proposal: webserver/site configs in puppet

[Tristan Santore]

On 08/06/11 05:49, seth vidal wrote:
> Hi folks,
>  A problem I've been having recently is how we configure/maintain our
> webserver configs in puppet. Right now we use a common class that has
> definitions for a all the common functions/setups we use for our apache
> setups. It's good from a programmatic code-reuse standpoint to make sure
> we're not having to make N edits all over the place. It's bad b/c it
> makes it next to impossible to know that when you edit
> 
> httpd::proxy in modules/httpd/manifests/init.pp that you're going to
> impact the following systems:
>  proxy*
>  puppet*
>  collab*
>  secondary*
> 
> Since we run so many different kinds of websites and types of website
> services I'm going suggest we stop thinking of 'httpd' as the base layer
> and start thinking of the name of website itself as the base layer.
> 
> so instead of 'httpd' the module you'd care about would be:
> 
> 'infrastructure.fedoraproject.org'
> 
> or
> 
> 'proxy.fedoraproject.org'
> 
> etc, etc
> 
> 
> The advantage is - if I want to modify infrastructure - I don't have to
> worry if my modification will change things on other systems I'm not
> aware of. It lets people make changes quickly, safe and confident that
> they are only modifying the site they think they are modifying.
> 
> The disadvantage is we may have to make certain kinds of changes in a
> number of places when we want to make a change. 
> 
> I personally, think I'm better at running git-grep to know where else
> has the same config than I am at parsing puppet configs in my head to
> know what is or is not actually using a specific import.
> 
> I'm not sold on how this dir structure should be setup, yet and I'm
> curious for some feed back.
> 
> thoughts?
> 
> -sv
> 
> 
> _______________________________________________
> infrastructure mailing list
> infrastructure at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/infrastructure
Seth,

that is what subclasses should be used for imho. Id keep httpd as http
baseclass, but only have the usual stuff in there like service,
packages, etc.., maybe some base config, which then gets amended through
augeas or even through overriding the actual config files to use. Maybe
even use site specific definitions, which could also be used as exported
resources, and then a change in a site domain.com would propagate to
proxy01 automagically.

Then I would realize resources as required.
I haven't kept track through as to exactly gets amended when changes are
pushed, in terms of the httpd side.


Regards,

Tristan

P.s.: But obviously this always depends on the situation and setup.
Probably a million other ways to do this.


-- 
Tristan Santore BSc MBCS
TS4523-RIPE
Network and Infrastructure Operations
InterNexusConnect
Mobile +44-78-55069812
Tristan.Santore at internexusconnect.net

Former Thawte Notary
(Please note: Thawte has closed its WoT programme down,
and I am therefore no longer able to accredit trust)

For Fedora related issues, please email me at:
TSantore at fedoraproject.org