Skip to content
Snippets Groups Projects
Verified Commit e4969f40 authored by anarcat's avatar anarcat
Browse files

note about puppet code validation

parent fcb7b102
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 22 additions and 2 deletions
howto/puppet.md
+ 22
2
View file @ e4969f40
...@@ -285,6 +285,21 @@ Finally, to run the tests, you need to wrap your invocation with ...@@ -285,6 +285,21 @@ Finally, to run the tests, you need to wrap your invocation with
bundle exec rake test bundle exec rake test
## Validating Puppet code
You SHOULD run validation checks on commit locally before pushing your
manifests. To install those hooks, you should clone this repository:
git clone https://github.com/anarcat/puppet-git-hooks
... and deploy it as a pre-commit hook:
ln -s $PWD/puppet-git-hooks tor-puppet/.git/hooks/pre-commit
A server-side validation hook hasn't been enabled yet because our
manifests would sometimes fail and the hook was found to be somewhat
slow. That is being worked on in [issue 31226][].
## Listing all hosts under puppet ## Listing all hosts under puppet
This will list all active hosts known to the Puppet master: This will list all active hosts known to the Puppet master:
...@@ -1475,6 +1490,11 @@ The GitLab CI would be indicative: an operator would need to push to a ...@@ -1475,6 +1490,11 @@ The GitLab CI would be indicative: an operator would need to push to a
topic branch there first to confirm tests pass but would still push topic branch there first to confirm tests pass but would still push
directly to the Puppet server for production. directly to the Puppet server for production.
Note that we are working on (client-side) validation hooks for now,
see [issue 31226][].
[issue 31226]: https://gitlab.torproject.org/tpo/tpa/team/-/issues/31226
### OpenPGP verification and web hook ### OpenPGP verification and web hook
To stop pushing directly to the Puppet server, we could implement To stop pushing directly to the Puppet server, we could implement
...@@ -1661,8 +1681,8 @@ the last one supporting "passenger" (the puppetmaster deployment ...@@ -1661,8 +1681,8 @@ the last one supporting "passenger" (the puppetmaster deployment
method currently available in Debian, deprecated and dropped from method currently available in Debian, deprecated and dropped from
puppet 6). They [patched it](https://redmine.koumbit.net/projects/theforeman-puppet/repository/revisions/5b1b0b42f2d7d7b01eacde6584d3) to support `puppetlabs/apache < 6`. puppet 6). They [patched it](https://redmine.koumbit.net/projects/theforeman-puppet/repository/revisions/5b1b0b42f2d7d7b01eacde6584d3) to support `puppetlabs/apache < 6`.
They push to a bare repo on the puppet master, then they have They push to a bare repo on the puppet master, then they have
validation hooks (the inspiration for our #31226), and a hook deploys validation hooks (the inspiration for our own hook implementation, see
the code to the right branch. [issue 31226][]), and a hook deploys the code to the right branch.
They were using r10k but stopped because they had issues when r10k They were using r10k but stopped because they had issues when r10k
would fail to deploy code atomically, leaving the puppetmaster (and would fail to deploy code atomically, leaving the puppetmaster (and
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment