mv-production-puppet and mpt-production-puppet files are out of sync

RESOLVED WORKSFORME

Status

Release Engineering
General
P3
normal
RESOLVED WORKSFORME
8 years ago
5 years ago

People

(Reporter: rail, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [puppet])

Attachments

(3 attachments)

(Reporter)

Description

8 years ago
Created attachment 473131 [details] [diff] [review]
Not synced files

root@mv-production-puppet# find /N | sort > /tmp/mv.txt
root@mpt-production-puppet# find /N | sort > /tmp/mpt.txt

diff -u mpt.tx mv.txt

Attached is a current diff.
Created attachment 473232 [details]
diff of sha1's

There's some additional differences if you compare sha1's. I can't find the sync job between production puppet masters to debug.
Ah hah, it's a cron job for filesync@mv-production-puppet. It's doing
rsync -a --include="**usr/local" --exclude=local filesync@production-puppet.build.mozilla.org:/N/production/ /N/production/

Adding a --delete would clean up a lot of the differences, still trying to figure out how this is supposed to work.
Going to leave this for bhearsum since he's the expert here, but perhaps we no longer need to be excluding local from the rsync ? There are lots of mac slaves failing to puppet (and hence start buildbot) looking for darwin10-i386/build/local/Users/cltbld/.ssh/config and known_hosts. eg moz2-darwin10-slave40.
I have manually copied config and known_hosts from
 /N/production/darwin9-i386/build/local/Users/cltbld/.ssh/
 /N/production/darwin10-i386/build/local/Users/cltbld/.ssh/
from mpt-production-puppet to mv-production-puppet, to get all those mac slaves back on masters rather than hanging on puppet.
(Reporter)

Comment 5

8 years ago
I have added preproduction-stage entry to /N/production/centos5-i686/build/local/home/cltbld/.ssh/known_hosts and copied the file to /N/production/centos5-x86_64/build/local/home/cltbld/.ssh/known_hosts on mv master manually without copying the file from mpt master because that file on mpt has 11 lines and the same file on mv master has 18 lines.
Thanks for looking at this Nick & Rail, I'll figure out a long term fix.
Assignee: nobody → bhearsum
So, I think the main issue here is that 'local' has ended up overloaded, serving the purpose of holding files different between staging and production (eg, ssh configs) as well as files different between different production masters (eg, puppet configs). Things of the first type have landed with the expectation that mv-p-p would be synced automatically.

I think the best way to solve this is to maintain an exclude file in the puppet-manifests repo. This way, we can exclude different-between-production-masters files and still sync the other ones automatically.
Comment on attachment 473232 [details]
diff of sha1's

I deleted all of the tmp/swap files, but I want to comment on the rest of these:


>+SHA1(./centos5-i686/build/etc/sysconfig/puppet)= 357b42ad36f689f3a1a2ddf3ffdf5e9bedf13a47
>+SHA1(./centos5-i686/build/etc/sysconfig/puppet.mv)= 357b42ad36f689f3a1a2ddf3ffdf5e9bedf13a47
>+SHA1(./centos5-i686/build/etc/sysconfig/puppet.staging)= bd7ef65120e74950787b1089f23e7f2677e9a1fd

These files moved to their 'local' counterpart, aren't used here anymore. They'll be deleted when we switch to --delete.

>-SHA1(./centos5-i686/build/local/etc/sysconfig/puppet)= 00e639b1b49ab1eb85ba9e65e0ecf1e0e7727b19
>-SHA1(./centos5-i686/build/local/etc/sysconfig/puppet.mv)= 357b42ad36f689f3a1a2ddf3ffdf5e9bedf13a47
>-SHA1(./centos5-i686/build/local/etc/sysconfig/puppet.staging)= bd7ef65120e74950787b1089f23e7f2677e9a1fd
>+SHA1(./centos5-i686/build/local/etc/sysconfig/puppet)= 357b42ad36f689f3a1a2ddf3ffdf5e9bedf13a47

'puppet' is meant to be different between the two. The other two are purposely not synced to mv.


