Re: [Puppet Users] Dealing with samhain
|Does this help? dpkg -L PACKAGENAME | On 06/08/2011 01:44 AM, Robin Lee Powell wrote: (zombie thread rar!) Where this comes up for me is when I have packages set to latest. There's not really any way, I don't think, to integrate samhain into this process (that is, to say I just installed this package with apt, so update those files). which is pretty unfortunate, really; that seems like a fairly basic feature for something like samhain. Something like run this, and update every file it touches cuz I'm OK with that. -Robin On Fri, Jan 08, 2010 at 09:06:13PM -0500, Trevor Vaughan wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Vince, If you really want to do this, I would do the first scenario you describe with a few key points. 1) Let puppet run 2) Have an exec in puppet that runs a job in the background that does the following: - Waits until all puppet instances have finished running - Runs a samhain check against the system and e-mails/syslogs it to the admin - Re-initializes the database. This way, you're sure that puppet is done running and you get a copy of the last 'change' state of the system in case someone has planted something since the last run. Basically, you're effectively defeating a great deal of the purpose of samhain, which is to protect against unknown changes. If you automatically reinitialize the database, then you run the high risk of someone being able to plant something during the next initialization. You also are going to be putting a heavy load on your system on a fairly regular basis. What I would instead suggest is to only use samhain to monitor those items that Puppet is not already watching. Puppet will, of course, change any file to its proper state, so having samhain watch it as well is redundant effort on the part of your system. You may, however, have perfectly good reasons for doing it this way. If you're using a Linux or Solaris system, you may also want to look at the built in auditing subsystems and/or inotify for real-time notification functionality. Trevor On 01/08/2010 04:41 PM, Vince wrote: We just starting using samhain on our servers. Since updates to our puppet manifests tend to change files on the system that samhain monitors, I'm looking for a good way to reinitialize the samhain database whenever puppet changes something on the system to reduce notifications that samhain produces. I'm wondering if anyone has an elegant way of dealing with this. Ideally we do something like this: 1. let puppet run 2. if any files changed during the puppet run, then puppet will automatically reinitialize samhain or even if we can do something like this it would be fine: 1. have puppet disable samhain before it processes its manifests 2. apply manifest changes 3. reinitialize the samhain database 4. enable samhain Any suggestions would be very helpful. Thanks. - -- Trevor Vaughan Vice President, Onyx Point, Inc. email: tvaug...@onyxpoint.com phone: 410-541-ONYX (6699) - -- This account not approved for unencrypted sensitive information -- -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAktH5JEACgkQyWMIJmxwHpTUQQCgrGD90YQcMiUV7SbsrNNIrY7h 884An0f6XKVrqGKnXKVkWfoFwBPbtQfC =wp0h -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Dealing with samhain
Sure, but I don't see any way to tell samhain these files right here have changed; trust the new values. I only see accept everything. -Robin On Wed, Jun 08, 2011 at 02:11:34AM -0400, vagn scott wrote: |Does this help? dpkg -L PACKAGENAME | On 06/08/2011 01:44 AM, Robin Lee Powell wrote: (zombie thread rar!) Where this comes up for me is when I have packages set to latest. There's not really any way, I don't think, to integrate samhain into this process (that is, to say I just installed this package with apt, so update those files). which is pretty unfortunate, really; that seems like a fairly basic feature for something like samhain. Something like run this, and update every file it touches cuz I'm OK with that. -Robin On Fri, Jan 08, 2010 at 09:06:13PM -0500, Trevor Vaughan wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Vince, If you really want to do this, I would do the first scenario you describe with a few key points. 1) Let puppet run 2) Have an exec in puppet that runs a job in the background that does the following: - Waits until all puppet instances have finished running - Runs a samhain check against the system and e-mails/syslogs it to the admin - Re-initializes the database. This way, you're sure that puppet is done running and you get a copy of the last 'change' state of the system in case someone has planted something since the last run. Basically, you're effectively defeating a great deal of the purpose of samhain, which is to protect against unknown changes. If you automatically reinitialize the database, then you run the high risk of someone being able to plant something during the next initialization. You also are going to be putting a heavy load on your system on a fairly regular basis. What I would instead suggest is to only use samhain to monitor those items that Puppet is not already watching. Puppet will, of course, change any file to its proper state, so having samhain watch it as well is redundant effort on the part of your system. You may, however, have perfectly good reasons for doing it this way. If you're using a Linux or Solaris system, you may also want to look at the built in auditing subsystems and/or inotify for real-time notification functionality. Trevor On 01/08/2010 04:41 PM, Vince wrote: We just starting using samhain on our servers. Since updates to our puppet manifests tend to change files on the system that samhain monitors, I'm looking for a good way to reinitialize the samhain database whenever puppet changes something on the system to reduce notifications that samhain produces. I'm wondering if anyone has an elegant way of dealing with this. Ideally we do something like this: 1. let puppet run 2. if any files changed during the puppet run, then puppet will automatically reinitialize samhain or even if we can do something like this it would be fine: 1. have puppet disable samhain before it processes its manifests 2. apply manifest changes 3. reinitialize the samhain database 4. enable samhain Any suggestions would be very helpful. Thanks. - -- Trevor Vaughan Vice President, Onyx Point, Inc. email: tvaug...@onyxpoint.com phone: 410-541-ONYX (6699) - -- This account not approved for unencrypted sensitive information -- -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAktH5JEACgkQyWMIJmxwHpTUQQCgrGD90YQcMiUV7SbsrNNIrY7h 884An0f6XKVrqGKnXKVkWfoFwBPbtQfC =wp0h -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- http://singinst.org/ : Our last, best hope for a fantastic future. Lojban (http://www.lojban.org/): The language in which this parrot is dead is ti poi spitaki cu morsi, but this sentence is false is na nei. My personal page: http://www.digitalkingdom.org/rlp/ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Dealing with samhain
You could just post process the samahain output to ignore files listed in $puppet/var/state/state.yaml John On 8 June 2011 16:14, Robin Lee Powell rlpow...@digitalkingdom.org wrote: Sure, but I don't see any way to tell samhain these files right here have changed; trust the new values. I only see accept everything. -Robin On Wed, Jun 08, 2011 at 02:11:34AM -0400, vagn scott wrote: |Does this help? dpkg -L PACKAGENAME | On 06/08/2011 01:44 AM, Robin Lee Powell wrote: (zombie thread rar!) Where this comes up for me is when I have packages set to latest. There's not really any way, I don't think, to integrate samhain into this process (that is, to say I just installed this package with apt, so update those files). which is pretty unfortunate, really; that seems like a fairly basic feature for something like samhain. Something like run this, and update every file it touches cuz I'm OK with that. -Robin On Fri, Jan 08, 2010 at 09:06:13PM -0500, Trevor Vaughan wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Vince, If you really want to do this, I would do the first scenario you describe with a few key points. 1) Let puppet run 2) Have an exec in puppet that runs a job in the background that does the following: - Waits until all puppet instances have finished running - Runs a samhain check against the system and e-mails/syslogs it to the admin - Re-initializes the database. This way, you're sure that puppet is done running and you get a copy of the last 'change' state of the system in case someone has planted something since the last run. Basically, you're effectively defeating a great deal of the purpose of samhain, which is to protect against unknown changes. If you automatically reinitialize the database, then you run the high risk of someone being able to plant something during the next initialization. You also are going to be putting a heavy load on your system on a fairly regular basis. What I would instead suggest is to only use samhain to monitor those items that Puppet is not already watching. Puppet will, of course, change any file to its proper state, so having samhain watch it as well is redundant effort on the part of your system. You may, however, have perfectly good reasons for doing it this way. If you're using a Linux or Solaris system, you may also want to look at the built in auditing subsystems and/or inotify for real-time notification functionality. Trevor On 01/08/2010 04:41 PM, Vince wrote: We just starting using samhain on our servers. Since updates to our puppet manifests tend to change files on the system that samhain monitors, I'm looking for a good way to reinitialize the samhain database whenever puppet changes something on the system to reduce notifications that samhain produces. I'm wondering if anyone has an elegant way of dealing with this. Ideally we do something like this: 1. let puppet run 2. if any files changed during the puppet run, then puppet will automatically reinitialize samhain or even if we can do something like this it would be fine: 1. have puppet disable samhain before it processes its manifests 2. apply manifest changes 3. reinitialize the samhain database 4. enable samhain Any suggestions would be very helpful. Thanks. - -- Trevor Vaughan Vice President, Onyx Point, Inc. email: tvaug...@onyxpoint.com phone: 410-541-ONYX (6699) - -- This account not approved for unencrypted sensitive information -- -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAktH5JEACgkQyWMIJmxwHpTUQQCgrGD90YQcMiUV7SbsrNNIrY7h 884An0f6XKVrqGKnXKVkWfoFwBPbtQfC =wp0h -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- http://singinst.org/ : Our last, best hope for a fantastic future. Lojban (http://www.lojban.org/): The language in which this parrot is dead is ti poi spitaki cu morsi, but this sentence is false is na nei. My personal page: http://www.digitalkingdom.org/rlp/ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send
[Puppet Users] extlookup error
Hi, Until now I used puppet 0.25.5. I tried upgrading to 2.6.8 extlookup does not work for me anymore err: Could not retrieve catalog from remote server: Error 400 on SERVER: undefined local variable or method `parser' for #Puppet::Parser::Scope:0xX at /var/puppet/data-prod/manifests/XXX/nodes.pp:17 on node XXX I removed the old custom extlookup function from my modules I found an open ticket at http://projects.puppetlabs.com/issues/4275 I tried the suggested fix but it did not work out. Does extlookup work for you ? Do you know what is wrong or how to find out what is wrong ? -- Kind Regards, Markus Falb signature.asc Description: OpenPGP digital signature
Re: [Puppet Users] extlookup error
