Yup, I had noted and discussed that with my colleagues. It's got to be a big boon. A broken Puppet that ruled them all, could cause big havoc. In fact, I seem to remember this causing big havoc in a previous workplace, where someone decided to "just upgrade Puppet" because the current version was blocking him...
Apart from that, any other pros and cons to either method? I guess not, otherwise you'd have mentioned them. :) On Friday, 13 October 2017 00:53:54 UTC+3, Daniel Urist wrote: > > Option (2) allows you to test upgrades to the puppet infrastructure > itself, which changes not infrequently. > > On Wed, Oct 11, 2017 at 3:15 PM, Antony Gelberg <antony....@gmail.com > <javascript:>> wrote: > >> I've asked a similar question on the Terraform mailing-list but on >> reflection, I think it's more appropriate here. >> >> Let's say I need several environments, and I'm using AWS, with each >> environment in a separate VPC. I'm going to configure instances with Puppet >> (and deploy with Jenkins). I see two basic design options here: >> >> *Option 1: Puppet master in one environment / VPC, either:* >> >> 1. In their own VPC, e.g. "devops". >> 2. Less-optimally, piggy-backed on an application environment VPC, >> e.g. "staging". >> >> This master would be responsible for configuring all servers across all >> other environments / VPCs. >> >> Implications: >> >> - Have to open up security groups, scope for environments to affect >> each other. >> - Configuring Puppet environments using something like r10k, high >> dependency on that enviroment >> - VPCs will have to have different CIDRs (not sure if this is a big >> deal). >> >> >> *Option 2: Every environment to have its own Puppet master.* >> >> Implications: >> >> - More costly. >> - Feels "cleaner", each Puppet master only needs to handle one >> environment. >> - Less likely for environments to interfere with each other. >> - Potentially less (or more?) pain with managing Puppet environments. >> - Might be overly complex. >> >> Is either of these an obviously better choice than the other? If (1) is >> better, is sub-option (1) or (1) better? >> Or are both options both viable and sane? >> >> NB Assume that "master" may mean "masters" according to the need. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to puppet-users...@googlegroups.com <javascript:>. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/puppet-users/d5c26bc6-c7ce-4439-8073-41c462f9ded2%40googlegroups.com >> >> <https://groups.google.com/d/msgid/puppet-users/d5c26bc6-c7ce-4439-8073-41c462f9ded2%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/d/optout. >> > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/4ba4a40d-5875-42e5-9beb-8395065f18cf%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
