In the course of training and consulting with Puppet, the question of change management best practices has come up over and over again. On the edges, we have small teams that can get away with simply version controlling their code using an SCM as an incremental backups while rolling out change in a fairly adhoc fashion and larger teams that need branches, QA, and DEV environments, and perhaps even separate repositories for each module. There is also the issues of roll back and testing. We are curious how the community approaches these problems in hopes of developing some best practices. So what do you guys/gals do?
Here we don't (yet) have different code bases for production and
development, but are considering it. Instead, we each have a clone of
the manifests in our home-dirs and test new stuff by running:
puppetd -t --environment <username>
on relevant dev machines, then push/pull the changes into the central
repository on the puppetmaster once everything seems ok.
As we have different puppetmaster servers (more or less one for each
customer), we try to share the most we can by putting almost everything
in modules, stored in seperate repositories on github. Then using
git-submodule (currently testing git-subtree [1] as a replacement) to
glue them all together in one big repository on each puppetmaster. This
forces us to write cross-platform manifests, in a "one application =
one module" fashion.
Marc
We'll be developing extensive practices in this area when we move to 0.25 and start using the environment support (that's why we wanted it, actually: our change management practices are difficult without them).
Generally speaking we plan to have all servers pointing to a "stable" environment where only bugfixes or emergency changes are introduced. We will develop in a testing/unstable branch and when we finish our testing, we will tag that as stable and move servers over to using this environment as the departments approve of the change.
--
Digant C Kasundra <dig...@stanford.edu>
Technical Lead, ITS Unix Systems and Applications, Stanford University
We developed some strategies to make puppet module development easy to test
and we have a way to rollout our configuration to different environments by
simply taging the versions we think they are stable enough. Basically we use
the power of the DVCS Git to get that done.
Development or changes of puppet manifests:
If we build a new Server we can choose between two different post install
scrips. The standard script simply installs puppet and register the node on
the puppetmaster for one of the three environments we have
(testing->integration->production) The other one installs a puppetmaster and
an empty git repo with a post-receive hook. This way it can be used as a
development-server.
And this is how it works:
- take your copy of your puppet-modules repo and commit your changes (don't
push them to the real puppetmaster)
- add the new development-server as a remote target to git.
- push the branch to the development-server
This is where the post-recieve hook kicks in. it copies the HEAD to the
modules directory of the development-server (he has his own puppetmaster) and
runs "puppetd --test --debug". That's it! Just make sure the
development-server includes all classes you want to test.
You can also do cosmetics on your commits while you fix some syntax errors or
small bugs, because you never pushed your changes to a public repo.
Rollout:
If the new version is ready and we believe everything is right, we push our
changes to the puppetmaster (if there are changes and you have to merge, go
back to your development-server and check if everythis is still ok).
On the puppetmaster there is another post-receive hook that copies the HEAD to
the testing environment. If everything went fine, we simply tag the version
with a integration-YYYYMMDDxx tag and push that tag. the post-receive hook
then copies that to the integration environment... and so on..
Rollback:
This comes for free, simply tag an older version with a newer tag (and restore
the damn file that ensure => absent killed from the backup :-) ).
We don't have that much servers in puppet at the moment ~80 and only 2 people
working on the manifests so i don't know if this scales if numbers grow.
Maybe someone here with experience on larger setups has some suggestions on
this? would be very welcome.
I hope someone understands my poor english.
Andy