> SHA1(./centos5-i686/build/local/home/cltbld/.android/android.keystore)= 6c0c37e0edf3f4c8f95db3c128bd02a9d8139e19
>-SHA1(./centos5-i686/build/local/home/cltbld/.mozpass.cfg)= b8a0a5ab2965311a6effa8114c3b00cdc9b92818
>-SHA1(./centos5-i686/build/local/home/cltbld/.ssh/config)= 93822f3d1082ace482be8f8ae849ec841be46a7c
>-SHA1(./centos5-i686/build/local/home/cltbld/.ssh/known_hosts)= c2d4c21e721f4374a4ad887dc50561b524cc4635
>+SHA1(./centos5-i686/build/local/home/cltbld/.mozpass.cfg)= 4dfbc07b7bcd0a37230679d4a9a1d025dd08b640
>+SHA1(./centos5-i686/build/local/home/cltbld/.ssh/authorized_keys2)= fa4b332acaffbc40f59cb7176c62704db986a006
>+SHA1(./centos5-i686/build/local/home/cltbld/.ssh/config)= 8d6f82ede798b420112fb86b7653e231902da3a6
>+SHA1(./centos5-i686/build/local/home/cltbld/.ssh/known_hosts)= f7b1897b749a8efefa75a6d4f094b8393bf88772

These should all be synced IMHO, and will be if we switch to the rsync exclude file I proposed.


>-SHA1(./centos5-x86_64/build/local/etc/sysconfig/puppet)= 00e639b1b49ab1eb85ba9e65e0ecf1e0e7727b19
>-SHA1(./centos5-x86_64/build/local/etc/sysconfig/puppet.mv)= 357b42ad36f689f3a1a2ddf3ffdf5e9bedf13a47
>-SHA1(./centos5-x86_64/build/local/etc/sysconfig/puppet.staging)= bd7ef65120e74950787b1089f23e7f2677e9a1fd
>-SHA1(./centos5-x86_64/build/local/home/cltbld/.ssh/config)= 93822f3d1082ace482be8f8ae849ec841be46a7c
>-SHA1(./centos5-x86_64/build/local/home/cltbld/.ssh/known_hosts)= c2d4c21e721f4374a4ad887dc50561b524cc4635
>+SHA1(./centos5-x86_64/build/local/etc/sysconfig/puppet)= 357b42ad36f689f3a1a2ddf3ffdf5e9bedf13a47
>+SHA1(./centos5-x86_64/build/local/home/cltbld/.ssh/authorized_keys2)= fa4b332acaffbc40f59cb7176c62704db986a006

Same as mentioned above for the puppet configs & ssh files.

>+SHA1(./darwin10-i386/build/Library/LaunchDaemons/com.reductivelabs.puppet.plist)= 7210d53e9cb2230064eeb16f4b3f2a80a0688c7d
>+SHA1(./darwin10-i386/build/Library/LaunchDaemons/com.reductivelabs.puppet.plist.mv)= 7210d53e9cb2230064eeb16f4b3f2a80a0688c7d
>+SHA1(./darwin10-i386/build/Library/LaunchDaemons/com.reductivelabs.puppet.plist.staging)= 90eeea6ab14ea7787c58eefb1763e64dc7984c7d

Like Linux, these files are deprecated in this location, will be removed.


>-SHA1(./darwin10-i386/build/local/Library/LaunchDaemons/com.reductivelabs.puppet.plist)= 791ffee05b97752356c4a7e48b4e161eb9e14f87
>-SHA1(./darwin10-i386/build/local/Library/LaunchDaemons/com.reductivelabs.puppet.plist.mv)= 7210d53e9cb2230064eeb16f4b3f2a80a0688c7d
>-SHA1(./darwin10-i386/build/local/Library/LaunchDaemons/com.reductivelabs.puppet.plist.staging)= 90eeea6ab14ea7787c58eefb1763e64dc7984c7d
>-SHA1(./darwin10-i386/build/local/Users/cltbld/.ssh/config)= 908370ba46c3c2216b37dcf93dd5260fc69706d2
>-SHA1(./darwin10-i386/build/local/Users/cltbld/.ssh/known_hosts)= c2d4c21e721f4374a4ad887dc50561b524cc4635
>+SHA1(./darwin10-i386/build/local/Library/LaunchDaemons/com.reductivelabs.puppet.plist)= 7210d53e9cb2230064eeb16f4b3f2a80a0688c7d
>+SHA1(./darwin10-i386/build/local/Users/cltbld/.ssh/authorized_keys2)= fa4b332acaffbc40f59cb7176c62704db986a006

