Puppet users - Dec 2011 - Can Puppet be configured to one-time deployment for modules?

We are developing in-house RHEL VM provisioning (similar to Satellite/
Spacewalk) along with a customized kickstart template, but also
including Puppet to handle the actual configuration of the
environment. One thing we need to see is does Puppet have a variable
that will deploy one module only once and not check against it just in
case the configuration file it has created has been altered or not and
try to revert back.

Example: Boot using PXEBoot w/ DHCP, build RHEL VM using custom
kickstart configuration, create local repo file with pointers to in-
house repository and comment out the variables to use the RHN driven
one, download from the repo and apply the RHN/Errata updates, then
reconfigure the rc.local to install Puppet on the reboot and apply the
actual environment requirements (i.e. check to see if its a Apache web
server, Oracle database, Weblogic/JBoss portal, etc).

The last part is the deciding factor -- as this part of the
requirements are quite possibly going to change via the developers
that are actually using the environment for testing and tweaking the
RHEL OS memory and TCP communication needs (/etc/sysctl.conf) or the
Apache /etc/httpd/httpd.conf code. We don''t want Puppet to revert back
the code variables as these are being modified by hand and not using
SVN or any other type of code version control at this time.

Anyone know if module exclusion is possible for a "deploy once,
don''t
touch again" scenario?

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On Dec 20, 2011, at 9:49 AM, Swampcritter wrote:
> We are developing in-house RHEL VM provisioning (similar to Satellite/
> Spacewalk) along with a customized kickstart template, but also
> including Puppet to handle the actual configuration of the
> environment. One thing we need to see is does Puppet have a variable
> that will deploy one module only once and not check against it just in
> case the configuration file it has created has been altered or not and
> try to revert back.
> 
> Example: Boot using PXEBoot w/ DHCP, build RHEL VM using custom
> kickstart configuration, create local repo file with pointers to in-
> house repository and comment out the variables to use the RHN driven
> one, download from the repo and apply the RHN/Errata updates, then
> reconfigure the rc.local to install Puppet on the reboot and apply the
> actual environment requirements (i.e. check to see if its a Apache web
> server, Oracle database, Weblogic/JBoss portal, etc).
> 
> The last part is the deciding factor -- as this part of the
> requirements are quite possibly going to change via the developers
> that are actually using the environment for testing and tweaking the
> RHEL OS memory and TCP communication needs (/etc/sysctl.conf) or the
> Apache /etc/httpd/httpd.conf code. We don''t want Puppet to revert
back
> the code variables as these are being modified by hand and not using
> SVN or any other type of code version control at this time.
> 
> Anyone know if module exclusion is possible for a "deploy once,
don''t
> touch again" scenario?
----
this sort of goes against the grain of what puppet intends but this is what I do
for a few things... (watch out for mail driven line wrapping)

class mod_puppet::deployment_files {
  exec{ "Make /etc/puppet/deployment_files":
    command => "/bin/mkdir /etc/puppet/deployment_files",
    unless  => "/bin/ls -l /etc/puppet/deployment_files",
  }
}

class postfix::configure {
  include mod_puppet::deployment_files
  file{"/etc/puppet/deployment_files/postfix-main.cf":
    ensure  => present,
    owner   => postfix,
    group   => postfix,
    mode    => 0664,
    content   => template("postfix/main.cf.erb"),
    require   => Class["postfix::install",
"mod_puppet::deployment_files"],
    notify    => Class["postfix::service"],
  }
  exec{"Deploy postfix/main.cf from template":
    command => "/bin/cp /etc/postfix/main.cf
/etc/postfix/main.cf-backup; /bin/cat
/etc/puppet/deployment_files/postfix-main.cf > /etc/postfix/main.cf;
/bin/touch /etc/puppet/deployment_files/postfix-main.cf-deployed",
    unless  => "/bin/ls -l
/etc/puppet/deployment_files/postfix-main.cf-deployed",
    require => File["/etc/puppet/deployment_files/postfix-main.cf"]
,
  }
}

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

If you really don''t want ongoing configuration management then Puppet
may not be your tool of choice.  Cobbler perhaps?

