SIMP Environments

Owned by Chris Tessmer
Last updated: Jan 06, 2020
2 min read

Table of Contents

The term "environment"

The term "environment" is heavily overloaded when discussing SIMP, Puppet, DevOps, and IT in general.  We attempt to make the following distinctions:

Puppet environment directory

  • A single directory at $codedir/environments/<environment_name>
  • r10k deploy creates one Puppet environment directory per control repository branch.
  • r10k puppetfile install (using default settings) can be run at the top level a Puppet environment directory to deploy its modules from the local Puppetfile.

Puppet environment 

  • A single conceptual Puppet environment
  • Acts as a global namespace, with its own site manifest(s), modules, Hiera data (Hiera 4+), and Hiera hierarchy (Hiera 5+).
  • Derives its (deployed) assets from a Puppet environment directory
  • The standard Puppet sense of an "environment" when Puppet/PE operates independently from SIMP.

Extra (Secondary and Writable) environment directories

  • Secondary env dir: /var/simp/environments/<environment_name>
    • Home of rsync/ and site_files/pki_files/files/keydist/
  • Writable env dir: /opt/puppetlabs/server/data/puppetserver/simp/environments/
    • Home of gen_passwd/ and ssh_autokeys/
    • Used as a location that server-side functions (like passgen()) are guaranteed to be able to use for saving state.
  • Secondary and Writable environment directories pose a problem for Puppet scaling:
    • Load-balanced compile masters must keep the contents of both secondary environment directories in sync on both compile masters
    • In the future, filesystem alternatives like libkv may provide a way to solve the scaling problems these extra environments pose.

Secondary  environment

  • Assets and information SIMP needs to:
    • support a specific Puppet environment
    • maintain independently from the Puppet environment directory
      • This includes git-unfriendly files, such as secrets (e.g., keydist/), and large files distributed by rsync.
  • Sourced from the secondary environment directories

Writable environment

  • Puppet server-generated environment-specific SIMP data (e.g., passgen() data)
    • data is generated automatically by Puppet functions during catalog compilation
    • written to/sourced from the Writable environment directories
  • This includes master-generated data (e.g., passgen()), git-unfriendly secrets (e.g., keydist/), and files distributed by rsync

SIMP "Extra" environment 

  • The combined Secondary environment + Writable environment of the same name
  • (We probably need a better name for this)

SIMP "Omni" environment

  • The combined Puppet environment + SIMP Extra (Secondary + Writable) environment of the same name
  • (We might need a better name for this)

Infrastructure environment

  • A local site's dedicated internal infrastructure tier
  • Exists independently from Puppet
  • Often named something along the lines of "development," "testing, "acceptance," "staging," "production", etc.,
  • In Puppet circles, this is sometimes referred to an infrastructure as an "application tier" or "permanent test environment"

Environment

  • Ambiguous as ever, and could mean any of the above
  • Unless context suggests otherwise, probably means "Puppet environment"

References