/
SIMP Environments

SIMP Environments

Owned by Chris Tessmer
Last updated: Jan 06, 2020

Table of Contents

The term "environment"

The term "environment" is heavily overloaded when discussing SIMP, Puppet, DevOps, and IT in general.  We attempt to make the following distinctions:

Puppet environment directory

  • A single directory at $codedir/environments/<environment_name>
  • r10k deploy creates one Puppet environment directory per control repository branch.
  • r10k puppetfile install (using default settings) can be run at the top level a Puppet environment directory to deploy its modules from the local Puppetfile.

Puppet environment 

  • A single conceptual Puppet environment
  • Acts as a global namespace, with its own site manifest(s), modules, Hiera data (Hiera 4+), and Hiera hierarchy (Hiera 5+).
  • Derives its (deployed) assets from a Puppet environment directory
  • The standard Puppet sense of an "environment" when Puppet/PE operates independently from SIMP.

Extra (Secondary and Writable) environment directories

  • Secondary env dir: /var/simp/environments/<environment_name>
    • Home of rsync/ and site_files/pki_files/files/keydist/
  • Writable env dir: /opt/puppetlabs/server/data/puppetserver/simp/environments/
    • Home of gen_passwd/ and ssh_autokeys/
    • Used as a location that server-side functions (like passgen()) are guaranteed to be able to use for saving state.
  • Secondary and Writable environment directories pose a problem for Puppet scaling:
    • Load-balanced compile masters must keep the contents of both secondary environment directories in sync on both compile masters
    • In the future, filesystem alternatives like libkv may provide a way to solve the scaling problems these extra environments pose.

Secondary  environment

  • Assets and information SIMP needs to:
    • support a specific Puppet environment
    • maintain independently from the Puppet environment directory
      • This includes git-unfriendly files, such as secrets (e.g., keydist/), and large files distributed by rsync.
  • Sourced from the secondary environment directories

Writable environment

  • Puppet server-generated environment-specific SIMP data (e.g., passgen() data)
    • data is generated automatically by Puppet functions during catalog compilation
    • written to/sourced from the Writable environment directories
  • This includes master-generated data (e.g., passgen()), git-unfriendly secrets (e.g., keydist/), and files distributed by rsync

SIMP "Extra" environment 

  • The combined Secondary environment + Writable environment of the same name
  • (We probably need a better name for this)

SIMP "Omni" environment

  • The combined Puppet environment + SIMP Extra (Secondary + Writable) environment of the same name
  • (We might need a better name for this)

Infrastructure environment

  • A local site's dedicated internal infrastructure tier
  • Exists independently from Puppet
  • Often named something along the lines of "development," "testing, "acceptance," "staging," "production", etc.,
  • In Puppet circles, this is sometimes referred to an infrastructure as an "application tier" or "permanent test environment"

Environment

  • Ambiguous as ever, and could mean any of the above
  • Unless context suggests otherwise, probably means "Puppet environment"

References