{"id":17710543,"url":"https://github.com/tragiccode/control-repository","last_synced_at":"2026-01-20T03:33:40.221Z","repository":{"id":31536362,"uuid":"104782826","full_name":"TraGicCode/control-repository","owner":"TraGicCode","description":null,"archived":false,"fork":false,"pushed_at":"2023-01-09T22:29:35.000Z","size":313,"stargazers_count":1,"open_issues_count":4,"forks_count":1,"subscribers_count":3,"default_branch":"production","last_synced_at":"2025-02-13T12:29:58.701Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Puppet","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/TraGicCode.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-09-25T17:49:07.000Z","updated_at":"2019-08-06T15:49:42.000Z","dependencies_parsed_at":"2023-01-14T19:15:58.379Z","dependency_job_id":null,"html_url":"https://github.com/TraGicCode/control-repository","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/TraGicCode%2Fcontrol-repository","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/TraGicCode%2Fcontrol-repository/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/TraGicCode%2Fcontrol-repository/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/TraGicCode%2Fcontrol-repository/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/TraGicCode","download_url":"https://codeload.github.com/TraGicCode/control-repository/tar.gz/refs/heads/production","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247623005,"owners_count":20968574,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-25T07:06:43.008Z","updated_at":"2026-01-20T03:33:40.178Z","avatar_url":"https://github.com/TraGicCode.png","language":"Puppet","funding_links":[],"categories":[],"sub_categories":[],"readme":"#### Table of Contents\n\n# Introduction\nThe Goal of this repository is to provide the ability to quickly spin up a puppet enterprise environment for quickly testing changes without having to touch your actual puppet enterprise server.\n\n# Requirements\n1.) Install Vagrant\n\n2.) Install Vagrant plugins\n```powershell\n    \u003e vagrant plugin install vagrant-pe_build\n    \u003e vagrant plugin install vagrant-hosts\n```\nNOTE: If you would like to change/update the version of PE in the vagrant file simply change the version assigned to **config.pe_build.version**\n\n\n# Using the vagrant plugins\n## Listing host names + private ip's\nA quick way to list your machines host names and private ip's is to run the following command from the vagrant-hosts plugin that was installed earlier\n\n\n```powershell\n    \u003e vagrant hosts list\n```\n\nThe following can be run to generate puppet code to update your own machines hosts file to easily communicate with the nodes via their hostnames\n\n```powershell\n    \u003e vagrant hosts puppetize | puppet apply\n```\n\n# Running puppet commands from the host machine\n```powershell\n    \u003e vagrant ssh puppetmaster -c \"sudo puppet node purge dc-001.attlocal.com\"\n```\n\n# Rendering epp templates from CLI for verification\n```powershell\n    \u003e bundle exec puppet epp render ./site/profile/templates/windows/sqlserver/sqlserver/enable-filestream.ps1.epp --values '{ operation =\u003e \"command\", instance_name =\u003e \"MSSQLSERVER\", filestream_access_level =\u003e 3 }'\n```\n\n# Using Code Manager\n1.) Install Pe-Client tools on your local workstation\n2.) Run the following to quickly configure PE Client tools\n```powershell\n    \u003e Configure-PEClientTools.ps1\n```\n2.) Update your hosts file to have the following entry\n```powershell\n    10.20.1.2     puppetmaster.local\n```\n3.) Obtain a RBAC token so you can deploy environments\n```powershell\n    \u003e puppet-access login --username admin\n```\n4.) Initiate a deployment of all environments\n```powershell\n    \u003e puppet-code print-config\n    \u003e puppet-code status\n    \u003e puppet-code deploy --all --wait --log-level info\n```\n\n# Using Eyaml\nFirst you will need to generate some encryption keys.  