>+SHA1(./darwin10-i386/test/Library/LaunchDaemons/com.reductivelabs.puppet.plist)= 18eb4ec5a268e4deeba499ef896b16a03625a7d2
>+SHA1(./darwin10-i386/test/Library/LaunchDaemons/com.reductivelabs.puppet.plist.mv)= 18eb4ec5a268e4deeba499ef896b16a03625a7d2
>+SHA1(./darwin10-i386/test/Library/LaunchDaemons/com.reductivelabs.puppet.plist.staging)= ac08cc710e4a196acbb59a95f79c7b66d1df897b

Same as above.


> SHA1(./darwin10-i386/test/Library/Preferences/com.apple.windowserver.plist)= fed9714d513de452137f987f312395a55d3281e6
> SHA1(./darwin10-i386/test/Library/Ruby/Gems/1.8/gems/puppet-0.24.8/lib/puppet/provider/package/pkgdmg.rb)= 23f714a9b5e8c28b77cd93e2230d4d469362946d
> SHA1(./darwin10-i386/test/Users/cltbld/.bash_profile)= 1e372d5d234b50c87d1b311f71aa0023e658d48e
> SHA1(./darwin10-i386/test/Users/cltbld/Library/Preferences/com.apple.DownloadAssessment.plist)= 6df2d55035dba15caa716f351f93bcfd5dd1e968
> SHA1(./darwin10-i386/test/Users/cltbld/Library/Preferences/com.apple.LaunchServices.plist)= a487e5722f6953c1bf643968edcbc406ddda6bab
> SHA1(./darwin10-i386/test/Users/cltbld/Library/Preferences/com.apple.dock.plist)= 42ce261941458860d6d568af0ebe3b12bbd274f5
>+SHA1(./darwin10-i386/test/Users/cltbld/com.apple.DownloadAssessment.plist)= 6df2d55035dba15caa716f351f93bcfd5dd1e968

I don't know how this file got here, neither does bear. It'll get removed with a --delete, though.

> SHA1(./darwin10-i386/test/Users/cltbld/cscreen)= 0f38a9e2587d956010bc4eacab6a82b52911fe3c
>-SHA1(./darwin10-i386/test/local/Library/LaunchDaemons/com.reductivelabs.puppet.plist)= 2bd0962db966e7663130e80eea2db1d0a07f1e47
>-SHA1(./darwin10-i386/test/local/Library/LaunchDaemons/com.reductivelabs.puppet.plist.mv)= 18eb4ec5a268e4deeba499ef896b16a03625a7d2
>-SHA1(./darwin10-i386/test/local/Library/LaunchDaemons/com.reductivelabs.puppet.plist.staging)= ac08cc710e4a196acbb59a95f79c7b66d1df897b
>+SHA1(./darwin10-i386/test/local/Library/LaunchDaemons/com.reductivelabs.puppet.plist)= 18eb4ec5a268e4deeba499ef896b16a03625a7d2

>+SHA1(./darwin9-i386/build/Library/LaunchDaemons/com.reductivelabs.puppet.plist)= 90eeea6ab14ea7787c58eefb1763e64dc7984c7d
>+SHA1(./darwin9-i386/build/Library/LaunchDaemons/com.reductivelabs.puppet.plist.mv)= 7210d53e9cb2230064eeb16f4b3f2a80a0688c7d
>+SHA1(./darwin9-i386/build/Library/LaunchDaemons/com.reductivelabs.puppet.plist.staging)= 90eeea6ab14ea7787c58eefb1763e64dc7984c7d

