Re: [Puppet Users] [SOLVED] line replace triggers file reload
Sorted, I've done it using a template: search %= dns_search_path % nameserver ... nameserver ... That way the file is (presumably?) created on the master and looks constant to the client. GiBo On 02/06/11 17:59, Giovanni Bordello wrote: Hi, it's a modified replace() function taken from here: http://projects.puppetlabs.com/projects/1/wiki/Simple_Text_Patterns define line_replace($pattern, $replacement) { $file = $name err (line_replace... $name) exec { /usr/bin/perl -pi -e 's/$pattern/$replacement/' '$file': onlyif = /usr/bin/perl -ne 'BEGIN { \$ret = 1; } \$ret = 0 if /$pattern/ ! /$replacement/ ; END { exit \$ret; }' '$file', } } The problem is not that line_replace() kicks in every time (it doesn't, it only does when $dns_search_path is defined, that's ok). The problem is: - Puppet Agent loads a pristine resolv.conf from the server and records the {md5} - Then it runs line_replace() and changes the search path. - All good, file looks as expected. On the next run the Agent checks resolv.conf's {md5} and realises it's different from what was recorded (of course, one line was changed). So it reloads it from the server in the pristine form again and recods the pristine {md5}. Then line_replace() kicks in again, does its onlyif= test but that's false, because the file has just been loaded from the server. So it replaces the line, leading to a changed {md5}. And that goes on and on every time puppet agent is run. Can I do something about that? GiBo On 02/06/11 17:40, yzhk...@gmail.com wrote: perhaps you should add a check :onlyif cannot find pattern(dns_search_path) in resolv.conf,then puppet actions. can you paste your full code . I didnot see the define or param class or (custom type?)line_replace? thank you~~~ From China mainland On Thu, Jun 2, 2011 at 1:01 PM, Giovanni Bordello g...@gentlemail.com mailto:g...@gentlemail.com wrote: Hi guys, I've got /etc/resolve.conf managed by Puppet: file { /etc/resolv.conf: ensure = present, source = puppet:///modules/system/etc/resolv.conf.${dns_zone}.${dc_use}, group = root, owner = root, mode = 0644 } if $dns_search_path { line_replace { /etc/resolv.conf: replacement = search ${dns_search_path}, pattern = search .*, require = File[/etc/resolv.conf], } } The trouble is that the file is fetched from the server on every puppet agent run and line_replace() is then executed. info: Caching catalog for ssutt1ldv.example.com http://ssutt1ldv.example.com info: Applying configuration version '1306990268' --- /etc/resolv.conf2011-06-02 16:46:22.0 +1200 +++ /tmp/puppet-file.18828.02011-06-02 16:51:10.0 +1200 @@ -1,3 +1,3 @@ -search something.else.example.com http://something.else.example.com +search example.com http://example.com nameserver 172.26.203.23 nameserver 172.27.203.23 info: FileBucket got a duplicate file {md5}8a9e992c28b98fbc544d99512f54e657 info: /Stage[main]/System::Files/File[/etc/resolv.conf]: Filebucketed /etc/resolv.conf to puppet with sum 8a9e992c28b98fbc544d99512f54e657 notice: /Stage[main]/System::Files/File[/etc/resolv.conf]/content: content changed '{md5}8a9e992c28b98fbc544d99512f54e657' to '{md5}10e974d9fac3b24d638478ac1852d896' notice: /Stage[main]/System::Files/Line_replace[/etc/resolv.conf]/Exec[/usr/bin/perl -pi -e 's/search .*/search something.else.example.com/ http://something.else.example.com/' '/etc/resolv.conf']/returns: executed successfully notice: Finished catalog run in 5.93 seconds Can I do something about it? For instance record the search path somewhere and only trigger the whole thing if it changes? For most servers the default path is good but some require a different one that I specify in their 'node { $dns_search_path = ... }'. Thanks! GiBo -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com mailto:puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com mailto:puppet-users%2bunsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at
[Puppet Users] Managing /etc/fstab options with augeas
