The point i was trying to make was not the how. But that a group of
nodes will have 1 config and another a different config. It seems
like environments would be the way to group that.
>
> You said earlier that your master will assign nodes to environments, and at
> that time you were identifying Puppet environments with operational
> environments. It follows that you anticipate that your master will have
> enough information to identify nodes' intended operational environments.
I believe in my environment I can do that by hostname as a general rule.
> How the master should translate that information into node configurations is
> an entirely different question, and largely orthogonal to whether Puppet
> environments are associated with operational environments. Surely you don't
> suppose that every machine in the same operational environment will be
> configured identically to every other, so even if you do match Puppet
> environments to operational environments, that does not in itself address
> questions about how to assign configurations to nodes -- or, in Puppet
> speak, how to classify nodes.
Why can't I expect that. if I expect puppet to look after things like
MOTD, SSHD config, smtp config, firewall config. users. SOE directory
setup. Why can't I expect them to be the same. I understand that ip
address and name will be different.
>
> In fact, Puppet has several mechanisms for that, one of them being the one
> that you already plan on using to assign nodes to environments: the external
> node classifier (ENC). Puppet also makes heavy use of external data for
> configuring nodes, generally accessed via its Hiera hierarchical data
> subsystem. Hiera data can be used to directly classify nodes
> (hiera_include()), or to supplement classification performed primarily
> elsewhere (automated data binding, hiera(), hiera_hash(), hiera_array()). I
> prefer to put most of the load on Hiera, myself, but the reasons for that
> would be an entirely separate discussion.
I plan to use hiera - still getting my head around that.
>
> Furthermore, how you structure your manifest set plays heavily into how
> easily this all works out. If you are not already aware of Craig Dunn's
> "Roles and Profiles" pattern, then you should familiarize yourself with it.
> You are not obligated to use it, but I think it synergizes with your
> objectives, and it has been applied with great success in a lot of places.
I will definitely be looking at this. I had already planned on using
profiles and roles - got that from the sydney user group. I have most
of mine defined I believe. Now to work our how to implement
>
>
>>
>> > for it. Likewise, they do not need to know why they are configured to
>> > access a particular database server, why they have the particular vhosts
>> > configured that they do, why they have the particular users and
>> > passwords
>> > they have, why they mount the particular remote file systems they mount,
>> > etc..
>> >
>>
>>
>> Sorry our argument seems counter intuitive. Maybe I am miss
>> understanding.
>>
>> For example I have had a lot of issue with winbind. (centos 6.x). So
>> my thought is
>>
>> production environment - has all the prod nodes.
>> It has a specific version of winbind, might be old but it works
>>
>> My other environments have different newer versions of winbind.
>>
>>
>> if you can explain how I can do that with 1 environment . happy to
>> learn. I haven't done a puppet setup before - which is why i'm asking
>> and questioning.
>
>
>
> In the first place, this still has nothing to do with nodes being mindful of
> which Puppet environment they are assigned to, nor even of which operational
> environment they are assigned to. Nodes will use whichever winbind (for
> example) is installed on them, regardless of which environments you label
> them with. The nodes themselves don't much care what you call them -- they
> simply operate according to the way you configure them.
But ... this is what i want to use puppet for. winbind is a key
package that I want to manage - 99% of the other packages I don't care
about . Also something like java i want to manage.
when i say want to - I would like to. if i want to roll out a new test
version of winbind I had presume I would just change the package
modules for winbind to a newer version and it would roll out for that
environment - I would plan to leave it there for a week or month or
two to test. then once satisfied move than onto production.
I do this for winbind because its critical for our environment. same
with tzdata - but no so long testing times.
and kernel-image ..
>
> In the second place, if the master has enough information to determine
> nodes' intended operational environments, and it knows how nodes in those
> operational environments should be configured, then it can configure those
> nodes appropriately. If not, then not. Puppet environments are one vehicle
would i then need to have lots of if statements or ???
> for expressing such knowledge, but using them that way for your particular
> purposes would be clumsy, would take more work in the long run, and would
> interfere with using Puppet environments for other purposes to which they
> are better suited and in which they confer much greater advantage.
>
> I already mentioned external node classifiers and Hiera -- these are
> Puppet's primary mechanisms for matching configuration details to nodes.
> You can also use node blocks in conjunction with one or both of those,
> though these days the practical role of node blocks seems a bit diminished.
> That still has no essential bearing on either Puppet environments or
> operational environments. Even if you planned on using node blocks as your
> sole means of node classification, that would not require you to use Puppet
> environments to achieve your objectives.
Okay so I haven't run/installed/managed a puppet install. so i'm not
arguing I'm trying to understand and its still not that clear.
But I have asked this before and still haven't really had an answer
that fits in
Forgetting about the weather it MOTD, smtp or .. Some of my
environment is going to be different to other parts of it. from
something simple like a MOTD file or a smtp config or a rpm package or
even a java version.
These sort of things atleast to me sounds like they should be
separated by environments. If my prod / inf environments are running
java 7 and I am slowly rolling out java 8. I would want my none prod
to have java8.
How do I do that if i have one environment ... I am guessing with
hiera.. I am guessing I have to go in there and group the nodes into
groups and then do actions based on that groupings ... Sounds like
what environments would be good for. not saying one environment for
each difference
thanks .. if you can show me how to work my problem i outlined above
with 1 environment then I can get my head around it.
I will check out that blog.. and maybe after I have struggled with it
for a while, come to realise one is doing able!.
What is the down side to having multiple environments - why have R10k + git
>
https://groups.google.com/d/msgid/puppet-users/c327cef8-5dd5-448a-97cc-4c743db4b8a7%40googlegroups.com.