Validating a puppet configuration

[Lars Kellogg-Stedman]

If anyone out there follows Serverfault, this is a duplicate of http://goo.gl/CTS2u.  I'm hoping there are some subject matter experts here :).

I am trying to place some sanity checks (currently as git pre-commit hooks) in our configuration repository to avoid committing invalid Puppet configurations.  I'm having a surprising amount of trouble coming up with a way to effectively validate the configuration.  My obvious first choice was "puppet parser validate ...", which does some gross syntax checks (unmatched quotes and brackets and so forth) but doesn't throw errors on things like this:

  file { 'somefile':
    requires => Service['someservice']
  }

(where 'requires' should be 'require'), nor does it notice problems like this:

  sdlflsjlksdf { 'myname': }

(where 'sdlflsjlksdf' isn't defined anywhere).

Some folks have suggested "puppet master --compile ...", but this really, reallly wants to fix permissions all over the place on directories that are used by Puppet.  I have also tried "puppet apply --noop", but this still tries to stat() any files referenced in the manifests, which means it will fail with permission errors if it tries to stat() a file or directory that is not accessible to a non-root user.  Does anyone here have suggestions for effectively performing more aggressive syntax checks than those offered by "puppet parser validate"?

-- Lars

[Greg Hellings]

Have you looked at using these?

projects.puppetlabs.com/projects/1/wiki/Puppet_Version_Control

--

Greg

--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/cpzgsk5X2fgJ.
To post to this group, send email to puppet...@googlegroups.com.
To unsubscribe from this group, send email to puppet-users...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.

[Scott Smith]

Those hooks are the gross syntax checks to which he initially referred.

[Eric Shamow]

Have you considered bootstrapping a test suite like cucumber-puppet?

https://github.com/nistude/cucumber-puppet

-Eric

 Topic: Validating a puppet configuration

Lars Kellogg-Stedman <lar...@gmail.com> Jul 29 06:33AM -0700 ^

Greg Hellings <ghel...@spokeo.com> Jul 29 09:49AM -0700 ^

 
Have you looked at using these?
projects.puppetlabs.com/projects/1/wiki/Puppet_Version_Control
 
--
Greg
 
 


 

Scott Smith <sc...@ohlol.net> Jul 29 10:19AM -0700 ^

[Nikolay Sturm]

* Lars Kellogg-Stedman [2011-07-29]:

> I am trying to place some sanity checks (currently as git pre-commit
> hooks) in our configuration repository to avoid committing invalid
> Puppet configurations.

This is exactly the use case for cucumber-puppet. It compiles your
catalog, catching any syntax errors in your manifest and by default
ships with a step to verify requirements resolution. This should already
be of help, but you can test whatever you want in your cucumber
scenarios. Cucumber-puppet needs a node's yaml file, to verify its
catalog or can operate on single classes individually. More information
can be found here:

http://projects.puppetlabs.com/projects/cucumber-puppet/wiki

cheers,

Nikolay

--
"It's all part of my Can't-Do approach to life." Wally

[John Warburton]

On 1 August 2011 15:47, Nikolay Sturm <goo...@erisiandiscord.de> wrote:

* Lars Kellogg-Stedman [2011-07-29]:

> I am trying to place some sanity checks (currently as git pre-commit
> hooks) in our configuration repository to avoid committing invalid
> Puppet configurations.

This is exactly the use case for cucumber-puppet. It compiles your

Does anyone do this on a large scale? I have 140 manifests managing over 1600 resources. Writing cucumber for all that seems quite burdensome

John