>-SHA1(./darwin9-i386/build/local/Library/LaunchDaemons/com.reductivelabs.puppet.plist)= 791ffee05b97752356c4a7e48b4e161eb9e14f87
>-SHA1(./darwin9-i386/build/local/Library/LaunchDaemons/com.reductivelabs.puppet.plist.mv)= 7210d53e9cb2230064eeb16f4b3f2a80a0688c7d
>-SHA1(./darwin9-i386/build/local/Library/LaunchDaemons/com.reductivelabs.puppet.plist.staging)= 90eeea6ab14ea7787c58eefb1763e64dc7984c7d
>-SHA1(./darwin9-i386/build/local/Users/cltbld/.ssh/config)= 908370ba46c3c2216b37dcf93dd5260fc69706d2
>-SHA1(./darwin9-i386/build/local/Users/cltbld/.ssh/known_hosts)= c2d4c21e721f4374a4ad887dc50561b524cc4635
>+SHA1(./darwin9-i386/build/local/Library/LaunchDaemons/com.reductivelabs.puppet.plist)= 7210d53e9cb2230064eeb16f4b3f2a80a0688c7d
>+SHA1(./darwin9-i386/build/local/Users/cltbld/.ssh/authorized_keys2)= fa4b332acaffbc40f59cb7176c62704db986a006

>+SHA1(./darwin9-i386/test/Library/LaunchDaemons/com.reductivelabs.puppet.plist)= 18eb4ec5a268e4deeba499ef896b16a03625a7d2
>+SHA1(./darwin9-i386/test/Library/LaunchDaemons/com.reductivelabs.puppet.plist.mv)= 18eb4ec5a268e4deeba499ef896b16a03625a7d2
>+SHA1(./darwin9-i386/test/Library/LaunchDaemons/com.reductivelabs.puppet.plist.staging)= 

>-SHA1(./darwin9-i386/test/local/Library/LaunchDaemons/com.reductivelabs.puppet.plist)= 2bd0962db966e7663130e80eea2db1d0a07f1e47
>-SHA1(./darwin9-i386/test/local/Library/LaunchDaemons/com.reductivelabs.puppet.plist.mv)= 18eb4ec5a268e4deeba499ef896b16a03625a7d2
>-SHA1(./darwin9-i386/test/local/Library/LaunchDaemons/com.reductivelabs.puppet.plist.staging)= ac08cc710e4a196acbb59a95f79c7b66d1df897b
>+SHA1(./darwin9-i386/test/local/Library/LaunchDaemons/com.reductivelabs.puppet.plist)= 18eb4ec5a268e4deeba499ef896b16a03625a7d2

Same as above.

>+SHA1(./fedora12-i686/test/home/cltbld/.config/autostart/gnome-terminal.desktop.mv)= 7d146d9bf03ea71ddc3b892ababc726f6c714ffa
>+SHA1(./fedora12-i686/test/home/cltbld/.config/autostart/gnome-terminal.desktop.staging)= 97989e54ed3556236261cd3f95d3a441c0695439

Like other platforms, these are deprecated in favour of the local/ versions.

> SHA1(./fedora12-i686/test/home/cltbld/run-puppet-and-buildbot.sh)= 37ab7f01284060fae5e8f6d5fc8fbe919f642ff3
>-SHA1(./fedora12-i686/test/local/home/cltbld/.config/autostart/gnome-terminal.desktop)= 7c1ec6fb661a2da36197a267e9bd560967dc4925
>-SHA1(./fedora12-i686/test/local/home/cltbld/.config/autostart/gnome-terminal.desktop.mv)= 7d146d9bf03ea71ddc3b892ababc726f6c714ffa
>-SHA1(./fedora12-i686/test/local/home/cltbld/.config/autostart/gnome-terminal.desktop.staging)= 97989e54ed3556236261cd3f95d3a441c0695439
>+SHA1(./fedora12-i686/test/local/home/cltbld/.config/autostart/gnome-terminal.desktop)= 7d146d9bf03ea71ddc3b892ababc726f6c714ffa

>+SHA1(./fedora12-x86_64/test/home/cltbld/.config/autostart/gnome-terminal.desktop)= 71b5e01aa0b4f4199c8d927b139af49c4b1072ba
>+SHA1(./fedora12-x86_64/test/home/cltbld/.config/autostart/gnome-terminal.desktop.mv)= 71b5e01aa0b4f4199c8d927b139af49c4b1072ba
>+SHA1(./fedora12-x86_64/test/home/cltbld/.config/autostart/gnome-terminal.desktop.staging)= af141f8e9784831bea1180260d8378d9e99dfef8

>-SHA1(./fedora12-x86_64/test/local/home/cltbld/.config/autostart/gnome-terminal.desktop)= af7a73b293c644190d790c5d29a2fe3a50a81394
>-SHA1(./fedora12-x86_64/test/local/home/cltbld/.config/autostart/gnome-terminal.desktop.mv)= 71b5e01aa0b4f4199c8d927b139af49c4b1072ba
>-SHA1(./fedora12-x86_64/test/local/home/cltbld/.config/autostart/gnome-terminal.desktop.staging)= af141f8e9784831bea1180260d8378d9e99dfef8
>+SHA1(./fedora12-x86_64/test/local/home/cltbld/.config/autostart/gnome-terminal.desktop)= 71b5e01aa0b4f4199c8d927b139af49c4b1072ba

Same as above.
Created attachment 473553 [details] [diff] [review]
add rsync exclude file

I intend to switch filesync's cronjob to run the following:
rsync -av --delete --exclude-from=/tmp/production-rsync.exclude filesync@production-puppet.build.mozilla.org:/N/production/ /N/production/

