On Wed, May 19, 2010 at 11:41:36AM -0400, Matt Juszczak wrote: > However, don't you have concerns that a change could get introduced to > your puppet config that would cause your puppetmaster to have issues?
There are (to me) two types of changes in this context, changes to the puppetmaster itself (its /etc/default/puppetmaster file for example), which we don't do very often and keep quite a close eye on, and new modules / nodes (such as bringing resolv.conf under puppet control) - which we do a lot of and end up going through the usual testing cycle. Either way we do them in staging first and then watch them like a hawk. > This is why I'm leaning towards not regulating my puppetmaster with > puppet (as I make the same decision to not have my LDAP server > authenticate with LDAP). It's kind of the chicken + egg problem, no? I'd rather have most of my changes done in a consistent way that's been tested on dozens of my nodes than have a special out of band config mechanism just for puppetmasters. Although my view might change if we ever really screw it up - but a mistake of that size will kill more than one node in staging anyway :) Another way to look at it is that the fear makes you keep your recovery procedures up to date and close at hand ;) Dean -- Dean Wilson http://www.unixdaemon.net Profanity is the one language all programmers understand --- Anon -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
