This site is an archive; learn more about 8 years of OpenHatch.

[Devel] [Sysadmin] Puppet files

Paul Bakulich paulbakulich at gmail.com
Sun Jun 19 06:39:05 UTC 2011


Hi Asheesh, Jack!

I tried to run...
       puppet -v node.pp
and got:
       Could not run: Could not find file node.pp

I think the file that you wanted us to run was thingy.pp ??

So anyway, I ran puppet -v thingy.pp
and got....
.info: Applying configuration version '1308465242'
notice: /Stage[main]/Openhatch_code/Package[libxslt-dev]/ensure: ensure
changed 'purged' to 'present'
notice: /Stage[main]/Openhatch_code/User[deploy]/ensure: created
notice: /Stage[main]/Openhatch_code/File[/home/deploy]/ensure: created
info: /Stage[main]/Openhatch_code/File[/home/deploy]: Scheduling refresh of
Exec[/usr/bin/git clone git://gitorious.org/openhatch/oh-mainline.git]
notice: /Stage[main]/Openhatch_code/Exec[/usr/bin/git clone git://
gitorious.org/openhatch/oh-mainline.git]/returns: executed successfully
notice: /Stage[main]/Openhatch_code/Exec[/usr/bin/git clone git://
gitorious.org/openhatch/oh-mainline.git]: Triggered 'refresh' from 1 events
info: Creating state file /var/lib/puppet/state/state.yaml
...

Does that look about right?

