On Wed, May 25, 2011 at 10:40 AM, Brian Gupta <brian.gu...@brandorr.com>wrote:
> On Wed, May 25, 2011 at 1:29 PM, Douglas Garstang > <doug.garst...@gmail.com> wrote: > > On Wed, May 25, 2011 at 10:22 AM, Brian Gupta <brian.gu...@brandorr.com> > > wrote: > >> > >> Basically the ways I know of: > >> > >> 1) Don't run puppet as a daemon, but run it out of cron every X mins. > >> 2) Setup a cronjob that checks if puppet is running and restart it if > not. > >> 3) Setup a nagios job that checks to see if puppet is running > >> 4) Presuming you are managing your puppet code in some sort of version > >> control system, you can "publish" the latest timestamp of your latest > >> commit, and also push that out via puppet, and setup a nagios check > >> that compares them and if they ever are behind by more than X mins you > >> can crit on it. You could take this a step further and have nagios > >> automatically restart puppet if they are behind, but if you think it > >> might be a syntax error, I would probably skip that. (As an aside you > >> should do syntax checking before committing. I added the commands to > >> do so below) > >> 5) Foreman (or dashboard) can monitor puppet runs, and flag any broken > >> runs. > >> > >> Check syntax: > >> puppet --noop --parseonly memcached.pp > >> > >> Check erb syntax: > >> erb -x -T '-' memcached-sessions.erb |ruby -c > >> > >> We use a combination of 2,3,4 and 5. > >> > > > > I must have phrased my question wrong, because it seems to have been > > misinterpreted. We're pretty much doing everything you suggested, with > the > > exception of Foreman, which I don't like. > > I just need a way to confirm that the changes I made to the config were > > executed successfully. I also need to know if other changes snuck in > > somehow, and everything has gone south for one reason or another. The > only > > way I can think of to do this, is to actually force puppet to do a run, > and > > then eyeball /var/log/messages immediately. > > Doug. > > What do you mean by "executed successfully"? Assuming I understand > your question correctly, if it is untested code, and it passes a > syntax checker, and doesn't generate errors, you pretty much need to > spot check at least one one system that the code in question does what > you intended. Many folks do this in a dev environment, before pushing > it to their puppetmaster. I don't really see a way around this that > wouldn't end up being a lot more work than it's worth. > > Executed successfully = a) No syntax errors b) No dependency errors c) No other weird stuff Just because there are no dependency errors on one system, doesn't mean that there won't be dependency errors on another system. No two systems are ever identical, so spot checks won't cover all bases. We're a startup with limited resources, with the typical total lack of resources. We don't have the luxury of a dev environment. We have 4 data centres, different rules for each, and one is PCI compliant, which is akin to having a root canal done every time you touch it. Even if we did, that doesn't preclude making sure everything ran ok. It's still needed. Doug. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
