RelOps Masterless Puppet
Mozilla Public License 2.0
Ronin Puppet: the masterless puppet collection

structural rules

More information:

converging hosts

Many profiles run puppet at boot, but some only do on demand.


# setup bolt first, see
bolt plan run deploy::apply -t noop=false -v



test-kitchen (with kitchen-puppet ) provides infrastructure to automate running Puppet convergence and InSpec tests for each role.

The repo contains configurations for Test Kitchen to use Vagant, Docker, and Mac instances.

test-kitchen in called via ./bin/kitchen_docker (the binary tells test-kitchen to use the .kitchen_configs/kitchen_docker.yml config file).

InSpec tests live in tests/integration/SUITE/inspec/*_spec.rb.

test-kitchen history

In the past we used ./bin/kitchen (which used Vagrant and VirtualBox, and was configured in .kitchen_configs/kitchen.yml). .kitchen_configs/kitchen.circleci.yml was used for CircleCI (but it now uses the Docker config).

We used Vagrant/VirutalBox because some things don't work with Docker (kernel module installation and testing).

converging and running tests

# install ruby via homebrew or other means
brew install ruby
# add gem bin path (may differ on your system) to your PATH
export PATH=$PATH:/usr/local/lib/ruby/gems/2.6.0/bin  # may be 2.7.0
gem install bundler

# install testing tools
bundle install

## testing bitbar workers
./bin/kitchen_docker converge bitbar
# run spec tests
./bin/kitchen_docker verify bitbar

## testing linux-perf workers
# coverge host
./bin/kitchen_docker converge linux-perf
# run serverspec tests
./bin/kitchen_docker verify linux-perf
# login to host
./bin/kitchen_docker login linux-perf

creating a new suite

  1. Edit .kitchen.docker.yml. Set the appropriate details.
  2. (optional) Write spec tests.
    • Convergence is somewhat tolerant of failures. Write tests to ensure that the system is in the desired state. Tests help ensure that refactoring doesn't break things also.
    • See tests/integration.
  3. Add the new suite to CircleCI.
    • See .circleci/config.yml.

verifying production hosts

InSpec tests

The InSpec tests (see above) can be run on production hosts also.

inspec exec test/integration/linux/inspec/ -t ssh:// -i ~/.ssh/id_rsa --user=aerickson --sudo


Vagrant is useful for testing the full masterless bootstrapping process (test-kitchen handles this normally).

Vagrant mounts this directory at /vagrant.

bitbar_devicepool role

gem install bundler
bundle install  ## .bundle/config sets the gemfile to .gemfile
vagrant up bionic-bare
vagrant ssh bionic-bare
sudo /vagrant/provisioners/linux/


module and class documentation