Jira (PUP-8376) Revert to production when agent-specified environment doesn't exist

6 views
Skip to first unread message

Daniel Parks (JIRA)

unread,
Jan 21, 2018, 2:56:03 PM1/21/18
to puppe...@googlegroups.com
Daniel Parks created an issue
 
Puppet / New Feature PUP-8376
Revert to production when agent-specified environment doesn't exist
Issue Type: New Feature New Feature
Assignee: Unassigned
Created: 2018/01/21 11:55 AM
Priority: Normal Normal
Reporter: Daniel Parks

Puppet Version: 5.3.4

Please add a setting that causes the agent to switch to a specific environment, e.g. production, when the agent-specified environment does not exist.

Our workflow:

  1. Deploy a feature branch, e.g. change_ntp_server
  2. Switch a node over to the feature branch for development, e.g. sudo puppet config set --section agent environment change_ntp_server
  3. Run puppet, update branch, run puppet…
  4. Merge the feature branch into production
  5. Delete the feature branch
  6. Our custom puppet wrapper detects that the change_ntp_server environment no longer exists, and switches the environment back to production

I don't particularly care if it switches the environment for just that run, or changes it in the configuration file.

We are currently using a python script to wrap puppet, but I've ported it to Go and we'll deploy that soon: puppetlabs-operations/puppet-cron.
Add Comment Add Comment
 
This message was sent by Atlassian JIRA (v7.0.2#70111-sha1:88534db)
Atlassian logo

Henrik Lindberg (JIRA)

unread,
Jan 22, 2018, 4:15:02 AM1/22/18
to puppe...@googlegroups.com
Henrik Lindberg assigned an issue to Daniel Parks
Change By: Henrik Lindberg
Assignee: Daniel Parks

Henrik Lindberg (JIRA)

unread,
Jan 22, 2018, 4:15:03 AM1/22/18
to puppe...@googlegroups.com
Henrik Lindberg commented on New Feature PUP-8376
 
Re: Revert to production when agent-specified environment doesn't exist

I assume you are doing this in a master scenario (agents get their catalog from the master). If that is the case, why use agent specified environment instead of using an ENC? You could then do this yourself in the ENC script, and you would not need to change the env on the agent as you would determine the mapping node => env on the master side.

Gene Liverman (JIRA)

unread,
Jan 22, 2018, 12:17:02 PM1/22/18
to puppe...@googlegroups.com
Gene Liverman commented on New Feature PUP-8376

I will let Daniel Parks answer your specific question Henrik Lindberg but, before coming to Puppet, we used FOSS puppet in a master-based environment and the inability for an agent to deal with its environment not existing caused us much pain. We did all of our work on our control repo and internal modules via the Git Flow workflow which is much the same as previously described. More than once we missed the step of moving a node back to production before deleting the branch and ended up having to connect directly to that node and manually change its branch back.

Daniel Parks (JIRA)

unread,
Dec 21, 2018, 8:30:03 PM12/21/18
to puppe...@googlegroups.com
Daniel Parks commented on New Feature PUP-8376

Apologies for the 11 month delay!

We generally run puppet by hand with the environment specified (puppet agent -tE devbranch). There a number of reasons for this, the largest of which is convenience (a CLI tool on the node is always going to be more convenient).

Furthermore, using a custom ENC would be a giant pain, since we would have multiple people changing it, often at the same time.
This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93)
Atlassian logo

Daniel Parks (JIRA)

unread,
Jan 10, 2019, 5:06:04 AM1/10/19
to puppe...@googlegroups.com
Daniel Parks assigned an issue to Henrik Lindberg
 
Change By: Daniel Parks
Assignee: Daniel Parks Henrik Lindberg

Henrik Lindberg (JIRA)

unread,
Jan 10, 2019, 5:22:03 AM1/10/19
to puppe...@googlegroups.com
Henrik Lindberg commented on New Feature PUP-8376
 
Re: Revert to production when agent-specified environment doesn't exist

Have not tried, but it should be possible to write an external ENC that checks if the env from agent is available and if so returns that, otherwise the production env.

Henrik Lindberg (JIRA)

unread,
Jan 10, 2019, 5:22:04 AM1/10/19
to puppe...@googlegroups.com
Henrik Lindberg assigned an issue to Daniel Parks
Change By: Henrik Lindberg
Assignee: Henrik Lindberg Daniel Parks

Henrik Lindberg (JIRA)

unread,
Jan 10, 2019, 5:23:04 AM1/10/19
to puppe...@googlegroups.com
 
Re: Revert to production when agent-specified environment doesn't exist

Ping Josh Cooper - what do you think about this feature request?

Gene Liverman (JIRA)

unread,
Jan 10, 2019, 11:18:04 AM1/10/19
to puppe...@googlegroups.com
Gene Liverman commented on New Feature PUP-8376

Not sure what I think about the ENC idea as that would be a layer between Puppet and PE.... (this is an off-the-cuff thought)

Daniel Parks (JIRA)

unread,
Jan 17, 2019, 3:11:03 AM1/17/19
to puppe...@googlegroups.com
Daniel Parks assigned an issue to Unassigned
 
Change By: Daniel Parks
Assignee: Daniel Parks

Daniel Parks (JIRA)

unread,
Jan 17, 2019, 3:14:03 AM1/17/19
to puppe...@googlegroups.com
Daniel Parks commented on New Feature PUP-8376
 
Re: Revert to production when agent-specified environment doesn't exist

Apparently I can change the assignee from a community account

I unassigned myself, since it's not waiting on me (if I'm incorrect, let me know). Should this now be assigned to Josh Cooper? I'm not really sure what your workflow is.

Daniel Parks (JIRA)

unread,
Jan 17, 2019, 3:17:05 AM1/17/19
to puppe...@googlegroups.com
Daniel Parks commented on New Feature PUP-8376

Currently we (InfraCore) are using something that is functionally identical to puppetlabs-operations/puppet-cron, but written in Python (I got distracted trying to figure out packaging for the Go one).

Henrik Lindberg (JIRA)

unread,
Jan 17, 2019, 9:28:04 AM1/17/19
to puppe...@googlegroups.com

Gene Liverman It would be possible to wrap one ENC in another - i.e. it would delegate to the PE ENC for everything except the checking and possible switching.

Henrik Lindberg (JIRA)

unread,
Jan 17, 2019, 9:28:05 AM1/17/19
to puppe...@googlegroups.com
Henrik Lindberg assigned an issue to Josh Cooper
 
Change By: Henrik Lindberg
Assignee: Josh Cooper

Gene Liverman (JIRA)

unread,
Jan 17, 2019, 9:29:02 AM1/17/19
to puppe...@googlegroups.com

Josh Cooper (JIRA)

unread,
Jan 23, 2019, 12:14:03 PM1/23/19
to puppe...@googlegroups.com
Josh Cooper commented on New Feature PUP-8376

The agent logic for switching environments is already convoluted (since facts can change your environment, but when you switch environments, you will pluginsync from a potentially different set of modules, so your facts may change). I'd rather see the ENC handle whatever policy is desired, and keep the agent/server communication as it is.

Also if the goal is to only run in the agent specified environment to test the PR, then we shouldn't be doing puppet config set environment devbranch. Instead just specify the devbranch environment when running "oneshot" run puppet agent -tE devbranch. That way we don't need to "reset" the environment once the PR is merged. But maybe I'm not understanding?

Daniel Parks (JIRA)

unread,
Jan 23, 2019, 3:12:02 PM1/23/19
to puppe...@googlegroups.com
Daniel Parks commented on New Feature PUP-8376

We generally want to run the agent in that environment for a while, since often reverting the environment early will cause undesirable changes. It's general enough that we set the current environment in puppet.conf from within our Puppet code.

This boils down to three requirements:

  • I can set the environment on a node from the node itself. Ideally, this can be enforced with Puppet code.
  • The environment will be reverted to production when the branch is deleted.
  • Built into puppet.

I don't really care about the implementation. A nice to have is being able to get the current environment with puppet config print.

Josh Cooper (JIRA)

unread,
Jul 17, 2019, 2:32:04 PM7/17/19
to puppe...@googlegroups.com
Josh Cooper commented on New Feature PUP-8376

It would be very surprising if an agent automatically switched to production if the $codedir/environments/<branch> directory didn't exist, as we couldn't differentiate between the scenario you're describing and simple misconfiguration (set the branch and forgot to checkout the branch).

I think you're better off keeping the logic for checking out/deleting branches and setting/unsetting the agent environment in the same agent-side code that runs puppet.

Josh Cooper (JIRA)

unread,
Jul 17, 2019, 2:33:03 PM7/17/19
to puppe...@googlegroups.com
Josh Cooper assigned an issue to Unassigned
 
Change By: Josh Cooper
Assignee: Josh Cooper

Josh Cooper (JIRA)

unread,
Oct 1, 2019, 6:37:03 PM10/1/19
to puppe...@googlegroups.com
Josh Cooper commented on New Feature PUP-8376
 
Re: Revert to production when agent-specified environment doesn't exist

I'm going to close this ticket based on my earlier comments.
Reply all
Reply to author
Forward
0 new messages