Onboard new infra under Puppet

[Yezzaaa]

He all
We have a puppet environment that is managing our infrastructure.
Our environments are set as DEV, TEST and PROD. We manage things like users on the system, different module and applications installations and setup, OS updates etc.
Most of our configuration is the same baseline for all servers. Things that are different are written as node specifics.
We also use "Hiera" to look up through things like nodes, environments, roles.

Our company recently purchased another company that already has existing infrastructure that is done manually, no automation tools. That configuration is different from our existing one.
I was wondering, what would be the best way to onboard a new infrastructure under the puppet management?
How to organise code to now manage two different infrastructures effectively with reusable code? There are for sure similarities that can be baselines across our existing infra and a NEW infra, but there are also a lot of specifics, like users on the systems, agent configuration etc.

Please advise
Thanks everyone

[bastelfreak]

Hi,
this is tricky to explain. The best implementation depends on your organisation and your server setup. Rule of thumb

Use external modules

Use as many external modules as possible. If you need to write your own module because there isn't a suitable open source mobule, publish your module. Make it public from the first commit on.
That ensures that each module only manages a single component (like apache or nginx). In turn that's a requirement to make the module generic and interchangeable and that's a requirement to use one module on your two companies servers.

use roles and profiles

That's a common pattern that got explained on many blog posts. Tl;Dr a profile calls one component module and orders it within the catalog. So it adds requirements/notifies to other profiles. And it adds your company specific data. A role just groups profiles together. A profile can be in multiple roles. A server only gets one role.

That ensures a certain structure in your code and separates it into smaller blocks. That in turn makes it easier to onboard new servers.

Getting started

Define one small base profile. A class that manages everything that's identical on all systems. Maybe dns resolver, ntp config, ssh keys. Start with that. Then identify servers with identical configuration. create one role for them.

As I said, the details on the implementation and best practices really depends on your setup. Consider getting a puppet training or a consultant. If the design is bad you will suffer for ages from the decision.