Hi again, I'm trying to manage mount options in /etc/fstab with Augeas but can't figure out how to add more than one option. augeas { /etc/fstab: context = /files/etc/fstab, changes = [ 'set *[file = /tmp]/opt nosuid', 'set *[file = /home]/opt nosuid', ], } I would like to add nodev as well but can't figure out how. When I simply replace nosuid with nosuid,nodev it fails with: err: /Stage[main]/System::Files/Augeas[/etc/fstab]/returns: change from need_to_run to 0 failed: Save failed with return code false I have just spent some time in augtool but am still confused. I have manually changed the options for /apps to defaults,nosuid and this is augtool's output: augtool print /files/etc/fstab/*[file = /apps] /files/etc/fstab/3 /files/etc/fstab/3/file = /apps /files/etc/fstab/3/opt[1] = defaults /files/etc/fstab/3/opt[2] = nosuid [..] Now I can set /files/etc/fstab/3/opt[2] nodev but can't figure out: 1. how to do it with the [file=/apps] because I don't know the index (.../3/...) for each mountpoint. 2. how to add a new 'opt' for mountpoints that only have 'default' at the moment. Any ideas? Thanks! GiBo -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] [SOLVED] line replace triggers file reload
On Wed, Jun 1, 2011 at 11:22 PM, Giovanni Bordello g...@gentlemail.comwrote: Sorted, I've done it using a template: search %= dns_search_path % nameserver ... nameserver ... That way the file is (presumably?) created on the master and looks constant to the client. To answer your implicit question. The file is generated on the master and embedded in the catalog. Then the catalog is send to the client. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
RE: [Puppet Users] Re: Any good documentation NGINX + Passenger + Puppet?
3. SO my next issue is a function I wrote (random minute for cron), this stopped working, So instead of executing the function is takes is a value... Anyone ??? I can't help with the problem you're having, but would this do for your random minute? # Random minute between 10 past and 10 to the hour $random_minute = fqdn_rand(40) + 10 cron { foo: command = bar, minute = $random_minute, ensure = present, } fqdn_rand is described here: http://docs.puppetlabs.com/references/stable/function.html#fqdnrand -- Russell Howe rh...@moonfruit.com -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Concat Module posted to Onyx Point Github.
Hi Trevor, I'll add my thanks to the pile, this is pretty awesome stuff! I compared the --graph results with the old concat moule, and this one - impressive difference :) As Larry says, the fact that it executes Concat_build on every run is a stopper for us, since the dependant services get restarted and we get report emails of any changes. Also, I can't see any way to hook into the filebucket for backups. I managed to hack in a cp file file.bak type functionality just before it actually cp's the newly-built file. However, my Ruby-fu isn't up to pulling in the filebucket stuff yet - might be worth adding to the todo list. Thanks again for the great module though :) Greg -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/OXRxUlV4QnVxU3NK. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Concat Module posted to Onyx Point Github.
Hi again, After an hour or three of hacking, I've managed to add the insync? checks to both the build and fragment types. It's the first time I've ever really messed with types and providers, so it's very ugly (and probably has bugs), however I'm happy to share my patches. Would that be best a) here b) in puppet-dev, or c) direct to Onyx Point? Cheers, Greg -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/bDJFMXd4Q0VFMG9K. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Any good documentation NGINX + Passenger + Puppet?
Thanks It end up a restart of nginx and everything is working! So pretty happy my next thing would be document what I did and make that available to whoever needs it On Jun 2, 4:28 am, Russell Howe rh...@moonfruit.com wrote: 3. SO my next issue is a function I wrote (random minute for cron), this stopped working, So instead of executing the function is takes is a value... Anyone ??? I can't help with the problem you're having, but would this do for your random minute? # Random minute between 10 past and 10 to the hour $random_minute = fqdn_rand(40) + 10 cron { foo: command = bar, minute = $random_minute, ensure = present, } fqdn_rand is described here:http://docs.puppetlabs.com/references/stable/function.html#fqdnrand -- Russell Howe rh...@moonfruit.com -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] uploading files via REST?
