Puppet users - Jul 2011 - Validating a puppet configuration

If anyone out there follows Serverfault, this is a duplicate of 
http://goo.gl/CTS2u.  I''m hoping there are some subject matter experts
here
:).

I am trying to place some sanity checks (currently as git pre-commit hooks) 
in our configuration repository to avoid committing invalid Puppet 
configurations.  I''m having a surprising amount of trouble coming up
with a
way to effectively validate the configuration.  My obvious first choice was 
"puppet parser validate ...", which does some gross syntax checks
(unmatched
quotes and brackets and so forth) but doesn''t throw errors on things
like
this:

  file { ''somefile'':
    requires => Service[''someservice'']
  }

(where ''requires'' should be ''require''), nor
does it notice problems like
this:

  sdlflsjlksdf { ''myname'': }

(where ''sdlflsjlksdf'' isn''t defined anywhere).

Some folks have suggested "puppet master --compile ...", but this
really,
reallly wants to fix permissions all over the place on directories that are 
used by Puppet.  I have also tried "puppet apply --noop", but this
still
tries to stat() any files referenced in the manifests, which means it will 
fail with permission errors if it tries to stat() a file or directory that 
is not accessible to a non-root user.  Does anyone here have suggestions for 
effectively performing more aggressive syntax checks than those offered by 
"puppet parser validate"?

-- Lars

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/cpzgsk5X2fgJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Have you looked at using these?
projects.puppetlabs.com/projects/1/wiki/Puppet_Version_Control

--
Greg


On Fri, Jul 29, 2011 at 6:33 AM, Lars Kellogg-Stedman
<larsks@gmail.com>wrote:
> If anyone out there follows Serverfault, this is a duplicate of
> http://goo.gl/CTS2u.  I''m hoping there are some subject matter
experts
> here :).
>
> I am trying to place some sanity checks (currently as git pre-commit hooks)
> in our configuration repository to avoid committing invalid Puppet
> configurations.  I''m having a surprising amount of trouble coming
up with a
> way to effectively validate the configuration.  My obvious first choice was
> "puppet parser validate ...", which does some gross syntax checks
(unmatched
> quotes and brackets and so forth) but doesn''t throw errors on
things like
> this:
>
>   file { ''somefile'':
>     requires => Service[''someservice'']
>   }
>
> (where ''requires'' should be ''require''),
nor does it notice problems like
> this:
>
>   sdlflsjlksdf { ''myname'': }
>
> (where ''sdlflsjlksdf'' isn''t defined anywhere).
>
> Some folks have suggested "puppet master --compile ...", but this
really,
> reallly wants to fix permissions all over the place on directories that are
> used by Puppet.  I have also tried "puppet apply --noop", but
this still
> tries to stat() any files referenced in the manifests, which means it will
> fail with permission errors if it tries to stat() a file or directory that
> is not accessible to a non-root user.  Does anyone here have suggestions
for
> effectively performing more aggressive syntax checks than those offered by
> "puppet parser validate"?
>
> -- Lars
>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/cpzgsk5X2fgJ.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Those hooks are the gross syntax checks to which he initially referred.

On Fri, Jul 29, 2011 at 9:49 AM, Greg Hellings <ghellings@spokeo.com>
wrote:
> Have you looked at using these?
> projects.puppetlabs.com/projects/1/wiki/Puppet_Version_Control
>
> --
> Greg
>
>
> On Fri, Jul 29, 2011 at 6:33 AM, Lars Kellogg-Stedman
<larsks@gmail.com>wrote:
>
>> If anyone out there follows Serverfault, this is a duplicate of
>> http://goo.gl/CTS2u.  I''m hoping there are some subject matter
experts
>> here :).
>>
>> I am trying to place some sanity checks (currently as git pre-commit
>> hooks) in our configuration repository to avoid committing invalid
Puppet
>> configurations.  I''m having a surprising amount of trouble
coming up with a
>> way to effectively validate the configuration.  My obvious first choice
was
>> "puppet parser validate ...", which does some gross syntax
checks (unmatched
>> quotes and brackets and so forth) but doesn''t throw errors on
things like
>> this:
>>
>>   file { ''somefile'':
>>     requires => Service[''someservice'']
>>   }
>>
>> (where ''requires'' should be
''require''), nor does it notice problems like
>> this:
>>
>>   sdlflsjlksdf { ''myname'': }
>>
>> (where ''sdlflsjlksdf'' isn''t defined
anywhere).
>>
>> Some folks have suggested "puppet master --compile ...", but
this really,
>> reallly wants to fix permissions all over the place on directories that
are
>> used by Puppet.  I have also tried "puppet apply --noop", but
this still
>> tries to stat() any files referenced in the manifests, which means it
will
>> fail with permission errors if it tries to stat() a file or directory
that
>> is not accessible to a non-root user.  Does anyone here have
suggestions for
>> effectively performing more aggressive syntax checks than those offered
by
>> "puppet parser validate"?
>>
>> -- Lars
>>
>>  --
>> You received this message because you are subscribed to the Google
Groups
>> "Puppet Users" group.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msg/puppet-users/-/cpzgsk5X2fgJ.
>> To post to this group, send email to puppet-users@googlegroups.com.
>> To unsubscribe from this group, send email to
>> puppet-users+unsubscribe@googlegroups.com.
>> For more options, visit this group at
>> http://groups.google.com/group/puppet-users?hl=en.
>>
>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Have you considered bootstrapping a test suite like cucumber-puppet?
https://github.com/nistude/cucumber-puppet

