Opinionated / sensible / recommended default tools for charms

Kapil Thangavelu kapil.thangavelu at canonical.com
Thu Nov 10 14:18:52 UTC 2011 

Excerpts from Mark Shuttleworth's message of Thu Nov 10 02:43:42 -0500 2011:
> On 09/11/11 12:53, Michael Nelson wrote:
> > Yeah, in the example I gave of using the puppet master, it's only as a
> > distribution mechanism for private configuration details
> 
> As I recall, we did set a goal to be able to deploy services with Juju
> and colocate a puppet endpoint, so that one could deliver some
> hard-required config change to, say, all the nodes with units of a
> particular service, in Puppet. What's the status of that?
> 
> Mark
> 

The initial use case for puppet integration for co-location was out of band 
management of the container that the service unit was being deployed on. 

There seem to be a few different use cases arrising from the discussion of what 
puppet usage on a unit might entail.

  1. puppet used in standalone fashion by a charm to effect changes on a single 
     service unit. this is absent any co-location of a puppet agent. it does
     entail dependence of the charm on a puppet install, and may have 
     compatibility problems with the items below.

  2. a puppet agent in the container alongside the unit to enable out of band 
     (non service) related management of a container. this is a goal of 
     co-location.

  3. a puppet agent in the container used to manage/maintain the changes of a 
     service unit. this is a possible use of co-location.


Its this last point that has some contention. Afaics, it boils down to awareness 
of the puppet master of the use and state of the service unit container. That 
could be had via either an external node classifier [1] and more specifically of the 
data driving changes being made by the service unit onto the container.

The tension is that puppet is a centrally managed system assuming all knowledge 
config knowledge is available from the central system. While juju is more an 
orchestration model at almost a p2p level with emergent configuration 
properties. The benefit of the latter beyond orchestration is encapsulation, 
and as Gustavo points out, once we have a central system managing the emergent 
configuration we get possible breakdowns of encapsulation. Their very different
models, imo.

I think the inspection of what the service unit agent is doing can be had by 
allowing inspection of the service config and relations of a service unit, by 
its co-located puppet unit via some additional juju unit cli api. That would 
keep the encapsulation of the service unit charm, but allow the puppet agent 
ability to define custom facts against the juju data. This would push any 
violation of encapsulation directly onto the puppet master configuration which 
is the desired place in a puppet installation to manage it. 

Its the mapping of the juju service to the puppet classes that is a bit unclear. 
Its not clear if something like an external node classifier can only select 
from known class vocabulary of the puppet master. Assuming that limitation,
It requires some class pre definition for a service within the puppet master. 
Possibly these could be encapsulated or auto generated from a juju charm and 
pulled into a puppet master when available, upon establishment of the 
co-location relation. This usage could apply to other co-located services, 
possibly with charm definition/preference for a particular configuration 
management expressed within the charm, and transfered at relation establishment 
time via new cli hooks. Again the notion of automatically modifying the puppet 
master configuration is very much out of spirit of puppet afaik.

The co-location spec should be on the list today or tomorrow for discussion. 

cheers,

Kapil

[1] https://www.puppetlabs.com/guides/external_nodes.html

More information about the Juju mailing list