7

Is it possible to setup puppet in a way that changes in manifests only will be applied during certain hours, so that any eventual downtime on our server will occur when we decide it to?

Thanks

Industrial
  • 1,559
  • 5
  • 24
  • 37

2 Answers2

9

I just had to solve this problem... There are a few approaches...

  • Use cron. If you have an OS that supports cron.d entries, distribute a puppet.cron file via Puppet. The accompanying manifest would have something that ensures that the Puppet daemon is off. If you have a lot of servers, use a bash function to randomize the cron pull time to reduce the load on the master server. Also see the Puppet wiki on this topic.

The module I use:

class puppet_cron {

   file { '/etc/cron.d/puppet.cron':
     ensure   => file,
     owner    => root,
     group    => root,
     mode     => 644,
     source   => "puppet:///modules/puppet_cron/puppet.cron",
   }

   service { 'puppet':
     ensure    => stopped,
     enable    => false,
   }

}

An example puppet.cron:

# puppet.cron
#
# Run puppet in one-time mode during daily downtime window.
# 

# Puppet check window for Monday through Thursday
*/15 16-19 * * 1-5 root exec /usr/sbin/puppetd --no-daemonize -o
  • There's a Puppet schedule metaparameter that allows you to list times when manifests should be evaluated on a per-class basis. See: https://serverfault.com/a/341865/13325

  • I recently read a book that suggested using Git as a manifest distribution method in order to scale and reduce the load on the master server. This means you'd have more granular control over scheduling.

ewwhite
  • 194,921
  • 91
  • 434
  • 799
  • You don't need to use a bash function to randomize the time -- that's what the `fqdn_rand()` Puppet function is for. – jgoldschrafe Mar 17 '12 at 15:00
  • @ewwhite can link me to the git post? – Cherian Aug 06 '12 at 10:54
  • @Cherian The process is [described in this article](http://bitfieldconsulting.com/scaling-puppet-with-distributed-version-control), but also covered in detail in the author's book, [The Puppet Cookbook](http://bitfieldconsulting.com/cookbook). – ewwhite Aug 06 '12 at 12:37
5

Yes, just setup the cronjob that runs puppet to only run during certain hours. Running puppet as a daemon is a really terrible idea. We use the IP address of the server as the key into a hashing function to splay our cronjobs across the entire time period of our Puppet runs, to avoid a thundering herd problem.

womble
  • 95,029
  • 29
  • 173
  • 228