Ask Your Question

How can you integrate manifest updates into production?

asked 2014-01-06 22:11:29 -0600

spuder gravatar image

My company's manifests are stored on a git server. The typical workflow when editing a manifest goes like this:

  1. Clone manifests directory to workstation
  2. Edit manifest
  3. Commit & Push manifest back to git server
  4. ssh to puppetmastenter
  5. cd into module path
  6. git pull

I'd like to automate the step where I ssh into the puppet master and run a git pull. Because a bad commit could break production, I'm looking to implement dynamic environments. The commits would only 'auto-push' to the dev environment.

Is it possible to automate this workflow?

edit retag flag offensive close merge delete

4 Answers

Sort by ยป oldest newest most voted

answered 2014-01-14 16:09:04 -0600

spuder gravatar image

I temporarily solved this issue with a cron job on the puppet master to do a git pull every 5 minutes.

*/5 * * * * cd /etc/puppet && GITOUTPUT=$(/usr/bin/git pull origin master); if [ "$GITOUTPUT" != "Already up-to-date." ]; then echo `date`  $GITOUTPUT >> /var/log/gitcron.log; fi;

A better long term solution will be to setup password-less ssh from my git server to my puppet master, and then grant the git user password-less sudo rights. I will then use a git web hook to execute a git pull on the puppet master every time a commit is pushed to the git server.

edit flag offensive delete link more

answered 2014-01-15 05:13:36 -0600

igalic gravatar image

updated 2014-01-16 07:40:11 -0600

My recommendation is to use r10k. I use it to manage manifests, modules and hieradata in Git and across multiple environments.

r10k can be configured to run in gitPubSub, or in a post-receive hook for private repos. You could also just run it through cron, although that could amount to unnecessary overhead since: cron does not know which modules have changed and you'd effectively have to deploy all environments:

34 */2 * * * r10k deploy -c /etc/r10k.yaml environment -p

edit flag offensive delete link more


Can r10k automatically pull the latest module updates from the git server?

spuder gravatar imagespuder ( 2014-01-15 18:25:42 -0600 )edit

yes, r10k pulls by default the latest revision, unless stated otherwise.

Zathras gravatar imageZathras ( 2014-01-31 06:18:45 -0600 )edit

answered 2014-01-07 02:05:41 -0600

doc75 gravatar image

You could create a class that will use puppetlabs::vcsrepo to pull all your git repository in your modules path. It can pull a specific branch for production and another one for dev. You then have to run this manifest on the puppetmaster. Hope this helps.

edit flag offensive delete link more

answered 2014-01-07 05:01:55 -0600

asktbt gravatar image

We have a similar setup

  1. Pull the repository from the puppet server.
  2. Edit the configuration/manifest/modules
  3. Commit and Push back to the puppet/git server.

This automatically deploys the branches into paths via githooks. As described here it works pretty well. We made some small modifications in order to merge the module branches so all environments have the same modules, but can have different manifests, e.g.

The same we do for configurations we haven't fully migrated into puppet yet. Puppet basically deploys whole folder structures out of a git branch into the target system that way.

edit flag offensive delete link more


How does the code get from the git server to the puppet master? Do you ssh into puppet master and run a git pull ?

spuder gravatar imagespuder ( 2014-01-10 15:48:19 -0600 )edit

The Puppetmaster is also the git server. [Git hooks]( deploy the branches into the Puppetmaster configuration. If you don't _want_ to have bare ...(more)

asktbt gravatar imageasktbt ( 2014-01-13 02:38:17 -0600 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2014-01-06 22:11:29 -0600

Seen: 1,058 times

Last updated: Jan 16 '14