On Thursday, 18 February 2016 05:18:19 UTC+1, Henrik Lindberg wrote: > > On 18/02/16 02:10, warron.french wrote: > > Can someone please clearly explain why/when to use: > > puppet apply versus Puppet agent? > > > > puppet agent makes requests to the master - the master compiles the > catalog. > > puppet apply produces the catalog locally (must have all the manifests > etc on the agent) - a.k.a known as running masterless. >
Henrik's answer is perfect. As a relative newbie, this is a point (and it's follow-on: why?) that I remember was briefly difficult but that becomes so obvious that it's increasingly hard to remember why I thought it was hard. So let me offer a a bit more (the more experienced will correct me) while I can still remember that it was briefly hard. In a very old, honest, and maybe small world, you might never need a puppet master. Each host has access to its configuration information and uses puppet apply to configure itself. This is really simple to set up, because you don't need a master. Maybe I have a cron job that periodically does a git pull && puppet apply. This eventually leads to frustration. These are some of the things I considered (against the simplicity of "git pull && puppet apply"): - Maybe some hosts have to know secrets. There are techniques for this (blackbox, puppet-decrypt, etc.). I'm not sure if any solution is canonical. But do you want all hosts to have to know how to access those secrets? - Is it ok for all of your hosts to have access to your git repo? Does each host have a separate key or do you have to update all hosts if you need to invalidate that key in a hurry? - Maybe some hosts are more publicly visible than others, and you don't want the more publicly visible hosts to know anything about what's behind the curtain to limit discoverable attack surface - In case you need to revert, the master makes this a bit easier (I've heard, but I am not convinced) - Central reporting of client state While I'm sure you're as facile with google as the rest of us, I found this <http://superuser.com/questions/769755/what-are-pro-and-cons-in-using-puppet-master-vs-distribute-puppet-manifests-wit> SO (SU) article quite reasonable. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/f8576264-d232-4a7d-a443-b26ed9af1d92%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