Simply run the following command\n\n```powershell\n    \u003e bundle exec eyaml createkeys\n```\n\n\nThe content you want encrypted should live in a file with the .eyaml extension.  It should initially have the unencrypted value wrapped in some markers eyaml expects to find\n\nExample\n```\n---\npassword: DEC::PKCS7[my super secret password here]!\n```\n\nNext you can encrypt the content of a string utilizing eyaml cli\n```powershell\n    \u003e bundle exec eyaml encrypt -s 'hello there bob!'\n```\n\n```data/secure.eyaml\npassword: \u003e\n    ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoIIBejCCAXYCAQAxggEhMIIBHQIBADAFMAACAQEw\n    DQYJKoZIhvcNAQEBBQAEggEAXjA0MbZ/x+iZOnAyklysIZeYiielyRuukTPL\n    CvyqKiWBWMJD3Cu3tC6N2wfjqxZ2sK/yGZqduYqamKfKx5Y7uxu3su7l/FWa\n    1eyqXfM/l+KQi2RJTTYjWtg+pg+uUejN9X9tpB6zjp8yjHHTpPaRTix/9tDW\n    uyGR+cbLYIXiHXhLNZ5X7CvaiBDbVSQdfkwt4/eCHJuCkrzNZ0C6FlP94610\n    mMLAI345hRa/Auiwtxy0qfpKCDIrpBczEqgMZDhnJ/0tLEu4P70Uy7t08A2A\n    8I+d/IyRjhoHWfOvuNH3rbwBBoqAFfTLhSb4xd+jMDYWR931PB3V3mKo6c5J\n    VpeanDBMBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBBSoYEAbjrkCBjKEXOc\n    x1a/gCCF1KRi3NMVcCErYP0RA6HgTvR51dIFnx67MeDQHNr9oA==]\n```\n\nTo decrypt the eyaml file and view the contents from the command line run the following\n```powershell\n    \u003e bundle exec eyaml decrypt -e .\\data\\secure.eyaml\n```\n\n```decrypted output\n    ---\npassword: \u003e\n  DEC::PKCS7[hello there bob!]!\n```\n\n\n# Setting up master for hiera-eyaml\nFirst you must install hiera-eyaml on the puppet server.\n```powershell\n    \u003e sudo /opt/puppetlabs/bin/puppetserver gem install hiera-eyaml\n    \u003e service pe-puppetserver reload\n```\n\nThe restart is needed in order to load this gem into puppetserver for utilization\n\n\n\n# Encrypting the contents of a file\nYou can point eyaml at a file to encrypt all of its contents to be pasted into hiera.  Example\n```powershell\n    \u003e bundle exec eyaml encrypt -f C:\\Windows\\System32\\drivers\\etc\\hosts\n```\n\n```\nhosts_file_content: \u003e\n    ENC[PKCS7,MIIFHQYJKoZIhvcNAQcDoIIFDjCCBQoCAQAxggEhMIIBHQIBADAFMAACAQEw\n    DQYJKoZIhvcNAQEBBQAEggEAmBDRVh1Ti0SuVjdeeKuvkdAJDKkHSsFTeCqz\n    wA53ykA3U3iqramFv0tggVIVmFgENvIkMkC0AtYOAIUvIA0Ez6RqIgVL8mck\n    /nf8zrlrpA1He1veibZZkxm+v4nGp5gik6SgP94V8RgK2eJRzf++0N+TJ5bP\n    y8mSjLESmAHiEwD9nv1oEEvl6MHGj3obmW3upTFxarz7Y9qSBVoPeIck3OT3\n    6T4muadCjcAX568BSCPT4aInkGmOqN48xXPwP5cybnQtAP1CPsDdnA4Qqi8X\n    gYOJkeRfW5Zmu9PKDiZ0CDdI1ZQgl0ScGrZegIOvqiOjEWLGI+rMDZBFZfwN\n    rsXBhzCCA94GCSqGSIb3DQEHATAdBglghkgBZQMEASoEENLR68D+49dWDXC/\n    Yp1B4ZuAggOw1QBd+qSWJ5stG46xGpbKUmgoJaj+YMJlbeaNFfY9eVClnjhN\n    nJQirUPXlg0KHgn3rtabXS2LcVnLkd0anRziZROoaPAzkmXfha7t3AHw0C2m\n    39H/QodKKopwxggqb42doUa+W650kmA4ZVn7LN3H5BQACSDscdL6ZgNDRbBO\n    3hVXp7FuToqCzjSjuQd+U/gbDB2jhTHtA5GB80ZT1OoS7NAWXGwkhN2/t1BM\n    LOQmaPul1Kj7G8WaokQiOVL3IByrrVp4CNjdt9v1d4K1r9Gziwnf978FLItT\n    JORrE7scGBlsMBQ00hqvzqbKgs73nxiamMB5M/IkgjtrOQjgZpy9a2HrOrXj\n    Z4DKAE9shGz0h3opXUVZuMHHvkvSBRb4ta1ZYkROChDCRNza5s7AwhhWiyrn\n    CZgu+n9+W2Ft09fJ82yluvZ5KGOehSQ9+i2a3qWDR769ARH768pHNQaAx1NJ\n    pVfCf0jZT5zTUpHblUgRrTX0XofDnnu+8fRbkNwHEV2S9gubxI+sApQv5JtH\n    XgHYGLiSPxeRG8jo861TkoizOOTcrB+61Me456eHzEIc4CPEO/TRYmaILjYu\n    yUB8ctq0Y5yPl9jghwWKu5j9R33cGlLZTBgoGaNojWegZ4FwnBK0hicKu836\n    yefYMAzAMcO4ZS9qHwB86fhD0L4Y869dWSWFQHX3Hhh35LGeWk6zpAwcnn8g\n    +3KOrsOGV1FeyRLlbDF9ep9Pcs/9jMatYCptg9cLH/rvVkYF45d4ALvgudEu\n    H/bwGUCDh1V1S5C5etueIoCXZr1gZqQrwWAaYg43YKf1MCj5IHFmgwtr5Tml\n    tv2Vt9hh0+Nyj0J7+gzjcx6iDrOd9Lcy3elnVQl6AAD5jUYKVzxs4wqXHHmH\n    bNwiNE6dvY1JLjz4SccD0paCcBFT/5q56yGyOaqJDMNYVYX+KM1SKPcvjwR7\n    HHAavI4a9t05VH0/stiGeDS77ZMutXQA17xpAy0JAjKj5ay8WhLr8ds7aXtp\n    8rfTf8sVONtK7BmgwuyHHrk7bj9hEx8O96L3QqHRK0lvRtr9xQ5pdSQ9ggp7\n    8JBKLkOYjACIFskQhXP2gmEpIvqGKWVNVOAXgS116rMVxZwj/9iz84Nvoi6k\n    6gtOimkiCo5QzV9JiaUI3+ppXi/qL454LiEy9iSNSKbPOVFjROZH/7H/oQE4\n    7yjjkiED7kWN4NQ052Q+ncpcIT+HngnQ+WN4Lx9VPEcUA4lGWYpIkZd1+rMn\n    Ee1h5kT3aV0=]\n```\n\n# Encrypting a password\nIf you don't want the password to be visible from your screen as you encrypt something use the following ot be prompted for the password\n```powershell\n    \u003e bundle exec eyaml encrypt -p\n```\n\n# label\nBy default when you encrypt something the hiera key is called 'block' to auto create the label so it's a straight copy and paste from stdout to hiera do the following\n```powershell\n    \u003e bundle exec eyaml encrypt -l 'some_easy_to_use_label' -s 'yourSecretString'\n```\n\n```\nsome_easy_to_use_label: \u003e\n    ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoIIBejCCAXYCAQAxggEhMIIBHQIBADAFMAACAQEw\n    DQYJKoZIhvcNAQEBBQAEggEAmdDNxHOjsajuh0KXJFiEh1OuPq3HvIhaoDfx\n    28sNWf/3Gy0fzSmbciKUqrpEneZtB7pBs9G7hXIqr+vpcG0uj6wmme5ioA2r\n    oIe2CZZeapXCdi6+zghABYA8Vtx/B/ZhEzFEHBMV28ipAl45EB2wimR9M8dH\n    L6Das7BjmOMOXwEu9MIubs6QmzXE0dNHxPa1ldDPT4+nzCjLcSLj88c0M2uK\n    pRU9IZQjcXor3cbrkEzoJZcMUxXXM/UPlXgtu1OmhlcTK3yvxoWkFBoTLgyL\n    k/tXSteG0boeOaHkJ3UOzfcWGWLVHZ/+FCuw3FK+34mgLi4IpyAzvn4KJEkR\n    U0/ptTBMBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBB/imFWp4D9XOu6T50u\n    9Z/4gCB8t4dl5bFy/OEDxKMRf6eCTFh77DfhdamKWvEK94l52g==]\n```\n\n# TODO: Hook up vault hiera backend\nhttps://github.com/jsok/hiera-vault\n\n# Connecting to vault\n```powershell\n\u003e $env:VAULT_ADDR = 'http://10.20.1.13:8200'\n\u003e vault.exe write secret/hello key=world\n```\n\n# How can I avoid download fixtures dependencies every time I run `bundle exec rake spec`?\n```powershell\n    \u003e bundle exec rake spec_prep\n    \u003e bundle exec rake spec_standalone\n```\n\n\n# Testing hiera lookup on your local developerbox\n```powershell\n  \u003e bundle exec puppet lookup --hiera_config .\\hiera.yaml 'profile::domainbase::domain_name'\n```\n\n# Graphite\nhttp://10.20.1.12\n\n\n# Grafana\nhttp://10.20.1.12:3000\n1.) Create datasource that points the local graphite server to pull in puppetserver stats\n\nUrl : http://localhost\nAccess : proxy\n\n# Query puppetdb from inside manifest\nPuppet enterprise provides a function that is already ready to be used to query puppetdb and pull data out from within a manifest\n\n```powershell\n  $windows_nodes_query = 'nodes[certname]{facts{name = \"operatingsystem\" and value = \"windows\"}}'\n  $windows_nodes = puppetdb_query($windows_nodes_query).each |$value| { $value[\"certname\"] }\n  notify {'windows nodes':\n      message =\u003e \"Your windows nodes are ${join($windows_nodes, ', ')}\",\n  }\n  ```\n\n  NOTE: I didn't any any modules or configure anything.  This worked straight up out of the box for puppet enterprise 2017.2.2\n\n\n  # Pry Debugging\n  To start debugging just put a breakpoint anywhere in your ruby code where you want to stop execution at\n  ```\n    require 'pry'; binding.pry\n  ```\n\n  It's easy to get lost or forget where you are @ in the code so to let pry tell you you can run the following command\n```\n    \u003e whereami\n```\n\nView the stack\n```\n    \u003e show-stack\n```\n\nStepping through the code\nMove to next line\n```\n    \u003e next\n```\n\nstep into a function\n```\n    \u003e step\n```\n\nContinue execution\nIf you want to continue execution to the end of the program or to next available breakpoiont simply run the following command\n```\n    \u003e continue\n```\n\n\nCompletely exit out of the debugger and program\n```\n    \u003e exit!