Jira (PUP-9055) Compile catalogs on demand with user-specified facts

[Josh Cooper (JIRA)]

Josh Cooper updated an issue

Puppet / PUP-9055 Compile catalogs on demand with user-specified facts Change By: Josh Cooper Summary: puppetserver should have the ability to compile Compile catalogs on demand with user-specified facts Add Comment

This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93)

[Josh Cooper (JIRA)]

Josh Cooper updated an issue

Puppet / PUP-9055 Compile catalogs on demand with user-specified facts

Change By: Josh Cooper Team: Server Coremunity

Add Comment

[Josh Cooper (JIRA)]

Josh Cooper commented on PUP-9055

Re: Compile catalogs on demand with user-specified facts Moving to PUP since it will be implemented either in the puppet catalog application or catalog-preview. If it's the latter, it will be moved to the MODULES project.

Add Comment

[Rob Braden (JIRA)]

Rob Braden updated an issue

Puppet / PUP-9055

Compile catalogs on demand with user-specified facts

Change By: Rob Braden Sprint: Platform Core Grooming

Add Comment

[Rob Braden (JIRA)]

Rob Braden updated an issue

Puppet / PUP-9055 Compile catalogs on demand with user-specified facts

Change By: Rob Braden Sprint: Platform Core Grooming Hopper

Add Comment

[Rob Braden (JIRA)]

Rob Braden updated an issue

Puppet / PUP-9055 Compile catalogs on demand with user-specified facts

Change By: Rob Braden Sprint: Platform Core Hopper

Add Comment

[Rob Braden (JIRA)]

[Josh Cooper (JIRA)]

Josh Cooper commented on PUP-9055

Re: Compile catalogs on demand with user-specified facts Adding a facts option to the catalog find action is a little bit harder than expected, because the application is implemented as a face, and find is one of the standard actions. Will need to research if it's easy to override the find behavior, though honestly the easiest thing might be to rewrite the useful parts of puppet catalog as a non-face application.

Add Comment

[Kenn Hussey (JIRA)]

Kenn Hussey updated an issue

Puppet / PUP-9055

Compile catalogs on demand with user-specified facts

Change By: Kenn Hussey Flagged: Impediment

Add Comment

[Jorie Tappa (JIRA)]

Jorie Tappa updated an issue

Puppet / PUP-9055 Compile catalogs on demand with user-specified facts

Change By: Jorie Tappa Component/s: DOCS

Add Comment

[Jorie Tappa (JIRA)]

Jorie Tappa updated an issue

Puppet / PUP-9055 Compile catalogs on demand with user-specified facts

Change By: Jorie Tappa Fix Version/s: PUP 6.0.0

Add Comment

[Rob Braden (JIRA)]

Rob Braden updated an issue

Puppet / PUP-9055 Compile catalogs on demand with user-specified facts

Change By: Rob Braden Fix Version/s: PUP 6.y

Add Comment

[Kenn Hussey (JIRA)]

Kenn Hussey updated an issue

Puppet / PUP-9055 Compile catalogs on demand with user-specified facts

Change By: Kenn Hussey Flagged: Impediment

Add Comment

[Henrik Lindberg (JIRA)]

Henrik Lindberg commented on PUP-9055

Re: Compile catalogs on demand with user-specified facts I think the easiest is to use the PAL since it now supports catalog compilation. Since master --compile was something I have been using a lot, I hacked something up using PAL when master --compile was dropped. Here is what I am using for small snippets at the moment: Puppet.initialize_settings Puppet[:rich_data]=true result = Puppet::Pal.in_tmp_environment('production', modulepath: [], facts: {}) do |pal| pal.with_catalog_compiler do |c| c.evaluate_string(ARGV[0]) c.with_json_encoding { |encoder| encoder.encode } end end puts result For example used as: bundle exec ruby to_catalog.rb 'notify { test: message => "we have a catalog"}' Obviously the example is very simplistic - but all the options are there to feed in facts from any source, to use `code` or `manifest`, specify a configured environment etc. So to write a new application it is basically the CLI UX work on that application that is needed.

