About Archive Tags RSS Feed


Validating puppet manifests via git hooks.

27 April 2015 21:50

It looks like I'll be spending a lot of time working with puppet over the coming weeks.

I've setup some toy deployments on virtual machines, and have converted several of my own hosts to using it, rather than my own slaughter system.

When it comes to puppet some things are good, and some things are bad, as exected, and as any similar tool (even my own). At the moment I'm just aiming for consistency and making sure I can control all the systems - BSD, Debian GNU/Linux, Ubuntu, Microsoft Windows, etc.

Little changes are making me happy though - rather than using a local git pre-commit hook to validate puppet manifests I'm now doing that checking on the server-side via a git pre-receive hook.

Doing it on the server-side means that I can never forget to add the local hook and future-colleagues can similarly never make this mistake, and commit malformed puppetry.

It is almost a shame there isn't a decent collection of example git-hooks, for doing things like this puppet-validation. Maybe there is and I've missed it.

It only crossed my mind because I've had to write several of these recently - a hook to rebuild a static website when the repository has a new markdown file pushed to it, a hook to validate syntax when pushes are attempted, and another hook to deny updates if the C-code fails to compile.



Comments on this entry

icon Dunedan at 21:35 on 27 April 2015

For that purpose I wrote a little hook a while ago, which can be used as pre-commit and update hook, so one can use the same hook for doing a local and a server side check. That hook is by far not perfect, but works remarkably well in daily business. Maybe it'll be helpful for you as well: https://github.com/smaato/puppet-git-hook

icon Steve Kemp at 06:12 on 28 April 2015

Your hook looks good, thanks for sharing.

But the point of mine was to be pre-receive rather than pre-commit to allow future-colleagues, and others to never commit bad things.

icon Dunedan at 15:24 on 28 April 2015

Well, the ability to run it as "pre-commit" hook allows you to use it locally to avoid commmitting something bad and the ability to run it as "update" hook allows you to run it on the server side to prevent your colleages from pushing bad things, which I believe is exactly what you want. The only difference between "pre-receive" and "update" is that "update" gets executed for every pushed branch while "pre-receive" is only executed once per push. See http://www.git-scm.com/book/en/v2/Customizing-Git-Git-Hooks#Server-Side-Hooks for details.