Git branches => Puppet environments, automated with an mcollective agent
The puppetupdate agent will then pull your puppet code and checkout /etc/puppet/environments/xxx for each branch that you have, giving you an environment per branch.
This means that you can develop puppet code independently on a branch, push, mco puppetupdate and then puppet agent -t --environment xxxx on clients to test (where the environment maps to a branch name)
Branch name rewriting.
There are a selection of environment names which are not permitted in puppet.conf, these are:
If you have a branch named like this, then puppetupdate will automatically append 'branch' to the name, ergo a branch in git named 'master' will become an environment named 'masterbranch'.
Additionally, there are a selection of characters which whilst being valid git branch names, are not valid puppet environment names.
Notably, the following characters get translated:
- becomes _
/ becomes __
The following configuration options are recognised in the mcollective server.cfg, under the namespace plugin.puppetupdate.xxx
An ssh key to use when pulling puppet code. Note that this key must NOT have a passphrase.
Where you keep your puppet code, defaults to /etc/puppet
Environments are always under this directory, as is the checkout of your puppet code (in a directory named puppet.git)
The repository location from which to clone the puppet code.
Defaults to http://git/puppet
You almost certainly want to change this!
A comma separated list of branches to not bother checking out (but not remove if found).
Defaults to empty.
Often you want to set this to 'production', so that you can symlink the default branch to puppet client to whatever your default git branch is called (unless you name your default git branch 'production')
If any of the entries are bracketed by //, then the value is assumed to be a regular expression.
Matching happens against dir names as well as branch names so be sure that translation doesn't bite you. For example setting:
will match branch
some/thing but not the folder some__thing.
For example, the setting:
will ignore the 'production' branch, and also any branch prefixed with 'foobar'
A comma separated list of branches to never checkout, and remove if found checked out.
Value behaves in the same manor as ignore_branches
If set, after checking out / updating a branch then puppetupdate will chdir into the top level /etc/puppet/environments/xxx directory your branch has just been checked out into, and run the command configured here.
Use this to (for example) decrypt secrets committed to your puppet code using a private key only available on puppet masters.
Since 3.7 specifying
modulepath in puppet.conf is not allowed with
directory environments. It's value however doesn't often change between
environments so it does not make sense to keep environment.conf file in
link_env_conf to true will make puppetupdate link (if present)
/etc/puppet/environment.conf into every environment directory if it's not
This allows having single /etc/puppet/environment.conf:
modulepath = modules:vendor/modules:$basemodulepath
update_all action will remove deployments where
.git_revision file modification time is older than configured
Will also not deploy branches where latest commit is older than configured value.
To force-deploy an old branch run
update action on it directly.
0 will disable expiration functionality.
Requires docker to build .debs. Checkout, then just run:
BUILD_NUMBER=XXX make all
You'll get a .deb or .rpm of the code for this agent, which you can install on your puppet masters.
Arrange your puppet.conf on your puppetmaster to include the $environment variable, in the modulepath and manifest settings.
MIT licensed (See LICENSE.txt)
Patches are very welcome!