Page MenuHomeSoftware Heritage

Test puppet configuration in a local vagrant environment
Closed, MigratedEdits Locked

Description

It could be more convenient to have a way to simulate the result of the puppet configuration in a local environment before actually committing it.

The octocalog-diff is working well to see the impacts of a change, but it does not allow to really check if the services will be functional.

The current status of the poc is :

  • Create a base debian 10 image for virtualbox
  • Create a vagrant configuration on few servers to test and detect the configurations to adapt
  • initiate a usage documentation
  • adapt the configuration to be able to test locally without interference with the other environments
  • extend the configuration to more servers and iterate on the previous section

Some annoying issues are already detected :

  • [fixed] The dns configuration installed on the server is not compatible with local test
  • [fixed] The network configuration is defined per host and needs to be adapted to deploy the same server in a different network configuration
  • Icinga configuration uses the certificate created by the puppet agent when it talks with the puppet master. In the current POC using only the "puppet apply" way, there are persistent errors complaining for missing files
  • For the moment, the provisioning use a script adapted from the octocatalog-diff one, but it forces to commit the changes before being able to test in vagrant, it should be improved to make the provisioning more smooth

Event Timeline

vsellier changed the task status from Open to Work in Progress.Sep 16 2020, 6:16 PM
vsellier triaged this task as Normal priority.
vsellier created this task.
  • adapt the configuration to be able to test locally without interference with the other environments :

The /etc/hosts files of the vagrant vms are configured to declare local ips for the service they are using [1] . It's not a strong security but it works for the moment.
A strongest security will be put in place when the admin servers will be moved to the admin network, the network could be filtered to ensure such local vms can't interact with real production servers

  • extend the configuration to more servers and iterate on the previous section

We have several hosts now declared on the vagrant configuration[2] and we are adding new ones each time we are deploying / upgrading a service.

[1] https://forge.softwareheritage.org/rSPSITE47d0ec201bc89ebc2445a365e23b191bbddfb8ff
[2] https://forge.softwareheritage.org/source/puppet-environment/browse/master/Vagrantfile