3

Note: I'm not sure where this question belongs. Perhaps it would belong better on Server Fault, but as I'm primarily asking for hacking and home-networking purposes, I'm asking here. Plus it'd probably get flame-trolled off the site in less than 10-100 seconds, which is why I avoid using Server Fault.

I'm looking to setup and start messing around with having a Puppet Master and several Puppet clients to get the feel for working with Puppet with an actual master. By default, Puppet client instances update (as far as I know) every 30 minutes, asking the master for their latest configuration and applying it as it comes down.

I've heard that MCollective can make these changes essentially instantly as it uses a message queue and parallelism to push commands in real time to clients.

I've been trying to find out how to do this with a Puppet Master and Puppet Clients, but it seems that MCollective is much bigger of a project than just a real-time plugin for a Puppet Master.

How do I setup a simple Puppet Master, an MCollective Server (and message queue), and my Puppet Clients to get changes to Puppet configuration in real time?

(I understand generally how to apt-get install redis-server puppetmaster mcollective, but I'm looking to understand how integrating MCollective with the Puppet Master actually works.)

Naftuli Kay
  • 39,676
  • 1
    MCollective is not a "magic wand" that switches Puppet from polling to instant updates. MCollective is not a replacement of the regular, scheduled puppet runs. It is used merely to explicitly trigger a task on a set of clients. If you change your Puppet configuration (the manifests etc), this will not trigger anything within/by MCollective. – Alex Jun 16 '14 at 21:02
  • Oh, I thought that there was a plugin that integrated with Puppet Master to more efficiently push (rather than poll) changesets to clients. – Naftuli Kay Jun 16 '14 at 21:05
  • This would be against Puppet's "declarative" approach. The server has no idea what needs to be done on a particular client. The master only knows the desired target configuration - how the client should look like in the end. Because of that there isn't really a concept of a "changeset". The client determines that changeset by comparing it's current configuration with the target configuration. – Alex Jun 16 '14 at 21:11

1 Answers1

3

I've not played with this but this sounds like what you're looking for:

excerpt

This agent manages the puppet agent, unlike the older puppetd plugin this one supports Puppet 3 and recent changes made to its locking and status files.

In addition to basic support for Puppet 3 this adds a number of new features, most them usable under both Puppet 2.7 and 3.

  • Supports noop runs or no-noop runs
  • Supports limiting runs to certain tags
  • Support splay, no splay, splaylimits
  • Supports specifying a custom environment
  • Supports specifying a custom master host and port
  • Support Puppet 3 features like lock messages when disabling
  • Use the new summary plugins to provide convenient summaries where appropriate
  • Use the new validation plugins to provider richer input validation and better errors
  • Data sources for the current puppet agent status and the status of the most recent run

Also there's this excerpt:

Running all enabled Puppet nodes

Often after committing a change you want the change to be rolled out to your infrastructure as soon as possible within the performance constraints of your infrastructure.

The performance of a Puppet Master generally comes down to the maximum concurrent Puppet nodes that are applying a catalog it can sustain.

Using the MCollective infrastructure we can determine how many machines are currently enabled and applying catalogs.

Thus to do a Puppet run of your entire infrastructure keeping the concurrent Puppet runs as close as possible to 10 nodes at a time you would do:

  $ mco puppet runall 10
slm
  • 369,824
  • 1
    Thanks, this seems to be exactly what I'm looking for. Puppet Agents will run on an interval, but if I need to push out crucial changes for (say) fixing a security problem, real-time Puppet apply would be awesome. – Naftuli Kay Jun 17 '14 at 16:37
  • 1
    @NaftuliTzviKay - I was pleasantly surprised to find this. I'm learning about Puppet now as well and this was a nice option that seemed to be missing from the other approaches I've seen thus far. – slm Jun 17 '14 at 16:56