-Eric

>  Topic: Validating a puppet configuration
> Lars Kellogg-Stedman <larsks@gmail.com> Jul 29 06:33AM -0700 ^
>  
> If anyone out there follows Serverfault, this is a duplicate of 
> http://goo.gl/CTS2u. I''m hoping there are some subject matter
experts here
> :).
>  
> I am trying to place some sanity checks (currently as git pre-commit hooks)
> in our configuration repository to avoid committing invalid Puppet 
> configurations. I''m having a surprising amount of trouble coming
up with a
> way to effectively validate the configuration. My obvious first choice was 
> "puppet parser validate ...", which does some gross syntax checks
(unmatched
> quotes and brackets and so forth) but doesn''t throw errors on
things like
> this:
>  
> file { ''somefile'':
> requires => Service[''someservice'']
> }
>  
> (where ''requires'' should be ''require''),
nor does it notice problems like
> this:
>  
> sdlflsjlksdf { ''myname'': }
>  
> (where ''sdlflsjlksdf'' isn''t defined anywhere).
>  
> Some folks have suggested "puppet master --compile ...", but this
really,
> reallly wants to fix permissions all over the place on directories that are
> used by Puppet. I have also tried "puppet apply --noop", but this
still
> tries to stat() any files referenced in the manifests, which means it will 
> fail with permission errors if it tries to stat() a file or directory that 
> is not accessible to a non-root user. Does anyone here have suggestions for
> effectively performing more aggressive syntax checks than those offered by 
> "puppet parser validate"?
>  
> -- Lars
>  
> 
> Greg Hellings <ghellings@spokeo.com> Jul 29 09:49AM -0700 ^
>  
> Have you looked at using these?
> projects.puppetlabs.com/projects/1/wiki/Puppet_Version_Control
>  
> --
> Greg
>  
>  
>  
> 
> Scott Smith <scott@ohlol.net> Jul 29 10:19AM -0700 ^
>  
> Those hooks are the gross syntax checks to which he initially referred.
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

* Lars Kellogg-Stedman [2011-07-29]:
> I am trying to place some sanity checks (currently as git pre-commit
> hooks) in our configuration repository to avoid committing invalid
> Puppet configurations.
This is exactly the use case for cucumber-puppet. It compiles your
catalog, catching any syntax errors in your manifest and by default
ships with a step to verify requirements resolution. This should already
be of help, but you can test whatever you want in your cucumber
scenarios. Cucumber-puppet needs a node''s yaml file, to verify its
catalog or can operate on single classes individually. More information
can be found here:

http://projects.puppetlabs.com/projects/cucumber-puppet/wiki

cheers,

Nikolay

--
"It''s all part of my Can''t-Do approach to life."
Wally

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On 1 August 2011 15:47, Nikolay Sturm <google@erisiandiscord.de> wrote:
> * Lars Kellogg-Stedman [2011-07-29]:
> > I am trying to place some sanity checks (currently as git pre-commit
> > hooks) in our configuration repository to avoid committing invalid
> > Puppet configurations.
>
> This is exactly the use case for cucumber-puppet. It compiles your
>
Does anyone do this on a large scale? I have 140 manifests managing over
1600 resources. Writing cucumber for all that seems quite burdensome

John

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.