On Tue, Dec 20, 2011 at 10:41 AM, Craig White <craig.white@ttiltd.com>
wrote:
>
> On Dec 20, 2011, at 9:49 AM, Swampcritter wrote:
>
>> We are developing in-house RHEL VM provisioning (similar to Satellite/
>> Spacewalk) along with a customized kickstart template, but also
>> including Puppet to handle the actual configuration of the
>> environment. One thing we need to see is does Puppet have a variable
>> that will deploy one module only once and not check against it just in
>> case the configuration file it has created has been altered or not and
>> try to revert back.
>>
>> Example: Boot using PXEBoot w/ DHCP, build RHEL VM using custom
>> kickstart configuration, create local repo file with pointers to in-
>> house repository and comment out the variables to use the RHN driven
>> one, download from the repo and apply the RHN/Errata updates, then
>> reconfigure the rc.local to install Puppet on the reboot and apply the
>> actual environment requirements (i.e. check to see if its a Apache web
>> server, Oracle database, Weblogic/JBoss portal, etc).
>>
>> The last part is the deciding factor -- as this part of the
>> requirements are quite possibly going to change via the developers
>> that are actually using the environment for testing and tweaking the
>> RHEL OS memory and TCP communication needs (/etc/sysctl.conf) or the
>> Apache /etc/httpd/httpd.conf code. We don''t want Puppet to
revert back
>> the code variables as these are being modified by hand and not using
>> SVN or any other type of code version control at this time.
>>
>> Anyone know if module exclusion is possible for a "deploy once,
don''t
>> touch again" scenario?
> ----
> this sort of goes against the grain of what puppet intends but this is what
I do for a few things... (watch out for mail driven line wrapping)
>
> class mod_puppet::deployment_files {
>  exec{ "Make /etc/puppet/deployment_files":
>    command => "/bin/mkdir /etc/puppet/deployment_files",
>    unless  => "/bin/ls -l /etc/puppet/deployment_files",
>  }
> }
>
> class postfix::configure {
>  include mod_puppet::deployment_files
>  file{"/etc/puppet/deployment_files/postfix-main.cf":
>    ensure  => present,
>    owner   => postfix,
>    group   => postfix,
>    mode    => 0664,
>    content   => template("postfix/main.cf.erb"),
>    require   => Class["postfix::install",
"mod_puppet::deployment_files"],
>    notify    => Class["postfix::service"],
>  }
>  exec{"Deploy postfix/main.cf from template":
>    command => "/bin/cp /etc/postfix/main.cf
/etc/postfix/main.cf-backup; /bin/cat
/etc/puppet/deployment_files/postfix-main.cf > /etc/postfix/main.cf;
/bin/touch /etc/puppet/deployment_files/postfix-main.cf-deployed",
>    unless  => "/bin/ls -l
/etc/puppet/deployment_files/postfix-main.cf-deployed",
>    require =>
File["/etc/puppet/deployment_files/postfix-main.cf"] ,
>  }
> }
>
> --
> You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On Tue, Dec 20, 2011 at 08:49, Swampcritter <maworsham@gmail.com> wrote:
> We are developing in-house RHEL VM provisioning (similar to Satellite/
> Spacewalk) along with a customized kickstart template, but also
> including Puppet to handle the actual configuration of the
> environment. One thing we need to see is does Puppet have a variable
> that will deploy one module only once and not check against it just in
> case the configuration file it has created has been altered or not and
> try to revert back.
[...]
>
> Anyone know if module exclusion is possible for a "deploy once,
don''t
> touch again" scenario?
Not as stated, but the problem can be solved several ways:

1. You can use `puppet apply`

This will happily apply any modules you want, stand-alone, without
doing anything long term.

2. You can just run Puppet master/agent when you want to enforce,
which you can only do one if you want.

I don''t know there is anything more to say, but as a hint, putting
`noop = true` in the configuration file helps make it hard to mess
this up.

3. You can use environments, which select the "set of code" applied to
a machine.

Put your "do once" stuff in a "do once" environment, and
manually run
Puppet in that environment when you want it to do things.

