berber <webersi...@gmail.com> writes: > Puppet runs every hour or so on our production servers and makes sure > they stick to the manifest. I'm curious to know if this is advised for > production.
> In theory, if something breaks in puppet for whatever reason, all of > our production servers may be hurt simultaneously. We do it as well. You have to be fairly paranoid about what you change in the Puppet manifests, but we like the constant consistency check that all is as it should be. We do run Puppet in --noop mode and require manual intervention to run it on our Kerberos KDCs. We've only gotten bitten by this once, when there was a bug in Puppet that occasionally caused it to overwrite managed files with their own checksums. That bug was fixed a long time ago, but it was pretty bad while it was present. But you'll notice it wasn't enough to keep us from continuing the policy of running Puppet in production. -- Russ Allbery (r...@stanford.edu) <http://www.eyrie.org/~eagle/> -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
