Sometimes you have a small environment and don’t require a Puppetmaster. In cases like these, I like using Fabric to complement my workflow. Here’s a nice example of such a workflow. This fabfile.py sits in a repository containing my puppet manifests:
This small environment disallows public SSH access (except for the dev server), and instead all SSH access must be proxied through the bastion host. This is easily accomplished in your ~/.ssh/config file with a stanza like:
Host dev HostName dev.test User rob ForwardAgent yes ProxyCommand ssh [email protected] nc %h %p
Fabric will obey your ~/.ssh/config as long as you specify:
env.use_ssh_config = True
However, in order to get the rsync_project task to work properly, you’ll need to set the proper “ssh_opts”.
Now whenever you want to apply your manifests, you can simply run:
fab app sync fab app apply