Paul Bakulich


On 19 June 2011 09:05, Jack Grigg <me at jackgrigg.com> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hey all,
>
> Sorry, I should have popped in a note about this earlier but I've been
> super busy what with it being my last weeks in Belgium (I fly home
> tomorrow).
>
> Asheesh, I'm very much liking the look of this! I haven't yet run this
> on the server though; I want to understand a little more about Puppet
> first - namely, get a bit further through step 1 ^_^
>
> (Also I haven't been able to connect to IRC lately - issues with my
> server. I've already paid for a new Linode that I'm going to migrate my
> dev server across to, soon(ish) >_<)
>
> Lastly, sorry for missing today's meeting; I was having dinner with my
> flatmates, since this is the last night I'm spending in my flat with
> them =) Hope things went well, and I promise to make progress on the
> server move over the next week (it's in my top 4 of things to do at
> present).
>
> Cheers,
> Jack
>
> On 12/06/11 04:50, Asheesh Laroia wrote:
> > Hi Jack, and anyone else who's interested in server move updates,
> >
> > (Other people who don't care about the server move can probably mute
> > this thread.)
> >
> > I've gotten to a good point to explain my vision for how we can use
> > Puppet to make the new server quite comprehensible. This is a long email
> > with that vision.
> >
> > Here's what I think we should do:
> >
> > How to use what I've made so far
> > --------------------------------
> >
> > First, you should read http://people.redhat.com/dlutter/puppet-app.html
> > . I mean it! It's old but good.
> >
> > You should "git clone" the new https://gitorious.org/openhatch/oh-puppet
> > repository on the new machine. For now, it doesn't matter much where in
> > the filesystem you clone it to. You don't need to clone it as root; you
> > can clone it as your own user ID.
> >
> > You should run 'puppet -v node.pp' as root (perhaps with sudo) and watch
> > as Puppet (verbosely, hence '-v') explains what it is doing, and why.
> >
> > You'll notice that Puppet creates the OpenHatch deploy user and does the
> > right "git clone".
> >
> > More background info
> > --------------------
> >
> > The way I see it, the Puppet configuration we end up with should be
> > idempotent -- when you run Puppet, it checks the current state of the
> > system, and only acts if something needs changing. So if you run it a
> > second time with the same Puppet config files, it will do nothing.
> >
> > The goal of the files is to describe how to create a (nearly)
> > fully-working OpenHatch server, including our nginx and Apache
> > configuration, creating the Roundup service, and creating the wiki. It
> > should be possible to test the Puppet files by creating a new VM on your
> > own machine and running this stuff. In fact, that's how I recommend
> > developing the scripts, rather than developing them on the OSU OSL
> machine.
> >
> > (I say "nearly": I think our SSL private key shouldn't be in there.
> > That's probably okay.)
> >
> > I realize that, since we have a flexible configuration format and an
> > interpreter for it, we're going to end up "programming" the server,
> > optimizing the Puppet scripts for readability and cleanliness. If you're
> > cynical, you might worry that we'll end up "wasting" time improving
> > "code quality" (quality of the Puppet files). I accept that's a risk but
> > I think we'll end up with a good balance of spending time improving them
> > and learning Puppet where the time investment helps us spend less time
> > on sysadmin tasks later (and also make more efficient use of volunteers).
> >
> > The official way to make changes to the server should be to change the
> > Puppet file, not to be to run commands on the main server. Except...
> >
> > ...I still think we should keep using the "deploy" script that we have
> > now. The script has the advantage of running as just one unprivileged
> > user ID, and I (for one) really like how quickly it works.
> >
> > Adding someone to the "Login Team" (as well as removing them) will be
> > easy: we'll just add their SSH key information to the Puppet
> > configuration file, commit to git, and tell Puppet on the main server to
> > run itself with the freshest configuration from git. Ta-da.
> >
> > Things we are doing "unusually"
> > -------------------------------
> >
> > We're not using the puppet daemon at all (called puppetmaster), neither
> > for distributing config files, nor for passing Puppet files to the
> > server. We just have the one server, and we can store all of the fun
> > stuff in git.
> >
> > Things we are doing "wrong"
> > ---------------------------
> >
> > We're using a non-idiomatic filelayout. Honestly, we should fix that.
> > We're supposed to use "modules" and "manifests". I'm still a Puppet
> > newbie so I did it in the easiest way I could put it together.
> >
> > Similarly, I don't understand everything about Puppet classes yet.
> > There's some "->" syntax that I don't understand for expressing
> > dependencies, and it seems pretty cool. There's some "::" thing that I
> > don't understand yet, either.
> >
> > Next steps
> > ----------
> >
> > Jack, please try the above on the OSL server. Anyone else can follow
> > along on a VM on their own machine, if you don't have root on the OSL
> box.
> >
> > Once you and I are on the same page about the way this will work, then I
> > add a few more things into the Puppet config. (That means: Jack, I'm
> > waiting on your ACK before I move forward. That way I can take a quick
> > break from Puppet-ification and relax for a while!)
> >
> > Other links
> > -----------
> >
> > As I learn and find resources I like, I'm bookmarking them at
> > http://bookmarks.makesad.us/insipid.cgi?tag=puppet .  I especially
> > recommend the cool-headed
> > http://current.workingdirectory.net/posts/2011/puppet-without-masters/ .
> > You can read them and/or suggest other links that would be useful.
> >
> > P.S. Wow, this email got long.
> >
> > -- Asheesh.
> > _______________________________________________
> > Devel mailing list
> > Devel at lists.openhatch.org
> > http://lists.openhatch.org/mailman/listinfo/devel
> >
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iQEcBAEBAgAGBQJN/RL3AAoJEI3j92WSe+b39l0H/1EtFLbCkfajYmJb6lKU0atU
> +abDF7zvvSf5qD+BVwm5fUM6bhhOvHtOruRYKjA+X0KhUWC1yOhbhGtmpF76hh41
> RS0xMzDYOnji3MRQudxhO7V1r8Hvzew2rWL7nO0NmTtdE1NJKvWnKYAJyqLR9P2k
> 9KTjypoYoa8Mr5JszSlyLCbK4vY5QpyXniU6+YeYw1ccwiSHpjDvuZS+Nl9ubLeM
> dx7fo0jck47jgtHU7zAyZgvAScp+bzc8jOrgH3ALTolAoqKjqhW9NC3qhO4ewtHT
> IfLkAEYku76Ek5oWETK61Yp+8sx/nHVy9k28F2/N1YsFTMo65D26W/X1l38Kt1I=
> =8Bzw
> -----END PGP SIGNATURE-----
> _______________________________________________
> Devel mailing list
> Devel at lists.openhatch.org
> http://lists.openhatch.org/mailman/listinfo/devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openhatch.org/pipermail/devel/attachments/20110619/a429d1e1/attachment.html>


More information about the Devel mailing list