hey, yes, it works. you need to be sure to run the extlookup.rb that comes with the new puppet not the old one - Original Message - Hi, Until now I used puppet 0.25.5. I tried upgrading to 2.6.8 extlookup does not work for me anymore err: Could not retrieve catalog from remote server: Error 400 on SERVER: undefined local variable or method `parser' for #Puppet::Parser::Scope:0xX at /var/puppet/data-prod/manifests/XXX/nodes.pp:17 on node XXX I removed the old custom extlookup function from my modules I found an open ticket at http://projects.puppetlabs.com/issues/4275 I tried the suggested fix but it did not work out. Does extlookup work for you ? Do you know what is wrong or how to find out what is wrong ? -- Kind Regards, Markus Falb -- R.I.Pienaar -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] cucumber-puppet -- storeconfigs -- Feature #4724
* denmat [2011-06-07]: Where would I add/replace see this code? What does it do? cucumber-puppet does not yet deal with storeconfigs and as the warning is harmless, I suggest you just silence it by raising the loglevel in your Scenario: Given I use storeconfigs HTH, Nikolay -- It's all part of my Can't-Do approach to life. Wally -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Puppet managed hosts in multiple nagios hostgroups
Hello i want to archive the following: i define an exported ressource for HostX to be monitored in nagios: @@nagios_host { $fqdn: ensure = present, alias = $hostname, address= $ipadress, use= generic-host, hostgroups = ubuntu, target = $icingahostfile, } That fine and works as expected and HostX is in hostgroup ubuntu. HostX has included a class ssh which installs the ssh services and configures them. Inside this class i want to define that HostX is also in hostgroup ssh-server. And another class, which puts the node in another environment = there i want to define, that HostX is in hostgroup testing-server and so on. How do i archive that? How must the definition inside all these classes look like? greetings Dakky -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/alBwWXMwVFZ1b1lK. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] extlookup error
On 8.6.2011 13:54, R.I.Pienaar wrote: yes, it works. you need to be sure to run the extlookup.rb that comes with the new puppet not the old one I had removed extlookup.rb from my module but now I found another instance of extlookup in libdir on puppetmaster. Working now. Thank You. - Original Message - Hi, Until now I used puppet 0.25.5. I tried upgrading to 2.6.8 extlookup does not work for me anymore err: Could not retrieve catalog from remote server: Error 400 on SERVER: undefined local variable or method `parser' for #Puppet::Parser::Scope:0xX at /var/puppet/data-prod/manifests/XXX/nodes.pp:17 on node XXX I removed the old custom extlookup function from my modules I found an open ticket at http://projects.puppetlabs.com/issues/4275 I tried the suggested fix but it did not work out. Does extlookup work for you ? Do you know what is wrong or how to find out what is wrong ? -- Kind Regards, Markus Falb -- Kind Regards, Markus Falb signature.asc Description: OpenPGP digital signature
Re: [Puppet Users] Puppet managed hosts in multiple nagios hostgroups
On 8 June 2011 13:30, Martijn Grendelman mart...@iphion.nl wrote: Hi, i want to archive the following: i define an exported ressource for HostX to be monitored in nagios: @@nagios_host { $fqdn: ensure = present, alias = $hostname, address= $ipadress, use= generic-host, hostgroups = ubuntu, target = $icingahostfile, } That fine and works as expected and HostX is in hostgroup ubuntu. HostX has included a class ssh which installs the ssh services and configures them. Inside this class i want to define that HostX is also in hostgroup ssh-server. And another class, which puts the node in another environment = there i want to define, that HostX is in hostgroup testing-server and so on. How do i archive that? How must the definition inside all these classes look like? That's a lot more difficult than you might expect. I recently solved it, by collecting all the necessary hostgroups for a host in a file using 'concat', and creating a custom fact (hostgroups) that joins all the lines in the hostgroups-file together, for use with nagios_host's hostgroups parameter. The biggest drawback is that it takes two puppet runs on the target (first one for populating the hostgroups-file, so that the custom fact is set properly on the second run) before the nagios server can collect the exported hosts, so it takes a while. Well that's mad... I literally just was about to ask the exact same question after a month of wondering... so where do you put this fact? Sounds like it is on the nagios client side, which makes sense in terms of pulling it out, but how does it get in there in the first place? Can you show how this file on each client is managed? That seems to be the only bit I'm not clear on. Are you just putting in a single word for each class? Are you at all able to manage the class being removed from the client? Would you need to routinely purge the file? have a initial stage class that wipes the file? Thanks Chris -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet managed hosts in multiple nagios hostgroups
I solved this in a similar manner. I wrote a custom fact (which essentially returned /var/lib/puppet/state/classes.txt) and then a custom function that generated a list of hostgroups based on that. On Wed, Jun 8, 2011 at 6:47 AM, Chris Phillips ch...@untrepid.com wrote: On 8 June 2011 13:30, Martijn Grendelman mart...@iphion.nl wrote: Hi, i want to archive the following: i define an exported ressource for HostX to be monitored in nagios: @@nagios_host { $fqdn: ensure = present, alias = $hostname, address= $ipadress, use= generic-host, hostgroups = ubuntu, target = $icingahostfile, } That fine and works as expected and HostX is in hostgroup ubuntu. HostX has included a class ssh which installs the ssh services and configures them. Inside this class i want to define that HostX is also in hostgroup ssh-server. And another class, which puts the node in another environment = there i want to define, that HostX is in hostgroup testing-server and so on. How do i archive that? How must the definition inside all these classes look like? That's a lot more difficult than you might expect. I recently solved it, by collecting all the necessary hostgroups for a host in a file using 'concat', and creating a custom fact (hostgroups) that joins all the lines in the hostgroups-file together, for use with nagios_host's hostgroups parameter. The biggest drawback is that it takes two puppet runs on the target (first one for populating the hostgroups-file, so that the custom fact is set properly on the second run) before the nagios server can collect the exported hosts, so it takes a while. Well that's mad... I literally just was about to ask the exact same question after a month of wondering... so where do you put this fact? Sounds like it is on the nagios client side, which makes sense in terms of pulling it out, but how does it get in there in the first place? Can you show how this file on each client is managed? That seems to be the only bit I'm not clear on. Are you just putting in a single word for each class? Are you at all able to manage the class being removed from the client? Would you need to routinely purge the file? have a initial stage class that wipes the file? Thanks Chris -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet managed hosts in multiple nagios hostgroups
Some more specifics on *exactly* how you manage this text file would be appreciated. On 8 June 2011 15:00, Brian Gallew g...@gallew.org wrote: I solved this in a similar manner. I wrote a custom fact (which essentially returned /var/lib/puppet/state/classes.txt) and then a custom function that generated a list of hostgroups based on that. On Wed, Jun 8, 2011 at 6:47 AM, Chris Phillips ch...@untrepid.com wrote: On 8 June 2011 13:30, Martijn Grendelman mart...@iphion.nl wrote: Hi, i want to archive the following: i define an exported ressource for HostX to be monitored in nagios: @@nagios_host { $fqdn: ensure = present, alias = $hostname, address= $ipadress, use= generic-host, hostgroups = ubuntu, target = $icingahostfile, } That fine and works as expected and HostX is in hostgroup ubuntu. HostX has included a class ssh which installs the ssh services and configures them. Inside this class i want to define that HostX is also in hostgroup ssh-server. And another class, which puts the node in another environment = there i want to define, that HostX is in hostgroup testing-server and so on. How do i archive that? How must the definition inside all these classes look like? That's a lot more difficult than you might expect. I recently solved it, by collecting all the necessary hostgroups for a host in a file using 'concat', and creating a custom fact (hostgroups) that joins all the lines in the hostgroups-file together, for use with nagios_host's hostgroups parameter. The biggest drawback is that it takes two puppet runs on the target (first one for populating the hostgroups-file, so that the custom fact is set properly on the second run) before the nagios server can collect the exported hosts, so it takes a while. Well that's mad... I literally just was about to ask the exact same question after a month of wondering... so where do you put this fact? Sounds like it is on the nagios client side, which makes sense in terms of pulling it out, but how does it get in there in the first place? Can you show how this file on each client is managed? That seems to be the only bit I'm not clear on. Are you just putting in a single word for each class? Are you at all able to manage the class being removed from the client? Would you need to routinely purge the file? have a initial stage class that wipes the file? Thanks Chris -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Managing /etc/fstab options with augeas
On Thu, Jun 2, 2011 at 4:22 AM, Giovanni Bordello g...@gentlemail.com wrote: I'm trying to manage mount options in /etc/fstab with Augeas but can't figure out how to add more than one option. Have you looked at puppet's 'mount' type? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet managed hosts in multiple nagios hostgroups
Actually, I think I see what you mean here, I have a custom fact mid write which looks like this: Facter.add(:nagios_hostgroups) do setcode do if FileTest.exists?(/var/lib/puppet/classes.txt) nagios_hostgroups = File.open(/var/lib/puppet/classes.txt) { |file| file.each { |line| if line =~ /(\S+)::nagios_client/ nagios_hostgroups $1 + end } } next nagios_hostgroups if nagios_hostgroups end nil end end So once finished this fact will return a list of all class names which are included with the nagios_client namespace. So there's actually hopefully nothing else to do at all here, no temp files or anything, it just requires a naming convention in the modules to be followed. On 8 June 2011 15:00, Brian Gallew g...@gallew.org wrote: I solved this in a similar manner. I wrote a custom fact (which essentially returned /var/lib/puppet/state/classes.txt) and then a custom function that generated a list of hostgroups based on that. On Wed, Jun 8, 2011 at 6:47 AM, Chris Phillips ch...@untrepid.com wrote: On 8 June 2011 13:30, Martijn Grendelman mart...@iphion.nl wrote: Hi, i want to archive the following: i define an exported ressource for HostX to be monitored in nagios: @@nagios_host { $fqdn: ensure = present, alias = $hostname, address= $ipadress, use= generic-host, hostgroups = ubuntu, target = $icingahostfile, } That fine and works as expected and HostX is in hostgroup ubuntu. HostX has included a class ssh which installs the ssh services and configures them. Inside this class i want to define that HostX is also in hostgroup ssh-server. And another class, which puts the node in another environment = there i want to define, that HostX is in hostgroup testing-server and so on. How do i archive that? How must the definition inside all these classes look like? That's a lot more difficult than you might expect. I recently solved it, by collecting all the necessary hostgroups for a host in a file using 'concat', and creating a custom fact (hostgroups) that joins all the lines in the hostgroups-file together, for use with nagios_host's hostgroups parameter. The biggest drawback is that it takes two puppet runs on the target (first one for populating the hostgroups-file, so that the custom fact is set properly on the second run) before the nagios server can collect the exported hosts, so it takes a while. Well that's mad... I literally just was about to ask the exact same question after a month of wondering... so where do you put this fact? Sounds like it is on the nagios client side, which makes sense in terms of pulling it out, but how does it get in there in the first place? Can you show how this file on each client is managed? That seems to be the only bit I'm not clear on. Are you just putting in a single word for each class? Are you at all able to manage the class being removed from the client? Would you need to routinely purge the file? have a initial stage class that wipes the file? Thanks Chris -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet managed hosts in multiple nagios hostgroups