\n```\n\n\n# Quick way to get into a IRB console\nA quick way to get into an IRB console to play around with ruby code is to use pry by executing the following\n```\n    \u003e bundle exec pry\n```\n\n\n# Upload local files to the guest vm via vagrant winrm\n```\n\u003e vagrant winrm-upload 'C:\\vox\\puppet-windowsfeature' 'C:\\ProgramData\\Puppetlabs\\code\\modules' dc-001\n```\n\n# Possible Issues with vagrant\nhttps://github.com/hashicorp/vagrant/issues/8785\n\n# MCollective Useful Commands\n\n## Disable/Enable Agents\n```powershell\n\u003e mco rpc puppet disable message=\"testing disable - mfyffe\" --with-identity mytestnode.local\n```\n\n```powershell\n\u003e mco rpc puppet enable --with-identity mytestnode.local\n```\n\n## Puppet Best Practices\n\nhttps://github.com/puppetlabs/best-practices\n\n\n\n## Deployment Information\n\n## Development\n\nDevelop on the master branch using a feature-branch workflow.  Commits merged into master will be automatically tested, promoted, and deployed to each successive environment tier by the CI/CD System.\n\nNOTE: Each branch of this repository represents a deployable and testable puppet environment\n\nIn order to deploy a given branch as a puppet environment, run:\n\n```\npuppet code deploy $branch --wait\n```\n\nAfter the puppet environment is deployed, you can test a puppet agent against that branch by:\n\n```\npuppet agent -t --environment $branch\n```\n\nNOTE: this strategy is just a commit and hand of to CI/CD Server to merge it through to all the other puppet environments.\nNOTE: Just like \"Continuous Deliver for PE\" it's important to understand what you should do in git and what git work \"CD for PE\" wil handle for you.  https://puppet.com/docs/continuous-delivery/1.x/setting_up.html#concept-1698\n\n## How to use large files in your profile module\n\nFor large files you want to use in your profiles you don't want them in your repository ( git doesn't handle large binaries well ).  Instead you should upload the files to S3, take a checksum of the files ( shown in S3 when you upload them ), put it in the following s3 bucket path:\n\nfor example:\ns3.amazon.aws.com/webops/puppet_files/$profilename/largefile.iso\n\nin your files directory create a staging.yaml with the content of:\n\n```\n---\nlargefile.iso: 'md5sum_of_file'\nevenlargerfile.iso: 'md5sum_of_file'\n```\n\nThe masters will then have a class applied to him called 'puppet_files' which will reference these and stage them at a predictable URLs for you:\n\npuppet:///puppet_files/$profilename/largefile.iso\nhttp://$master/puppet_files/$profilename/largefile.iso\nsmb://$master/puppet_files/$profilename/largefile.iso\n\nYou can then use remote_file, the built in puppet file resource to retrieve the files or use the \"attach_master\" on windows to attach the smb share as the Z drive / unc path on your machines to reference them later.