You are browsing a read-only backup copy of Wikitech. The live site can be found at wikitech.wikimedia.org

Bolt: Difference between revisions

From Wikitech-static
Jump to navigation Jump to search
imported>Bking
m (slightly more parametrized delete command)
imported>JHathaway
Line 25: Line 25:
This module conflicts with our system module, [https://github.com/puppetlabs/bolt/issues/3055 Upstream pull request] or [https://gerrit.wikimedia.org/r/c/operations/puppet/+/764884 rename our module]
This module conflicts with our system module, [https://github.com/puppetlabs/bolt/issues/3055 Upstream pull request] or [https://gerrit.wikimedia.org/r/c/operations/puppet/+/764884 rename our module]


<pre>$export BOLT_VERS="3.22.1"; sudo -E rm -rfv /opt/puppetlabs/bolt/lib/ruby/gems/2.7.0/gems/bolt-${BOLT_VERS}/bolt-modules/system</pre>
<pre>$ BOLT_VERS="3.22.1"; sudo rm -rv /opt/puppetlabs/bolt/lib/ruby/gems/2.7.0/gems/bolt-${BOLT_VERS}/bolt-modules/system</pre>
 
=== Add Bolt config, labs-private, and supporting modules ===
=== Add Bolt config, labs-private, and supporting modules ===


Line 43: Line 44:
   - 'private/modules'
   - 'private/modules'
   - 'modules'
   - 'modules'
  - 'vendor_modules'
   - 'bolt/modules'
   - 'bolt/modules'
EOF
EOF
Line 76: Line 78:
EOM
EOM
$ bash boltup</pre>
$ bash boltup</pre>
== Usage ==
== Usage ==


=== Noop a server ===
=== Noop a server ===


<pre>$ bolt apply --noop -t mirror1001.wikimedia.org &lt;(cat manifests/*.pp)</pre>
<pre>$ bolt apply --noop -t mirror1001.wikimedia.org &lt;(cat manifests/*.pp) | tee puppet.out</pre>
 
=== Look through output ===
 
Here is a script to remove items from the output that you don't care about
 
<pre>
#!/bin/bash
# Grep out values from a puppet or bolt console output
#
# Usage: puppet-out-grep Exim Nagios
 
puppet_out="${PUPPET_OUT:-puppet.out}"
 
# https://stackoverflow.com/a/17841619/1236063
function join_by {
local d=${1-} f=${2-}
if shift 2; then
printf %s "$f" "${@/#/$d}"
fi
}
 
out_ignore=("$@")
out_ignore+=('Finished' 'Compiled' 'Applied')
out_ignore_service_regex=$(join_by '|' "${out_ignore[@]}")
out_ignore+=('refresh')
out_ignore_regex=$(join_by '|' "${out_ignore[@]}")
 
# Grep for everything except Finished, Compiled, Applied, or refresh (and optional arguments)
grep -E 'Notice|Error' "${puppet_out}" | grep -Ev "${out_ignore_regex}" | sort | uniq
 
# Do a separate grep for only Service refreshes to highlight them
grep -E 'Service\[.+refresh' "${puppet_out}" | grep -Ev "${out_ignore_service_regex}" | sort | uniq
</pre>
 
==== Example ====
 
<pre>$ puppet-out-grep Exim Nagios</pre>
 
== Outstanding Issues ==
== Outstanding Issues ==


# Bolt's system modules conflicts with our system module, [https://github.com/puppetlabs/bolt/issues/3055 Upstream pull request] or [https://gerrit.wikimedia.org/r/c/operations/puppet/+/764884 rename our module]
# Bolt does not preserve symlinks on files with recurse and source directories, https://github.com/puppetlabs/bolt/issues/3056
# Bolt does not preserve symlinks on files with recurse and source directories, https://github.com/puppetlabs/bolt/issues/3056
# PuppetDB queries do not work, nor do exported resources
# PuppetDB queries do not work, nor do exported resources
# <code>acme_chief</code> module does not work
# <code>acme_chief</code> module does not work
# Nooping a server with Bolt will take out a Puppet lock, which would block a cron based Puppet run which began after the Bolt run
# Nooping a server with Bolt will take out a Puppet lock, which would block a cron based Puppet run which began after the Bolt run

