegroups.com> > . > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
On 09/12/10 21:36, Chris C wrote:> I planned on moving to Passenger very soon. > > What about the file server? Is there any worth in moving from > nfs/autofs to puppet fileserver?The only reason I can see is security, access control and auditing. Every access is protected through SSL, can be logged and passes through the authorization layer (ie fileserver.conf). In terms of performance I don''t think it would have any impact (provided you run 2.6) on your master and client (but that mostly depends on your access patterns). And you can still use file content offloading (see one of my blog post for more information). -- Brice Figureau My Blog: http://www.masterzen.fr/ -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
On Thu, Dec 9, 2010 at 1:34 PM, Brice Figureau <brice-puppet@daysofwonder.com> wrote:> On 09/12/10 21:36, Chris C wrote: >> I planned on moving to Passenger very soon. >> >> What about the file server? Is there any worth in moving from >> nfs/autofs to puppet fileserver? > > The only reason I can see is security, access control and auditing. > Every access is protected through SSL, can be logged and passes through > the authorization layer (ie fileserver.conf).I think there''s another big benefit to using the internal fileserver. Your manifest and file source changes are synchronized in lock-step. When you''re using anything else with it''s own replication periods, you can end up with frustrating situations where a manifest has updated but a file hasn''t.> In terms of performance I don''t think it would have any impact (provided > you run 2.6) on your master and client (but that mostly depends on your > access patterns). And you can still use file content offloading (see one > of my blog post for more information). > -- > Brice Figureau > My Blog: http://www.masterzen.fr/ > > -- > You received this message because you are subscribed to the Google Groups "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. > For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. > >-- Nigel Kersten - Puppet Labs - http://www.puppetlabs.com -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
On 10 Dec 2010, at 00:55, Nigel Kersten <nigel@puppetlabs.com> wrote:> On Thu, Dec 9, 2010 at 1:34 PM, Brice Figureau > <brice-puppet@daysofwonder.com> wrote: >> On 09/12/10 21:36, Chris C wrote: >>> I planned on moving to Passenger very soon. >>> >>> What about the file server? Is there any worth in moving from >>> nfs/autofs to puppet fileserver? >> >> The only reason I can see is security, access control and auditing. >> Every access is protected through SSL, can be logged and passes through >> the authorization layer (ie fileserver.conf). > > I think there''s another big benefit to using the internal fileserver. > > Your manifest and file source changes are synchronized in lock-step. > > When you''re using anything else with it''s own replication periods, you > can end up with frustrating situations where a manifest has updated > but a file hasn''t.You get this anyway unless you have the ability to update your entire checkout atomically. It''s actually even worse because based on the typical update-a-checkout pattern that people use you can''t even be guaranteed the you get a sane set of manifests compiled. Worse the config version feature is unaware of file server changes making it pointless as an aid to almost anything that would matter.> > > > >> In terms of performance I don''t think it would have any impact (provided >> you run 2.6) on your master and client (but that mostly depends on your >> access patterns). And you can still use file content offloading (see one >> of my blog post for more information). >> -- >> Brice Figureau >> My Blog: http://www.masterzen.fr/ >> >> -- >> You received this message because you are subscribed to the Google Groups "Puppet Users" group. >> To post to this group, send email to puppet-users@googlegroups.com. >> To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. >> For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. >> >> > > > > -- > Nigel Kersten - Puppet Labs - http://www.puppetlabs.com > > -- > You received this message because you are subscribed to the Google Groups "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. > For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
On Thu, Dec 9, 2010 at 5:38 PM, R.I.Pienaar <rip@devco.net> wrote:> > > On 10 Dec 2010, at 00:55, Nigel Kersten <nigel@puppetlabs.com> wrote: > >> On Thu, Dec 9, 2010 at 1:34 PM, Brice Figureau >> <brice-puppet@daysofwonder.com> wrote: >>> On 09/12/10 21:36, Chris C wrote: >>>> I planned on moving to Passenger very soon. >>>> >>>> What about the file server? Is there any worth in moving from >>>> nfs/autofs to puppet fileserver? >>> >>> The only reason I can see is security, access control and auditing. >>> Every access is protected through SSL, can be logged and passes through >>> the authorization layer (ie fileserver.conf). >> >> I think there''s another big benefit to using the internal fileserver. >> >> Your manifest and file source changes are synchronized in lock-step. >> >> When you''re using anything else with it''s own replication periods, you >> can end up with frustrating situations where a manifest has updated >> but a file hasn''t. > > > You get this anyway unless you have the ability to update your entire checkout atomically. It''s actually even worse because based on the typical update-a-checkout pattern that people use you can''t even be guaranteed the you get a sane set of manifests compiled.You can update the entire checkout atomically, but yeah, I agree that most people don''t tend to do this, and they should. It''s much harder to do with another system entirely, and becomes close to impossible once you add replication across sites into the mix.> Worse the config version feature is unaware of file server changes making it pointless as an aid to almost anything that would matter.I think we''ve already agreed that bug needs to be fixed haven''t we? :)> > >> >> >> >> >>> In terms of performance I don''t think it would have any impact (provided >>> you run 2.6) on your master and client (but that mostly depends on your >>> access patterns). And you can still use file content offloading (see one >>> of my blog post for more information). >>> -- >>> Brice Figureau >>> My Blog: http://www.masterzen.fr/ >>> >>> -- >>> You received this message because you are subscribed to the Google Groups "Puppet Users" group. >>> To post to this group, send email to puppet-users@googlegroups.com. >>> To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. >>> For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. >>> >>> >> >> >> >> -- >> Nigel Kersten - Puppet Labs - http://www.puppetlabs.com >> >> -- >> You received this message because you are subscribed to the Google Groups "Puppet Users" group. >> To post to this group, send email to puppet-users@googlegroups.com. >> To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. >> For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. >> > > -- > You received this message because you are subscribed to the Google Groups "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. > For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. > >-- Nigel Kersten - Puppet Labs - http://www.puppetlabs.com -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.