updated, and hopefully finished: Facter.add(:bp_nagios_hostgroups) do setcode do if FileTest.exists?(/var/lib/puppet/classes.txt) bp_nagios_hostgroups = File.open(/var/lib/puppet/classes.txt) { |file| file.each { |line| if line =~ /^(.+)::nagios-client/ bp_nagios_hostgroups $1 + end } } next bp_nagios_hostgroups if bp_nagios_hostgroups end nil end end On 8 June 2011 15:18, Chris Phillips ch...@untrepid.com wrote: Actually, I think I see what you mean here, I have a custom fact mid write which looks like this: Facter.add(:nagios_hostgroups) do setcode do if FileTest.exists?(/var/lib/puppet/classes.txt) nagios_hostgroups = File.open(/var/lib/puppet/classes.txt) { |file| file.each { |line| if line =~ /(\S+)::nagios_client/ nagios_hostgroups $1 + end } } next nagios_hostgroups if nagios_hostgroups end nil end end So once finished this fact will return a list of all class names which are included with the nagios_client namespace. So there's actually hopefully nothing else to do at all here, no temp files or anything, it just requires a naming convention in the modules to be followed. On 8 June 2011 15:00, Brian Gallew g...@gallew.org wrote: I solved this in a similar manner. I wrote a custom fact (which essentially returned /var/lib/puppet/state/classes.txt) and then a custom function that generated a list of hostgroups based on that. On Wed, Jun 8, 2011 at 6:47 AM, Chris Phillips ch...@untrepid.comwrote: On 8 June 2011 13:30, Martijn Grendelman mart...@iphion.nl wrote: Hi, i want to archive the following: i define an exported ressource for HostX to be monitored in nagios: @@nagios_host { $fqdn: ensure = present, alias = $hostname, address= $ipadress, use= generic-host, hostgroups = ubuntu, target = $icingahostfile, } That fine and works as expected and HostX is in hostgroup ubuntu. HostX has included a class ssh which installs the ssh services and configures them. Inside this class i want to define that HostX is also in hostgroup ssh-server. And another class, which puts the node in another environment = there i want to define, that HostX is in hostgroup testing-server and so on. How do i archive that? How must the definition inside all these classes look like? That's a lot more difficult than you might expect. I recently solved it, by collecting all the necessary hostgroups for a host in a file using 'concat', and creating a custom fact (hostgroups) that joins all the lines in the hostgroups-file together, for use with nagios_host's hostgroups parameter. The biggest drawback is that it takes two puppet runs on the target (first one for populating the hostgroups-file, so that the custom fact is set properly on the second run) before the nagios server can collect the exported hosts, so it takes a while. Well that's mad... I literally just was about to ask the exact same question after a month of wondering... so where do you put this fact? Sounds like it is on the nagios client side, which makes sense in terms of pulling it out, but how does it get in there in the first place? Can you show how this file on each client is managed? That seems to be the only bit I'm not clear on. Are you just putting in a single word for each class? Are you at all able to manage the class being removed from the client? Would you need to routinely purge the file? have a initial stage class that wipes the file? Thanks Chris -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at
R: Re: [Puppet Users] Managing /etc/fstab options with augeas
There is a specific example of this on the puppet Wiki iirc. Or very similar . Regards. Messaggio originale Da: Adam Heinz Inviato: 08/06/2011, 16:17 A: puppet-users@googlegroups.com Oggetto: Re: [Puppet Users] Managing /etc/fstab options with augeas On Thu, Jun 2, 2011 at 4:22 AM, Giovanni Bordello g...@gentlemail.com wrote: I'm trying to manage mount options in /etc/fstab with Augeas but can't figure out how to add more than one option. Have you looked at puppet's 'mount' type? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Puppet Support for OSX
Hi guys I was wondering how well puppet performs on OSX. Anyone here had any experience using puppet under OSX? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Installing Virtualbox on Mac osx with pkg dmg provider
Hello I can't manage to install VB on osx via puppet and pkgdmg provider. puppet client : 2.6.8 on osx snow leopard 10.6.7 puppetmaster : 2.6.8-1~bpo60+1 on debian squeeze The puppet logs say : [...] debug: Puppet::Type::Package::ProviderPkgdmg: Executing '/usr/bin/curl -o /tmp/VirtualBox-4.0.8-71778-OSX.dmg -C - -k -s --url https://web3/apps/VirtualBox-4.0.8-71778-OSX.dmg' debug: Success: curl transfered [VirtualBox-4.0.8-71778-OSX.dmg] debug: Puppet::Type::Package::ProviderPkgdmg: Executing '/usr/bin/hdiutil mount -plist -nobrowse -readonly -noidme -mountrandom /tmp /tmp/VirtualBox-4.0.8-71778-OSX.dmg' debug: Puppet::Type::Package::ProviderPkgdmg: Executing '/usr/sbin/installer -pkg /private/tmp/dmg.5hKSb9/VirtualBox.mpkg -target /' debug: Puppet::Type::Package::ProviderPkgdmg: Executing '/usr/bin/hdiutil eject /private/tmp/dmg.5hKSb9' err: /Stage[main]/Aptitude::Info/Pkginstall[VirtualBox-4.0.8-71778-OSX.dmg]/Package[VirtualBox-4.0.8-71778-OSX.dmg]/ensure: change from absent to present failed: Execution of '/usr/sbin/installer -pkg /private/tmp/dmg.5hKSb9/VirtualBox.mpkg -target /' returned 1: installer: Package name is Oracle VM VirtualBox installer: Installing at base path / installer: The install failed (Le programme d’installation a rencontré une erreur qui a provoqué l’échec de l’installation. Contactez l’éditeur du logiciel pour obtenir de l’aide.) The /var/log/install.log : Jun 8 15:02:16 info-starbuck installer[85815]: JS: Hardware architecture detected: i386 Jun 8 15:02:16 info-starbuck installer[85815]: JS: OS version detected: 10.6.7 Jun 8 15:02:17 info-starbuck installer[85815]: -[IFDInstallController(Private) _buildInstallPlan]: location = file://localhost Jun 8 15:02:17 info-starbuck installer[85815]: -[IFDInstallController(Private) _buildInstallPlan]: file://localhost/private/tmp/dmg.OT7NZT/VirtualBox.mpkg/Contents/Packages/VBoxKEXTs.pkg Jun 8 15:02:17 info-starbuck installer[85815]: -[IFDInstallController(Private) _buildInstallPlan]: file://localhost/private/tmp/dmg.OT7NZT/VirtualBox.mpkg/Contents/Packages/VBoxStartupItems.pkg Jun 8 15:02:17 info-starbuck installer[85815]: -[IFDInstallController(Private) _buildInstallPlan]: file://localhost/private/tmp/dmg.OT7NZT/VirtualBox.mpkg/Contents/Packages/VirtualBox.pkg Jun 8 15:02:17 info-starbuck installer[85815]: -[IFDInstallController(Private) _buildInstallPlan]: file://localhost/private/tmp/dmg.OT7NZT/VirtualBox.mpkg/Contents/Packages/VirtualBoxCLI.pkg Jun 8 15:02:17 info-starbuck runner[85823]: Administrator authorization granted. Jun 8 15:02:17 info-starbuck installer[85815]: Will use PK session Jun 8 15:02:17 info-starbuck installer[85815]: Starting installation: Jun 8 15:02:17 info-starbuck installer[85815]: Configuring volume OsX Jun 8 15:02:17 info-starbuck installer[85815]: Preparing disk for local booted install. Jun 8 15:02:17 info-starbuck installer[85815]: Free space on OsX: 474.14 Go (474139660288 bytes). Jun 8 15:02:17 info-starbuck installer[85815]: Create temporary directory /var/folders/zz/zzzivhrRnAmviuee+++/-Tmp-//Install.85815HtcZhN Jun 8 15:02:17 info-starbuck installer[85815]: IFPKInstallElement (4 packages) Jun 8 15:02:17 info-starbuck installer[85815]: PackageKit: - Begin install - Jun 8 15:02:17 info-starbuck installer[85815]: PackageKit: request=PKInstallRequest 4 packages, destination=/ Jun 8 15:02:17 info-starbuck installer[85815]: PackageKit: packages=(\n PKJaguarPackage file://localhost/private/tmp/dmg.OT7NZT/VirtualBox.mpkg/Contents/Packages/VBoxKEXTs.pkg,\n PKJaguarPackage file://localhost/private/tmp/dmg.OT7NZT/VirtualBox.mpkg/Contents/Packages/VBoxStartupItems.pkg,\n PKJaguarPackage file://localhost/private/tmp/dmg.OT7NZT/VirtualBox.mpkg/Contents/Packages/VirtualBox.pkg,\n PKJaguarPackage file://localhost/private/tmp/dmg.OT7NZT/VirtualBox.mpkg/Contents/Packages/VirtualBoxCLI.pkg\n) Jun 8 15:02:17 info-starbuck installer[85815]: PackageKit: Extracting file://localhost/private/tmp/dmg.OT7NZT/VirtualBox.mpkg/Contents/Packages/VBoxKEXTs.pkg (destination=/var/folders/zz/zzzivhrRnAmviuee+++/Cleanup At Startup/PKInstallSandbox-tmp/Root, uid=0) Jun 8 15:02:18 info-starbuck installer[85815]: PackageKit: Extracting file://localhost/private/tmp/dmg.OT7NZT/VirtualBox.mpkg/Contents/Packages/VBoxStartupItems.pkg (destination=/var/folders/zz/zzzivhrRnAmviuee+++/Cleanup At Startup/PKInstallSandbox-tmp/Root, uid=0) Jun 8 15:02:19 info-starbuck installer[85815]: PackageKit: Extracting file://localhost/private/tmp/dmg.OT7NZT/VirtualBox.mpkg/Contents/Packages/VirtualBox.pkg (destination=/var/folders/zz/zzzivhrRnAmviuee+++/Cleanup At Startup/PKInstallSandbox-tmp/Root, uid=0) Jun 8 15:02:27 info-starbuck installer[85815]: PackageKit: Extracting file://localhost/private/tmp/dmg.OT7NZT/VirtualBox.mpkg/Contents/Packages/VirtualBoxCLI.pkg
Re: [Puppet Users] Puppet Support for OSX
Mister IT Guru wrote: Hi guys – I was wondering how well puppet performs on OSX. Anyone here had any experience using puppet under OSX? Very well and it's well supported. Google uses it to manage their internal OSX desktops as do a number of other companies, universities, etc. Regards James -- James Turnbull Puppet Labs 1-503-734-8571 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Virtual resources and hashes
On Jun 7, 6:15 pm, Aaron Grewell aaron.grew...@gmail.com wrote: Hmmm, either I'm doing something wrong or virtual resources are incompatible with hashes. I think it's a mix of about two parts doing something wrong to one part incompatible, coming out to more or less Puppet doesn't do what I wish it would. When I do this: $users = [{ username = bill, uid = 12345 }, { username = ted, uid = 12346 }] define usertest ($alias = $name[username]) { user {$name[username]: ensure = present, uid = $name[uid] }} @usertest { $users: } realize Usertest[bill] I get this: warning: alias is a metaparam; this value will inherit to all contained resources Failed to realize virtual resources Usertest[bill] on node Which seems unfortunate. Hash support is a really cool idea but I keep tripping over parts of Puppet that don't handle it well. In a resource declaration, Puppet expects the value or variable preceding the colon ($users in your example) to be a resource title or an array of resource titles. I find it somewhat surprising that Puppet accepted your hash for the resource titles, but I suppose it flattens the hash into an ordinary array. It would be nice if that elicited at least a warning. Do not be confused by the similar DSL syntax: resource declarations are completely unrelated to hashes at the DSL level. I guess you hoped Puppet would unpack the hash into a resource title and properties, but it just doesn't, and I wouldn't expect it to do. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: How do you handle deleted nodes with exported resources in this situation?