Revision as of 20:22, 10 May 2022

Puppet Bolt supports a variety of uses cases, but one in particular is interesting for our use, masterless Puppet catalog applies. In a masterless apply rather than obtaining the catalog from the puppet master the catalog is compiled directly from the source repository. One advantage of a masterless apply is that it can offer faster feedback on code changes, since you don’t need to commit in order to apply or noop your changes against a destination host, i.e.:

# Edit
$ vi modules/example/manifests/init.pp

# Noop to see changes
$ bolt apply --noop -t node.example.com

# Commit
$ git commit -a -m 'add example module'

Other projects which support a masterless workflow:

Install Directions

Install Bolt, not currently in Debian unfortunately

$ wget https://apt.puppet.com/puppet-tools-release-bullseye.deb
$ sudo dpkg -i puppet-tools-release-bullseye.deb
$ sudo apt-get update
$ sudo apt-get install puppet-bolt

Delete Bolt’s system module

This module conflicts with our system module, Upstream pull request or rename our module

$ BOLT_VERS="3.22.1"; sudo rm -rv /opt/puppetlabs/bolt/lib/ruby/gems/2.7.0/gems/bolt-${BOLT_VERS}/bolt-modules/system

Add Bolt config, labs-private, and supporting modules

$ cat >boltup <<EOM
#!/bin/bash

set -o errexit
set -o nounset

cat >bolt-project.yaml <<EOF
---
name: wmf
apply-settings:
  show_diff: true
hiera-config: 'hiera.yaml'
modulepath:
  - 'private/modules'
  - 'modules'
  - 'vendor_modules'
  - 'bolt/modules'
EOF

cat >inventory.yaml <<EOF
config:
  transport: ssh
  ssh:
      interpreters:
          # Use our system ruby
          rb: /usr/bin/ruby
      # Switch to root before running puppet
      run-as: root
features:
    # Do not try to install the puppet-agent
    - puppet-agent
EOF

# setup hiera
sed -E 's#/etc/puppet/##' modules/puppetmaster/files/production.hiera.yaml >hiera.yaml

# clone repos
if [[ ! -e 'private' ]]; then
    git clone git@github.com:wikimedia/labs-private.git private
fi
mkdir -p bolt/modules
if [[ ! -e 'bolt/modules/nagios_core' ]]; then
    git clone git@github.com:puppetlabs/puppetlabs-nagios_core.git bolt/modules/nagios_core
fi
if [[ ! -e 'bolt/modules/mailalias_core' ]]; then
    git clone git@github.com:puppetlabs/puppetlabs-mailalias_core.git bolt/modules/mailalias_core
fi
EOM
$ bash boltup

Usage

Noop a server

$ bolt apply --noop -t mirror1001.wikimedia.org <(cat manifests/*.pp) | tee puppet.out

Look through output

Here is a script to remove items from the output that you don't care about

#!/bin/bash
# Grep out values from a puppet or bolt console output
#
# Usage: puppet-out-grep Exim Nagios

puppet_out="${PUPPET_OUT:-puppet.out}"

# https://stackoverflow.com/a/17841619/1236063
function join_by {
	local d=${1-} f=${2-}
	if shift 2; then
		printf %s "$f" "${@/#/$d}"
	fi
}

out_ignore=("$@")
out_ignore+=('Finished' 'Compiled' 'Applied')
out_ignore_service_regex=$(join_by '|' "${out_ignore[@]}")
out_ignore+=('refresh')
out_ignore_regex=$(join_by '|' "${out_ignore[@]}")

# Grep for everything except Finished, Compiled, Applied, or refresh (and optional arguments)
grep -E 'Notice|Error' "${puppet_out}" | grep -Ev "${out_ignore_regex}" | sort | uniq

# Do a separate grep for only Service refreshes to highlight them
grep -E 'Service\[.+refresh' "${puppet_out}" | grep -Ev "${out_ignore_service_regex}" | sort | uniq

Example

$ puppet-out-grep Exim Nagios

Outstanding Issues

  1. Bolt's system modules conflicts with our system module, Upstream pull request or rename our module
  2. Bolt does not preserve symlinks on files with recurse and source directories, https://github.com/puppetlabs/bolt/issues/3056
  3. PuppetDB queries do not work, nor do exported resources
  4. acme_chief module does not work
  5. Nooping a server with Bolt will take out a Puppet lock, which would block a cron based Puppet run which began after the Bolt run