Sunday, September 22, 2013

Puppet 3.2 graph and cycles

Awesome article on this topic.

To generate a graph, simply type this:
puppet apply --modulepath=/tmp/vagrant-puppet/modules-0/ osb-vagrant.pp --noop --graph

In case (it happens often!) you have a dependency cycle ( A -> B -> A ), you will get the dreaded message:

[root@osb-vagrant manifests]# puppet apply --modulepath=/tmp/vagrant-puppet/modules-0/ osb-vagrant.pp --noop --graph
err: Could not apply complete catalog: Found 1 dependency cycle:
(File[/etc/sudoers.d/nesoav2] => Class[Nesoav2::Sudo] => File[/etc/sudoers.d/nesoav2])
Cycle graph written to /var/opt/lib/pe-puppet/state/graphs/
notice: Finished catalog run in 0.32 seconds

This is new compared to previous editions. Previously the whole resource graph was generated, now only the cycle is written to the file - making investigation a lot easier.

How do I generate graphs?
 puppet --configprint confdir


vi /etc/puppetlabs/puppet/puppet.conf

    vardir = /var/opt/lib/pe-puppet
    logdir = /var/log/pe-puppet
    rundir = /var/run/pe-puppet
    modulepath = /etc/puppetlabs/puppet/modules:/opt/puppet/share/puppet/modules
    user = pe-puppet
    group = pe-puppet
    archive_files = true
    archive_file_server =

    certname = localhost.localdomain
    server =
    report = true
    classfile = $vardir/classes.txt
    localconfig = $vardir/localconfig
    graph = true
    pluginsync = true

note the "graph = true " in the agent section of puppet.conf file.

To check the directory where the graph files will be written:
puppet --configprint graphdir

 ls -ltr /var/opt/lib/pe-puppet/state/graphs
total 120
-rw-r--r-- 1 root root 28078 Sep 21 22:20
-rw-r--r-- 1 root root 26513 Sep 21 22:20
-rw-r--r-- 1 root root 54997 Sep 21 22:20
-rw-r--r-- 1 root root   147 Sep 21 22:20

so all these files will be generated every time I run "puppet apply"

just run "dot -Tpng -o resources.png" to generate the image. (don't forget the -o, otherwise hell will break loose on your PC)
This is what you get:
in my case, the mistake was that I have 2 classes "sudo" in 2 different module
class nesoav2::sudo {
  file { '/etc/sudoers.d/nesoav2':
    source => "puppet:///nesoav2/sudo_nesoav2",
    owner => root,
    group => root,
    mode => 0440,
    require => Class["sudo"]

and if you don't specify the other module (package) name in Class["sudo"], the class will try to import itself. This is really a beginner's error in Puppet, like having a class extending itself (try that in Java and the IDE will immediately tell you.... Puppet's IDE is simply dumb).
If you generate the WHOLE graph "dot -Tpng -o expanded_relationships.png" it's really way too complex. One should have the option of plotting only the nodes related to a specific resource....
These are all the commands:
dot -Tpng -o expanded_relationships.png
dot -Tpng -o relationships.png
dot -Tpng -o resources.png

I read here that a much better way of examining the graphs is to import the .dot file into Gephi

No comments: