Back in November 2013 Amazon added a much requested feature to CloudFormation, the ability to conditionally include resources or their properties in to a stack. As an example I’m currently using this as a small cost saving measure to ensure only my production RDS instances have PIOPs applied to them while being able to build each environment from a single template. CloudFormation Conditionals live in their own section of a CloudFormation template. Read on →

I changed jobs midway through 2013 and quite quickly discovered that I’d been a little too buried in my role and not been keeping up other parts of my technical interests. As a first step I decided to put a very basic Pragmatic Investment Plan in place. Mostly as a simple way to ensure I actually started to get involved in non-work things again. Firstly I set myself the task of recording which books I actually read. Read on →

One of the new features released in Puppet 3.4.0 is the ability to add options to rpm package installs. This is a feature that’s been discussed in a couple of tickets over the years and now we’ve got an official, in core, approach I’ve copied the code to the yum and apt providers github branch. class pkgoptions { package { 'strace': ensure => 'installed', provider => 'yum', install_options => [ '--noplugins', '--enablerepo=fedora' ],# or install_options => [ '-t', 'squeeze-backports' ], for Debian backports } } The approach in this patch is not the final one I’d like to take so I’ve not submitted it upstream. Read on →

"a simple resource that blocks transactions until a check passes, theoretically indicating that a remote resource is in a desired state.“ – Puppet Remote Resource Documentation I stumbled over the Puppet Remote Resource module while looking around the Puppetlabs github account for something completely different and was surprised to find that I’d never seen this little gem mentioned anywhere else. A pre-built way to have a puppet resource skipped based on the result of an external command is a very flexible tool, especially when you couple it with all the available nagios checks. Read on →

I don’t often impulse buy technical books. They cost too much and consume too much shelf space to be purchased frivolously but when it’s 1.95 for a Kindle book on Go and I’m stuck miles from home it seemed like a good idea. An Introduction to Programming in Go is a well written guide to your first hour in Go. While you can probably find coverage of the same material on the web, having it all nicely curated in one place is worth the money for someone like me who just wants a little taster and overview. Read on →

Over the years Puppet has handled resources ordering without explicit dependencies in different ways, with the release of Puppet 3.3.0 they’ve exposed this ordering logic to the admin with three interesting options. To test these options out we’ll use the ‘ordering’ test module shown below. We include three classes, ordering::beta, ordering::alpha and ordering::gamma (note that the includes are not in alphabetically sorted order). Each of these classes has three notify statements that show a number and the class they are contained in. Read on →

We use Amazon CloudFormation for a number of our deployments at $WORK. Although it’s nice to have security group creation inside the same template as the resources it will secure, CloudFormations ‘helpful’ addition of a unique string at the end of the resource names it creates can sometimes be a problem. A couple of tools assume security groups will have an absolute, unchanging name and lack a way to search for an appropriately tagged security group whose name can change on stack rebuild. Read on →

Even though I don’t spend as much time writing puppet code as I used to I try to stay relevant and as part of that I like to read all the Puppet books that come out. Below are the ones I’ve read this year, brief thoughts on them and the reading path I’d give to a new junior. As the name implies the Puppet 3 Beginner’s Guide is a decent place to start learning Puppet. Read on →

The kind people at Apress provided me with an alpha review copy of Pro Puppet and while it’s not the finished product you can already get a good feel for the books tone and coverage. I quite liked the first edition of Pro Puppet and this update is more evolutionary than revolutionary. All chapters from the previous edition are present and the biggest addition is the very welcome chapter on using Hiera in your modules; even if it’s oddly placed at the end of the book. Read on →

Puppet has always supported templating via ERB and while it’s a powerful, flexible templating engine the ability to use any arbitrary ruby code inside a template that’s run on the puppet master sometimes raises some eyebrows. As part of a security architecture review the concept of replacing the templating engine with something that still allows looping and text manipulation without allowing too much else was discussed and led to the idea of allowing templates to be written in Liquid. Read on →