Code deployment strategy sanity check
63 views
Skip to first unread message
Guy Knights
May 15, 2014, 6:19:05 PM5/15/14
to puppet...@googlegroups.com
I'm looking at ways to better automate our build pipeline and I'm trying to envision ways to get our latest code package onto servers, while also being able to update this package at specific, later times.
The code will be served from a local yum repository, so I figure we can install the latest version on new systems using an "ensure => present" in a package resource, and then push out updates from our bamboo server via mcollective. I understand that it's possible to install packages directly using mcollective via a plugin such as this one: https://github.com/puppetlabs/mcollective-package-agent. What I also am led to believe is that if I use the "ensure => present" in the package resource, that puppet will not make any attempts (after the initial install) to upgrade to a newer version of the package.
Does this seem like a valid way to get our code onto servers, ensuring that puppet won't run arbitrary upgrades at some random later point?
Thanks,
Guy
The code will be served from a local yum repository, so I figure we can install the latest version on new systems using an "ensure => present" in a package resource, and then push out updates from our bamboo server via mcollective. I understand that it's possible to install packages directly using mcollective via a plugin such as this one: https://github.com/puppetlabs/mcollective-package-agent. What I also am led to believe is that if I use the "ensure => present" in the package resource, that puppet will not make any attempts (after the initial install) to upgrade to a newer version of the package.
Does this seem like a valid way to get our code onto servers, ensuring that puppet won't run arbitrary upgrades at some random later point?
Thanks,
Guy
Stu Teasdale
May 15, 2014, 6:37:06 PM5/15/14
to puppet...@googlegroups.com
depending on how you're pushing packaes to your repo.
Stu
--
From the prompt of Stu Teasdale
The more you sweat in peace, the less you bleed in war.
Garrett Honeycutt
May 15, 2014, 6:39:02 PM5/15/14
to puppet...@googlegroups.com
This is a good approach that I have been advocating for some time. The
drawback to 'ensure => latest' is that your systems could update
whenever a new package is released to your repo. If puppet is set to run
in a staggered fashion across your systems, as is the default approach,
then your system would upgrade at different times, which is generally a
very bad thing. Using MCollective to trigger when updates happen means
that it happens at the same time and when you expect it, such as during
a maintenance window.
Best regards,
-g
--
Garrett Honeycutt
@learnpuppet
Puppet Training with LearnPuppet.com
Mobile: +1.206.414.8658
Guy Knights
May 16, 2014, 4:09:55 PM5/16/14
to puppet...@googlegroups.com
Thanks Garrett - so can you confirm then that ensure => present will never try to upgrade a package after the initial install?
Jeremy T. Bouse
May 16, 2014, 4:24:22 PM5/16/14
to puppet...@googlegroups.com
Guy,
With ensure set to present all puppet will do is ensure that the
software package is installed. Regardless of what version it will simply
validate that it is installed and if it isn't it will trigger and
install of the current version. You can then make use of 'mco package
update <PACKAGE>' to trigger updates. I use 'mco package status
<PACKAGE>' routinely to find out if all the systems are running the same
version.
On 16.05.2014 12:09, Guy Knights wrote:
> Thanks Garrett - so can you confirm then that ensure => present will
> never try to upgrade a package after the initial install?
>
> On Thursday, May 15, 2014 11:39:02 AM UTC-7, Garrett Honeycutt wrote:
>
>> On 5/15/14, 11:19 AM, Guy Knights wrote:
>>> I'm looking at ways to better automate our build pipeline and I'm
>> trying
>>> to envision ways to get our latest code package onto servers,
>> while also
>>> being able to update this package at specific, later times.
>>>
>>> The code will be served from a local yum repository, so I figure
>> we can
>>> install the latest version on new systems using an "ensure =>
>> present"
>>> in a package resource, and then push out updates from our bamboo
>> server
>>> via mcollective. I understand that it's possible to install
>> packages
>>> directly using mcollective via a plugin such as this one:
>>> https://github.com/puppetlabs/mcollective-package-agent [1]. What
> --
> You received this message because you are subscribed to the Google
> Groups "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it,
> send an email to puppet-users...@googlegroups.com [2].
> To view this discussion on the web visit
>
> https://groups.google.com/d/msgid/puppet-users/f86021fe-c0d7-401c-938c-bcf2e0c48ef0%40googlegroups.com
> [3].
> For more options, visit https://groups.google.com/d/optout [4].
>
>
> Links:
> ------
> [1]
>
> https://www.google.com/url?q75https%3A%2F%2Fgithub.com%2Fpuppetlabs%2Fmcollective-package-agent46sa75D46sntz75146usg75AFQjCNE0wEQKau1h0qXeatkks9tSb6UKiQ
> [2] mailto:puppet-users...@googlegroups.com
> [3]
>
> https://groups.google.com/d/msgid/puppet-users/f86021fe-c0d7-401c-938c-bcf2e0c48ef0%40googlegroups.com?utm_medium=email&utm_source=footer
> [4] https://groups.google.com/d/optout
With ensure set to present all puppet will do is ensure that the
software package is installed. Regardless of what version it will simply
validate that it is installed and if it isn't it will trigger and
install of the current version. You can then make use of 'mco package
update <PACKAGE>' to trigger updates. I use 'mco package status
<PACKAGE>' routinely to find out if all the systems are running the same
version.
