Thomas A. Fine
2013-Apr-02 17:48 UTC
[Puppet Users] Multiple sources for puppet configuration?
Hi,
As we gradually spread puppet management to all of our systems, we''ve
run across a group that''s managed by us, but also semi-self-managed,
and
they''d set up puppet to manage some of their own software
configurations
(they provide an outward facing archive service).
Is there a way to set up puppet so that it looks at multiple servers for
it''s configuration?
My first guess is to say that we control /etc/puppet/puppet.conf and
point it at our servers, and that they fall back to running puppet from
cron with "--config /path/to/their/puppet.conf".
Is there a better way to handle this? i.e. can you put something in
puppet.conf that tells it to apply rules found on more than one server?
Of course we also plan on setting up some yet-to-be-designed revision
control system. So another alternative would be that when we set that
up we design it so that some modules can be edited by individuals
outside the systems group. Then we''re back to one single
configuration,
and not only that we can watch what other groups are doing with modules
where we''ve handed out permission. This may be the best solution since
it''s vaporware right now. Has anyone done anything like this?
Thanks,
tom
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
On 4/2/13 7:48 PM, Thomas A. Fine wrote:> Hi, > > As we gradually spread puppet management to all of our systems, we''ve > run across a group that''s managed by us, but also semi-self-managed, and > they''d set up puppet to manage some of their own software configurations > (they provide an outward facing archive service). > > Is there a way to set up puppet so that it looks at multiple servers for > it''s configuration? > > My first guess is to say that we control /etc/puppet/puppet.conf and > point it at our servers, and that they fall back to running puppet from > cron with "--config /path/to/their/puppet.conf". > > Is there a better way to handle this? i.e. can you put something in > puppet.conf that tells it to apply rules found on more than one server? > > Of course we also plan on setting up some yet-to-be-designed revision > control system. So another alternative would be that when we set that > up we design it so that some modules can be edited by individuals > outside the systems group. Then we''re back to one single configuration, > and not only that we can watch what other groups are doing with modules > where we''ve handed out permission. This may be the best solution since > it''s vaporware right now. Has anyone done anything like this? > > Thanks, > > tom >Tom, Check out defining multiple paths in the modulepath[1]. This would allow both teams to have their own modules and versions with names that might conflict. Environments[2] will also help, as you can place the other team''s systems in their own environment, even though all the systems would talk to the same puppet master service. Heavily recommend using VCS from the beginning, you are going to need it. Here''s an old talk I gave around version control (starts about half way through) [3]. [1] - http://docs.puppetlabs.com/puppet/2.7/reference/modules_fundamentals.html#the-modulepath [2] - http://docs.puppetlabs.com/guides/environment.html [3] - http://talks.garretthoneycutt.com/20110413-Change_management_with_Puppet_for_PuppetNYC.pdf Regards, -g -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
jcbollinger
2013-Apr-03 14:00 UTC
[Puppet Users] Re: Multiple sources for puppet configuration?
On Tuesday, April 2, 2013 12:48:57 PM UTC-5, Thomas A. Fine wrote:> > Hi, > > As we gradually spread puppet management to all of our systems, we''ve > run across a group that''s managed by us, but also semi-self-managed, and > they''d set up puppet to manage some of their own software configurations > (they provide an outward facing archive service). > > Is there a way to set up puppet so that it looks at multiple servers for > it''s configuration? > > My first guess is to say that we control /etc/puppet/puppet.conf and > point it at our servers, and that they fall back to running puppet from > cron with "--config /path/to/their/puppet.conf". >Yes, something like that could do what you ask, but it''s a bad idea.> > Is there a better way to handle this? i.e. can you put something in > puppet.conf that tells it to apply rules found on more than one server? >No, you can''t. There is a fundamental problem with the approach: you rely on independent sources of truth with overlapping scope. Conflicts WILL arise. Instead, you want a mechanism by which the group in question can have its own declarations incorporated into the catalog generated by the central master. Conflicts are less likely in that case, and they will be recognized by the master when they occur. Garrett had some good suggestions for how to provide this kind of feature, and I will add that you may also get some mileage out of hiera, with which you can provide for the special group to override site-wide standard data and parameters with customized data for their group. John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.