Re: [Puppet Users] howto trigger action on another client
On Fri, Jun 24, 2011 at 11:14 AM, Andreas Kuntzagk andreas.kuntz...@mdc-berlin.de wrote: Hi, I want to automate installation of GridEngine with puppet. GE comes with some prepared script for automatic installation. Unfortunately this is to be run on the GE master to install the executions host (=clients). (This then will run some commands on the exec host via ssh) So from puppet's perspective if an agent on an execution host notices that GE is not installed but should it has to tell the agent on the GE master to run the install script. Is there an easy (puppet) way to do it? My idea is to have the exec host write its name into a file hosts_to_install on a common NFS and have the master check that file. But maybe there are better ways. Does anybody here has some other GE related recipes? regards, Andreas and another idea, if you are using foreman[1], you can collect all hosts which are member of the GE group. You could also ask for their facts, so you could build a meaningful GE configuration. see this puppet function [2] Ohad [1] - http://theforeman.org [2] - https://github.com/ohadlevy/puppet-foreman/blob/master/foreman/lib/puppet/parser/functions/foreman.rb -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Permission denied on new Passenger install
I installed puppet-passenger from Debian apt and most of the configuration files mentioned in my Pro Puppet book were already created and the config.ru script even had the correct owner permissions. I'm saying this so you'll understand that I have chapter 4 of the famous Apress book in front of me while I'm doing this and I have no idea what I've missed. This is the output when puppet agent -oDdv is run. Jun 27 08:55:28 node00 puppet-agent[9861]: Puppet::Type::User::ProviderPw: file pw does not exist Jun 27 08:55:28 node00 puppet-agent[9861]: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/dscl does not exist Jun 27 08:55:28 node00 puppet-agent[9861]: Puppet::Type::User::ProviderUser_role_add: file rolemod does not exist Jun 27 08:55:28 node00 puppet-agent[9861]: Puppet::Type::User::ProviderLdap: true value when expecting false Jun 27 08:55:28 node00 puppet-agent[9861]: Failed to load library 'selinux' for feature 'selinux' Jun 27 08:55:28 node00 puppet-agent[9861]: Puppet::Type::File::ProviderMicrosoft_windows: feature microsoft_windows is missing Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ ssl/certificate_requests]) Autorequiring File[/var/lib/puppet/ssl] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ ssl/private_keys]) Autorequiring File[/var/lib/puppet/ssl] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ ssl/public_keys]) Autorequiring File[/var/lib/puppet/ssl] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ log]) Autorequiring File[/var/lib/puppet] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/run/puppet/ agent.pid]) Autorequiring File[/var/run/puppet] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ ssl]) Autorequiring File[/var/lib/puppet] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ ssl/certs/ca.pem]) Autorequiring File[/var/lib/puppet/ssl/certs] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ client_data]) Autorequiring File[/var/lib/puppet] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ client_yaml]) Autorequiring File[/var/lib/puppet] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ ssl/crl.pem]) Autorequiring File[/var/lib/puppet/ssl] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ state]) Autorequiring File[/var/lib/puppet] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ ssl/certs]) Autorequiring File[/var/lib/puppet/ssl] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ state/graphs]) Autorequiring File[/var/lib/puppet/state] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ clientbucket]) Autorequiring File[/var/lib/puppet] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ state/last_run_summary.yaml]) Autorequiring File[/var/lib/puppet/ state] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ ssl/private]) Autorequiring File[/var/lib/puppet/ssl] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ facts]) Autorequiring File[/var/lib/puppet] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ lib]) Autorequiring File[/var/lib/puppet] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/etc/puppet/ puppet.conf]) Autorequiring File[/etc/puppet] Jun 27 08:55:28 node00 puppet-agent[9861]: Finishing transaction 69835232135480 Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ ssl/certs]) Autorequiring File[/var/lib/puppet/ssl] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ ssl]) Autorequiring File[/var/lib/puppet] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ ssl/crl.pem]) Autorequiring File[/var/lib/puppet/ssl] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ ssl/certificate_requests]) Autorequiring File[/var/lib/puppet/ssl] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ log]) Autorequiring File[/var/lib/puppet] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ lib]) Autorequiring File[/var/lib/puppet] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ facts]) Autorequiring File[/var/lib/puppet] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ state]) Autorequiring File[/var/lib/puppet] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ ssl/certs/ca.pem]) Autorequiring File[/var/lib/puppet/ssl/certs] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ ssl/private]) Autorequiring File[/var/lib/puppet/ssl] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ ssl/private_keys]) Autorequiring File[/var/lib/puppet/ssl] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ ssl/public_keys]) Autorequiring
Re: [Puppet Users] Permission denied on new Passenger install
I see 2 likely options: 1) You don't have these lines in puppet.conf: #ssl_client_header = HTTP_SSL_CLIENT_S_DN #ssl_client_verify_header = HTTP_SSL_CLIENT_VERIFY and you didn't put the equivelent lines in the apache config files. 2) You put the correct lines in the apache files and the puppet files which doesn't work. Summery: You must change which headers puppet is looking for or what apache names those headers, but NOT both. On Jun 27, 2011, at 12:11 AM, Stefan Midjich wrote: I installed puppet-passenger from Debian apt and most of the configuration files mentioned in my Pro Puppet book were already created and the config.ru script even had the correct owner permissions. I'm saying this so you'll understand that I have chapter 4 of the famous Apress book in front of me while I'm doing this and I have no idea what I've missed. This is the output when puppet agent -oDdv is run. Jun 27 08:55:28 node00 puppet-agent[9861]: Puppet::Type::User::ProviderPw: file pw does not exist Jun 27 08:55:28 node00 puppet-agent[9861]: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/dscl does not exist Jun 27 08:55:28 node00 puppet-agent[9861]: Puppet::Type::User::ProviderUser_role_add: file rolemod does not exist Jun 27 08:55:28 node00 puppet-agent[9861]: Puppet::Type::User::ProviderLdap: true value when expecting false Jun 27 08:55:28 node00 puppet-agent[9861]: Failed to load library 'selinux' for feature 'selinux' Jun 27 08:55:28 node00 puppet-agent[9861]: Puppet::Type::File::ProviderMicrosoft_windows: feature microsoft_windows is missing Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ ssl/certificate_requests]) Autorequiring File[/var/lib/puppet/ssl] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ ssl/private_keys]) Autorequiring File[/var/lib/puppet/ssl] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ ssl/public_keys]) Autorequiring File[/var/lib/puppet/ssl] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ log]) Autorequiring File[/var/lib/puppet] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/run/puppet/ agent.pid]) Autorequiring File[/var/run/puppet] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ ssl]) Autorequiring File[/var/lib/puppet] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ ssl/certs/ca.pem]) Autorequiring File[/var/lib/puppet/ssl/certs] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ client_data]) Autorequiring File[/var/lib/puppet] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ client_yaml]) Autorequiring File[/var/lib/puppet] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ ssl/crl.pem]) Autorequiring File[/var/lib/puppet/ssl] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ state]) Autorequiring File[/var/lib/puppet] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ ssl/certs]) Autorequiring File[/var/lib/puppet/ssl] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ state/graphs]) Autorequiring File[/var/lib/puppet/state] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ clientbucket]) Autorequiring File[/var/lib/puppet] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ state/last_run_summary.yaml]) Autorequiring File[/var/lib/puppet/ state] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ ssl/private]) Autorequiring File[/var/lib/puppet/ssl] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ facts]) Autorequiring File[/var/lib/puppet] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ lib]) Autorequiring File[/var/lib/puppet] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/etc/puppet/ puppet.conf]) Autorequiring File[/etc/puppet] Jun 27 08:55:28 node00 puppet-agent[9861]: Finishing transaction 69835232135480 Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ ssl/certs]) Autorequiring File[/var/lib/puppet/ssl] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ ssl]) Autorequiring File[/var/lib/puppet] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ ssl/crl.pem]) Autorequiring File[/var/lib/puppet/ssl] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ ssl/certificate_requests]) Autorequiring File[/var/lib/puppet/ssl] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ log]) Autorequiring File[/var/lib/puppet] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ lib]) Autorequiring File[/var/lib/puppet] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ facts]) Autorequiring File[/var/lib/puppet] Jun 27 08:55:28 node00 puppet-agent[9861]: (/File[/var/lib/puppet/ state])
Re: [Puppet Users] Permission denied on new Passenger install
This was in the puppet.conf by default when installed through apt.
[user]
# These are needed when the puppetmaster is run by passenger
# and can safely be removed if webrick is used.
ssl_client_header = SSL_CLIENT_S_DN
ssl_client_verify_header = SSL_CLIENT_VERIFY
Here's my entire puppet.conf.