Add Comment

[Josh Cooper (JIRA)]

Josh Cooper commented on PUP-9055

Re: Compile catalogs on demand with user-specified facts

Some cons of using the PAL approach: It must be run on the master (same as puppet master --compile)) binary content is handled differently for agents that don't support richdata (PSON vs Binary data type) It doesn't support per-environment configuration (rich-data, manifest, modulepath, static catalogs) It doesn't perform the same transformations that the compiler terminus does: removing virtual resources inlining static content adding server and trusted facts collecting performance metrics Some cons of using the puppet catalog find approach: It writes facts to puppetdb as a side-effect Need to have a clientcert for the catalog being requested One big problem is the ability to request a catalog in an arbitrary environment. In the PAL case, we can control that, however, it's misleading as the agent won't necessary be classified in that environment when it next runs. In the catalog find case, we'll use whatever environment the agent is classified for, which may be different than what we requested.

Add Comment

[Henrik Lindberg (JIRA)]

Henrik Lindberg commented on PUP-9055

Re: Compile catalogs on demand with user-specified facts

Some cons of using the PAL approach: It must be run on the master (same as puppet master --compile))

How is this a con if it is the same? Don't get this point. (Actually I do, but if it is to be a replacement for master --compile then REST isn't strictly needed is it? Running over REST also makes this less useful - see comment below for "catalog find").

binary content is handled differently for agents that don't support richdata (PSON vs Binary data type)

Easy to add "withPsonEncoding". I assume you want to control rich/not-rich - my sample had rich_data hardcoded.

It doesn't support per-environment configuration (rich-data, manifest, modulepath, static catalogs)

It really should if PAL is called to use an existing environment on disk - like "production". Complicates things a lot though as I would rather not make PAL more dependent on the settings system. (This to be able to one day swap it out). My sample runs in a tmp env, it can naturally not have settings like that.

It doesn't perform the same transformations that the compiler terminus does: removing virtual resources

I thought it did that. It should - if not its a bug.

inlining static content adding server and trusted facts

It does use trusted facts, you have to give them in an actual node - the PAL part does not know things like how the node was obtained and how the fact where authenticated. I thought it did add the server facts already. If not, then that is a bug. collecting performance metrics What happens if you try? Should be fixed in general in PAL I suppose if it does not work.

Some cons of using the puppet catalog find approach: It writes facts to puppetdb as a side-effect Need to have a clientcert for the catalog being requested

Additional con: It requires having a running and configured Puppet Server to get a catalog. That is much slower and there is no possibility to test "just the Ruby part of compilation" to eliminate problems with JRuby/MRI or the state of a running Puppet Server. (The reasons why I wrote the small PAL thing to quickly get a catalog).

One big problem is the ability to request a catalog in an arbitrary environment. In the PAL case, we can control that, however, it's misleading as the agent won't necessary be classified in that environment when it next runs. In the catalog find case, we'll use whatever environment the agent is classified for, which may be different than what we requested.

Yeah, that is confusing - same confusion with lookup; use env node is in, or env node will be in.

Add Comment

[Josh Cooper (JIRA)]

Josh Cooper updated an issue

Puppet / PUP-9055

Compile catalogs on demand with user-specified facts

Change By: Josh Cooper Fix Version/s: PUP 6.y Fix Version/s: PUP 6.1.0

Add Comment

[Josh Cooper (JIRA)]

Josh Cooper updated an issue

Puppet / PUP-9055 Compile catalogs on demand with user-specified facts

Change By: Josh Cooper Sprint: Coremunity Hopper Grooming

Add Comment

[Kenn Hussey (JIRA)]

Kenn Hussey commented on PUP-9055

Re: Compile catalogs on demand with user-specified facts Josh Cooper this needs to land before EOD on Wednesday in order to make the cut for Puppet 6.1.

