Page MenuHomeSoftware Heritage
Create Task
Maniphest T2606

Test puppet configuration in a local vagrant environment
Closed, MigratedEdits Locked
Actions

Description

It could be more convenient to have a way to simulate the result of the puppet configuration in a local environment before actually committing it.

The octocalog-diff is working well to see the impacts of a change, but it does not allow to really check if the services will be functional.

The current status of the poc is :

  • Create a base debian 10 image for virtualbox
  • Create a vagrant configuration on few servers to test and detect the configurations to adapt
  • initiate a usage documentation
  • adapt the configuration to be able to test locally without interference with the other environments
  • extend the configuration to more servers and iterate on the previous section

Some annoying issues are already detected :

  • [fixed] The dns configuration installed on the server is not compatible with local test
  • [fixed] The network configuration is defined per host and needs to be adapted to deploy the same server in a different network configuration
  • Icinga configuration uses the certificate created by the puppet agent when it talks with the puppet master. In the current POC using only the "puppet apply" way, there are persistent errors complaining for missing files
  • For the moment, the provisioning use a script adapted from the octocatalog-diff one, but it forces to commit the changes before being able to test in vagrant, it should be improved to make the provisioning more smooth

Revisions and Commits

rSENV Puppet Environment
AbandonedD4149 bin/octocatalog-diff: Provide the environment when diff-ing
ClosedD4148 Vagrantfile: Use hiera.yaml directly
D4138rSENVe2717bb702a6 Vagrantfile: Add libvirt vm
D4137rSENV9198d86e3909 packer: Add template to build qemu/libvirt images
D4168rSENVae856e33d9e3 Update Vagrantfile to match recent changes to swh-site
D4136rSENVe792de73e74f packer: Move specific vbox configuration to the top
D4116rSENVb101d020490e Vagrantfile: Add staging-deposit node
D3967rSENVc6ff01ebc08b add vagrant configuration and documentation
D3967rSENV7585ad03eb24 Create the virtualbox image used to instantiate the vagrant environment
rSPSITE puppet-swh-site
AbandonedD4147 Define configuration per environment within hiera
D4167rSPSITE2defd02d796d Add a `manage_interfaces` variable to guard /etc/network/interfaces management
D4166rSPSITEbf967316076e Improve hierarchy comments
D4165rSPSITEe5929bb9b7c8 Split subnet-specific settings and deployment-specific settings
D4164rSPSITEc9dba6018df8 Rename the `location` variable to `subnet`
D4163rSPSITE41ff8d551727 Move common private credentials lower in the hierarchy
D4163rSPSITE091ac2d3e527 Move hiera default values to a common directory
D3989rSPSITE0c8e46a88da2 adapt the configuration for the vagrant environment

Related Objects

Event Timeline

vsellier changed the task status from Open to Work in Progress.Sep 16 2020, 6:16 PM
vsellier triaged this task as Normal priority.
vsellier created this task.
vsellier added a revision: D3967: Vagrant environment to test puppet locally.Sep 16 2020, 6:28 PM
vsellier added a revision: D3989: adapt configuration for the vagrant environment.Sep 18 2020, 3:09 PM
vsellier updated the task description. (Show Details)Sep 21 2020, 11:49 AM
vsellier added a commit: rSENV7585ad03eb24: Create the virtualbox image used to instantiate the vagrant environment.Sep 28 2020, 2:55 PM
vsellier added a commit: rSENVc6ff01ebc08b: add vagrant configuration and documentation.
vsellier added a commit: rSPSITE0c8e46a88da2: adapt the configuration for the vagrant environment.Sep 28 2020, 3:26 PM
ardumont updated the task description. (Show Details)Oct 1 2020, 2:52 PM
ardumont added a revision: D4116: Vagrantfile: Add staging-deposit node.Oct 1 2020, 3:00 PM
ardumont added a revision: D4136: packer: Move specific vbox configuration closer to the top.Oct 6 2020, 11:45 AM
ardumont added a revision: D4137: packer: Add template to build qemu/libvirt images.
ardumont added a revision: D4138: Vagrantfile: Allow libvirt vm build.
ardumont added a revision: D4147: Define configuration per environment within hiera.
ardumont added a revision: D4148: Vagrantfile: Use hiera.yaml directly.
ardumont added a revision: D4149: bin/octocatalog-diff: Provide the environment when diff-ing.
ardumont added a commit: rSENVb101d020490e: Vagrantfile: Add staging-deposit node.Oct 6 2020, 2:39 PM
ardumont added a commit: rSENVe792de73e74f: packer: Move specific vbox configuration to the top.
ardumont added revisions: D4163: Move hiera default values to a common directory, D4164: Rename the `location` variable to `subnet`, D4165: Split subnet-specific settings and deployment-specific settings, D4166: Improve hierarchy comments, D4167: Disable network profile for vagrant., D4168: Update Vagrantfile to match recent changes to swh-site.Oct 6 2020, 7:27 PM
ardumont added a subscriber: ardumont.

This task is pulling some serious improvments and clarification on our puppet manifests \o/

olasd added a commit: rSPSITE091ac2d3e527: Move hiera default values to a common directory.Oct 7 2020, 6:22 PM
olasd added a commit: rSPSITE41ff8d551727: Move common private credentials lower in the hierarchy.
olasd added a commit: rSPSITEc9dba6018df8: Rename the `location` variable to `subnet`.
olasd added a commit: rSPSITEe5929bb9b7c8: Split subnet-specific settings and deployment-specific settings.
olasd added a commit: rSPSITEbf967316076e: Improve hierarchy comments.Oct 7 2020, 6:33 PM
olasd added a commit: rSENVae856e33d9e3: Update Vagrantfile to match recent changes to swh-site.Oct 8 2020, 5:52 PM
olasd added a commit: rSPSITE2defd02d796d: Add a `manage_interfaces` variable to guard /etc/network/interfaces management.Oct 8 2020, 5:58 PM
ardumont added a commit: rSENV9198d86e3909: packer: Add template to build qemu/libvirt images.Oct 12 2020, 3:50 PM
ardumont added a commit: rSENVe2717bb702a6: Vagrantfile: Add libvirt vm.
vsellier updated the task description. (Show Details)Nov 17 2020, 11:30 AM
vsellier closed this task as Resolved.Nov 17 2020, 11:37 AM
  • adapt the configuration to be able to test locally without interference with the other environments :

The /etc/hosts files of the vagrant vms are configured to declare local ips for the service they are using [1] . It's not a strong security but it works for the moment.
A strongest security will be put in place when the admin servers will be moved to the admin network, the network could be filtered to ensure such local vms can't interact with real production servers

  • extend the configuration to more servers and iterate on the previous section

We have several hosts now declared on the vagrant configuration[2] and we are adding new ones each time we are deploying / upgrading a service.

[1] https://forge.softwareheritage.org/rSPSITE47d0ec201bc89ebc2445a365e23b191bbddfb8ff
[2] https://forge.softwareheritage.org/source/puppet-environment/browse/master/Vagrantfile

gitlab-migration changed the task status from Resolved to Migrated.Oct 19 2022, 5:58 PM
gitlab-migration claimed this task.
gitlab-migration added a subscriber: gitlab-migration.

This task has been migrated to GitLab.

About · Developer information · Legal