This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
Content-Type: text/plain; charset=UTF-8
On Tue 17 Jun 2014 04:54:45 PM CEST, Ewoud Kohl van Wijngaarden wrote:
On Tue, Jun 17, 2014 at 11:36:35AM +0200, David Caro wrote:
> Hi everyone!
> I'm starting a thread to discuss the puppet modules organization.
> There are two proposed ways of organizing them:
> 1.- Using a unique module named ovirt_infra
> 2.- Using multiple modules, named ovirt_*
> Feel free to propose other alternatives, the main points for each one =
> 1.- Everything inside one module, easy to find
> 1.- Easy to add a new class, just create the file
> 1.- Easy to create hard to maintain code
> 1.- Easy to create very interdependent code
> 2.- Enforces modularization of the different code (one module, one tas=
> 2.- Easier to test
> 2.- Safe to reuse
> 2.- More organized (not everything in the same place)
> 2.- It's the most common way of organizing puppet manifests, so the ma=
> guidelines, patterns and most of the documentation expects this
> Please send your comments and if too many I'll open a pad with the the=
> I vote for #2, modularized organization.
I'd be in favor of a roles/profiles pattern. Given we use foreman, I=
think the roles pattern is filled by foreman hosts (including host
groups and since foreman 1.5 configuration groups). That leaves a
profiles module. I think ovirt_infra suits that, so option 1.
That's not against the modules view I expressed before, and it's against =
have now, let me explain:
A basic example, right now we have the class ovirt_infra::user, that is n=
profile, and it does not belong inside a profile module.
If you see the link that you sent  it has this structure:
Node -> Role -> Profiles -> Modules -> Resources
Where a profile is:
"Unlike roles, which are named in a more human representation of the serv=
function, a profile incorporates individual components to represent a log=
The users class does not fit in any case in that definition. Instead it's=
But right now, our modules level is empty (we just have external modules =
and what I propose is to extract all the individual classes that do not f=
profiles definition to their own module (one per class, as they should be=
logically independent at that level).
Just as it explains on the same paragraph:
"the webserver profile is made up of the httpd, memcache and php componen=
Puppet, these lower level components are represented by your modules."
So we are not using the profiles/roles pattern right now. And I proposed =
it (maybe not that explicitly, but that was the idea), and that require t=
modularization of a few classes that we already have.
That post also agrees with modularization:
"I=E2=80=99ve talked about profiles and roles like they are some special =
modules being something else. In reality, all of these classes can be, an=
should be modularised. I make a logical distinction between the profile a=
modules, and everything else (e.g.: modules that provide resources)."
That said, I'm not against renaming ovirt_infra to profiles and adding =
roles module. Then in foreman you only select a single role.
I vote for this also, so we will end up with a layout similar to this:
| - role
| | - manifests
| | | - puppetmaster.pp
| | | - jenkins_master.pp
| | | - jenkins_slave.pp
| | ...
| - profile
| | - manifests
| | - base.pp
| | - jnlp_slave.pp
| | - www.pp
| | - nagios.pp
| - ovirt_mod1 (custom module that is not a profile, like ovirt_user)
| - ovirt_mod2 (custom module 2, for example, ovirt_repo)
That will help us easily control changes on the configuration of the host=
and review changes on that configuration too. But we will need another re=
hold the sensitive parameters (passwords and all), maybe using hiera (I'v=
playing with non-public gerrit repos, that can be useful).
Also, I disagree it's the main guideline to build one module per role.
If your task is to define all profiles, then it's still one task.
Another disadvantage of many modules is that many of the standard puppe=
testing tools work per module. If you want to write tests for every
module, you end up with a lot of files. We can have a look at writing
custom scripts that perform all tests, but there's something to say
about using standard tools puppet module authors are used to. (See
garethr/puppet-module-skeleton for some ideas of a standard module.)=
I don't see this as a disadvantage, but as an advantage, having tests for=
module means that the tests are specific to that module, are clearer and =
to write and troubleshoot. From that same author you can see that he's qu=
used to create modules, instead of having one big module per installation=
It's fairly easy to write a script to run the tests on each module, that =
be no problem.
Red Hat S.L.
Continuous Integration Engineer - EMEA ENG Virtualization R&D
RHT Global #: 82-62605
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
-----END PGP SIGNATURE-----