New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 706039 link

Starred by 1 user

Issue metadata

Status: WontFix
Owner:
Closed: Mar 2017
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 2
Type: Bug



Sign in to add a comment

Make Puppet Unaware of Roles

Project Member Reported by dgarr...@chromium.org, Mar 28 2017

Issue description

What does puppet do in the lab that is role aware?

Could we simplify things by having it do the same thing to every server, and not have to know about roles at all?

This implies that we run the exact same services on every machine, but ignore them on machines that aren't supposed to do X. This might be a horrible idea, but it would simplify provisioning and updates, since we'd be uniform across all servers.
 
> What does puppet do in the lab that is role aware?

 A) It determines what role each host plays,
 B) It determines the content of certain configuration files
    based on the role.
 C) It configures/starts certain services based on the role.

> Could we simplify things by having it do the same thing to
> every server, and not have to know about roles at all?

We'd have to design a new scheme for how servers determine
their role.  I doubt that whatever scheme we developed would
make that part of the system much simpler.  If there were to
be meaningful savings, it would have to come from the services
we install.

> This implies that we run the exact same services on every
> machine, but ignore them on machines that aren't supposed
> to do X. This might be a horrible idea, but it would
> simplify provisioning and updates, since we'd be uniform
> across all servers.

Historically, we do a little bit of this sort of thing, and
it's been a source of accidents.  In particular, for some
roles, there is a "primary" and a "backup".  We have to have
special code that distinguishes these cases, in order to
prevent trouble.  The code to make that distinction isn't in
just one place, so it's hard to get the behavior right and
keep it right.

I note that at a basic level, our services are currently
activated (or not) based primarily on the presence of some
file, such as an upstart job, or a cron file in /etc/cron.d.
So, if we simply installed all the files everywhere, we'd
get what you're suggesting.  Avoiding chaos and accidents
would be the principal challenge.

One other issue would be that some files, notably the
shadow_config.ini file, changes its content based on the
role of the server it's installed on.  We'd have to make
an alternative scheme to create role-based configuration
files.

I think to be done safely, we'd have to create a centralized
service-starter that provided a facility along the lines of
"start (or run) service S based on my currently assigned role."

>I think to be done safely, we'd have to create a centralized
service-starter that provided a facility along the lines of
"start (or run) service S based on my currently assigned role."

That's what the Puppet master would be doing in a master-slave setup.  We use a master-less Puppet setup, so that knowledge must be distributed to each machine.

Provisioning each machine identically is not feasible at the moment because each role is different in orthogonal ways.  Some check out Autotest to /usr/local/autotest, some check out Autotest to ~chromeos-test/autotest then bind mount it to /usr/local/autotest, some have different shadow_config.ini, etc.
Status: WontFix (was: Untriaged)
Okay, this is a bad idea. It would have been nice, but only if it worked.

Sign in to add a comment