On Dec 19, 2009, at 11:54 PM, Douglas Garstang wrote:
> I'd like to be able to split out my puppet production and test
> environments so that I can continue to develop puppet
> modules/manifests without breaking production. How are people doing
> this?
My setup is pretty simple and doesn't require manually copying anything, so I
figured I'd share.
I have three directories:
/etc/puppet/manifests/prod
/etc/puppet/manifests/test
/etc/puppet/manifests/experimental
Each of those is a working copy of the same SVN repo. Production systems (and
others - see below) are given the `prod` manifests. Development, Test, and
Staging systems are given the `test` manifests. `experimental` is where the
manifests are actually worked on. I'll temporarily set the environment to
experimental on as many systems as it takes to make me comfortable that changes
are good. Once I like them, I commit them, then `svn update test`. Depending on
the scope of the change and my confidence in what I've done, I'll either update
`prod` as well, or go through $employer's change control process.
In `/etc/puppet.conf`, I have these at the end:
# Additional environments
[dev]
manifest = /etc/puppet/manifests/test/site.pp
modulepath = /etc/puppet/manifests/test/modules
[test]
manifest = /etc/puppet/manifests/test/site.pp
modulepath = /etc/puppet/manifests/test/modules
[staging]
manifest = /etc/puppet/manifests/test/site.pp
modulepath = /etc/puppet/manifests/test/modules
# Experimental environment (primarily for Puppet tests)
[experimental]
manifest = /etc/puppet/manifests/experimental/site.pp
modulepath = /etc/puppet/manifests/experimental/modules
(I don't currently do anything with modules, but I defined them in case I do
one day.)
The configuration above this, where the defaults are specified independent of
any environment, points to the `prod` manifests. The defaults get applied to
any system where the environment doesn't match one explicitly defined. This
includes systems with an environment of "prod", but more importantly, it
includes systems with no environment at all. The idea being that the `prod`
manifests are safest, so when in doubt, use those.
As for putting systems into each environment, I have all mine in LDAP with an
attribute called `environment`. Others have pointed out that there are ways to
pull it off by manually touching each machine, if you're into that kind of
thing. :)
--
Rob McBroom
<http://www.skurfer.com/>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