On 16.05.2014 12:09, Guy Knights wrote:
> Thanks Garrett - so can you confirm then that ensure => present will
> never try to upgrade a package after the initial install?
>
> On Thursday, May 15, 2014 11:39:02 AM UTC-7, Garrett Honeycutt wrote:
>
>> On 5/15/14, 11:19 AM, Guy Knights wrote:
>>> I'm looking at ways to better automate our build pipeline and I'm
>> trying
>>> to envision ways to get our latest code package onto servers,
>> while also
>>> being able to update this package at specific, later times.
>>>
>>> The code will be served from a local yum repository, so I figure
>> we can
>>> install the latest version on new systems using an "ensure =>
>> present"
>>> in a package resource, and then push out updates from our bamboo
>> server
>>> via mcollective. I understand that it's possible to install
>> packages
>>> directly using mcollective via a plugin such as this one:
> You received this message because you are subscribed to the Google
> Groups "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it,
> send an email to puppet-users...@googlegroups.com [2].
> To view this discussion on the web visit
>
> https://groups.google.com/d/msgid/puppet-users/f86021fe-c0d7-401c-938c-bcf2e0c48ef0%40googlegroups.com
> [3].
> For more options, visit https://groups.google.com/d/optout [4].
>
>
> Links:
> ------
> [1]
>
> https://www.google.com/url?q75https%3A%2F%2Fgithub.com%2Fpuppetlabs%2Fmcollective-package-agent46sa75D46sntz75146usg75AFQjCNE0wEQKau1h0qXeatkks9tSb6UKiQ
> [2] mailto:puppet-users...@googlegroups.com
> [3]
>
> https://groups.google.com/d/msgid/puppet-users/f86021fe-c0d7-401c-938c-bcf2e0c48ef0%40googlegroups.com?utm_medium=email&utm_source=footer
> [4] https://groups.google.com/d/optout
Guy Knights
May 16, 2014, 5:08:20 PM5/16/14
to puppet...@googlegroups.com
Thanks Jeremy, I was pretty sure that was the behaviour but I just wanted to confirm as I hadn't found anywhere that explicitly spelled it out.
> [2] mailto:puppet-users+unsub...@googlegroups.com
Garrett Honeycutt
May 16, 2014, 8:42:28 PM5/16/14
to puppet...@googlegroups.com
Hi,
It will confirm that the package is present. If it is not present it
will attempt to install it. If it is, then no action is taken.
Br,
-g
On 5/16/14, 9:09 AM, Guy Knights wrote:
> Thanks Garrett - so can you confirm then that ensure => present will
> never try to upgrade a package after the initial install?
>
> On Thursday, May 15, 2014 11:39:02 AM UTC-7, Garrett Honeycutt wrote:
>
> On 5/15/14, 11:19 AM, Guy Knights wrote:
> > I'm looking at ways to better automate our build pipeline and I'm
> trying
> > to envision ways to get our latest code package onto servers,
> while also
> > being able to update this package at specific, later times.
> >
> > The code will be served from a local yum repository, so I figure
> we can
> > install the latest version on new systems using an "ensure =>
> present"
> > in a package resource, and then push out updates from our bamboo
> server
> > via mcollective. I understand that it's possible to install packages
> > directly using mcollective via a plugin such as this one:
> > https://github.com/puppetlabs/mcollective-package-agent
> <https://github.com/puppetlabs/mcollective-package-agent>. What I
> For more options, visit https://groups.google.com/d/optout.
It will confirm that the package is present. If it is not present it
will attempt to install it. If it is, then no action is taken.
Br,
-g
On 5/16/14, 9:09 AM, Guy Knights wrote:
> Thanks Garrett - so can you confirm then that ensure => present will
> never try to upgrade a package after the initial install?
>
> On Thursday, May 15, 2014 11:39:02 AM UTC-7, Garrett Honeycutt wrote:
>
> On 5/15/14, 11:19 AM, Guy Knights wrote:
> > I'm looking at ways to better automate our build pipeline and I'm
> trying
> > to envision ways to get our latest code package onto servers,
> while also
> > being able to update this package at specific, later times.
> >
> > The code will be served from a local yum repository, so I figure
> we can
> > install the latest version on new systems using an "ensure =>
> present"
> > in a package resource, and then push out updates from our bamboo
> server
> > via mcollective. I understand that it's possible to install packages
> > directly using mcollective via a plugin such as this one:
> > https://github.com/puppetlabs/mcollective-package-agent
> --
> You received this message because you are subscribed to the Google
> Groups "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to puppet-users...@googlegroups.com
> <mailto:puppet-users...@googlegroups.com>.
> You received this message because you are subscribed to the Google
> Groups "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to puppet-users...@googlegroups.com
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/f86021fe-c0d7-401c-938c-bcf2e0c48ef0%40googlegroups.com
> <https://groups.google.com/d/msgid/puppet-users/f86021fe-c0d7-401c-938c-bcf2e0c48ef0%40googlegroups.com?utm_medium=email&utm_source=footer>.
> https://groups.google.com/d/msgid/puppet-users/f86021fe-c0d7-401c-938c-bcf2e0c48ef0%40googlegroups.com
> For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages