Planning dynamic environments with Git

[Jonathan Gazeley]

Hi all,

I'm in the process of redesigning my puppet architecture. We want to use
dynamic environments and Git (with GitLab). I read about using
post-receive hooks to automatically create environments and deploy stuff
that is pushed into various branches[1],[2]. But how does that work when
the GitLab server and Puppetmaster are different servers? There's not
much too much information about this.

Thanks,
Jonathan

[1] http://puppetlabs.com/blog/git-workflow-and-puppet-environments

[2]
https://github.com/adrienthebo/puppet-git-hooks/blob/master/post-receive/dynamic-environments

[Felix Frank]

On 11/20/2014 05:07 PM, Jonathan Gazeley wrote:
> But how does that work when the GitLab server and Puppetmaster are
> different servers?

Well, do they need to be? ;-)

[Spencer Krum]

A hook can use ssh to push. We set up a tool called puppetsync that would be run on the puppetmaster, but would be triggered by post-recieve hook over ssh from the git server.

--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/5470F980.1060107%40Alumni.TU-Berlin.de.

For more options, visit https://groups.google.com/d/optout.

--

Spencer Krum
(619)-980-7820

[Jonathan Gazeley]

Sort of, yes. We are quite strict about segregating services on our
systems, and the GitLab server is used for things other than just Puppet
configs.

[Jonathan Gazeley]

On 23/11/14 04:23, Spencer Krum wrote:
> A hook can use ssh to push. We set up a tool called puppetsync that
> would be run on the puppetmaster, but would be triggered by
> post-recieve hook over ssh from the git server.

Thanks, good tip. puppetsync script looks extremely useful :)

[Felix Frank]

I get that, and it's probably a good idea.

Then again, if you are also strict about security, it bears considering
whether gitlab or any other server should be given write access to the
puppet masters, which likely have the highest security demands among the
different parts of the infrastructure.

Cheers,
Felix

[Jonathan Gazeley]

You're absolutely right. I was planning to modify the git hook so
"production" never gets automatically updated, but the dev environments
(branches of production) do, so junior puppet developers at our place
can continue working without needing an administrator to push their
changes into production.

We're quite advanced puppet users in some ways, but the puppetmaster
itself was the first component I built and is showing its age now. I'm
still finding my way trying to invent a suitable workflow and modernise
my puppetmaster.

Thanks for your help :)

Jonathan

[Spencer Krum]

+1 to empowering the junior admins or developers.

--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.

To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/54733D6B.3050903%40bristol.ac.uk.

For more options, visit https://groups.google.com/d/optout.

--

Spencer Krum
(619)-980-7820