Sometimes you have a small environment and don’t require a Puppetmaster. In cases like these, I like using Fabric to complement my workflow. Here’s a nice example of such a workflow. This fabfile.py sits in a repository containing my puppet manifests:

This small environment disallows public SSH access (except for the dev server), and instead all SSH access must be proxied through the bastion host. This is easily accomplished in your ~/.ssh/config file with a stanza like:

Host dev
  HostName dev.test
  User rob
  ForwardAgent yes
  ProxyCommand  ssh [email protected] nc %h %p 

Fabric will obey your ~/.ssh/config as long as you specify:

env.use_ssh_config = True

However, in order to get the rsync_project task to work properly, you’ll need to set the proper “ssh_opts”.

Now whenever you want to apply your manifests, you can simply run:

    fab app sync
    fab app apply