Versions Compared

Old Version 7

changes.mady.by.user Chris Tessmer

Saved on

compared with

New Version 8

changes.mady.by.user Chris Tessmer

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Outside of SIMP, Git-based control repositories have been become the dominant technology to manage and deploy Puppet code since 2015. 

At a high-level, this a control repository workflow involves:

  • Puppetfile that defines a collection of Puppet modules and where to get them
  • A (Git) Control repository, where each branch defines a complete Puppet environment (which includes a Puppetfile)
  • A tool (r10k or PE Code Manager) to deploy Puppet environments from the control repository branches
  • (Advanced, but preferred) Repository webhooks that automatically trigger environment deployments on the Puppet master(s) whenever a branch is updated.

The upshot is that a control repository branch defines everything needed to recreate a specific Puppet environment. 

Image RemovedImage Added

Puppet environments as code

A branch contains Defining everything required needed to recreate create a Puppet environment , so enables Puppet Environments can  to be treated handled like code:

  • (Using r10k/Code Manager,) Adding or removing a git branch in the control repository will add or remove that environment on the Puppet master(s
    • (using r10k/Code Manager + webhook triggers)
  • The Puppet environment updates change control process can be submitted as handled as merge/pull requests 
  • User Developers can test, diff, and review Puppet environment changes before promoting them into important environments
  • When As control repo branches are updated, CI pipelines can automatically trigger tests and master-side deployments

Multiple Puppet environments

...

Since Because 1 control repo branch = 1 Puppet environment, managing multiple Puppet environments is as simple as using git:

Control repos + Puppet deployment tools enable advanced environment scenarios:

...

Scaling Puppet with Control Repository-based workflows

  • r10k, Code Manager :) Deploy make it easy to deploy consistent Puppet environments across Puppet architectures that involve multiple masters  
  • (Bolt:) Manage Bolt makes it possible to manage remote "agentless" hosts by checking out an environment's modules (using bolt puppetfile install) before running bolt apply

...

Limitations and conflicts

Although it It has been technically possible to use multiple Puppet environments and control repositories since SIMP 5.0 (

Status
colourGrey
titleSIMP 5.0-6.3
).  However, in practice this has been cumbersome , risky, and easy to get wrong.  Getting it wrong risks accidentally leaking or losing site data (such as passgen secrets and PKI files).  Getting it right requires right requires an in-depth knowledge of Puppet environments and SIMP's "extra" environments, and there are still significant limitations.  Even when handled well, there are still significant limitations—for instance, it still won't be feasible to host redundant (compile) masters behind a VIP unless site administrators arrange some method to keep the SIMP "extra" environment data in sync across each server.

The recent 6.4.0 release (

Status
colourBlue
titleSIMP 6.4
) retooled updated SIMP so it can to safely support single-environment Puppetfile deployments (e.g., r10k puppetfile install from a Puppet environment directory) out of the box.  in a single, permanent Puppet environment (i.e., production).

However, there are still two major sources of conflicts problems when using SIMP 6.4.0 with multiple Puppet environments and control repositories:

Issue 1: SIMP automation alters files under the Puppet and SIMP environment directories 

...