Here's the output when run with -n:
deleting centos5-i686/build/etc/sysconfig/puppet.staging
deleting centos5-i686/build/etc/sysconfig/puppet.mv
deleting centos5-i686/build/etc/sysconfig/puppet
deleting centos5-i686/build/local/home/cltbld/.ssh/authorized_keys2
deleting centos5-x86_64/build/etc/sysconfig/puppet.staging
deleting centos5-x86_64/build/etc/sysconfig/puppet.mv
deleting centos5-x86_64/build/etc/sysconfig/puppet
deleting centos5-x86_64/build/local/home/cltbld/.ssh/authorized_keys2
deleting darwin10-i386/build/Library/LaunchDaemons/com.reductivelabs.puppet.plist.staging
deleting darwin10-i386/build/Library/LaunchDaemons/com.reductivelabs.puppet.plist.mv
deleting darwin10-i386/build/Library/LaunchDaemons/com.reductivelabs.puppet.plist
deleting darwin10-i386/build/local/Users/cltbld/.ssh/authorized_keys2
deleting darwin10-i386/test/Library/LaunchDaemons/com.reductivelabs.puppet.plist.staging
deleting darwin10-i386/test/Library/LaunchDaemons/com.reductivelabs.puppet.plist.mv
deleting darwin10-i386/test/Library/LaunchDaemons/com.reductivelabs.puppet.plist
deleting darwin10-i386/test/Users/cltbld/com.apple.DownloadAssessment.plist
deleting darwin9-i386/build/Library/LaunchDaemons/com.reductivelabs.puppet.plist.staging
deleting darwin9-i386/build/Library/LaunchDaemons/com.reductivelabs.puppet.plist.mv
deleting darwin9-i386/build/Library/LaunchDaemons/com.reductivelabs.puppet.plist
deleting darwin9-i386/build/local/Users/cltbld/.ssh/authorized_keys2
deleting darwin9-i386/test/Library/LaunchDaemons/com.reductivelabs.puppet.plist.staging
deleting darwin9-i386/test/Library/LaunchDaemons/com.reductivelabs.puppet.plist.mv
deleting darwin9-i386/test/Library/LaunchDaemons/com.reductivelabs.puppet.plist
deleting fedora12-i686/test/home/cltbld/.config/autostart/gnome-terminal.desktop.staging
deleting fedora12-i686/test/home/cltbld/.config/autostart/gnome-terminal.desktop.mv
deleting fedora12-x86_64/test/home/cltbld/.config/autostart/gnome-terminal.desktop.staging
deleting fedora12-x86_64/test/home/cltbld/.config/autostart/gnome-terminal.desktop.mv
deleting fedora12-x86_64/test/home/cltbld/.config/autostart/gnome-terminal.desktop
centos5-i686/build/local/
centos5-i686/build/local/etc/sysconfig/
centos5-i686/build/local/home/
centos5-i686/build/local/home/cltbld/
centos5-i686/build/local/home/cltbld/.mozpass.cfg
centos5-i686/build/local/home/cltbld/.android/
centos5-i686/build/local/home/cltbld/.android/android.keystore
centos5-i686/build/local/home/cltbld/.ssh/
centos5-i686/build/local/home/cltbld/.ssh/config
centos5-i686/build/local/home/cltbld/.ssh/known_hosts
centos5-x86_64/build/local/
centos5-x86_64/build/local/etc/sysconfig/
centos5-x86_64/build/local/home/
centos5-x86_64/build/local/home/cltbld/
centos5-x86_64/build/local/home/cltbld/.ssh/
centos5-x86_64/build/local/home/cltbld/.ssh/config
centos5-x86_64/build/local/home/cltbld/.ssh/known_hosts
darwin10-i386/build/local/
darwin10-i386/build/local/Library/LaunchDaemons/
darwin10-i386/build/local/Users/cltbld/.ssh/
darwin10-i386/build/local/etc/
darwin10-i386/test/local/
darwin10-i386/test/local/Library/
darwin10-i386/test/local/Library/LaunchDaemons/
darwin9-i386/build/local/
darwin9-i386/build/local/Library/LaunchDaemons/
darwin9-i386/build/local/Users/cltbld/.ssh/
darwin9-i386/build/local/etc/
darwin9-i386/test/local/
darwin9-i386/test/local/Library/
darwin9-i386/test/local/Library/LaunchDaemons/
fedora12-i686/test/local/
fedora12-i686/test/local/home/
fedora12-i686/test/local/home/cltbld/
fedora12-i686/test/local/home/cltbld/.config/
fedora12-i686/test/local/home/cltbld/.config/autostart/
fedora12-x86_64/test/local/
fedora12-x86_64/test/local/home/
fedora12-x86_64/test/local/home/cltbld/
fedora12-x86_64/test/local/home/cltbld/.config/
fedora12-x86_64/test/local/home/cltbld/.config/autostart/

Most of the deletes are because of those files moving to ../local/.. I'm not exactly sure about the authorized_keys ones, I guess we syncing that at one point and later removed it. Do you know, Rail?

All of the additions/changes are expected.
Attachment #473553 - Flags: review?(rail)
Attachment #473553 - Flags: review?(nrthomas)
(Reporter)

Comment 10

8 years ago
Comment on attachment 473553 [details] [diff] [review]
add rsync exclude file

(In reply to comment #9)
> Most of the deletes are because of those files moving to ../local/.. I'm not
> exactly sure about the authorized_keys ones, I guess we syncing that at one
> point and later removed it. Do you know, Rail?

I think these files have been copied by syncing staging and production (see https://wiki.mozilla.org/ReleaseEngineering:Puppet:Usage#Moving_file_updates_to_production) by someone. They can be removed.
Attachment #473553 - Flags: review?(rail) → review+
Comment on attachment 473553 [details] [diff] [review]
add rsync exclude file

Please tell me what I'm missing in the following ....

All these files are switched by $configExt based on the machine use & location. Why can't we have identical file stores, and fix the ssh case to do the same thing ? Extra points if we add .mpt to the plain files (mpt prod) to remove any ambiguity.