Thank you, and one more q: can I specify a folder/share for the uploaded file, assuming there are several available? On Tue, May 31, 2011 at 7:41 PM, Daniel Pittman dan...@puppetlabs.comwrote: On Tue, May 31, 2011 at 07:21, RCosma razvan.co...@gmail.com wrote: Hello, I am a bit confused by the REST syntax - how can I PUT an arbitrary file in the bucket? Downloading works fine (Perl+LWP), see below, but for PUT I only see this line in the docs ( http://docs.puppetlabs.com/guides/rest_api.html): PUT /{environment}/file_bucket_file/md5/{checksum} Should I compute the MD5 of the file and port its contents at the url ? Yeah, you would need to: the indirector, which this is an instance of, requires that you uniquely identify where you are writing to. So, in the case of the filebucket the key is that MD5 checksum; you would need to calculate it for the file and supply it. There is no support in the indirector for uploading the data with the server calculating the checksum. (As a side note, I don't think we actually *check* you were honest about that, other than when the target checksum already exists, so please try not to lie about it. ;) Daniel -- ⎋ Puppet Labs Developer – http://puppetlabs.com ✉ Daniel Pittman dan...@puppetlabs.com ✆ Contact me via gtalk, email, or phone: +1 (877) 575-9775 ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Concat Module posted to Onyx Point Github.
Greg Sutcliffe wrote: Hi again, After an hour or three of hacking, I've managed to add the insync? checks to both the build and fragment types. It's the first time I've ever really messed with types and providers, so it's very ugly (and probably has bugs), however I'm happy to share my patches. Would that be best a) here b) in puppet-dev, or c) direct to Onyx Point? Awesome stuff! The puppet-dev list is the best place. Cheers James -- James Turnbull Puppet Labs 1-503-734-8571 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] uploading files via REST?
Still, this doesn't seem to work in my test setup, i.e. apache as proxy in front of puppet. I get a ..timeout specified has expired: proxy: prefetch request body failed to 127.0.0.1:18140 in apache's log. GETs do work, just PUTs fail. Config is Listen 8140 Proxy balancer://puppetmaster BalancerMember http://127.0.0.1:18140 BalancerMember http://127.0.0.1:18141 /Proxy VirtualHost *:8140 SSLEngine On SSLCipherSuite SSLv2:-LOW:-EXPORT:RC4+RSA SSLCertificateFile /var/lib/puppet/ssl/certs/server.pem SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/server.pem SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem SSLVerifyClient require SSLVerifyDepth 1 SSLOptions +StdEnvVars RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e Location / SetHandler balancer-manager Order allow,deny Allow from all /Location ProxyPass / balancer://puppetmaster/ ProxyPassReverse / balancer://puppetmaster/ ProxyPreserveHost On ErrorLog /mirror/log/balancer_error_log CustomLog /mirror/log/balancer_access_log %h %l %u %t \%r\ %s %b \%{SSL_CLIENT_S_DN}x\ \%{User-Agent}i\ /VirtualHost and the perl code is { open my $up, , $_[0] or die Something went wrong: .$!; binmode $up; my $ck = Digest::MD5-new; $ck-addfile($up); close $up; my $req = HTTP::Request::StreamingUpload-new( PUT = https:// .$server./file_bucket_file/tftp/md5/.$ck-hexdigest, path = $_[0], headers = HTTP::Headers-new( 'Content-Type' = 'application/binary', 'Content-Length' = -s $_[0], 'Accept' = 's', ), ); my $res = $ua-request($req); die Something went wrong: .$res-status_line unless $res-is_success; return $res-content; } SSL handshake does work, but the puppet process doesn't seem to receive any data (I'm tailing its debug log). Not sure if I am doing something wrong, or it is a problem in mod_proxy.. On Thu, Jun 2, 2011 at 4:47 PM, Razvan Cosma razvan.co...@gmail.com wrote: On Tue, May 31, 2011 at 7:41 PM, Daniel Pittman dan...@puppetlabs.comwrote: On Tue, May 31, 2011 at 07:21, RCosma razvan.co...@gmail.com wrote: Should I compute the MD5 of the file and port its contents at the url ? Yeah, you would need to: the indirector, which this is an instance of, requires that you uniquely identify where you are writing to. So, in the case of the filebucket the key is that MD5 checksum; you would need to calculate it for the file and supply it. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] ruby dsl manifests
Thanks for the reply, from what you said it might be better for me to go about it in a different direction. On Thu, Jun 2, 2011 at 1:07 AM, Dan Bode d...@puppetlabs.com wrote: you should be able to do something like: call_function(:defined, 'Foo['bar']') just keep in mind that the defined function (or anything for resource detection) is parse order dependent which can lead to unexpected results. On Wed, Jun 1, 2011 at 9:04 PM, Matt mjbl...@gmail.com wrote: I've been searching and havent found an answer yet. Is there a scope or variable that I can parse to find out if a resource is defined? I know there is the defined command in puppet manifests. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Certificate problems