\n\nThe above stuff needs more information but essentially you can download remote files from s3 onto the master into a specific file location like so\n\n```\nclass profile::master::files::jdk (\n  $srv_root = '/opt/tse-files',\n) {\n  file { \"${srv_root}/jdk\":\n    ensure =\u003e directory,\n    mode   =\u003e '0755',\n  }\n\n  remote_file { 'jdk-8u45-windows-x64.exe':\n    source  =\u003e 'https://s3-us-west-2.amazonaws.com/tseteam/files/jdk-8u45-windows-x64.exe',\n    path    =\u003e \"${srv_root}/jdk/jdk-8u45-windows-x64.exe\",\n    headers =\u003e {\n      'user-agent' =\u003e 'Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko',\n      'Cookie'     =\u003e 'oraclelicense=accept-securebackup-cookie;gpw_e24=http://edelivery.oracle.com'\n    }, # Oracle makes you accept the license agreement -_-\n    mode    =\u003e '0644',\n    require =\u003e File[\"${srv_root}/jdk\"],\n  }\n}\n```\n\nThen you could, for example, setup a http file server on your puppet master\n```\nclass profile::master::fileserver {\n  include 'stdlib'\n  include 'profile::firewall'\n  include 'profile::apache'\n\n  # Detect Vagrant\n  case $::virtual {\n    'virtualbox': {\n      $admin_file_owner = 'vagrant'\n      $admin_file_group = 'vagrant'\n    }\n    default: {\n      $admin_file_owner = 'root'\n      $admin_file_group = 'root'\n    }\n  }\n\n  apache::vhost { 'tse-files':\n    vhost_name    =\u003e '*',\n    port          =\u003e '81',\n    docroot       =\u003e '/opt/tse-files',\n    priority      =\u003e '10',\n    docroot_owner =\u003e $admin_file_owner,\n    docroot_group =\u003e $admin_file_group,\n  }\n\n  firewall { '110 apache allow all':\n    dport  =\u003e '81',\n    chain  =\u003e 'INPUT',\n    proto  =\u003e 'tcp',\n    action =\u003e 'accept',\n  }\n\n  # The *::finalize class includes some configuration that should be applied\n  # after everything is up and fully operational. Some of this configuration is\n  # used to signal to external watchers that the master is fully configured and\n  # ready.\n  class { 'profile::master::fileserver::finalize':\n    stage =\u003e 'deploy_app',\n  }\n\n}\n```\n\nnow we can download files on windows from the puppetmaster.  Not sure about smb.\n\n\n## Rolling our own Jenkins deployment pipeline\nLets talk about a couple of ways we can do a phased deployment of our puppet code promoting it from 1 environment to the next\nusing a jenkins pipeline.\n\n================\n\n1. branch/puppet environment per environment that you have ( development, staging, and production )\n\npros\n------\n- true code seperation between environments\n- Safety net in which if the code pass dev environment and got promoted to staging and something bad happened and you killed the pipeline you can have peace of mind if someone goes in and does a puppet agent run on all nodes in all environments you wont have a production outage or really bad things happen.\n\ncons\n------\n- rolling back requires a change to go out so that someone later doesn't force run puppet causing cached catalogs to not be used or no-noop to happen\n- Long lived branches that you have to manage or get some other thing like jenkins to manage the merging for you.  I assume if you merge to dev and it blows up in production then you just make the fix and make your way through the pipeline again.  The long live branches will differ in commits because of this but the code will eventually be the same when you make it through the pipeline successfully.\n- since our aim is to control the push out of puppet changes we will need to do one of the following to prevent uncontrolled puppet runs with the new code\n    1. Cached-Catalogs on agents\n\n    ```\n        ini_setting { 'puppet agent use_cached_catalog':\n        ensure  =\u003e $ensure_setting,\n        path    =\u003e $puppet_conf,\n        section =\u003e 'agent',\n        setting =\u003e 'use_cached_catalog',\n        # lint:ignore:quoted_booleans\n        value   =\u003e 'true',\n        # lint:endignore\n    }\n    ```\n    \n    2. noop mode\n\n    ```\n        ini_setting { 'puppet agent use_cached_catalog':\n        ensure  =\u003e $ensure_setting,\n        path    =\u003e $puppet_conf,\n        section =\u003e 'agent',\n        setting =\u003e 'noop',\n        # lint:ignore:quoted_booleans\n        value   =\u003e 'true',\n        # lint:endignore\n    }\n    ```\n\n  3. You can even use a combination of both to keep track of changes instead of autocorrect\n\n\n================\n\n2. 