Keep your puppet manifests under some sort of source code management.
There I said it.
Rolling back will save your bacon at least once, probably more than that.

Here’s how you setup puppet under git on a remote host.

Install gitosis ( a tool for easily managing git repos) – The installation creates user gitosis with homedir /srv/gitosis

sudo apt-get install gitosis
cp ~/.ssh/id_rsa.pub /tmp/.a
chmod 644 /tmp/.a
sudo su - gitosis -c "gitosis-init  < /tmp/.a"
rm /tmp/.a

Generate an ssh key as the user puppet on your puppet master

sudo su - puppet
ssh-keygen

Gitosis is configured as a git repository, so checkout the admin repo and add in the puppet user and the puppet project.

cd SOMEDIR
git clone gitosis@:gitosis-admin.git
cd gitosis-admin/
cat << EOF  >> gitosis.conf

[group puppetmasters]
members = chris@chimp puppet@PUPPET_MASTER
writable = puppet
EOF

copy over the puppet key /home/puppet/.ssh/id_rsa.pub into the keydir and push the changes to git

scp puppet@puppet:/home/puppet/.ssh/id_rsa.pub keydir/puppet@PUPPET_MASTER.pub
git commit -a -m "puppet added to gitosis"
git push

#make sure /etc/puppet is owned by the user puppet on the puppet master

sudo chown -R puppet:puppet /etc/puppet
cd /etc/puppet
git init
git remote add origin gitosis@:puppet.git
git add *
git commit -m "initial add"
git push origin master:refs/heads/master

Finally, add in the following to crontab on your puppet master to make sure changes get checked out every two minutes

MAITO=chris@EXAMPLE.com
*/2 * * * * cd /etc/puppet &&
/usr/bin/git pull origin master:refs/heads/master > /tmp/puppetmaster.log 2>&1

This might seem like a lot of trouble to go to, but it will prove useful in the future,especially when I get to the subjects of environments and testing.

Git will also prove useful when managing large file trees and can also be used as a puppet provider.

Categories: Tech

1 Comment

Howie · July 20, 2011 at 04:01

So will you get to the subject of environments and testing? 😉

I’ve got working environments, and Foreman classifying my nodes nicely, but understanding the git-speak enough to get a working one-branch-per-environment (dev->testing->prod) remote repo is a challenge!

Comments are closed.