advice and best practices for environments

[Tim Mooney]

All-

I'm looking for some advice/wisdom/guidance about workflow and
configuration from sites that have been using environments for a while.
I'll happily take advice from anyone, but I'm especially interested in
tips from people that are using subversion as their VCS and are not
using an ENC.

The TL;DR list of questions I have is roughly:

- how are you controlling which nodes get assigned to which environments?
Templated puppet.conf and hiera()? Some other method?
- how are you using hiera with environments, especially in relation to
the environments limitations[1] page?
- what about custom puppet:/// mount points (outside of modules)? The
puppet doc overview of environments say that custom file paths are
not supported with environments[2], but that's not mentioned on
the limitations[1] page.
- do you use dynamic environments, and if so what's your subversion
workflow look like? The puppet docs call these Temporary Test
Environments [3]


[1] - http://docs.puppetlabs.com/puppet/latest/reference/environments_limitations.html
[2] - http://docs.puppetlabs.com/guides/environment.html?utm_campaign=docs&utm_medium=blog&utm_source=puppetlabs.com&utm_content=environments
[3] - http://docs.puppetlabs.com/puppet/latest/reference/environments_suggestions.html


Additional details on our environment:

We've been using puppet since 2.6.x, and are currently at 3.4.2. We're
looking to go to 3.6.x and also update our configuration for both
directory environments and the manifests dir, to be more prepared for
what 4.x will likely require.

We're not currently using any environments <hangs head in shame/>, so
the workflow and configuration needed for a non-git deployment has
me a little confused.

We don't use an ENC -- we have Puppet Dashboard, but use it rarely,
and only for reporting. As part of the move to 3.6.x, I would want to
switch us from site.pp with "import nodes/*.pp" to a manifests directory.

Our current /etc/puppet/hiera.yaml looks like:

---
:backends: - yaml

:hierarchy: - secure/fqdn/%{clientcert}
- fqdn/%{clientcert}
- secure/location/%{location}
- location/%{location}
- secure/common
- common

:yaml:
:datadir: /etc/puppet/hiera-data


%{location} is a custom fact associated with a particular datacenter.

We are using one custom puppet:/// file mount point (fileserver.conf):

[secure]
path /etc/puppet/secure/%H
allow *


Our modulepath in our current puppet.conf on the master looks like:

modulepath = /etc/puppet/modules:/usr/share/puppet/modules:/etc/puppet/forge-modules


Any tips and advice people have regarding workflow with environments and
subversion would be greatly appreciated!

Thanks,

Tim
--
Tim Mooney Tim.M...@ndsu.edu
Enterprise Computing & Infrastructure 701-231-1076 (Voice)
Room 242-J6, Quentin Burdick Building 701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164