Replies inline On Wed, Jun 1, 2011 at 17:55, Patrick kc7...@gmail.com wrote: On Jun 1, 2011, at 8:05 AM, John Kennedy wrote: I have several servers being hosted on Amazon Web Services. They have all been build from the same manifest so apart from the hostnames, IP, etc they are all identical. All but 3 of the boxes can connect to the puppetmaster. When kicked from the puppetmaster two give: Host host.example.com failed: Connection refused - connect(2) one gives: Host host.example.com failed: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed All then give an exit code of 2 I have deleted /etc/puppet/ssl on the node and revoked the certs on the puppet master (puppetca -c host.example.com) with the same results on all 3 boxes. I know it is not my laptop's fault but I am about to throw it out the window... Please save the poor thing and give me a hint as to what else I can do... Thanks, What version of puppet is running on the clients? What version on the server? Client is 2.6.7 Server is 2.6.4 Did you forget listen=true on the ones that say connection refused? No They are all the same... Is host.example.com the master or the client you're kicking? host.example.com is the client I am trying to kick On the client and the server, try this command: md5sum /var/lib/puppet/ssl/ca/ca_crt.pem On the server try this command: md5sum /var/lib/puppet/ssl/certs/ca.pem Do all 3 certs match? None of the files exist. (our puppet config files are in /etc) -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- John Kennedy -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Package type: enable/disable repo vs options (#2247 vs #4113)
We currently have to feature requests to add similar (or at least overlapping) functionality to the Package type. #2247[1] - enablerepo and disablerepo for yum type #4113[2] - Provide a generic options-style parameter for packages. It seems like having #4113 would remove the need for having #2247, but I wanted to get some wider opinions to make sure I wasn't ignoring some use-case that would make this not the case. Personally, I think we should move forward on #4113 instead of #2247, since #4113 seems like the more general solution, and isn't tied directly to the yum provider. #2247 does currently have some code submitted for it, however it requires a signed CLA before we can accept it. While no code has been written for #4113 yet, it doesn't look like it would actually be that much work to do. Thoughts? Opinions? Comments? [1] http://projects.puppetlabs.com/issues/2247 [2] http://projects.puppetlabs.com/issues/4113 -- Jacob Helwig signature.asc Description: Digital signature
Re: [Puppet Users] Package type: enable/disable repo vs options (#2247 vs #4113)
+1 for #4113 Charles On Thu, Jun 2, 2011 at 12:16 PM, Jacob Helwig ja...@puppetlabs.com wrote: We currently have to feature requests to add similar (or at least overlapping) functionality to the Package type. #2247[1] - enablerepo and disablerepo for yum type #4113[2] - Provide a generic options-style parameter for packages. It seems like having #4113 would remove the need for having #2247, but I wanted to get some wider opinions to make sure I wasn't ignoring some use-case that would make this not the case. Personally, I think we should move forward on #4113 instead of #2247, since #4113 seems like the more general solution, and isn't tied directly to the yum provider. #2247 does currently have some code submitted for it, however it requires a signed CLA before we can accept it. While no code has been written for #4113 yet, it doesn't look like it would actually be that much work to do. Thoughts? Opinions? Comments? [1] http://projects.puppetlabs.com/issues/2247 [2] http://projects.puppetlabs.com/issues/4113 -- Jacob Helwig -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iQGcBAEBAgAGBQJN58V4AAoJEHJabXWGiqEBjbEL/2Rm3YS7DL5nMj0O2GmOKwC8 78uG3dfpdzrM7FPKruMzUIAEMv+OIYzyp8moUvtRPz/lWgC2Qy0ubI6Ras4CDiaT EXxC9GtAx9cJ7ZhzxhzDjhb8ZTeOoejKVUIddxt6NZRyYxtE4soK3Cmuj6/c8rp3 mwkTgSrXgd4s8lpWi60s9D726e1z7uQwXIMeIUGM5XOa1Me3AcX87lKoillrqq7d gkaYbRvdh8k/EFpA6qdyHaRblXWMO7YelpJ5RmDq2sMbAX+x0dF5tW2wdQFuv3t8 F9M8w9L/itQSfu5bHT/VAylLx+5jkITCty1GsKMGKrujqetzfD94zLTTOVr1XZ+t OxLfpFrjL9VRaEvWmtyoPOaRKFouubbIVl/7gNF026FfEU97mGytHgdgy2BDP5wg G6lnq7qwVd77ZniaxuHgZvBwlhnqFUJ+ma+4gPog4sa6Z6t+IDKAHC+Sepaba0dN R+u+YHkkjGD2ZursvkZdQsASNWGG4CiP4gnqEdZccg== =AcGW -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: [Puppet-dev] Package type: enable/disable repo vs options (#2247 vs #4113)