1 branch/puppet environment used for all nodes and you simply use a fact ( trusted.extensions.pp_environment = \"production\" ) to control deployments to nodes\n\npros\n------\n- No long-lived branches.  Simply have 1 master/production branch\n\ncons\n------\n- rolling back requires a change to go out so that someone later doesn't force run puppet causing cached catalogs to not be used or no-noop to happen\n- Because there is no code seperation via long lived branches if someone makes it partially through the pipeline and someone comes in later and does a puppet job on all\n  nodes in all environemnts it could cause an outage!\n- since our aim is to control the push out of puppet changes we will need to do one of the following to prevent uncontrolled puppet runs with the new code\n    1. Cached-Catalogs on agents\n\n    ```\n    ini_setting { 'puppet agent use_cached_catalog':\n        ensure  =\u003e $ensure_setting,\n        path    =\u003e $puppet_conf,\n        section =\u003e 'agent',\n        setting =\u003e 'use_cached_catalog',\n        # lint:ignore:quoted_booleans\n        value   =\u003e 'true',\n        # lint:endignore\n    }\n    ```\n    \n    2. noop mode\n\n    ```\n    ini_setting { 'puppet agent use_cached_catalog':\n        ensure  =\u003e $ensure_setting,\n        path    =\u003e $puppet_conf,\n        section =\u003e 'agent',\n        setting =\u003e 'noop',\n        # lint:ignore:quoted_booleans\n        value   =\u003e 'true',\n        # lint:endignore\n    }\n    ```\n\n  3. You can even use a combination of both to keep track of changes instead of autocorrect\n\n\n\n  ================\n\n  3. Something simliar to cd4pe and\n    - Create a temp branch with the change\n    - push temp branch\n    - perform code deploy\n    - create a child group to you target deployment environment that overrides the environment to use your temp branch and pin desired nodes to group\n    - perform a puppet job run on the temp environment\n    - if puppet run fails delete child group and branch and exist pipeline\n    - if puppet run succeeds delete child group and merge changes into target environment's long lived branch. \n\n\n==========================\nThis is a type of workflow using cached catalogs on agents\n    https://puppet.com/docs/pe/2018.1/direct_puppet_a_workflow_for_controlling_change.html\n\n\n\nDirect Deployment workflow ( this currently deploys to all nodes )\n---------------------------\nThis policy is used when you want to release changes that you are making a small change you now will not cause any issues\n\nIn Short it says i want to go ahead and promote a change and run it to ALL nodes in a given environment right now!\n\n1. Create all branches before hand that you want\n1. Pick a commit to deploy to an environment.\n1. cd4pe will go a git reset or git update-ref.  no sure which one and push to github.\n1. cd4pe then does a code manager deploy so pe essentially checkouts this updated branch\n1. cd4pe then calls out to orchestrator to kick of puppet runs on all nodes in this update environment.  It's a depoy all!