proposal: webserver/site configs in puppet

Wed Jun 8 13:54:58 UTC 2011

hi seth,
I prefer to maintain the whole apache configs in debian style. Where I have
base apache module for minimal setup + sites-available + mods-available, and
individual use cases (passenger /mod_wsgi etc or virtualhosts/proxypasses)
are modelled as dependant modules of apache where they selectively
enable/disable sites or mods. Individual mods are loaded by separate .load
file and configured by separate .conf files. Also we have separate puppet
sub modules for individual mods. This way i can readily assemble my node
specific apache configs without tampering the base puppet modules even if
they need fin grained customizations.

regards
ranjib

On Wed, Jun 8, 2011 at 10:19 AM, seth vidal <skvidal at fedoraproject.org>wrote:

> Hi folks,
>  A problem I've been having recently is how we configure/maintain our
> webserver configs in puppet. Right now we use a common class that has
> definitions for a all the common functions/setups we use for our apache
> setups. It's good from a programmatic code-reuse standpoint to make sure
> we're not having to make N edits all over the place. It's bad b/c it
> makes it next to impossible to know that when you edit
>
> httpd::proxy in modules/httpd/manifests/init.pp that you're going to
> impact the following systems:
>  proxy*
>  puppet*
>  collab*
>  secondary*
>
> Since we run so many different kinds of websites and types of website
> services I'm going suggest we stop thinking of 'httpd' as the base layer
> and start thinking of the name of website itself as the base layer.
>
> so instead of 'httpd' the module you'd care about would be:
>
> 'infrastructure.fedoraproject.org'
>
> or
>
> 'proxy.fedoraproject.org'
>
> etc, etc
>
>
> The advantage is - if I want to modify infrastructure - I don't have to
> worry if my modification will change things on other systems I'm not
> aware of. It lets people make changes quickly, safe and confident that
> they are only modifying the site they think they are modifying.
>
> The disadvantage is we may have to make certain kinds of changes in a
> number of places when we want to make a change.
>
> I personally, think I'm better at running git-grep to know where else
> has the same config than I am at parsing puppet configs in my head to
> know what is or is not actually using a specific import.
>
> I'm not sold on how this dir structure should be setup, yet and I'm
> curious for some feed back.
>
> thoughts?
>
> -sv
>
>
> _______________________________________________
> infrastructure mailing list
> infrastructure at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/infrastructure
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/infrastructure/attachments/20110608/778cfc99/attachment.html 