Mcollective agent for updating puppetmasters where branch == environment

  • Users starred: 10
  • Users forked: 4
  • Users watching: 10
  • Updated at: 2016-09-06 18:32:58


Git branches => Puppet environments, automated with an mcollective agent


The puppetupdate agent will then pull your puppet code and checkout /etc/puppet/environments/xxx for each branch that you have, giving you an environment per branch.

This means that you can develop puppet code independently on a branch, push, mco puppetupdate and then puppet agent -t --environment xxxx on clients to test (where the environment maps to a branch name)

Branch name rewriting.

There are a selection of environment names which are not permitted in puppet.conf, these are:

  • master
  • user
  • agent
  • main

If you have a branch named like this, then puppetupdate will automatically append 'branch' to the name, ergo a branch in git named 'master' will become an environment named 'masterbranch'.

Additionally, there are a selection of characters which whilst being valid git branch names, are not valid puppet environment names.

Notably, the following characters get translated:

  • - becomes _

  • / becomes __


The following configuration options are recognised in the mcollective server.cfg, under the namespace plugin.puppetupdate.xxx


An ssh key to use when pulling puppet code. Note that this key must NOT have a passphrase.


Where you keep your puppet code, defaults to /etc/puppet

Environments are always under this directory, as is the checkout of your puppet code (in a directory named puppet.git)


The repository location from which to clone the puppet code.

Defaults to http://git/puppet

You almost certainly want to change this!


A comma separated list of branches to not bother checking out (but not remove if found).

Defaults to empty.

Often you want to set this to 'production', so that you can symlink the default branch to puppet client to whatever your default git branch is called (unless you name your default git branch 'production')

If any of the entries are bracketed by //, then the value is assumed to be a regular expression.

For example, the setting:


will ignore the 'production' branch, and also any branch prefixed with 'foobar'


A comma separated list of branches to never checkout, and remove if found checked out.

Value behaves in the same manor as ignore_branches


If set, after checking out / updating a branch then puppetupdate will chdir into the top level /etc/puppet/environments/xxx directory your branch has just been checked out into, and run the command configured here.

Use this to (for example) decrypt secrets committed to your puppet code using a private key only available on puppet masters.


Checkout, then just run:

mco plugin package .

You'll get a .deb or .rpm of the code for this agent, which you can install on your puppet masters.

Arrange your puppet.conf on your puppetmaster to include the $environment variable, in the modulepath and manifest settings.


MIT licensed (See LICENSE.txt)


Patches are very welcome!