It also strikes me as far too fragile to deploy new changes to each puppet master, if we have to touch each master when the file has to differ. I found the rsync from staging to production bad enough because /N/staging is full of everyone's testing crap, and ended up doing manual copy operations for yasm
Attachment #473553 - Flags: review?(nrthomas) → review-
(In reply to comment #11)
> Comment on attachment 473553 [details] [diff] [review]
> add rsync exclude file
> 
> Please tell me what I'm missing in the following ....
> 
> All these files are switched by $configExt based on the machine use & location.
> Why can't we have identical file stores, and fix the ssh case to do the same
> thing ? Extra points if we add .mpt to the plain files (mpt prod) to remove any
> ambiguity.

Do you mean identical file stores between production puppet masters? After stepping back for a minute, that _does_ sound better than maintaining an exclude file. It would make 'local' mean *only* staging vs production (and maybe preproduction at some point?) differences, too, which is a good thing.

I'm not sure what you mean by "fix the ssh case to do the same thing". Whatever we do, those should be synced between production masters IMHO.

> It also strikes me as far too fragile to deploy new changes to each puppet
> master, if we have to touch each master when the file has to differ.

Which part is fragile? The fact that we could miss a file somewhere? If so, I'm not sure how having them in all filestores with adjusted names makes this any easier. I do think it's cleaner to have /N/production 100% identical across all production masters, though.

> the rsync from staging to production bad enough because /N/staging is full of
> everyone's testing crap, and ended up doing manual copy operations for yasm

No disagreement on the staging -> production sync. I'd really like to write a script to make this easier, probably something that would iterate through them and prompt you for each file. I'm open to any other ideas about making this better, though.
I'm probably talking about a step further - making all filestores identical, except for any changes that are being tested against staging machines. Any staging vs production differences are captured by using separate suffixes (like sysconfig/puppet does), and staging->production pushes are simple rsyncs, modulo other people's work. In that scenario we may not need a local/.

So in the case of ssh we'd have a .ssh/config.{staging,mv,} to support different hosts/keys we use for staging machines. There are probably files that would need the same treatment.

Perhaps I'm way off base here as a result of not having a full understanding of all the parts of puppet are set up. eg, I don't follow why we have these files with a suffix in local/:
 production/centos5-i686/build/local/etc/sysconfig/puppet.mv
 production/centos5-i686/build/local/etc/sysconfig/puppet
 production/centos5-i686/build/local/etc/sysconfig/puppet.staging
(In reply to comment #13)
> I'm probably talking about a step further - making all filestores identical,
> except for any changes that are being tested against staging machines. Any
> staging vs production differences are captured by using separate suffixes (like
> sysconfig/puppet does), and staging->production pushes are simple rsyncs,
> modulo other people's work. In that scenario we may not need a local/.

I can the value in this, It's a lot simpler than the current system. I don't think it makes the staging -> production push any easier though. exclude ../local/.. is the easy part, avoiding other people's work is the hard part. Fixing that probably requires policy change, namely that you need to clean up after yourself. This certainly makes the mpt -> other puppet masters pull a lot simpler, though. It should simply be an rsync --delete with no include/exclude.

> Perhaps I'm way off base here as a result of not having a full understanding of
> all the parts of puppet are set up. eg, I don't follow why we have these files
> with a suffix in local/:
>  production/centos5-i686/build/local/etc/sysconfig/puppet.mv
>  production/centos5-i686/build/local/etc/sysconfig/puppet
>  production/centos5-i686/build/local/etc/sysconfig/puppet.staging

This happened somewhat by accident. My original plan was to avoid all suffixing, and have the MPT master point slaves at staging/mv for their Puppet config, but that didn't pan out (because the Puppet client refuses to connect to a file server that is different than where the manifests are being served from). Under that plan, there would've only been a local/etc/sysconfig/puppet on each master, serving the correct config for its slaves. After all of that, this is the workaround I ended up with.

If we're still in agreement on your plan after the above I'll figure out the patches and file re-arrangement to make it so.
Dustin is doing a lot of work in this area, I'm going to pass it along to him.
Assignee: bhearsum → dustin
Assignee: dustin → nobody
Are these two masters still out-of-sync? The last relevant comment (14) is from September.
Priority: -- → P3
(Assignee)

Updated

5 years ago
Product: mozilla.org → Release Engineering
Replaced by PuppetAgain.
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.