The basic idea is this: you have a server to be configured using puppet. On
your machine, you have a git repository containing the puppet configuration,
plus some other scripts. The puppet configuration sets up /var/lib/git as the
home directory for user git, and a remote clone of your git repository is
stored there. The script run_puppet.bash gets the puppet config from the git
repository and copies it to /etc/puppet_hash, and sets a symlink to
/etc/puppet.
The git repository on the server is bare, so I can't just make a symlink from
/etc/puppet to the config directory in the repository. Thus the need to export
it, and it seems a little wasteful to do the export every time. So I export to
/etc/puppet_hash and symlink /etc/puppet to this directory. Then I export only
if the repository has been updated.
You push from your git repository to the server repository over ssh; thus the
purpose of the ssh keys is to enable this communication. It is often the case
that puppet repositories contain sensitive information such as passwords, so I
prefer not to put the repository on servers not under my control (i.e. github
or bitbucket). Also, introducing something like github brings with it a fair
amount of additional work to set up and maintain the chain. The approach I'm
using works for multiple developers and multiple servers (e.g.
development/test/production).
I suppose I could pull the sensitive bits out of the puppet configuration and
store them in yet another location, but this starts up the Puppet Workaround
Stack that I try to avoid.
Charles
> On Mar 11, 2015, at 11:46 PM, Hubert Lubaczewski <dep...@gmail.com> wrote:
>
> Hi,
> I checked the repo, but I don't understand what you wrote in the README. What
> is the purpose of these ssh keys? Why are you, in the run_puppet script,
> copying config to some place versioned by git commit, and run puppet from
> there, instead of just keeping /etc/puppet as git repo?
>
> Basically - it is likely that your scripts solve problems that I am not aware
> of, yet, but then, would greatly appreciate more information what it is for -
> I can read what it does, but why?
>
> depesz
>
> On Thursday, March 12, 2015 at 3:38:21 AM UTC+1, Charles Yeomans wrote:
> > On Mar 11, 2015, at 8:32 PM, Hubert Lubaczewski <dep...@gmail.com> wrote:
> >
> > Hi,
> >
> > I'm trying to learn puppet by using it on a test machine I have. Figured
> > that for single server, it makes sense to use master-less mode.
> >
> > So, my question is like this. To set it up, I figured that:
> > 1. /etc/puppet would be clone of some repo
> > 2. in /etc/puppet/manifests/site.pp, I would add vcsrepo{} that would make
> > sure that puppet will update itself on each run
> > 3. I'll add a cronjob to periodically run "puppet apply
> > /etc/puppet/manifests/site.pp"
> >
> > Optionally, I would run "git pull" before actual puppet apply, so that
> > puppet will run on already updated repo.
> >
> > Does it make sense? Am I missing something? I know it's pretty basic, but
> > in one place I had to write quite a lot of manifests/modules for puppet,
> > and finally decided to setup whole machine, on my own, using puppet.
> >
> > Thanks for any help/guidance,
> >
> > depesz
> >
>
>
> I've used masterless puppet setups for several years.
>
> My current starter template for puppet projects is at
> https://github.com/declaresub/git-puppet-bootstrap . It may be useful for
> what you want to do. It is intended for use with VMs; I've tested it with
> Ubuntu 12.04 and Debian Wheezy on Linode and Vagrant VMs.
>
> I have a simple puppet module for postgresql if you need one too :)
>
> Charles
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/85ee6161-3430-4d60-8efc-6cbe66032508%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/8B0737E0-2093-464F-9601-08BC2B1D2BA5%40dakim.com.
For more options, visit https://groups.google.com/d/optout.
