This is kind of a meta-puppet question. If you are keeping your puppet modules -- manifests + templates + files -- in revision control (and you are, right?), how do you manage releasing out to the world? Let me start out with our setup and if other folks can follow up in a similar format perhaps a summary would be worth putting in the docs. (General "man don't do that, do this instead" commentary on my stuff appreciated also)
- Describe your environment (general application, number of clients, number of puppetmasters) internet-facing production services with ~2000 clients split roughly half-and-half between preproduction/lab environments and prod. one set of 2 apache+passenger+puppetmasters for all lab environments and a second set for prod. - Describe revision control setup subversion server with a branch named 'test' and a branch named 'prod'. all puppetmasters live on the prod branch - $moduledir is a working-copy checkout of svn, and one puppetmaster in each env has a second server running on :8141 that lives on the test branch. prod branch commits should only be 'svn merge's of commits in test but this isn't enforced by technological control. Post-commit hook sends out mail with the diff to everyone on the team. - What do you like about it? Tight control over changes that go to prod, a fairly straightforward way to test out changes on real clients (stop real puppetd, run manually with --masterport=8141), Being able 'svn blame' on configs is super helpful. I love my post-commit email hook - one simple but helpful thing was to set the From address of the mailouts to be a real list so people can just reply to the mails and start a code review type discussion. - What do you NOT like about it? We have to manually 'svn up' on all the puppetmasters after a commit, which people sometimes don't do and clients get out of sync. Merging can be complicated. Flip-flopping clients back and forth between test branch and production is slightly messy. - What are you doing to improve/change the setup? Pre-commit hook to do syntax checking on files to refuse commits on blatant errors Contemplating a post-commit push to 'svn up' the puppetmasters but not sure if this is really a good idea Need some auditing between the branches to see what changes are not yet merged or if prod has somehow diverged (non-merge changes on the branch) Maybe one/handful of clients per class of host ought to live pointed at the test server. - Eric Sorenson - N37 17.255 W121 55.738 - http://twitter.com/ahpook - -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
