Cheat Sheets

Puppet Dry Run

To do a "dry run" in Puppet you need to invoke the agent in noop mode:

puppet agent -t --noop

Limited Dry Run

If you don't want a full run, but check specific ressources/classes/... you can also invoke a dry-run for a tag like this:
puppet agent -t --noop --tags Cron
Which would show all potential changes for all Cron ressources.

Drift Logging using Noop Runs

When you do not do periodic runs pulling all new configuration to all your servers. You might want to do period noop runs instead. This is because like normal runs, noop runs also generated reports against the reporting server (e.g. Foreman or PuppetDB). This allows you to view statistics on noop ressources in your reporting server. The Foreman dashboard for example has a good pie chart for visualizing configuration drift on your servers.

Noop from the code

You can utilize the noop mode even in the code: noop is a meta parameter that can be applied to resources and types to avoid them to actually do something. So declaring
file { '/data/my_favourite_file.txt':
   ensure => absent,
   noop   => true
will raise a noop event on all affected systems, that Puppet wants to remove the file, but didn't because of the noop flag.

So imagine a critical change you want to put live. Yes, of course you have tested it, but you can make extra sure by

Comment on Disqus