[master]
confdir=/etc/puppet
manifestdir=$confdir/manifests
logdir=/var/log/puppet
vardir=/var/lib/puppet
ssldir=/var/lib/puppet/ssl
rundir=/var/run/puppet
autosign=$confdir/autosign.conf
factpath=$vardir/lib/facter
templatedir=$confdir/templates
server = node00.swehack.localdomain
hostcsr = $ssldir/csr_node00.swehack.localdomain.pem
hostpubkey = $ssldir/public_keys/node00.swehack.localdomain.pem
hostcert = $ssldir/certs/node00.swehack.localdomain.pem
hostprivkey = $ssldir/private_keys/node00.swehack.localdomain.pem
ca_name = node00.swehack.localdomain
prerun_command=/etc/puppet/etckeeper-commit-pre
postrun_command=/etc/puppet/etckeeper-commit-post
[user]
# These are needed when the puppetmaster is run by passenger
# and can safely be removed if webrick is used.
ssl_client_header = SSL_CLIENT_S_DN
ssl_client_verify_header = SSL_CLIENT_VERIFY
[agent]
rundir=/var/run/puppet
vardir=/var/lib/puppet
statedir = $vardir/state
ssldir=/var/lib/puppet/ssl
privatekeydir = /var/lib/puppet/ssl/private_keys
cadir=$ssldir/ca
templatedir = /etc/puppet/templates
ignoreschedules = true
inventory_port = 8140
ca_port = 8140
statefile = /var/lib/puppet/state/state.yaml
classfile = /var/lib/puppet/state/classes.txt
report_port = 8140
server = node00.swehack.localdomain
lastrunfile = /var/lib/puppet/state/last_run_summary.yaml
pidfile = $rundir/agent.pid
config = /etc/puppet/puppet.conf
puppetdlog = /var/log/puppet/puppetd.log
daemonize = false
hostcert = /etc/puppet/ssl/certs/node00.swehack.localdomain.pem
hostcsr = /etc/puppet/ssl/csr_node00.swehack.localdomain.pem
hostprivkey =
/etc/puppet/ssl/private_keys/node00.swehack.localdomain.pem
hostpubkey = /etc/puppet/ssl/public_keys/node00.swehack.localdomain.pem
I do not have those options set in the apache vhost. I have a working
configuration at work that I've taken over, hence my limited knowledge
in it, and this configuration also sets the SSL options you speak of
in puppet.conf instead of the vhost.
Here's my vhost just for good measure, this is a closed network for
testing anyways so I have nothing to hide. :)
# Based on http://projects.puppetlabs.com/projects/1/wiki/Using_Passenger
Listen 8140
VirtualHost *:8140
SSLEngine on
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
SSLCertificateKeyFile
/var/lib/puppet/ssl/private_keys/node00.swehack.localdomain.pem
SSLCertificateFile
/var/lib/puppet/ssl/certs/node00.swehack.localdomain.pem
SSLCACertificateFile /var/lib/puppet/ssl/certs/ca.pem
SSLCertificateChainFile /var/lib/puppet/ssl/certs/ca.pem
# If Apache complains about invalid signatures on the CRL, you
can try disabling
# CRL checking by commenting the next line, but this is not recommended.
#SSLCARevocationFile /var/lib/puppet/ssl/crl.pem
# Set to require if this puppetmaster doesn't issue certificates
# to puppet clients.
# NB: this requires SSLCACertificateFile
/var/lib/puppet/ssl/certs/ca.pem
# issuing puppet client certificate.
SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions +StdEnvVars
# This is useful for Pound proxying
#RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
#RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
#RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
# Passenger options that can be set in a virtual host
# configuration block.
PassengerMaxPoolSize 15
PassengerUseGlobalQueue on
PassengerMaxRequests 1
PassengerHighPerformance on
PassengerStatThrottleRate 120
PassengerUseGlobalQueue on
RackAutoDetect Off
RailsAutoDetect Off
RackBaseURI /
DocumentRoot /usr/share/puppet/rack/puppetmasterd/public
Directory /usr/share/puppet/rack/puppetmasterd/
Options None
AllowOverride None
Order allow,deny
allow from all
/Directory
/VirtualHost
And in the /usr/share/puppet/rack/puppetmasterd directory is where the
config.ru script is.
