Hello Jon, Here is a process that I follow to avoid the type of misconfiguration problem you encountered. This process is used to *avoid* the mis- configured system problem. It is not a direct test that Puppet will generate a valid configuration file from a template.
1) A "local" environment is used to deploy the entire system (which is called a 'role' for the system). While I may be developing a single class, I still confirm that the entire role can be deployed to my local environment. The local server is typically rebuilt 30-50 times during the course of development of a new manifest. This allows me to catch errors early, as many of the mistakes I make result in spurious errors on Puppet. The manifests are then committed to SVN and automatically deployed to a DEV environment, which is identical to the production environment. This allows live testing against my other servers. The manifests then are merged to the 'trunk' branch and get deployed to a TESTING environment where selenium regression tests exercise the applications to make sure they still work as expected. The manifests get deployed to QA for manual testing and review and finally to PRODUCTION. 2) Include configuration checks before making a configuration file live. One example is with the sudoers file. I use a file-fragment approach to generate a sudoers testing file and only make that file live if the check passes. Your zone file can use a similar check. In situations where checks are not possible, I include a 'testing' flag to prevent a configuration file from being made live. I manually check the testing file to make sure it is valid. The APF firewall script is an example where this is important. When I first deployed APF, puppet exploded with spurious errors because I forgot to open a port. I now confirm (using the below process) that the APF configuration is valid before allowing APF to be started on the remote servers. 3) Each of my servers has a Dokuwiki page that is generated by puppet during the deployment. I use a file fragments pattern for this as well, where each class and define puts a dokuwik-formatted fragment into a specific directory. The configuration templates are included into the dokuwiki file fragments using this approach. These fragments are assembled into a single wiki page that is SCP'd to my documentation server. I then review the server's configuration directly on this wiki page to confirm that the destination server is configured in the manner I expect. In the case of APF, I then change the 'testing' flag to false and re-run puppet to make the configuration live. This is a process, not an answer to your original question about Puppet generating the configuration file from a template without actually applying the changes. That would be a nice feature which I don't believe currently exists. Your mis-configured zone file would have been spotted in steps 1 and 2; maybe step 3. Regards, Jon On Sep 10, 8:36 pm, Jon Forrest <nob...@gmail.com> wrote: > We use puppet to distribute named zone files, like many > of you do. We use git to maintain these files, which are > then pulled by the puppet master machine. These zone files are > actually puppet template .erb files. > > The other day, I made a mistake which resulted in some zone > files with syntax errors in them. Puppet faithfully distributed > the erroneous zone files to the name servers, which killed them. > > To prevent this from happening again, I want to be able to > somehow expand the template files and run named-checkzone > as part of a git pre-commit hook. I want this expansion to > occur without making a normal puppet run so that the bad > files won't get distributed. > > Can anybody point me to a technique for doing this? > > Cordially, > Jon Forrest -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