4. Use a separate Puppet master.

This is like the environments, but harder to accidentally mess up,
because you have two separate masters with separate content.

Daniel
-- 
⎋ Puppet Labs Developer – http://puppetlabs.com
♲ Made with 100 percent post-consumer electrons

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On Tue, Dec 20, 2011 at 11:49 AM, Swampcritter <maworsham@gmail.com>
wrote:
> We are developing in-house RHEL VM provisioning (similar to Satellite/
> Spacewalk) along with a customized kickstart template, but also
> including Puppet to handle the actual configuration of the
> environment. One thing we need to see is does Puppet have a variable
> that will deploy one module only once and not check against it just in
> case the configuration file it has created has been altered or not and
> try to revert back.
I''m looking at a similar use for Puppet. We want to use Puppet to both
provision and manage hosts. The provisioning process will set up a
bunch of files according to our security / policy requirements, but
not all of these files need to be controlled by Puppet for the life of
the server.

To put it another way, the number of classes used to manage servers
will be a subset of the classes used to provision those servers.
> The last part is the deciding factor -- as this part of the
> requirements are quite possibly going to change via the developers
> that are actually using the environment for testing and tweaking the
> RHEL OS memory and TCP communication needs (/etc/sysctl.conf) or the
> Apache /etc/httpd/httpd.conf code. We don''t want Puppet to revert
back
> the code variables as these are being modified by hand and not using
> SVN or any other type of code version control at this time.
>
> Anyone know if module exclusion is possible for a "deploy once,
don''t
> touch again" scenario?
I''m contemplating options for this. One is to use environments. In my
scenario, I think I''d have two defined environments (provisioning and
production), but configure both environments to use the same
modulepath. This will allow us to reuse classes between provisioning
and production. The provisioning environment would have a site.pp with
a default node that simply includes all the necessary classes for
provisioning a virgin server.

Part of the Kickstart %post would be to install and invoke Puppet
against the provisioning environment.

We could do this with separate Puppet Masters, but that feels like
more overhead for little added benefit in our scenario.

Cheers,
Scott

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On Tue, Dec 20, 2011 at 8:49 AM, Swampcritter <maworsham@gmail.com>
wrote:
> We are developing in-house RHEL VM provisioning (similar to Satellite/
> Spacewalk) along with a customized kickstart template, but also
> including Puppet to handle the actual configuration of the
> environment. One thing we need to see is does Puppet have a variable
> that will deploy one module only once and not check against it just in
> case the configuration file it has created has been altered or not and
> try to revert back.
>
> Example: Boot using PXEBoot w/ DHCP, build RHEL VM using custom
> kickstart configuration, create local repo file with pointers to in-
> house repository and comment out the variables to use the RHN driven
> one, download from the repo and apply the RHN/Errata updates, then
> reconfigure the rc.local to install Puppet on the reboot and apply the
> actual environment requirements (i.e. check to see if its a Apache web
> server, Oracle database, Weblogic/JBoss portal, etc).
>
> The last part is the deciding factor -- as this part of the
> requirements are quite possibly going to change via the developers
> that are actually using the environment for testing and tweaking the
> RHEL OS memory and TCP communication needs (/etc/sysctl.conf) or the
> Apache /etc/httpd/httpd.conf code. We don''t want Puppet to revert
back
> the code variables as these are being modified by hand and not using
> SVN or any other type of code version control at this time.
>
> Anyone know if module exclusion is possible for a "deploy once,
don''t
> touch again" scenario?
You can use a completely separate bootstrap environment if it''s
significantly different.
# onetime
puppet agent --environment bootstrap
# later on
puppet agent --environment production

Or you can use a custom fact. Easiest way is either environment
variable or facts.d (see stdlibs).

FACTER_bootstrap=true puppet agent -t

node example {
  if $::bootstrap {
    include onetime_class
  } else {
    include normal_class
  }
}

Thanks,

Nan

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

An easy way to avoid messing up a development box as you describe is to not run
the puppet client on it.

