Lars Kellogg-Stedman
2011-Jul-29 13:33 UTC
[Puppet Users] Validating a puppet configuration
If anyone out there follows Serverfault, this is a duplicate of http://goo.gl/CTS2u. I''m hoping there are some subject matter experts here :). I am trying to place some sanity checks (currently as git pre-commit hooks) in our configuration repository to avoid committing invalid Puppet configurations. I''m having a surprising amount of trouble coming up with a way to effectively validate the configuration. My obvious first choice was "puppet parser validate ...", which does some gross syntax checks (unmatched quotes and brackets and so forth) but doesn''t throw errors on things like this: file { ''somefile'': requires => Service[''someservice''] } (where ''requires'' should be ''require''), nor does it notice problems like this: sdlflsjlksdf { ''myname'': } (where ''sdlflsjlksdf'' isn''t defined anywhere). Some folks have suggested "puppet master --compile ...", but this really, reallly wants to fix permissions all over the place on directories that are used by Puppet. I have also tried "puppet apply --noop", but this still tries to stat() any files referenced in the manifests, which means it will fail with permission errors if it tries to stat() a file or directory that is not accessible to a non-root user. Does anyone here have suggestions for effectively performing more aggressive syntax checks than those offered by "puppet parser validate"? -- Lars -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/cpzgsk5X2fgJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Have you looked at using these? projects.puppetlabs.com/projects/1/wiki/Puppet_Version_Control -- Greg On Fri, Jul 29, 2011 at 6:33 AM, Lars Kellogg-Stedman <larsks@gmail.com>wrote:> If anyone out there follows Serverfault, this is a duplicate of > http://goo.gl/CTS2u. I''m hoping there are some subject matter experts > here :). > > I am trying to place some sanity checks (currently as git pre-commit hooks) > in our configuration repository to avoid committing invalid Puppet > configurations. I''m having a surprising amount of trouble coming up with a > way to effectively validate the configuration. My obvious first choice was > "puppet parser validate ...", which does some gross syntax checks (unmatched > quotes and brackets and so forth) but doesn''t throw errors on things like > this: > > file { ''somefile'': > requires => Service[''someservice''] > } > > (where ''requires'' should be ''require''), nor does it notice problems like > this: > > sdlflsjlksdf { ''myname'': } > > (where ''sdlflsjlksdf'' isn''t defined anywhere). > > Some folks have suggested "puppet master --compile ...", but this really, > reallly wants to fix permissions all over the place on directories that are > used by Puppet. I have also tried "puppet apply --noop", but this still > tries to stat() any files referenced in the manifests, which means it will > fail with permission errors if it tries to stat() a file or directory that > is not accessible to a non-root user. Does anyone here have suggestions for > effectively performing more aggressive syntax checks than those offered by > "puppet parser validate"? > > -- Lars > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To view this discussion on the web visit > https://groups.google.com/d/msg/puppet-users/-/cpzgsk5X2fgJ. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscribe@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Those hooks are the gross syntax checks to which he initially referred. On Fri, Jul 29, 2011 at 9:49 AM, Greg Hellings <ghellings@spokeo.com> wrote:> Have you looked at using these? > projects.puppetlabs.com/projects/1/wiki/Puppet_Version_Control > > -- > Greg > > > On Fri, Jul 29, 2011 at 6:33 AM, Lars Kellogg-Stedman <larsks@gmail.com>wrote: > >> If anyone out there follows Serverfault, this is a duplicate of >> http://goo.gl/CTS2u. I''m hoping there are some subject matter experts >> here :). >> >> I am trying to place some sanity checks (currently as git pre-commit >> hooks) in our configuration repository to avoid committing invalid Puppet >> configurations. I''m having a surprising amount of trouble coming up with a >> way to effectively validate the configuration. My obvious first choice was >> "puppet parser validate ...", which does some gross syntax checks (unmatched >> quotes and brackets and so forth) but doesn''t throw errors on things like >> this: >> >> file { ''somefile'': >> requires => Service[''someservice''] >> } >> >> (where ''requires'' should be ''require''), nor does it notice problems like >> this: >> >> sdlflsjlksdf { ''myname'': } >> >> (where ''sdlflsjlksdf'' isn''t defined anywhere). >> >> Some folks have suggested "puppet master --compile ...", but this really, >> reallly wants to fix permissions all over the place on directories that are >> used by Puppet. I have also tried "puppet apply --noop", but this still >> tries to stat() any files referenced in the manifests, which means it will >> fail with permission errors if it tries to stat() a file or directory that >> is not accessible to a non-root user. Does anyone here have suggestions for >> effectively performing more aggressive syntax checks than those offered by >> "puppet parser validate"? >> >> -- Lars >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To view this discussion on the web visit >> https://groups.google.com/d/msg/puppet-users/-/cpzgsk5X2fgJ. >> To post to this group, send email to puppet-users@googlegroups.com. >> To unsubscribe from this group, send email to >> puppet-users+unsubscribe@googlegroups.com. >> For more options, visit this group at >> http://groups.google.com/group/puppet-users?hl=en. >> > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscribe@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Have you considered bootstrapping a test suite like cucumber-puppet? https://github.com/nistude/cucumber-puppet -Eric> Topic: Validating a puppet configuration > Lars Kellogg-Stedman <larsks@gmail.com> Jul 29 06:33AM -0700 ^ > > If anyone out there follows Serverfault, this is a duplicate of > http://goo.gl/CTS2u. I''m hoping there are some subject matter experts here > :). > > I am trying to place some sanity checks (currently as git pre-commit hooks) > in our configuration repository to avoid committing invalid Puppet > configurations. I''m having a surprising amount of trouble coming up with a > way to effectively validate the configuration. My obvious first choice was > "puppet parser validate ...", which does some gross syntax checks (unmatched > quotes and brackets and so forth) but doesn''t throw errors on things like > this: > > file { ''somefile'': > requires => Service[''someservice''] > } > > (where ''requires'' should be ''require''), nor does it notice problems like > this: > > sdlflsjlksdf { ''myname'': } > > (where ''sdlflsjlksdf'' isn''t defined anywhere). > > Some folks have suggested "puppet master --compile ...", but this really, > reallly wants to fix permissions all over the place on directories that are > used by Puppet. I have also tried "puppet apply --noop", but this still > tries to stat() any files referenced in the manifests, which means it will > fail with permission errors if it tries to stat() a file or directory that > is not accessible to a non-root user. Does anyone here have suggestions for > effectively performing more aggressive syntax checks than those offered by > "puppet parser validate"? > > -- Lars > > > Greg Hellings <ghellings@spokeo.com> Jul 29 09:49AM -0700 ^ > > Have you looked at using these? > projects.puppetlabs.com/projects/1/wiki/Puppet_Version_Control > > -- > Greg > > > > > Scott Smith <scott@ohlol.net> Jul 29 10:19AM -0700 ^ > > Those hooks are the gross syntax checks to which he initially referred.-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
* Lars Kellogg-Stedman [2011-07-29]:> I am trying to place some sanity checks (currently as git pre-commit > hooks) in our configuration repository to avoid committing invalid > Puppet configurations.This is exactly the use case for cucumber-puppet. It compiles your catalog, catching any syntax errors in your manifest and by default ships with a step to verify requirements resolution. This should already be of help, but you can test whatever you want in your cucumber scenarios. Cucumber-puppet needs a node''s yaml file, to verify its catalog or can operate on single classes individually. More information can be found here: http://projects.puppetlabs.com/projects/cucumber-puppet/wiki cheers, Nikolay -- "It''s all part of my Can''t-Do approach to life." Wally -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
On 1 August 2011 15:47, Nikolay Sturm <google@erisiandiscord.de> wrote:> * Lars Kellogg-Stedman [2011-07-29]: > > I am trying to place some sanity checks (currently as git pre-commit > > hooks) in our configuration repository to avoid committing invalid > > Puppet configurations. > > This is exactly the use case for cucumber-puppet. It compiles your >Does anyone do this on a large scale? I have 140 manifests managing over 1600 resources. Writing cucumber for all that seems quite burdensome John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.