On 02/06/11 18:16, Jacob Helwig wrote: We currently have to feature requests to add similar (or at least overlapping) functionality to the Package type. #2247[1] - enablerepo and disablerepo for yum type #4113[2] - Provide a generic options-style parameter for packages. It seems like having #4113 would remove the need for having #2247, but I wanted to get some wider opinions to make sure I wasn't ignoring some use-case that would make this not the case. The only use case I can't see being solved with #4113, is support for selecting a repo with the zypper package provider. It selects a repo by running zypper install repo:package (as I understand it), rather than as a separate command line option. Personally, I think we should move forward on #4113 instead of #2247, since #4113 seems like the more general solution, and isn't tied directly to the yum provider. I'd prefer to see both. I don't think #2247 needs to be tied to yum as the same notion of selecting the source repository(s) applies to four other providers[1], not to mention the others that already have this ability via the source attribute to select a repository by URL. The difficulty might be how to design it so that it's generic enough, rather than using attributes named enablerepo and disablerepo (which I dislike, because they're so very yum-specific). I have a more detailed suggestion I can outline in another post.. [1] http://projects.puppetlabs.com/issues/2247#note-36 -- Dominic Cleal Red Hat Consulting m: +44 (0)7818 512168 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Package type: enable/disable repo vs options (#2247 vs #4113)
On Thursday, June 2, 2011 at 10:16 AM, Jacob Helwig wrote: We currently have to feature requests to add similar (or at least overlapping) functionality to the Package type. #2247[1] - enablerepo and disablerepo for yum type #4113[2] - Provide a generic options-style parameter for packages. It seems like having #4113 would remove the need for having #2247, but I wanted to get some wider opinions to make sure I wasn't ignoring some use-case that would make this not the case. Personally, I think we should move forward on #4113 instead of #2247, since #4113 seems like the more general solution, and isn't tied directly to the yum provider. #2247 does currently have some code submitted for it, however it requires a signed CLA before we can accept it. While no code has been written for #4113 yet, it doesn't look like it would actually be that much work to do. Thoughts? Opinions? Comments? It looks like the crux of this problem is that many, many providers add their own, fairly unique, capabilities. We then try to model all of these capabilities in the type, and end up with a package type that has ~15 parameters, many of which are ignored on almost all providers, and no properties. And yet we have no real ability to add provider-specific attributes, aside from adding them to the type, with an associated feature, and declaring our provider as the only one that supports that feature. So my generic proposal is that we add some better way to do that. To keep the definition of a resource consistent across providers, this should only allow additional parameters (data) to be specified, and not properties. I have a few ideas for this: 1) Add an 'options' or 'data' or similar metaparameter which accepts a hash. This would basically be a place to add arbitrary data accessible to the provider. Thus, for the enablerepo example, it would just be a key/value in the options hash. Any provider is free to use or ignore it as desired. A big problem with this is there's no real validation for which keys are allowed, or what they must look like, which leads us to: 2) As 1, but with an ability for a provider to specify the options acceptable. In this case, a provider would have some method for declaring a legal option, and its validation and/or munging. But in this case, what's the difference between a parameter and an option? Apparently only where/how we declare and specify them. Although, there may be some benefit to distinguishing generic type parameters from provider-specific options. 3) As 2, but remove the concept of parameters. This is one possible way to reconcile the difference between parameters and options. But is there really an advantage to wrapping all of our data which is essentially parameters in a hash? Maybe, for distinguishing parameters from properties, but probably not. 4) As 2, but instead using something like newparam on provider. This is similar to the previous idea, in that it unifies options and parameters, but in the other direction. In addition to specifying generic type parameters, also add the ability to specify provider-specific parameters. This has the advantage of not requiring any changes to existing manifests using provider parameters. It has the disadvantage that we can't really validate provider parameters on the master (though we've talked about removing validation on the master anyway). Since I can't even decide which of my own four suggestions I prefer, please poke holes in as many of them as you can to ease my mental burden. :) [1] http://projects.puppetlabs.com/issues/2247 [2] http://projects.puppetlabs.com/issues/4113 -- Jacob Helwig -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Resources existing in different operating systems.