On Jun 7, 11:12 am, Stefan Schulte stefan.schu...@taunusstein.net wrote: On Tue, Jun 07, 2011 at 07:10:22AM -0700, jcbollinger wrote: On Jun 6, 6:40 pm, Larry Ludwig larry...@gmail.com wrote: I have an issue where for a file type of an exported resource I must define as such: force = false, replace = false, Meaning the file is created, but do not replace after it's added. I do this because of the app modifies the config file after (I know bad idea on their part). How can I ensure this file is removed when I remove the node from the storeconfig database? You can download the puppet sources. In the ext Directory you'll find a script »puppetstoredconfigclean.rb NODE_TO_BE_REMOVED«. AFAIK the script will set the ensure property of all exported resources of the specified host to absent. Nice. Do I judge correctly that this is an *alternative* to actually removing the node in question from the storeconfig DB? I mean, otherwise, there are no resources in the DB to flag absent. If you already have removed the node and its resources from the DB, then I can't imagine that such a script could help. I guess you could actually clean out the DB later, after you're confident that the revised exported resources have been applied everywhere needed. Note also that conceivably there can be exported resources for which ensure = absent is not the correct cleanup. That may be more theoretical than practical, however. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Virtual resources and hashes
On Jun 8, 2011, at 8:45 AM, Aaron Grewell wrote: Here's the thing though: since arrays are the only native method of looping, Puppet needs to handle arrays of all native types well. If it doesn't, from an end-user perspective that's broken. See, there's the crux of the issue: arrays are *not* a method of looping. Puppet's DSL is declarative, not procedural (imperative). What you are thinking of as looping is simply a convenient shorthand (syntactic sugar is the appropriate term). If you are thinking in procedural terms (which we've all done at one point or another), you're simply going to run around in circles ranting that Puppet is broken until you get your head wrapped around its declarative nature (much like I did/do). Puppet is not procedural. Never has been, never will be. You can probably meet your needs by thinking about the desired state in different terms and using extlookup, or using custom functions. If you are really insane, you can modify the Puppet backend to execute a file and read the output instead of reading the file directly, which might allow you to dynamically generate the manifests you want applied, though the added complexity may well be a net loss. In short, if you are thinking procedural, then you have not yet drunk the Kool-Aide. Join us. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Virtual resources and hashes
Here's the thing though: since arrays are the only native method of looping, Puppet needs to handle arrays of all native types well. If it doesn't, from an end-user perspective that's broken. On Wed, Jun 8, 2011 at 8:36 AM, jcbollinger john.bollin...@stjude.orgwrote: On Jun 7, 6:15 pm, Aaron Grewell aaron.grew...@gmail.com wrote: Hmmm, either I'm doing something wrong or virtual resources are incompatible with hashes. I think it's a mix of about two parts doing something wrong to one part incompatible, coming out to more or less Puppet doesn't do what I wish it would. When I do this: $users = [{ username = bill, uid = 12345 }, { username = ted, uid = 12346 }] define usertest ($alias = $name[username]) { user {$name[username]: ensure = present, uid= $name[uid] }} @usertest { $users: } realize Usertest[bill] I get this: warning: alias is a metaparam; this value will inherit to all contained resources Failed to realize virtual resources Usertest[bill] on node Which seems unfortunate. Hash support is a really cool idea but I keep tripping over parts of Puppet that don't handle it well. In a resource declaration, Puppet expects the value or variable preceding the colon ($users in your example) to be a resource title or an array of resource titles. I find it somewhat surprising that Puppet accepted your hash for the resource titles, but I suppose it flattens the hash into an ordinary array. It would be nice if that elicited at least a warning. Do not be confused by the similar DSL syntax: resource declarations are completely unrelated to hashes at the DSL level. I guess you hoped Puppet would unpack the hash into a resource title and properties, but it just doesn't, and I wouldn't expect it to do. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: New Puppet report processors...
treydock wrote: My [master] has : report = true reports = http, store, xmpp pluginsync = true The [agent] includes: report = true listen = true pluginsync = true The second agent I tested with also has the same configuration as the above [agent] Correct, the xmpp.yaml has all that information. What I was asking about the remote client not having mail.yaml is I enabled pluginsync on the remove client to see if the results would differ and it failed stating the mail.yaml was missing (locally on the client). But if the repots = xmpp is only defined for [master] then should I not include pluginsync = true on the clients? So you don't have anything like the line: Sending status for name.of.host to XMMP user jabber.user in your Puppet master syslog. Regards James -- James Turnbull Puppet Labs 1-503-734-8571 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Virtual resources and hashes
If you look at what I tried to do you'll realize that's not the case. I understand what you're saying, but the issue is one of Puppet not supporting its own 'syntactic sugar' consistently. I created an array (this is not a convenience for a large number of machines, it's a requirement) but since it's an array of hashes rather than an array of strings it doesn't work right. That's a bug, plain and simple. There's no point in having hashes if we can't use defines or virtuals with them without breakage. On Wed, Jun 8, 2011 at 9:01 AM, Brian Gallew g...@gallew.org wrote: On Jun 8, 2011, at 8:45 AM, Aaron Grewell wrote: Here's the thing though: since arrays are the only native method of looping, Puppet needs to handle arrays of all native types well. If it doesn't, from an end-user perspective that's broken. See, there's the crux of the issue: arrays are *not* a method of looping. Puppet's DSL is declarative, not procedural (imperative). What you are thinking of as looping is simply a convenient shorthand (syntactic sugar is the appropriate term). If you are thinking in procedural terms (which we've all done at one point or another), you're simply going to run around in circles ranting that Puppet is broken until you get your head wrapped around its declarative nature (much like I did/do). Puppet is not procedural. Never has been, never will be. You can probably meet your needs by thinking about the desired state in different terms and using extlookup, or using custom functions. If you are really insane, you can modify the Puppet backend to execute a file and read the output instead of reading the file directly, which might allow you to dynamically generate the manifests you want applied, though the added complexity may well be a net loss. In short, if you are thinking procedural, then you have not yet drunk the Kool-Aide. Join us. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: How do you handle deleted nodes with exported resources in this situation?
On Jun 8, 2011, at 8:50 AM, jcbollinger wrote: On Jun 7, 11:12 am, Stefan Schulte stefan.schu...@taunusstein.net wrote: You can download the puppet sources. In the ext Directory you'll find a script »puppetstoredconfigclean.rb NODE_TO_BE_REMOVED«. AFAIK the script will set the ensure property of all exported resources of the specified host to absent. Nice. Do I judge correctly that this is an *alternative* to actually removing the node in question from the storeconfig DB? I mean, otherwise, there are no resources in the DB to flag absent. If you already have removed the node and its resources from the DB, then I can't imagine that such a script could help. My experience is that this script actually purges all of the resources, facts, reports, etc. from the storedconfigs repository. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: New Puppet report processors...
Hi, These sample reports have been very useful, thanks! Is there is a way to only send a report once every 24 hours (say)? For example, I want to know about failed runs, but not every time someone is hacking around, changing something, re-running etc. I can think of all sorts of workarounds, just wondering if there's something built in to help here. Thanks Craig. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Virtual resources and hashes
On Tue, Jun 7, 2011 at 4:15 PM, Aaron Grewell aaron.grew...@gmail.com wrote: $users = [{ username = bill, uid = 12345 }, { username = ted, uid = 12346 }] Aaron, I think this is a completely sane request. We've talked about it before, but I can't find an existing ticket. This one seems close, but very old; will you take a look? http://projects.puppetlabs.com/issues/1858 If we can work out a good syntax we'll put this on the roadmap. I know some of our PS guys are eager for it, too. r -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: New Puppet report processors...
Craig wrote: Hi, These sample reports have been very useful, thanks! Is there is a way to only send a report once every 24 hours (say)? For example, I want to know about failed runs, but not every time someone is hacking around, changing something, re-running etc. I can think of all sorts of workarounds, just wondering if there's something built in to help here. There isn't currently - all of the report processors that trigger on failed runs trigger on all failed runs. I would suggest as an aside/workaround that you turn off notification-style reporting in your test environment (where I presume people are doing this hacking around :) ). My assumption is production Puppet runs that fail are important but you might not care about dev/test so much. Regards James -- James Turnbull Puppet Labs 1-503-734-8571 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Installing Virtualbox on Mac osx with pkg dmg provider
On Wed, Jun 8, 2011 at 6:13 AM, Marc marcol...@gmail.com wrote: Hello I can't manage to install VB on osx via puppet and pkgdmg provider.*Jun 8 15:02:29 info-starbuck installer[85815]: * *./postflight: Register file extensions for * *Jun 8 15:02:29 info-starbuck installer[85815]: ./postflight: sudo: unknown user: * This is your problem. The postflight scripts aren't correctly dealing with headless installation without an interactive session. If you look at postflight, it's probably doing something dumb that should be fixed. Those lines above indicate that it's not finding a user when you compare it to the interactive install. *Jun 7 12:44:17 info-roslin installer[6404]: ./postflight: Register file extensions for root* * * -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Virtual resources and hashes
I suspect the root of the problem I'm running into may be the simple nature of $name. It's not capable of being an arbitrary object. I consider that an architectural issue in a system that supports hashes which are structured objects that can't really be reduced to a string. IMHO for a future version there should be a $object (or similar) builtin for handling hashes as names/titles of resources. $name should magic-map to $object[name] for hash-type objects to make life easier for those of us who want to use hashes. On Wed, Jun 8, 2011 at 9:33 AM, Aaron Grewell aaron.grew...@gmail.comwrote: If you look at what I tried to do you'll realize that's not the case. I understand what you're saying, but the issue is one of Puppet not supporting its own 'syntactic sugar' consistently. I created an array (this is not a convenience for a large number of machines, it's a requirement) but since it's an array of hashes rather than an array of strings it doesn't work right. That's a bug, plain and simple. There's no point in having hashes if we can't use defines or virtuals with them without breakage. On Wed, Jun 8, 2011 at 9:01 AM, Brian Gallew g...@gallew.org wrote: On Jun 8, 2011, at 8:45 AM, Aaron Grewell wrote: Here's the thing though: since arrays are the only native method of looping, Puppet needs to handle arrays of all native types well. If it doesn't, from an end-user perspective that's broken. See, there's the crux of the issue: arrays are *not* a method of looping. Puppet's DSL is declarative, not procedural (imperative). What you are thinking of as looping is simply a convenient shorthand (syntactic sugar is the appropriate term). If you are thinking in procedural terms (which we've all done at one point or another), you're simply going to run around in circles ranting that Puppet is broken until you get your head wrapped around its declarative nature (much like I did/do). Puppet is not procedural. Never has been, never will be. You can probably meet your needs by thinking about the desired state in different terms and using extlookup, or using custom functions. If you are really insane, you can modify the Puppet backend to execute a file and read the output instead of reading the file directly, which might allow you to dynamically generate the manifests you want applied, though the added complexity may well be a net loss. In short, if you are thinking procedural, then you have not yet drunk the Kool-Aide. Join us. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] how do I tell puppet do nothing if the condition is true
Hi, I have a piece of puppet code. I want puppet do nothing if it is true. How do I do that? Of course this code would not code. exec { 'runlevel': command = $is_virtual ? { 'false' = /bin/sed -i 's/id:3:initdefault:/id: 5:initdefault:/' /etc/inittab, 'true' = 'tell puppet do nothing', }, } -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: New Puppet report processors...
I don't have any lines like that no. Could the daemon line for puppetmaster be effecting this? Is the -- reports option necessary since my puppet.conf has that specified? PUPPETMASTER_EXTRA_OPTS=--reports puppet_dashboard --debug Other than that and my puppet.conf I haven't found any further configurations I've implemented effecting use of reports Thanks - Trey On Jun 8, 10:57 am, James Turnbull ja...@puppetlabs.com wrote: treydock wrote: My [master] has : report = true reports = http, store, xmpp pluginsync = true The [agent] includes: report = true listen = true pluginsync = true The second agent I tested with also has the same configuration as the above [agent] Correct, the xmpp.yaml has all that information. What I was asking about the remote client not having mail.yaml is I enabled pluginsync on the remove client to see if the results would differ and it failed stating the mail.yaml was missing (locally on the client). But if the repots = xmpp is only defined for [master] then should I not include pluginsync = true on the clients? So you don't have anything like the line: Sending status for name.of.host to XMMP user jabber.user in your Puppet master syslog. Regards James -- James Turnbull Puppet Labs 1-503-734-8571 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet Support for OSX
On Wed, Jun 8, 2011 at 8:00 AM, James Turnbull ja...@puppetlabs.com wrote: Mister IT Guru wrote: Hi guys – I was wondering how well puppet performs on OSX. Anyone here had any experience using puppet under OSX? Very well and it's well supported. Google uses it to manage their internal OSX desktops as do a number of other companies, universities, etc. Apart from services, users, groups, etc, we have some interesting native types for Puppet on OS X like the authorization framework one. This is something that's rather difficult to manage with any other tool ~ nbk $ puppet resource macauthorization com.apple.airport.network macauthorization { 'com.apple.airport.network': ensure = 'present', auth_class = 'rule', auth_type = 'right', comment= 'For restricting network selection to administrative users', k_of_n = '1', rule = ['authenticate-admin', 'default'], } ~ nbk $ puppet resource macauthorization com.apple.airport.power macauthorization { 'com.apple.airport.power': ensure = 'present', auth_class = 'rule', auth_type = 'right', comment= 'For restricting AirPort power changes to administrative users', k_of_n = '1', rule = ['authenticate-admin', 'default'], } -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] how do I tell puppet do nothing if the condition is true
On Wed, Jun 8, 2011 at 11:01 AM, hyzhang hyzh...@jcvi.org wrote: Hi, I have a piece of puppet code. I want puppet do nothing if it is true. How do I do that? Of course this code would not code. exec { 'runlevel': command = $is_virtual ? { 'false' = /bin/sed -i 's/id:3:initdefault:/id: 5:initdefault:/' /etc/inittab, 'true' = 'tell puppet do nothing', }, } Move the conditional outside the resource. It's much much easier to read. if $is_virtual == false { # put your exec resource here } -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Nigel Kersten Product, Puppet Labs @nigelkersten -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Virtual resources and hashes
The request in the ticket is related but might not solve the same problem. What I think I'm looking for is the generic ability to specify an array of hashes as a resource title and have Puppet handle it intelligently (that is, produce a locally scoped hash split from the array and easily accessible inside the resource specification as well as knowing what value it should use for $name or supporting e.g. $alias = hash[key] for specifying the appropriate value). The reason I think that's preferable to the ability to transform a hash to a resource is because it will work everywhere. What I don't know is whether the hash - resource transform can be made to declare an instance of a define(). If so, it would handle my needs quite well. If OTOH it will only declare native resource types then it won't do all of what I'm looking for. It would be a step in the right direction though. On Wed, Jun 8, 2011 at 10:17 AM, Randall Hansen rand...@puppetlabs.comwrote: On Tue, Jun 7, 2011 at 4:15 PM, Aaron Grewell aaron.grew...@gmail.com wrote: $users = [{ username = bill, uid = 12345 }, { username = ted, uid = 12346 }] Aaron, I think this is a completely sane request. We've talked about it before, but I can't find an existing ticket. This one seems close, but very old; will you take a look? http://projects.puppetlabs.com/issues/1858 If we can work out a good syntax we'll put this on the roadmap. I know some of our PS guys are eager for it, too. r -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Virtual resources and hashes
On Jun 8, 11:33 am, Aaron Grewell aaron.grew...@gmail.com wrote: If you look at what I tried to do you'll realize that's not the case. I understand what you're saying, but the issue is one of Puppet not supporting its own 'syntactic sugar' consistently. I created an array (this is not a convenience for a large number of machines, it's a requirement) but since it's an array of hashes rather than an array of strings it doesn't work right. Correction: it doesn't work the way you wish it would. Perhaps it defies your intuition, but that doesn't make it wrong. I concur with Brian that you seem to be thinking about Puppet DSL in declarative terms, and that that really doesn't work. There are a lot variations on that theme, but perhaps you're running into this one: Puppet defined types are not analogous to C macros; rather they are bona fide resource types implemented via Puppet DSL. People typically hit that from a different angle, but it smacks of the same thinking that you even consider using a hash as a resource title, much less expect the $name variable inside the definition body to refer to the actual object presented as the title of an instance. Here are some other things you need to know: The $name variable in a definition body contains the title of an instance of the definition. It is a string, by definition. Whatever object is presented as a resource title is converted to a string or to an array of strings, to yield one or more resource titles. If the object is neither a string nor an array of strings then the result will probably not be what you wanted, but it is entirely consistent. That's a bug, plain and simple. There's no point in having hashes if we can't use defines or virtuals with them without breakage. It seems a little hasty to call bug and declare breakage over a feature you wish Puppet had. Especially so when that feature would be inconsistent with the rest of Puppet. I do agree that Puppet hashes are less useful than someone with a background in, say, Perl might expect. I never use them myself, but some find them useful. As for having to use an array, much less an array of hashes, how does that benefit your example manifest over this: define usertest ($uid) { user { $name: ensure = present, uid= $uid } } @usertest { bill: uid = 12345; ted: uid = 12346; } realize Usertest[bill] That's both cleaner and less verbose than your version, and it scales just as well with the number of users. In particular, compare your initialization of $users with the @usertest declarations in my version. Also, mine will work (modulo any typos that may have crept in). I use something much like it myself. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Virtual resources and hashes
On Jun 8, 12:17 pm, Randall Hansen rand...@puppetlabs.com wrote: On Tue, Jun 7, 2011 at 4:15 PM, Aaron Grewell aaron.grew...@gmail.com wrote: $users = [{ username = bill, uid = 12345 }, { username = ted, uid = 12346 }] Aaron, I think this is a completely sane request. We've talked about it before, but I can't find an existing ticket. This one seems close, but very old; will you take a look?http://projects.puppetlabs.com/issues/1858 If we can work out a good syntax we'll put this on the roadmap. I know some of our PS guys are eager for it, too. I agree that the concept is reasonable, but I suggest that you consider implementing it as a new built-in function. Puppet's current DSL syntax is arcane enough already -- consider all the feedback from PC EU to that effect. A function for this purpose might be something like this: declare($type, $properties, $title_key=title) $type: the name of the resource type $properties: a hash or array of hashes of properties for the resources to declare $title_key: the key, which must be present in each hash, from which the title of the corresponding resource instance is obtained Probably you also need a parameter to select concrete vs. virtual vs. exported declaration, or else different flavors of the function to support those alternatives. Example: $users = [ { username = bill, uid = 501 }, { username = ted, uid = 502 } ] declare(User, $users, username) Be excellent to each other, John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Virtual resources and hashes
All I'm saying is that I think hashes should be first-class citizens in Puppet and right now they're not. Every other object can be placed in an array and easily and scalably declared. Hashes are special because you can declare them like anything else, but you can't use them like anything else. It may not be a bug but it violates the principle of least surprise and leaves the newbie confused. On Wed, Jun 8, 2011 at 11:46 AM, jcbollinger john.bollin...@stjude.orgwrote: On Jun 8, 11:33 am, Aaron Grewell aaron.grew...@gmail.com wrote: If you look at what I tried to do you'll realize that's not the case. I understand what you're saying, but the issue is one of Puppet not supporting its own 'syntactic sugar' consistently. I created an array (this is not a convenience for a large number of machines, it's a requirement) but since it's an array of hashes rather than an array of strings it doesn't work right. Correction: it doesn't work the way you wish it would. Perhaps it defies your intuition, but that doesn't make it wrong. I concur with Brian that you seem to be thinking about Puppet DSL in declarative terms, and that that really doesn't work. There are a lot variations on that theme, but perhaps you're running into this one: Puppet defined types are not analogous to C macros; rather they are bona fide resource types implemented via Puppet DSL. People typically hit that from a different angle, but it smacks of the same thinking that you even consider using a hash as a resource title, much less expect the $name variable inside the definition body to refer to the actual object presented as the title of an instance. Here are some other things you need to know: The $name variable in a definition body contains the title of an instance of the definition. It is a string, by definition. Whatever object is presented as a resource title is converted to a string or to an array of strings, to yield one or more resource titles. If the object is neither a string nor an array of strings then the result will probably not be what you wanted, but it is entirely consistent. That's a bug, plain and simple. There's no point in having hashes if we can't use defines or virtuals with them without breakage. It seems a little hasty to call bug and declare breakage over a feature you wish Puppet had. Especially so when that feature would be inconsistent with the rest of Puppet. I do agree that Puppet hashes are less useful than someone with a background in, say, Perl might expect. I never use them myself, but some find them useful. As for having to use an array, much less an array of hashes, how does that benefit your example manifest over this: define usertest ($uid) { user { $name: ensure = present, uid= $uid } } @usertest { bill: uid = 12345; ted: uid = 12346; } realize Usertest[bill] That's both cleaner and less verbose than your version, and it scales just as well with the number of users. In particular, compare your initialization of $users with the @usertest declarations in my version. Also, mine will work (modulo any typos that may have crept in). I use something much like it myself. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Creating Users and Hashing it's password.
Hi everyone I would like to first of all say thanks to anyone willing to help me. I was tasked with creating a Admin account using puppet to push to all of our Macs that we have deployed around the Campus. user {'sysop': #uid = 500, #groups = 'admin', comment= 'Sysop', ensure= present, home = '/home/sysop', shell = '/bin/bash', managehome = true, password= 'Haven't figured out the best way to hash a password and put it in here., } That's what I have so far, I don't believe I understand how Hash works completely. The way I understand it is it will have a hash in the password field and it will compare it to other hashes to match what the password would be. So what I was hoping to get help on (or anything i've done wrong or you would recommend me doing different) is how do i set a resource for the hash do i put it in my files directory and then point it to there is there anything special I have to do so puppet understands that it's hash. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Creating Users and Hashing it's password.
What I do is set the password on one host, and then copy the hash out of /etc/shadow into the Puppet definition to be set on the other hosts. By default the Puppet providers expect that the password field will be hashed as used on the system, not plaintext. -- Nathan Clemons http://www.livemocha.com The worlds largest online language learning community On Wed, Jun 8, 2011 at 12:08 PM, vella1tj vella...@gmail.com wrote: Hi everyone I would like to first of all say thanks to anyone willing to help me. I was tasked with creating a Admin account using puppet to push to all of our Macs that we have deployed around the Campus. user {'sysop': #uid = 500, #groups = 'admin', comment= 'Sysop', ensure= present, home = '/home/sysop', shell = '/bin/bash', managehome = true, password= 'Haven't figured out the best way to hash a password and put it in here., } That's what I have so far, I don't believe I understand how Hash works completely. The way I understand it is it will have a hash in the password field and it will compare it to other hashes to match what the password would be. So what I was hoping to get help on (or anything i've done wrong or you would recommend me doing different) is how do i set a resource for the hash do i put it in my files directory and then point it to there is there anything special I have to do so puppet understands that it's hash. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Creating Users and Hashing it's password.
so If I changed it to user {'sysop': #uid = 500, #groups = 'admin', comment= 'Sysop', ensure= present, home = '/home/sysop', shell = '/bin/bash', managehome = true, password= Hash } Hash being the hash from /etc/shadow that would be all I needed? On Jun 8, 3:12 pm, Nathan Clemons nat...@livemocha.com wrote: What I do is set the password on one host, and then copy the hash out of /etc/shadow into the Puppet definition to be set on the other hosts. By default the Puppet providers expect that the password field will be hashed as used on the system, not plaintext. -- Nathan Clemonshttp://www.livemocha.com The worlds largest online language learning community On Wed, Jun 8, 2011 at 12:08 PM, vella1tj vella...@gmail.com wrote: Hi everyone I would like to first of all say thanks to anyone willing to help me. I was tasked with creating a Admin account using puppet to push to all of our Macs that we have deployed around the Campus. user {'sysop': #uid = 500, #groups = 'admin', comment = 'Sysop', ensure = present, home = '/home/sysop', shell = '/bin/bash', managehome = true, password = 'Haven't figured out the best way to hash a password and put it in here., } That's what I have so far, I don't believe I understand how Hash works completely. The way I understand it is it will have a hash in the password field and it will compare it to other hashes to match what the password would be. So what I was hoping to get help on (or anything i've done wrong or you would recommend me doing different) is how do i set a resource for the hash do i put it in my files directory and then point it to there is there anything special I have to do so puppet understands that it's hash. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] how do I tell puppet do nothing if the condition is true
On Jun 8, 2011, at 11:01 AM, hyzhang wrote: Hi, I have a piece of puppet code. I want puppet do nothing if it is true. How do I do that? Of course this code would not code. exec { 'runlevel': command = $is_virtual ? { 'false' = /bin/sed -i 's/id:3:initdefault:/id: 5:initdefault:/' /etc/inittab, 'true' = 'tell puppet do nothing', }, } Also, so it doesn't run every time, consider putting a grep whatever as a run condition. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Virtual resources and hashes
On Wed, Jun 8, 2011 at 12:07 PM, Aaron Grewell aaron.grew...@gmail.com wrote: All I'm saying is that I think hashes should be first-class citizens in Puppet and right now they're not. I agree with that as a high-level problem statement, but to make progress we need to put legs on it. John's got one possibility: a new built-in function. I agree with him that the DSL is too crufty, but I don't think this needs to add to it if done well. Here's another possibility, I think: http://groups.google.com/group/puppet-users/browse_thread/thread/162d86ed39d6d8da What do you think? I must admit not to understand all the details. As D. UX I mostly try to squeeze ideas out of other people. :) I'll try to keep the conversation going and help us coalesce around the details, but I'll need help from people who really have skin in the game. Thanks, r -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: New Puppet report processors...
On 2011 6 8 20:16, Craig craigmsm...@blueyonder.co.uk wrote: Hi, These sample reports have been very useful, thanks! Is there is a way to only send a report once every 24 hours (say)? For example, I want to know about failed runs, but not every time someone is hacking around, changing something, re-running etc. I can think of all sorts of workarounds, just wondering if there's something built in to help here. Foreman got a summary report support, where you can see / email an overview over time (eg last 24 hours), and can even filter out results (dont shoe dev hosts). Ohad Thanks Craig. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Virtual resources and hashes
We've looked at two different possibilities thus far: 1) Make all resource types hash-aware. This is what I was originally asking for. It would mean changing the way resources are declared so that in the case of a hash their representation of $name was appropriate for use with defines and virtuals. This could either be done by requiring the hash to have a 'name' key and using that or by creating a metaparameter like hash_key so it could be user-specified. The hash itself would need to be passed to the resource in the same way as $name but with a different identifier so that its keys could be accessed inside the resource as e.g. $data[key]. The upside of this is that it should work universally and conceptually match the rest of Puppet, the downsides I see so far are that its implementation might well be intrusive and it might also add to the DSL. 2) Create a hash - resource transformation function. If I understood John correctly this is what he was in favor of. The upside of this is it should be less intrusive, easier to implement, and require no DSL changes. The downside is that it still makes hashes special and requires separate handling of them. On Wed, Jun 8, 2011 at 12:58 PM, Randall Hansen rand...@puppetlabs.comwrote: On Wed, Jun 8, 2011 at 12:07 PM, Aaron Grewell aaron.grew...@gmail.com wrote: All I'm saying is that I think hashes should be first-class citizens in Puppet and right now they're not. I agree with that as a high-level problem statement, but to make progress we need to put legs on it. John's got one possibility: a new built-in function. I agree with him that the DSL is too crufty, but I don't think this needs to add to it if done well. Here's another possibility, I think: http://groups.google.com/group/puppet-users/browse_thread/thread/162d86ed39d6d8da What do you think? I must admit not to understand all the details. As D. UX I mostly try to squeeze ideas out of other people. :) I'll try to keep the conversation going and help us coalesce around the details, but I'll need help from people who really have skin in the game. Thanks, r -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: how do I tell puppet do nothing if the condition is true
Thank you all. That works! -Haiyan On Jun 8, 3:28 pm, Patrick kc7...@gmail.com wrote: On Jun 8, 2011, at 11:01 AM, hyzhang wrote: Hi, I have a piece of puppet code. I want puppet do nothing if it is true. How do I do that? Of course this code would not code. exec { 'runlevel': command = $is_virtual ? { 'false' = /bin/sed -i 's/id:3:initdefault:/id: 5:initdefault:/' /etc/inittab, 'true' = 'tell puppet do nothing', }, } Also, so it doesn't run every time, consider putting a grep whatever as a run condition. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] How to do array interpolation?
Hello all, sort of a puppet newbie here, I have some constructs that are like so: class hosts { file {/etc/hosts: owner = root, group = root, mode = 644, source = [puppet://puppet/files/etc/hosts.$hostname, puppet://puppet/files/etc/hosts.$operatingsystem, puppet://puppet/files/etc/hosts] } } And I have lots of them, for various reasons. It seems like a real waste to have to keep on typing out those 3-5 lines for where the source of these things are from. So I thought I could do something like the following. Having all those variables in one place, being able to add to the search path easily: $base = puppet://puppet.foo.bar/files $search = [ ${base}/${host}, ${base}/${operatingsystem}, ${base}/default ] class hosts { file {/etc/hosts: owner = root, group = root, mode = 644, source = ${search}/etc/hosts; } } But that definitely does not do what I thought it would. Anyone have a method of making the above type of thing work? -Toby. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: New Puppet report processors...
treydock wrote: I don't have any lines like that no. Could the daemon line for puppetmaster be effecting this? Is the -- reports option necessary since my puppet.conf has that specified? PUPPETMASTER_EXTRA_OPTS=--reports puppet_dashboard --debug Other than that and my puppet.conf I haven't found any further configurations I've implemented effecting use of reports Specifying --reports on the command line in PUPPETMASTER_EXTRA_OPTS I am pretty sure will override the puppet.conf configuration rather than add to it. I'd take it out of there and put it into puppet.conf on the master. Regards James Turnbull -- James Turnbull Puppet Labs 1-503-734-8571 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Virtual resources and hashes
On Wed, Jun 8, 2011 at 1:36 PM, Aaron Grewell aaron.grew...@gmail.comwrote: We've looked at two different possibilities thus far: 1) Make all resource types hash-aware. This is what I was originally asking for. It would mean changing the way resources are declared so that in the case of a hash their representation of $name was appropriate for use with defines and virtuals. This could either be done by requiring the hash to have a 'name' key and using that or by creating a metaparameter like hash_key so it could be user-specified. The hash itself would need to be passed to the resource in the same way as $name but with a different identifier so that its keys could be accessed inside the resource as e.g. $data[key]. The upside of this is that it should work universally and conceptually match the rest of Puppet, the downsides I see so far are that its implementation might well be intrusive and it might also add to the DSL. 2) Create a hash - resource transformation function. If I understood John correctly this is what he was in favor of. The upside of this is it should be less intrusive, easier to implement, and require no DSL changes. The downside is that it still makes hashes special and requires separate handling of them. 2.7.x merged the older hash2resource function as create_resource https://github.com/puppetlabs/puppet/blob/2.7.x/lib/puppet/parser/functions/create_resources.rb I'm actually not sure where the definitive home for hash2resource is, perhaps someone else will chime in. On Wed, Jun 8, 2011 at 12:58 PM, Randall Hansen rand...@puppetlabs.comwrote: On Wed, Jun 8, 2011 at 12:07 PM, Aaron Grewell aaron.grew...@gmail.com wrote: All I'm saying is that I think hashes should be first-class citizens in Puppet and right now they're not. I agree with that as a high-level problem statement, but to make progress we need to put legs on it. John's got one possibility: a new built-in function. I agree with him that the DSL is too crufty, but I don't think this needs to add to it if done well. Here's another possibility, I think: http://groups.google.com/group/puppet-users/browse_thread/thread/162d86ed39d6d8da What do you think? I must admit not to understand all the details. As D. UX I mostly try to squeeze ideas out of other people. :) I'll try to keep the conversation going and help us coalesce around the details, but I'll need help from people who really have skin in the game. Thanks, r -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Nigel Kersten Product, Puppet Labs @nigelkersten -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Virtual resources and hashes
Nice! More good things to look forward to. :) On Wed, Jun 8, 2011 at 1:58 PM, Nigel Kersten ni...@puppetlabs.com wrote: On Wed, Jun 8, 2011 at 1:36 PM, Aaron Grewell aaron.grew...@gmail.comwrote: We've looked at two different possibilities thus far: 1) Make all resource types hash-aware. This is what I was originally asking for. It would mean changing the way resources are declared so that in the case of a hash their representation of $name was appropriate for use with defines and virtuals. This could either be done by requiring the hash to have a 'name' key and using that or by creating a metaparameter like hash_key so it could be user-specified. The hash itself would need to be passed to the resource in the same way as $name but with a different identifier so that its keys could be accessed inside the resource as e.g. $data[key]. The upside of this is that it should work universally and conceptually match the rest of Puppet, the downsides I see so far are that its implementation might well be intrusive and it might also add to the DSL. 2) Create a hash - resource transformation function. If I understood John correctly this is what he was in favor of. The upside of this is it should be less intrusive, easier to implement, and require no DSL changes. The downside is that it still makes hashes special and requires separate handling of them. 2.7.x merged the older hash2resource function as create_resource https://github.com/puppetlabs/puppet/blob/2.7.x/lib/puppet/parser/functions/create_resources.rb I'm actually not sure where the definitive home for hash2resource is, perhaps someone else will chime in. On Wed, Jun 8, 2011 at 12:58 PM, Randall Hansen rand...@puppetlabs.comwrote: On Wed, Jun 8, 2011 at 12:07 PM, Aaron Grewell aaron.grew...@gmail.com wrote: All I'm saying is that I think hashes should be first-class citizens in Puppet and right now they're not. I agree with that as a high-level problem statement, but to make progress we need to put legs on it. John's got one possibility: a new built-in function. I agree with him that the DSL is too crufty, but I don't think this needs to add to it if done well. Here's another possibility, I think: http://groups.google.com/group/puppet-users/browse_thread/thread/162d86ed39d6d8da What do you think? I must admit not to understand all the details. As D. UX I mostly try to squeeze ideas out of other people. :) I'll try to keep the conversation going and help us coalesce around the details, but I'll need help from people who really have skin in the game. Thanks, r -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Nigel Kersten Product, Puppet Labs @nigelkersten -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Creating Users and Hashing it's password.
Hi, If your password hash has any $ in it the ... will puppet make try to expand it. You need password = '$1$effggfdg' (single quotes). cheers, Den On 09/06/2011, at 5:18, vella1tj vella...@gmail.com wrote: so If I changed it to user {'sysop': #uid = 500, #groups = 'admin', comment= 'Sysop', ensure= present, home = '/home/sysop', shell = '/bin/bash', managehome = true, password= Hash } Hash being the hash from /etc/shadow that would be all I needed? On Jun 8, 3:12 pm, Nathan Clemons nat...@livemocha.com wrote: What I do is set the password on one host, and then copy the hash out of /etc/shadow into the Puppet definition to be set on the other hosts. By default the Puppet providers expect that the password field will be hashed as used on the system, not plaintext. -- Nathan Clemonshttp://www.livemocha.com The worlds largest online language learning community On Wed, Jun 8, 2011 at 12:08 PM, vella1tj vella...@gmail.com wrote: Hi everyone I would like to first of all say thanks to anyone willing to help me. I was tasked with creating a Admin account using puppet to push to all of our Macs that we have deployed around the Campus. user {'sysop': #uid = 500, #groups = 'admin', comment= 'Sysop', ensure= present, home = '/home/sysop', shell = '/bin/bash', managehome = true, password= 'Haven't figured out the best way to hash a password and put it in here., } That's what I have so far, I don't believe I understand how Hash works completely. The way I understand it is it will have a hash in the password field and it will compare it to other hashes to match what the password would be. So what I was hoping to get help on (or anything i've done wrong or you would recommend me doing different) is how do i set a resource for the hash do i put it in my files directory and then point it to there is there anything special I have to do so puppet understands that it's hash. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Creating Users and Hashing it's password.
On Wed, Jun 8, 2011 at 2:11 PM, Denmat tu2bg...@gmail.com wrote: Hi, If your password hash has any $ in it the ... will puppet make try to expand it. You need password = '$1$effggfdg' (single quotes). I like using puppet resource for this. Set the password for an account, and use puppet resource to generate the manifest, removing the attributes you don't want to manage. user { 'nigel': ensure = 'present', comment = 'nigel,,,', gid = '1000', groups = ['dialout', 'cdrom', 'floppy', 'audio', 'video', 'plugdev'], home = '/home/nigel', password = '$6$fPUohVXH$bYZY38RJIKKUK9fF6U/taOZfOwFdRoBnRkZOV71lGIWVMj96nOwWOAMp5EGbfJUjbrnHP/EvszbRkZgWYRkL3.', password_max_age = '9', password_min_age = '0', shell= '/bin/bash', uid = '1000', } That's a test account. The password is trivial enough that you can probably crack it :) cheers, Den On 09/06/2011, at 5:18, vella1tj vella...@gmail.com wrote: so If I changed it to user {'sysop': #uid = 500, #groups = 'admin', comment= 'Sysop', ensure= present, home = '/home/sysop', shell = '/bin/bash', managehome = true, password= Hash } Hash being the hash from /etc/shadow that would be all I needed? On Jun 8, 3:12 pm, Nathan Clemons nat...@livemocha.com wrote: What I do is set the password on one host, and then copy the hash out of /etc/shadow into the Puppet definition to be set on the other hosts. By default the Puppet providers expect that the password field will be hashed as used on the system, not plaintext. -- Nathan Clemonshttp://www.livemocha.com The worlds largest online language learning community On Wed, Jun 8, 2011 at 12:08 PM, vella1tj vella...@gmail.com wrote: Hi everyone I would like to first of all say thanks to anyone willing to help me. I was tasked with creating a Admin account using puppet to push to all of our Macs that we have deployed around the Campus. user {'sysop': #uid = 500, #groups = 'admin', comment= 'Sysop', ensure= present, home = '/home/sysop', shell = '/bin/bash', managehome = true, password= 'Haven't figured out the best way to hash a password and put it in here., } That's what I have so far, I don't believe I understand how Hash works completely. The way I understand it is it will have a hash in the password field and it will compare it to other hashes to match what the password would be. So what I was hoping to get help on (or anything i've done wrong or you would recommend me doing different) is how do i set a resource for the hash do i put it in my files directory and then point it to there is there anything special I have to do so puppet understands that it's hash. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Nigel Kersten Product, Puppet Labs @nigelkersten -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Creating Users and Hashing it's password.
On Wed, Jun 8, 2011 at 2:38 PM, Nigel Kersten ni...@puppetlabs.com wrote: On Wed, Jun 8, 2011 at 2:11 PM, Denmat tu2bg...@gmail.com wrote: Hi, If your password hash has any $ in it the ... will puppet make try to expand it. You need password = '$1$effggfdg' (single quotes). I like using puppet resource for this. Set the password for an account, and use puppet resource to generate the manifest, removing the attributes you don't want to manage. I forgot to show the actual command: $ puppet resource user nigel user { 'nigel': ensure = 'present', comment = 'nigel,,,', gid = '1000', groups = ['dialout', 'cdrom', 'floppy', 'audio', 'video', 'plugdev'], home = '/home/nigel', password = '$6$fPUohVXH$bYZY38RJIKKUK9fF6U/taOZfOwFdRoBnRkZOV71lGIWVMj96nOwWOAMp5EGbfJUjbrnHP/EvszbRkZgWYRkL3.', password_max_age = '9', password_min_age = '0', shell= '/bin/bash', uid = '1000', } That's a test account. The password is trivial enough that you can probably crack it :) cheers, Den On 09/06/2011, at 5:18, vella1tj vella...@gmail.com wrote: so If I changed it to user {'sysop': #uid = 500, #groups = 'admin', comment= 'Sysop', ensure= present, home = '/home/sysop', shell = '/bin/bash', managehome = true, password= Hash } Hash being the hash from /etc/shadow that would be all I needed? On Jun 8, 3:12 pm, Nathan Clemons nat...@livemocha.com wrote: What I do is set the password on one host, and then copy the hash out of /etc/shadow into the Puppet definition to be set on the other hosts. By default the Puppet providers expect that the password field will be hashed as used on the system, not plaintext. -- Nathan Clemonshttp://www.livemocha.com The worlds largest online language learning community On Wed, Jun 8, 2011 at 12:08 PM, vella1tj vella...@gmail.com wrote: Hi everyone I would like to first of all say thanks to anyone willing to help me. I was tasked with creating a Admin account using puppet to push to all of our Macs that we have deployed around the Campus. user {'sysop': #uid = 500, #groups = 'admin', comment= 'Sysop', ensure= present, home = '/home/sysop', shell = '/bin/bash', managehome = true, password= 'Haven't figured out the best way to hash a password and put it in here., } That's what I have so far, I don't believe I understand how Hash works completely. The way I understand it is it will have a hash in the password field and it will compare it to other hashes to match what the password would be. So what I was hoping to get help on (or anything i've done wrong or you would recommend me doing different) is how do i set a resource for the hash do i put it in my files directory and then point it to there is there anything special I have to do so puppet understands that it's hash. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Nigel Kersten Product, Puppet Labs @nigelkersten -- Nigel Kersten Product, Puppet Labs @nigelkersten -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: New Puppet report processors...
That did it! I'm now getting messages over Jabber upon failure!! Is the debug output you refered to earlier, Sending status for name.of.host to XMMP user jabber.user something I would see from Puppet or the Jabber server? I have yet to see similar output, but the IM is now working. Also now that I have this working I tried switching the settings in xmpp.yaml, but am still getting messages on the account from old settings. Is there a cache or location I need to clear for puppet to use the new xmpp.yaml settings? Thanks - Trey On Jun 8, 3:43 pm, James Turnbull ja...@puppetlabs.com wrote: treydock wrote: I don't have any lines like that no. Could the daemon line for puppetmaster be effecting this? Is the -- reports option necessary since my puppet.conf has that specified? PUPPETMASTER_EXTRA_OPTS=--reports puppet_dashboard --debug Other than that and my puppet.conf I haven't found any further configurations I've implemented effecting use of reports Specifying --reports on the command line in PUPPETMASTER_EXTRA_OPTS I am pretty sure will override the puppet.conf configuration rather than add to it. I'd take it out of there and put it into puppet.conf on the master. Regards James Turnbull -- James Turnbull Puppet Labs 1-503-734-8571 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: New Puppet report processors...
Scratch my last question, had to restart puppetmaster. Thanks again for your help and these plugins - Trey On Jun 8, 5:01 pm, treydock treyd...@gmail.com wrote: That did it! I'm now getting messages over Jabber upon failure!! Is the debug output you refered to earlier, Sending status for name.of.host to XMMP user jabber.user something I would see from Puppet or the Jabber server? I have yet to see similar output, but the IM is now working. Also now that I have this working I tried switching the settings in xmpp.yaml, but am still getting messages on the account from old settings. Is there a cache or location I need to clear for puppet to use the new xmpp.yaml settings? Thanks - Trey On Jun 8, 3:43 pm, James Turnbull ja...@puppetlabs.com wrote: treydock wrote: I don't have any lines like that no. Could the daemon line for puppetmaster be effecting this? Is the -- reports option necessary since my puppet.conf has that specified? PUPPETMASTER_EXTRA_OPTS=--reports puppet_dashboard --debug Other than that and my puppet.conf I haven't found any further configurations I've implemented effecting use of reports Specifying --reports on the command line in PUPPETMASTER_EXTRA_OPTS I am pretty sure will override the puppet.conf configuration rather than add to it. I'd take it out of there and put it into puppet.conf on the master. Regards James Turnbull -- James Turnbull Puppet Labs 1-503-734-8571 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Invitación a conectarnos en LinkedIn
LinkedIn Me gustaría añadirte a mi red profesional en LinkedIn. -Daniel Anibal Daniel Anibal Guerrero Bibliotecario en Museo Nacional del Inmigrante- Argentina Confirma que conoces a Daniel Anibal Guerrero https://www.linkedin.com/e/-7o0xwv-goouq8ed-3r/isd/3154013839/BukbDg4B/ -- (c) 2011, LinkedIn Corporation -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: New Puppet report processors...
James, This is all wonderfully helpful and I just spent a little time writing up a Zenoss processor to send an event on failure using XMLRPC::Client, modeled directly after your puppet-zendesk module, replacing the HTTParty guts with XMLRPC guts. I've encountered a problem though (and we can refer to puppet-zendesk code): When I stuff a fail() into a manifest and run, it fails, sends a report to the PM, and the PM logs this: Report zenoss failed: undefined method `status' for #Puppet::Transaction::Report:0x2b626b5ad7c0 The line in question is from zendesk.rb:25 if self.status == 'failed' ... end So, it's breaking there, but when I replace self.status with var and var = 'failed', bypassing the if, the rest of the code works and the event appears in zenoss. I'm running 2.6.4 on the master client. pluginsync is true on both, and reports = zenoss only on the master for this test. Why is self.status not working for me? On May 31, 8:09 am, James Turnbull ja...@puppetlabs.com wrote: Hi all On my TODO list for about a year now has been a tutorial on how easy it is to write Puppet report processors and how much more you can do with them than just email/log/store Puppet report data. Rather than write a whole tutorial I decided to create a whole series of examples of report processors that should: a) Provide some immediate solutions that you can deploy right now, and b) Provide good examples of things you can do with report processing that you can take, fork and modify. All of them are released under the Apache 2.0 license. In that spirit I've created ten new report processors: 1. Reports failed runs to an IRC channel -https://github.com/jamtur01/puppet-irc 2. Reports failed runs and logs to PagerDuty -https://github.com/jamtur01/puppet-pagerduty 3. Reports failed runs to Jabber/XMPP -https://github.com/jamtur01/puppet-xmpp 4. Reports failed runs to Twitter -https://github.com/jamtur01/puppet-twitter 5. Reports failed runs and logs to Campfire -https://github.com/jamtur01/puppet-campfire 6. Reports failed runs to Twilio -https://github.com/jamtur01/puppet-twilio 7. Reports failed runs to Boxcar -https://github.com/jamtur01/puppet-boxcar 8. Reports failed runs to HipChat -https://github.com/jamtur01/puppet-hipchat 9. Sends metrics to a Ganglia server via gmetric -https://github.com/jamtur01/puppet-ganglia 10. Reports failed runs to Growl -https://github.com/jamtur01/puppet-growl Comments, feedback, testing and ideas for other integrations all welcomed. Regards James -- James Turnbull Puppet Labs 1-503-734-8571 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: New Puppet report processors...
