Over the years Puppet has handled resources ordering without explicit dependencies in different ways, with the release of Puppet 3.3.0 they’ve exposed this ordering logic to the admin with three interesting options. To test these options out we’ll use the ‘ordering’ test module shown below. We include three classes, ordering::beta, ordering::alpha and ordering::gamma (note that the includes are not in alphabetically sorted order). Each of these classes has three notify statements that show a number and the class they are contained in. Read on →

We use Amazon CloudFormation for a number of our deployments at $WORK. Although it’s nice to have security group creation inside the same template as the resources it will secure, CloudFormations ‘helpful’ addition of a unique string at the end of the resource names it creates can sometimes be a problem. A couple of tools assume security groups will have an absolute, unchanging name and lack a way to search for an appropriately tagged security group whose name can change on stack rebuild. Read on →

Even though I don’t spend as much time writing puppet code as I used to I try to stay relevant and as part of that I like to read all the Puppet books that come out. Below are the ones I’ve read this year, brief thoughts on them and the reading path I’d give to a new junior. As the name implies the Puppet 3 Beginner’s Guide is a decent place to start learning Puppet. Read on →

The kind people at Apress provided me with an alpha review copy of Pro Puppet and while it’s not the finished product you can already get a good feel for the books tone and coverage. I quite liked the first edition of Pro Puppet and this update is more evolutionary than revolutionary. All chapters from the previous edition are present and the biggest addition is the very welcome chapter on using Hiera in your modules; even if it’s oddly placed at the end of the book. Read on →

Puppet has always supported templating via ERB and while it’s a powerful, flexible templating engine the ability to use any arbitrary ruby code inside a template that’s run on the puppet master sometimes raises some eyebrows. As part of a security architecture review the concept of replacing the templating engine with something that still allows looping and text manipulation without allowing too much else was discussed and led to the idea of allowing templates to be written in Liquid. Read on →

While doing some experiments with Ansible I came across a little snippet of code that I really liked - - name: manage /etc/sudoers template: src=sudoers.j2 dest=/etc/sudoers validate='visudo -cf %s' Ansible runs the command specified by ‘validate’ against the expanded templates contents and only copies the newly generated file in to place if it’s valid. This is a wonderful feature that will help stop you from making some potentially time consuming errors. Read on →

Facter 1.7 introduced support for external facts, and I gave some external fact examples, but it left a couple of small issues unresolved. One of the larger ones is the subject of syncing the external facts down to the clients. At the moment most people are managing the external facts as file resources which creates one important difference between an internal and external fact. Internal facts are synced down at the start of the run and so are available to the puppet agent within a single run. Read on →

When writing puppet modules sometimes you need to ensure that certain classes are only used within your module itself. For example a class that implements functionality based on the local operating system that should only be used by your public class. While reading though the new puppetlabs-mcollective modules source I came across a new pattern I’d not seen used in puppet before that achieves this in a very elegant way and i thought it was worth a second look. Read on →

We’re currently moving some of our early stage dev prototypes to a more automated environment and as part of this work I’m converting command line AWS resource creation to parameterised CloudFormation templates that we can use to either run multiple stacks side by side or recreate the entire stack from development to production. It’s been quite a frustrating afternoon due to some tool chain related yak shaving and some nuances in how CloudFormation works. Read on →

The most interesting links in my twitter feed this week have all been about VMWorld 2013 and the new technologies VMWare is making available in vSphere 5.5. As I don’t actually use VMWare at work (we’re using KVM and AWS at the moment) very little of it is immediately relevant to me - but then I spotted the ‘VMWare Certified Associate - Data Center Virtualization’ announcement. There is some combination of both being stuck inside waiting for family to arrive and pure envy about all the new cool stuff that tempted me in to watching the (free) VMWare Data Center Virtualization Fundamentals training course, reading the exam blue print and making an attempt at the exam. Read on →