So... I'm thinking about how to have puppet manage different operating systems. It's one thing to use a selector to determine the value of specific resources attribute, but what do you do when a file may not exist on a specific O/S? You can't use a selector in this case. I really don't like the approach described here either... http://m0dlx.com/blog/Puppet_manifests__a_multi_OS_style_guide.html ...where classes are loaded dynamically based on the value of a variable. What would best practice indicate? Doug. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Certificate problems
On Thu, Jun 2, 2011 at 9:32 AM, John Kennedy skeb...@gmail.com wrote: What version of puppet is running on the clients? What version on the server? Client is 2.6.7 Server is 2.6.4 Although this may work, the only supported configuration is to have the server the same version as the clients or newer. I have no actual evidence this is your problem though. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Concat Module posted to Onyx Point Github.
Thanks for the patch set! Feel free to add a pull request on GitHub, that way I can also just pull into a branch. Trevor On Thu, Jun 2, 2011 at 11:25 AM, James Turnbull ja...@puppetlabs.com wrote: Greg Sutcliffe wrote: Hi again, After an hour or three of hacking, I've managed to add the insync? checks to both the build and fragment types. It's the first time I've ever really messed with types and providers, so it's very ugly (and probably has bugs), however I'm happy to share my patches. Would that be best a) here b) in puppet-dev, or c) direct to Onyx Point? Awesome stuff! The puppet-dev list is the best place. Cheers James -- James Turnbull Puppet Labs 1-503-734-8571 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Trevor Vaughan Vice President, Onyx Point, Inc (410) 541-6699 tvaug...@onyxpoint.com -- This account not approved for unencrypted proprietary information -- -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Concat Module posted to Onyx Point Github.
Currently, the way that I'm preventing this is by bookending the concat_build with a file object. Basically: concat_build { 'foo': target = '/etc/foo' } file { '/etc/foo': checksum = md5, owner, mode, etc } something { 'bar': subscribe = File['/etc/foo'] } It's not elegant, but, in most cases, I wanted to manage the file anyway and didn't relish trying to inherit the file type and do anything useful. Trevor On Thu, Jun 2, 2011 at 9:02 AM, Greg Sutcliffe greg.sutcli...@gmail.com wrote: Hi Trevor, I'll add my thanks to the pile, this is pretty awesome stuff! I compared the --graph results with the old concat moule, and this one - impressive difference :) As Larry says, the fact that it executes Concat_build on every run is a stopper for us, since the dependant services get restarted and we get report emails of any changes. Also, I can't see any way to hook into the filebucket for backups. I managed to hack in a cp file file.bak type functionality just before it actually cp's the newly-built file. However, my Ruby-fu isn't up to pulling in the filebucket stuff yet - might be worth adding to the todo list. Thanks again for the great module though :) Greg -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/OXRxUlV4QnVxU3NK. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Trevor Vaughan Vice President, Onyx Point, Inc (410) 541-6699 tvaug...@onyxpoint.com -- This account not approved for unencrypted proprietary information -- -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Server side filebucket issue
I am having issues with filebucket. I have looked through the puppet users google groups with similar issues but have not found a solution that works. I am trying to setup a central filebucket on the puppetmaster server. I am replacing the client's /etc/puppet/puppet.conf file with a preconfigured version. The server delivers a copy of the puppet.conf file to the client, but the backup puppet.conf file is stored in the clients /var/lib/puppet/clientbucket directory. I have defined a filebucket in the site.pp manifest, I have called the backup directive in a class called client-conf. Both files are listed below. Can you help me or point me to a solution please? Cheers LawrieC site.pp contains #Define server filebucket as destination for file backups. # filebucket { puppet: server = puppetmaster-cbr.it.csiro.au } module client-conf contains class client-conf { # Class to replace client's puppet.conf file with a pre-configured puppet.conf. # Replace client's puppet.conf file with a pre-configured puppet.conf file. Backup the clients existing puppet.conf file. # file { /etc/puppet/puppet.conf: owner = root, group = root, mode = 0640, source = puppet:///modules/client-conf/puppet.conf, backup = puppet } } Below is an extract of the debug dialogue between the client and the server. debug: /Stage[main]/Client-conf/File[/etc/puppet/puppet.conf]/content: Executing 'diff -u /etc/puppet/puppet.conf /tmp/puppet- file20110530-21374-19v5hpf-0' --- /etc/puppet/puppet.conf 2011-05-30 12:46:48.0 +0930 +++ /tmp/puppet-file20110530-21374-19v5hpf-02011-05-30 12:47:06.0 +0930 @@ -14,7 +14,7 @@ # Module path # modulepath = /etc/puppet/modules - ## + # Enable Pluginsync to make custom facts visible to client machines pluginsync = true factpath = $vardir/lib/facter debug: Finishing transaction 70040199723080 info: FileBucket adding /etc/puppet/puppet.conf as {md5} a7cba91810e80edb9b72f3070e6809b4 info: /Stage[main]/Client-conf/File[/etc/puppet/puppet.conf]: Filebucketed /etc/puppet/puppet.conf to puppet with sum a7cba91810e80edb9b72f3070e6809b4 debug: file_metadata supports formats: b64_zlib_yaml marshal pson raw yaml; using pson notice: /Stage[main]/Client-conf/File[/etc/puppet/puppet.conf]/ content: content changed '{md5}a7cba91810e80edb9b72f3070e6809b4' to '{md5}c777f1c5a94ca961292e3ff03b4efa7b' -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Certificate problems
On Jun 2, 2011, at 9:32 AM, John Kennedy wrote: Replies inline On Wed, Jun 1, 2011 at 17:55, Patrick kc7...@gmail.com wrote: On Jun 1, 2011, at 8:05 AM, John Kennedy wrote: I have several servers being hosted on Amazon Web Services. They have all been build from the same manifest so apart from the hostnames, IP, etc they are all identical. All but 3 of the boxes can connect to the puppetmaster. When kicked from the puppetmaster two give: Host host.example.com failed: Connection refused - connect(2) one gives: Host host.example.com failed: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed All then give an exit code of 2 I have deleted /etc/puppet/ssl on the node and revoked the certs on the puppet master (puppetca -c host.example.com) with the same results on all 3 boxes. I know it is not my laptop's fault but I am about to throw it out the window... Please save the poor thing and give me a hint as to what else I can do... Thanks, What version of puppet is running on the clients? What version on the server? Client is 2.6.7 Server is 2.6.4 Did you forget listen=true on the ones that say connection refused? No They are all the same... Is host.example.com the master or the client you're kicking? host.example.com is the client I am trying to kick On the client and the server, try this command: md5sum /var/lib/puppet/ssl/ca/ca_crt.pem On the server try this command: md5sum /var/lib/puppet/ssl/certs/ca.pem Do all 3 certs match? None of the files exist. (our puppet config files are in /etc) Hmm. I'd guess puppet's storing the ssl config in a different location from where puppet stores them on my system. To get the of those files for you run as root: puppetd --genconfig | grep 'localcacert = ' on the client to find the client's ssl cert location. CA's cert path (run as root): puppet master --genconfig | grep ' cacert = ' Then check if the md5sums of those files match between the server and the client that gives the SSL Verify error. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Resources existing in different operating systems.
On Thu, Jun 2, 2011 at 12:36 PM, Douglas Garstang doug.garst...@gmail.comwrote: So... I'm thinking about how to have puppet manage different operating systems. It's one thing to use a selector to determine the value of specific resources attribute, but what do you do when a file may not exist on a specific O/S? You can't use a selector in this case. I really don't like the approach described here either... http://m0dlx.com/blog/Puppet_manifests__a_multi_OS_style_guide.html ...where classes are loaded dynamically based on the value of a variable. What would best practice indicate? Doug. *jabs anyone that's prepared to be jabbed* -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.