\n\n\n\nTemporary Branch Deployment ( reduce your blast radius so the deployment isn't this big bang )\n-----------------------------\nIt's the same as direct deployment in that you are promoting a change to an entire environment except instead of updating the branch that represent the target environment you want to deploy the change to.\nit creates a new git branch creating a new environment for this deployment ( production_cdpe_102 ).  It will then createa  child environment group of the target environment and assign this environment to it add all the nodes\nin the target environment.  What does this give you that you don't get in the \"Direct Deployment\"?  You don't get rolling deployments to slowly roll out a new change. For Example deploy to 2 nodes at a time\n\n1. Create all branch beforehand that you want\n1. Pick a commit to deploy to an environment\n1. Pick how you want to do a rolling deployment:\n    - Deploy to 2 nodes at a time\n1. cd4pe will create a new branch off your target environment ( production_cdpe_102 ) and will git reset or git update-ref the commit you want to deploy to this environment\n1. cd4pe then does a code manager deploy so pe essentially checkouts this updated branch\n1. cd4pe will create a child environment group for production_cdpe_102 and pin 2 nodes to it.\n1. cd4pe will trigger an orchestration job on these 2 nodes\n1. cd4pe will grab 2 more nodes and so on and so on.\n1. cd4pe will delete the temp branch and the temp environment group once all nodes have been applied the change\n1. cd4pe will then update the target branch to the commit you jsut deployed\n\nIf you configure it to abort the deployment if any nodes have failures with this policy it will cleanup the branch and node group and never advance the target branch on the commit that didnt work unlike direct deployment policy\n\nNOTE: As soon as you pick \"temp branch policy\" you get a new option you can configured to stagger the rolling deployment because well that is what this is!  Its mandatory and examples are below\n\nStagger Settings:\n    Deploy 10 nodes at a time with a 60 second delay\n\nProduction Environment - production\n    - Production Environment Rolling Deployment 22 - production_cd4pe_22\n\n\nIncremental Branch Deployment\n-------------------------------\nThis works almost identical to the temp branch policy except the temp branches hang around forever for history purposes if you need them.  The idea here is you can go back and look at git to see deployment history in git.\n\nSame as above except instead of deleting the branch it leaves it around and points your target environment to this incremental branch! the target branch is no longer being used and is kind of just there for history!\n\nNOTE: You still get the SAME settings as temp branch deployment.  The stagger settings so this is still a rolling deployment\n\nBlue Green Deployment\n------------------------------\nIts similiar to incremetnal branch in that it creates 2 branches blue and green and only maintains and keeps 2 and they constantly move.  The idea here is that as you do deployments you always have a safe version of code available and you can revert to it easily without having all the branches in git like the incremental branch strategy\n\n1. Same as temp branch deployment.  it creates a child group for blue or green.  once it all passes it deletes the temp group and assigns a new environment to the target environment and makes it blue or green respectively\n\nNOTE: This one is also a rolling deployment!","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftragiccode%2Fcontrol-repository","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftragiccode%2Fcontrol-repository","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftragiccode%2Fcontrol-repository/lists"}