# Updating Deployments

## 1. Modifying and Testing Manifests

As we've called out when we change the manifest modifying a setting that's already managed by puppet. Puppet applies this change to the notes, the puppet agent does whatever is needed to bring the nodes to the new desired state, so you can make a small change in your manifests and have that modify all the machines in your fleet. This is super powerful. But with great power comes great responsibility in the next few videos, we'll look into how we can test our changes to make sure they do what we want them to do and then apply them onto our fleet without causing trouble.

It's pretty common for IT specialist working on configuration management to test out new rules on their machines by simply forcing the machine to apply the manifest they want to test. We've done this in some of our examples where we applied the rules locally before applying them to remote machines. This approach can backfire though. Say you're trying to use puppet to change the permissions of some files on the nose locking down some paths that you don't think that your users will need. Now imagine you try out the rules on your computer and discover you made a mistake and locked yourself out. Oops. So what can you do instead? There's a bunch of things to consider. A simple first step is to use the `puppet parser validate` command that checks that the syntax of the manifests is correct on top of that we can also run the rules using the `--noop` parameter the name comes from no operations and it makes puppet simulate what it would do without actually doing it. You can look at the list of actions that it would take and check that they're exactly what you wanted puppet to do.

But if the change is complex, it's likely that we'll miss something important when looking at the planned actions. Another option you could use is having test machines that are used only for testing out changes. You can apply the rules there and after a puppet has run check that everything's working correctly. But again, this is a manual process and we might forget to verify something important. How can we automate it kind of like the python automatic tests that we checked out in an earlier course. Puppet also lets us test our manifests automatically by using **rspec tests** In these tests. We can set the facts involved different values and check that the catalog ends up stating what we wanted it to, let's check out an example.

![img23](https://github.com/Brian-E-Nguyen/Google-IT-Automation-with-Python/blob/5-Config-Management-and-Cloud/5-Config-Management-and-Cloud/Week-2-Deploying-Puppet/img/img23.jpg?raw=true)

Here we're setting the is virtual fact to false. And then we asked the test infrastructure to verify that the gks you package is included with the insurer parameter set to latest tests. Test like this one can be a useful way to check that. Our catalog is written correctly and they can be super helpful when a rule is used a lot of facts that interact with each other and we want to check that the result is actually what we intended. We can write a bunch of these tests and run them automatically whenever there is a change to the rules this way we can be sure that the rules stay valid and know that the new changes didn't break the old rules, but that's just checks that the catalog contains the rules that we set should contain. How can we verify that these rules actually have the effects we want like enabling the corporate website or setting up a strict firewall. We need to apply the rules on the nodes and check that the result is correct.

We can automate this process to, to do this we can use the set of test machines where we first apply the catalog and then use scripts to check that the machines are behaving correctly. Now, let's assume all your tests were successful and the change is ready to be published. How do you push it safely to your whole fleet that's coming up in our next video.