Contrarywise, how about using tags ?
http://projects.puppetlabs.com/projects/1/wiki/Using_Tags

“Sometimes I think the surest sign that intelligent life exists elsewhere in the
universe is that none of it has tried to contact us.”
Bill Waterson (Calvin & Hobbes)

----- Swampcritter <maworsham@gmail.com> wrote:
> We are developing in-house RHEL VM provisioning (similar to Satellite/
> Spacewalk) along with a customized kickstart template, but also
> including Puppet to handle the actual configuration of the
> environment. One thing we need to see is does Puppet have a variable
> that will deploy one module only once and not check against it just in
> case the configuration file it has created has been altered or not and
> try to revert back.
> 
> Example: Boot using PXEBoot w/ DHCP, build RHEL VM using custom
> kickstart configuration, create local repo file with pointers to in-
> house repository and comment out the variables to use the RHN driven
> one, download from the repo and apply the RHN/Errata updates, then
> reconfigure the rc.local to install Puppet on the reboot and apply the
> actual environment requirements (i.e. check to see if its a Apache web
> server, Oracle database, Weblogic/JBoss portal, etc).
> 
> The last part is the deciding factor -- as this part of the
> requirements are quite possibly going to change via the developers
> that are actually using the environment for testing and tweaking the
> RHEL OS memory and TCP communication needs (/etc/sysctl.conf) or the
> Apache /etc/httpd/httpd.conf code. We don''t want Puppet to revert
back
> the code variables as these are being modified by hand and not using
> SVN or any other type of code version control at this time.
> 
> Anyone know if module exclusion is possible for a "deploy once,
don''t
> touch again" scenario?
> 
> -- 
> You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
> 
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

----- Nan Liu <nan@puppetlabs.com> wrote:
> You can use a completely separate bootstrap environment if it''s
> significantly different.
> # onetime
> puppet agent --environment bootstrap
> # later on
> puppet agent --environment production
> 
> Or you can use a custom fact. Easiest way is either environment
> variable or facts.d (see stdlibs).
> 
> FACTER_bootstrap=true puppet agent -t
> 
> node example {
>   if $::bootstrap {
>     include onetime_class
>   } else {
>     include normal_class
>   }
> }
> 
> Thanks,
> 
> Nan
> 
Excellent suggestion.  Better than tags or not running puppet and less resource
intensive than running multiple puppet masters

“Sometimes I think the surest sign that intelligent life exists elsewhere in the
universe is that none of it has tried to contact us.”
Bill Waterson (Calvin & Hobbes)

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On Tue, Dec 20, 2011 at 6:49 PM, Swampcritter <maworsham@gmail.com> wrote:
> We are developing in-house RHEL VM provisioning (similar to Satellite/
> Spacewalk) along with a customized kickstart template, but also
> including Puppet to handle the actual configuration of the
>
While being biased, I would recommend you to look at other open source
projects in the same scope, such as Foreman[1], might save you some time
eventually.

Ohad

FYI - I''m Foreman''s maintainer.

[1] - http://theforeman.org
> environment. One thing we need to see is does Puppet have a variable
> that will deploy one module only once and not check against it just in
> case the configuration file it has created has been altered or not and
> try to revert back.
>
> Example: Boot using PXEBoot w/ DHCP, build RHEL VM using custom
> kickstart configuration, create local repo file with pointers to in-
> house repository and comment out the variables to use the RHN driven
> one, download from the repo and apply the RHN/Errata updates, then
> reconfigure the rc.local to install Puppet on the reboot and apply the
> actual environment requirements (i.e. check to see if its a Apache web
> server, Oracle database, Weblogic/JBoss portal, etc).
>
> The last part is the deciding factor -- as this part of the
> requirements are quite possibly going to change via the developers
> that are actually using the environment for testing and tweaking the
> RHEL OS memory and TCP communication needs (/etc/sysctl.conf) or the
> Apache /etc/httpd/httpd.conf code. We don''t want Puppet to revert
back
> the code variables as these are being modified by hand and not using
> SVN or any other type of code version control at this time.
>
> Anyone know if module exclusion is possible for a "deploy once,
don''t
> touch again" scenario?
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.