Add Comment

[Josh Cooper (JIRA)]

Josh Cooper updated an issue

Puppet / PUP-9055

Compile catalogs on demand with user-specified facts

Change By: Josh Cooper Fix Version/s: PUP 6.1.0 Fix Version/s: PUP 6.y

Add Comment

[Maggie Dreyer (JIRA)]

Maggie Dreyer commented on PUP-9055

Re: Compile catalogs on demand with user-specified facts We are looking at adding several new catalog compilation endpoints that compile more arbitrary catalogs (rather than just the one for the requesting node). This feels somewhat related, and the code that winds up being used to do that might also be exposable via CLI. Since webrick/rack were fully removed in Puppet 6 even without this capability, I'm going to move this to another epic and close PUP-3834 out.

Add Comment

[Maggie Dreyer (JIRA)]

Maggie Dreyer commented on PUP-9055

Re: Compile catalogs on demand with user-specified facts

In Puppet Server 6.3.0, we are releasing the endpoint mentioned above. See details on SERVER-2434.

Add Comment

[Alan Smith (JIRA)]

Alan Smith commented on PUP-9055

Re: Compile catalogs on demand with user-specified facts

Our upgrade from 4 to 6 is on hold because `puppet master --compile` is gone, as we rely on it heavily to compile catalogs offline. I see the updates about a http endpoint on puppetserver but creating temporary puppetservers is both impractical and slow (`puppet master --compile` does not have the startup overhead that puppetserver does) on a developer's workstation. Our usage now involves repeatedly calling `puppet master --compile` with different facts/ENC data and puppet code, offline. This is both cheap on resources and fast (no puppetserver setup/teardown costs). If it was rearchitected to work offline with puppetserver, it would be neither cheap nor fast. What are the alternatives to puppetserver and its use of JRuby? Can the code needed for `puppet master --compile` specifically be put back without the rest of the webrick/rack support code?

Add Comment

[Justin Stoller (JIRA)]

Justin Stoller commented on PUP-9055

Re: Compile catalogs on demand with user-specified facts

Just to clarify: with the API call you don't have to stand up a new puppetserver every time you would have called `puppet master --compile` you can leave a puppetserver running and, as long as it has access to the code needed to compile, continually hit the API for additional catalogs.

Add Comment

[Alan Smith (JIRA)]

Alan Smith commented on PUP-9055

Re: Compile catalogs on demand with user-specified facts

Justin Stoller Thanks for the clarification, but the issue remains of needing a long-running puppetserver available to perform what used to be possible with a one-off ruby CLI. Starting, stopping, and configuring a puppetserver for this task involves very different configuration/supporting code than does a simple CLI.

Add Comment

[Josh Cooper (JIRA)]

Josh Cooper commented on PUP-9055

Re: Compile catalogs on demand with user-specified facts

I've added a PR https://github.com/puppetlabs/puppet/pull/7476 which provides the ability to compile a catalog for an arbitrary node with arbitrary facts (as YAML). It must be executed on the puppetserver host (or otherwise have access to the same environments, modules, manifests, hiera data, etc that puppetserver does). For example: compile catalog for the current node $ bx puppet catalog compile bx puppet catalog compile Notice: Compiled catalog for localhost in environment production in 0.20 seconds { "tags": [ "settings", "default", "node" ], "name": "localhost", ... } compile catalog for a different node (pluto) using pre-generated facts $ head pluto.yaml --- !ruby/object:Puppet::Node::Facts name: pluto values: puppetversion: 6.5.0 kernelversion: 18.2.0 $ bx puppet catalog compile --facts pluto.yaml --certname pluto Notice: Compiled catalog for pluto in environment production in 0.16 seconds { "tags": [ "settings", "default", "node" ], "name": "pluto", ... }

Add Comment

[Trevor Vaughan (JIRA)]

Trevor Vaughan commented on PUP-9055

Re: Compile catalogs on demand with user-specified facts

Josh Cooper I'm not sure if this can be done, but would it be possible to generate a fact template based on a target manifest set? Basically, if I need a bunch of facts, it would be nice to have a 'fill in the blanks' YAML file that could be output by puppet itself. Ideally, you could amend the file so that it adds on new facts as the compile gets further along. I'm assuming that this would be an extension to the Facter hooks in Puppet.