(possible double-post) James, This is all wonderfully helpful and I just spent a little while writing up a Zenoss processor to send an event on failure using XMLRPC::Client, modeled directly after your puppet-zendesk module, replacing the HTTParty guts with XMLRPC guts. I've encountered a problem though (and we can refer to puppet-zendesk code): When I stuff a fail() into a manifest and run, it fails, sends a report to the PM, and the PM logs this: Report zenoss failed: undefined method `status' for #Puppet::Transaction::Report:0x2b626b5ad7c0 The line in question is from zendesk.rb:25 if self.status == 'failed' ... end So, it's breaking there, but when I replace self.status with var and var = 'failed', bypassing the if, the rest of the code works and the event appears in zenoss. I'm running 2.6.4 on the master client. pluginsync is true on both, and reports = zenoss only on the master for this test. Why is self.status not working in this case? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: New Puppet report processors...
Don wrote: (possible double-post) James, This is all wonderfully helpful and I just spent a little while writing up a Zenoss processor to send an event on failure using XMLRPC::Client, modeled directly after your puppet-zendesk module, replacing the HTTParty guts with XMLRPC guts. I've encountered a problem though (and we can refer to puppet-zendesk code): When I stuff a fail() into a manifest and run, it fails, sends a report to the PM, and the PM logs this: Report zenoss failed: undefined method `status' for #Puppet::Transaction::Report:0x2b626b5ad7c0 The line in question is from zendesk.rb:25 if self.status == 'failed' ... end So, it's breaking there, but when I replace self.status with var and var = 'failed', bypassing the if, the rest of the code works and the event appears in zenoss. I'm running 2.6.4 on the master client. pluginsync is true on both, and reports = zenoss only on the master for this test. Why is self.status not working in this case? Odd. Can I see the rest of your code? If private you can email me offlist. Regards James -- James Turnbull Puppet Labs 1-503-734-8571 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Open Source Team iteration planning summary 2011-06-08
Finished backlog items: * #2128 - Allow arbitrary fact as node_name identifier There are now two new (mutually exclusive) configuration options on the agent in the 2.6.x branch to allow setting the node's name separately from the node's certificate name. node_name_value: This defaults to the value of the certname setting. node_name_fact: This is not set by default. When set, the agent will use the value of this fact as the node name when checking in with the master for uploading facts, retrieving catalogs and all other operations. In order to take advantage of these new settings you will need to modify the default auth.conf to include a section similar to the one below before the default path ~ ^/catalog/([^/]+)$ block. path ~ /catalog/ec2_node_.+ allow * This will allow any authenticated agent (one making a request with a signed certificate) to upload facts, and request the catalog for any node that has a name starting with 'ec2_node_'. This is required since the node name that will be used in the request will not likely match the certificate name used to authenticate with the master. These new options also affect the node name used in reports sent back to the master. * #650 - puppet replaces configuration directories when they are symlinks This has been merged into the 2.6.x branch. Puppet will no longer replace the confdir (or other directory settings) with real directories when they currently exist on disk as a symlink to a real directory. Puppet will still replace the symlink with a real directory if the target doesn't exist, or is something other than a file. This is known behavior around managing files directories through symlinks, and is captured in #4394[1] The new backlog items this week are: * #3741 - Custom facts loaded multiple times * #3669 - Make puppet honor DNS SRV records Current backlog: * #7127 - prerun_command don't stop puppet on error * #4416 - Resources cannot be used on the run where they are synced * #7742 - Package type V2 - apt * #5517 - behavior change within 2.6 makes it impossible to override class parameters of included parametrized classes * #7743 - Package type V2 - dpkg * #7744 - Package type V2 - aptitude * #3741 - Custom facts loaded multiple times * #3669 - Make puppet honor DNS SRV records [1] http://projects.puppetlabs.com/issues/4394#note-2 -- Jacob Helwig signature.asc Description: Digital signature
Re: [Puppet Users] Re: New Puppet report processors...
Don wrote: I'm running 2.6.4 on the master client. pluginsync is true on both, and reports = zenoss only on the master for this test. Why is self.status not working in this case? The issue is that status is only available in the V2 report format in Puppet 2.6.5 and onwards. Before this you need to check for err tags to find failed runs. Regards James Turnbull -- James Turnbull Puppet Labs 1-503-734-8571 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Prerun, Postrun Commands, and Stages
Hi all, I'm looking for background information about how bug #7127[1] should be fixed: prerun_command don't stop puppet on error I think there's general agreement that if the prerun command fails, then the catalog should not be applied, but the report should be sent, and the report's status should be failed. However, what about the post-run command? In particular, if the catalog is applied successfully, but the postrun command fails, should the overall run be considered a failure? The documentation[2] says it should be: A command to run after every agent run. If this command returns a non-zero return code, the entire Puppet run will be considered to have failed, even though it might have performed work during the normal run. But there are several problems with the way the code is currently implemented. * If the postrun command fails, puppet never sends the report. * Errors that occur while running the pre and postrun commands are not captured in the report's log. * If the catalog is applied successfully, but the postrun command fails, the report status is not changed to failed. Right now it doesn't matter because the report is never sent, but if I fix that, it could matter. Thoughts? The only use case I know of is etckeeper, but its postrun command, etckeeper-commit-post[3], always returns 0 even if the etckeeper command fails. Finally, the prerun command is executed after dostorage, download_plugins, download_fact_plugins. Is there reason for the prerun command to occur first? It'd be great to hear about your experience with the pre/post run commands and what use cases you are trying to solve. Also, is there anything that is being solved with pre/post run commands that can't be solved using stages? For example, if the prerun command, catalog, and postrun commands are executed as stages, in that order, with each stage depending on its predecessor(s), it would ensure that: * An error in one stage would prevent the following stage(s) from executing. * The report would contain all errors from stages that were executed. * The report status, resource statuses, and metrics would be consistent. Thanks, Josh [1] http://projects.puppetlabs.com/issues/7127 [2] http://docs.puppetlabs.com/references/stable/configuration.html#postruncommand [3] https://code.launchpad.net/~soren/ubuntu/lucid/puppet/etckeeper-integration -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] ANNOUNCE: Puppet 2.7.0rc4 Available
This release addresses issues with the Puppet 2.7.0rc3 series. This release is available for download at: http://goog_1305397870/ http://www.puppetlabs.com/downloads/puppet/puppet-2.7.0rc4.tar.gz See the Verifying Puppet Download section at: http://projects.puppetlabs.com/projects/puppet/wiki/Downloading_Puppet Please report feedback via the Puppet Labs Redmine site, using an affected version of 2.7.0: http://projects.puppetlabs.com/projects/puppet/ CHANGELOG: 2.7.0rc4 === dbe2310 Maint: Update static man pages for 2.7.0 50d188c Maint: Update static man page generator for Faces. f370d5a (#7833) Several help text/template edits 90d2cf0 maint: more work on regexp matching in Test::Unit assertions. 8c71df2 maint: acceptance tests need to search for bin/false 0ae4732 (#7828) Fix whitespace in synopsis generator. b4e9791 maint: handle incoherent Test::Unit assertions. 48aafa3 (#6873) Add Static Compiler terminus to 2.7.0 9017fea (#7728) Acceptance test for whit notifications. 973e752 (#7728) Suppress notifications from container whits. 1772363 (#7764, 7775, 7778) Revisions to Faces help text 5a9998e (#7773, 7776, 7764) Several help template tweaks 5587b94 maint: remove an unhelpful pending test. bbf0a02 maint: fix misnamed acceptance test for #7139 d4e6c26 (#7624) Manually fetch all properties in instances. c8df027 (#7193) Fix path issues with acceptance tests that call old shell tests 31bf55c (#7632) Make secret_agent application compatible with secret_agent face c5448b7 (#7624) Auditing should not be enabled by default for purged resources. b70f32a (#7746) Fix bootstrap issues from #7717 fix. be233c3 (#7683) Use ronn, when available, to render the output. 2389bdf (#7683) Add a 'man' face and subcommand to Puppet. e647f70 maint: remove obsolete work-around code from help face. 796900b (#7699) Don't duplicate inherited action names on faces. a23cfd8 (#7177) Deprecate implicit 'puppet apply' for 2.7.0 3f47b0c (#7717) Layout cleanup for subcommand extraction. 8072b4b #7211: Test unknown options don't shadow unknown actions. dd8108c #7211: nasty logic error with global Face options taking arguments. 618495c #7211: more helpful error messages in various cases. 7df1fa4 (#7708) Delete extended documentation from configuration reference 2935feb (#7707) Document signals in puppet agent and puppet master help 3facc33 add puppet master polling step for ticket 7117 68c106e (#5318) Always notice changes to manifests when compiling. a5a78a5 (#7557) Remove Faces Application ea7908b maint: Fix order dependent spec failure for face indirection 2aa9f2f (#7690) Don't blow up when listing terminuses available for faces 9447cb9 maint: Dedup the loadpath so we don't have to walk it multiple times 149a12f Maint: Fix ellipses for short descriptions 7688706 (#7563) DRY: Remove indirector boilerplate from individual faces 4662f4d (#7564) Finish templates 331d812 (#7561) Complete help text for all faces and actions 069a6b8 Maint: Add ellipsis to generated short_descriptions. ebc642b (#6962) Add arguments method to help API 163ff6b (#7681) Add an acceptance test for resource refs with array variables 9f6dec2 (#7681) Allow array variables as resource references 76ad2bb (#7507) Add exclude filter for ruby 1.9 spec failures 3682025 maint: move trap call to Signal so we can stub it for specs -- -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: New Puppet report processors...
Thanks for the help off-list, James. here's the stub I'm using to check if the log is error-ful, inside of process(): def process failure = false #iterate through each log object and look for failures self.logs.each do |log| if log.level.to_s == 'err' || 'alert' || 'emerg' || 'crit' failure = true end end if failure Puppet.debug Creating Zenoss event for failed run on #{self.host}. ### This definitely costs a few more cycles than with 2.6.5+. I'll publish the rest of the Zenoss processor on github tomorrow or Friday. -Don On Wed, Jun 8, 2011 at 5:23 PM, James Turnbull ja...@puppetlabs.com wrote: Don wrote: I'm running 2.6.4 on the master client. pluginsync is true on both, and reports = zenoss only on the master for this test. Why is self.status not working in this case? The issue is that status is only available in the V2 report format in Puppet 2.6.5 and onwards. Before this you need to check for err tags to find failed runs. Regards James Turnbull -- James Turnbull Puppet Labs 1-503-734-8571 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.