ReleaseEngineering/PuppetAgain/HowTo/Set up a user environment

From MozillaWiki
Jump to: navigation, search

Approved people have SSH logins on all puppet masters and a puppet environment at /etc/puppet/environments/$username.

You can use this environment to do your development.


On the master machine

In general, you'll want to clone at /etc/puppet/environments/$USER. You can use git if you'd like, doesn't matter. Then link in the config and nodes for the org you're working with; for moco, that's:

 cd /etc/puppet/environments/$USER/manifests
 ln -s moco-config.pp config.pp
 ln -s moco-nodes.pp nodes.pp

On the worker node(s)

Next, you can run puppet agent on a worker and tell it to use your environment on the server you've selected:

$ su -
# puppet agent --test --environment=dmitchell

On a mac worker, on the first run you will have to specify the ssl dir. For example:

$ su -
# puppet agent --test --environment=kmoir --pluginsync --ssldir=/var/lib/puppet/ssl

Secrets (back on master node)

Note that your secrets will come from the same Hiera datasource as everything else. You can override secrets for your env only in /etc/hiera/environments/<yourname>_secrets.eyaml.


The most common problem that you'll see is that your version control system will helpfully make the files in your repository not world-readable, and in particular preclude puppet from reading them.

This will result in this error message when try to run puppet on your worker
"Could not parse for environment $yourid: Permission denied"
in /etc/puppet/environments/$yourid
find . -type f | xargs chmod o+r
find . -type d | xargs chmod o+rx

This should not be a problem anymore - puppet is now a member of each user's group, so it should be able to read the repository with the 'g' permissions. Please file bugs or contact dustin for any permissions problems.


If you want to make a node use your environment on every run (e.g., for workers that run puppet at boot), you can "pin" the host to your environment. Edit the node definition like this:

   node "hostname" {
       # the pins must come *before* the toplevel include
       $pin_puppet_server = ""
       $pin_puppet_env = "dmitchell"
       include toplevel::slave::releng::build

This will result in a puppet.conf on the client that specifies the server and environment.


If you're using git, set things up as follows:

cd /etc/puppet/environments/$USER
git init

edit .git/config, and add

       sharedRepository = 0644

to the [core] section. Then clone a copy of the git repository (e.g., from, and start hacking.

git remote add mozilla
git fetch mozilla
git reset --hard mozilla/master