Add Comment

[Alan Smith (JIRA)]

Alan Smith commented on PUP-9055

Re: Compile catalogs on demand with user-specified facts

Josh Cooper I've also [submitted a PR](https://github.com/puppetlabs/puppet/pull/7477), seconds ago, that takes a slightly different approach: it replicates the old `puppet master --compile` behavior by setting the "run mode". I think it gives everyone who relied on `master --compile` something to work with and migrate to. It would do everything I needed it to do. Let me know what you think!

Add Comment

[Josh Cooper (JIRA)]

Josh Cooper updated an issue

Puppet / PUP-9055

Compile catalogs on demand with user-specified facts

Change By: Josh Cooper Sprint: Coremunity Grooming Platform Core KANBAN

Add Comment

[Josh Cooper (JIRA)]

Josh Cooper assigned an issue to Josh Cooper

Puppet / PUP-9055 Compile catalogs on demand with user-specified facts

Change By: Josh Cooper Assignee: Josh Cooper

Add Comment

[Josh Cooper (JIRA)]

Josh Cooper updated an issue

Puppet / PUP-9055 Compile catalogs on demand with user-specified facts

Change By: Josh Cooper Sprint: Platform Core KANBAN

Add Comment

[Josh Cooper (JIRA)]

[Josh Cooper (JIRA)]

Josh Cooper commented on PUP-9055

Re: Compile catalogs on demand with user-specified facts Watchers on the ticket: Alan Smith contributed a PR to restore the functionality of puppet master --compile using puppet catalog compile, and it's been merged to master in https://github.com/puppetlabs/puppet/commit/5d30e1e091199729b9d10dbe7c1566b4bcd7cded. It has the same limitation that puppet master had where you have to "preload" the facts for the node being compiled by saving a facts file with the name $certname.yaml. But at least we've restored the capabilities that were removed when puppet master --compile was removed. If folks are interested in explicitly passing the facts to use on the command line, let's file a new ticket and link to this one.

Add Comment

[Josh Cooper (JIRA)]

Josh Cooper updated an issue

Puppet / PUP-9055

Compile catalogs on demand with user-specified facts

Change By: Josh Cooper Fix Version/s: PUP 6.y Fix Version/s: PUP 6.5.0

Add Comment

[Josh Cooper (JIRA)]

Josh Cooper updated an issue

Puppet / PUP-9055 Compile catalogs on demand with user-specified facts

Change By: Josh Cooper Release Notes Summary: The "puppet catalog compile" action will compile a catalog in the same way that the "puppet master --compile" application did, before being removed in Puppet 6. The command must be run on the puppetserver with access to modules, hiera data, etc Release Notes: Enhancement

Add Comment

[Heston Hoffman (JIRA)]

Heston Hoffman updated an issue

Puppet / PUP-9055 Compile catalogs on demand with user-specified facts

Change By: Heston Hoffman Labels: resolved-issue-added

Add Comment

[David Sandilands (Jira)]

David Sandilands commented on PUP-9055

Re: Compile catalogs on demand with user-specified facts I have a question from JPMC relating to this ticket, I think I am misunderstanding what can be done here, can I run puppet catalog compile --run_mode master pe-server-davidsand-0-ff18d2.ty4x0b4hbguu1p40qhokw3zp2f.xx.internal.cloudapp.net and as long as I have a  pe-server-davidsand-0-ff18d2.ty4x0b4hbguu1p40qhokw3zp2f.xx.internal.cloudapp.net.json file with facts it should behave like puppet compile master command?

Add Comment

This message was sent by Atlassian Jira (v8.20.2#820002-sha1:829506d)