2011/6/27 Patrick kc7...@gmail.com:
I see 2 likely options:
1) You don't have these lines in puppet.conf:
#ssl_client_header =
Re: [Puppet Users] puppet CA expired
Le 16/06/2011 20:12, Nathan Clemons a écrit : Thanks. I think having to go out across the board once every 5 years is quite acceptable, although advance warning from the master that it's going to happen would definitely be a good thing. Jean: Kudos to running Puppet for 5 years! :) yes i was planning to install cfengine when the first puppet appeard, i really liked the way of thinking of the creator that seemed to me a very good approach of the issue so i jumped in. as i needed to make change to all the nodes i simply recreated a 20year CA and got to everynode removing the ssl certs and sign again all nodes on the master. If someone knows how to spot a client coming to puppet and failing the ssl handcheck it would help a lot to spot the one i missed out if any ! :) regards, Jean. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet 2.6.9 2.7.1 packages for Solaris
Mark Phillips wrote: I'm not sure what the deal is with sharing the /opt/csw space these days, so I'm afraid I can't comment on whether it will play ball or not. The dependency list isn't so large, so if you've got CSWruby on your machine you may find it all installs correctly. It's your choice I'm afraid Andreas - give it a go? I will stall this for now since my prio 1 is setting up puppet on our linux boxes. If later I'm able to config the solaris boxes as well that would be the icing on the cake. regards, Andreas Regards, --Mark On 24 Jun 2011, at 08:47, Andreas Kuntzagk wrote: For whatever reason I'm using the opensource packages from blastwave. AFAIU these are not to be mixed with opencsw. So I can't use your packages? regards, Andreas Mark Phillips wrote: CSW packages in experimental - http://buildfarm.opencsw.org/experimental.html#markp Both contain Dom Cleal's patched pkgutil[1] provider that supports 'source'[2] for -t alternative repositories. --Mark [1] https://github.com/domcleal/puppet/blob/tickets/master/8011/lib/puppet/provider/package/pkgutil.rb [2] http://projects.puppetlabs.com/issues/8011 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] puppet CA expired
If you keep your nodes in a nodes.pp file, and you are logging nodes as they check in, you can run a little script that I run from time to time to find nodes that have stopped communicating: #!/bin/bash tail -2 /var/log/messages | grep Compiled catalog for | tr -s | cut -f 9 -d | cut -f 1 -d . | sort | uniq /tmp/nodes_checked_in cat /etc/puppet/manifests/nodes.pp | cut -f 2 -d ' | cut -f 1 -d . | sort | uniq /tmp/nodes_expected echo nodes checked in, but not expected ... nodes expected, but not checked in. diff /tmp/nodes_checked_in /tmp/nodes_expected | grep [] | sort ~Charles~ On Mon, Jun 27, 2011 at 8:52 AM, j...@squirk.org j...@squirk.org wrote: Le 16/06/2011 20:12, Nathan Clemons a écrit : Thanks. I think having to go out across the board once every 5 years is quite acceptable, although advance warning from the master that it's going to happen would definitely be a good thing. Jean: Kudos to running Puppet for 5 years! :) yes i was planning to install cfengine when the first puppet appeard, i really liked the way of thinking of the creator that seemed to me a very good approach of the issue so i jumped in. as i needed to make change to all the nodes i simply recreated a 20year CA and got to everynode removing the ssl certs and sign again all nodes on the master. If someone knows how to spot a client coming to puppet and failing the ssl handcheck it would help a lot to spot the one i missed out if any ! :) regards, Jean. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Ruby script to download files without 'puppet agent'
We have often the Problem that some files need to be checked for updates faster than the cycle of the puppet agent. I try to solve this with a script which tries to download the files directly from the fileserver of the puppetmaster. So far i couldn't get it to work. I don't know if i got the URL right, i did not find any examples on the REST API documentation for the fileserver. for example if the file is /etc/puppet/manifests/files/sudo/sudoers fileserver.conf: [files] path /etc/puppet/manifests/files allow 127.0.0.1 allow *.bar to what path would this translate? https://foo.bar:8140/file_content/sudo/sudoers https://bli.bla:8140/file_content/files/sudo/sudoers Greetings Andy -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Ruby script to download files without 'puppet agent'
On Mon, Jun 27, 2011 at 7:27 AM, zu...@puzzle.ch wrote: We have often the Problem that some files need to be checked for updates faster than the cycle of the puppet agent. I try to solve this with a script which tries to download the files directly from the fileserver of the puppetmaster. So far i couldn't get it to work. Have you considered using tags instead to filter for a subset of your resources? I don't know if i got the URL right, i did not find any examples on the REST API documentation for the fileserver. This should cover it. http://docs.puppetlabs.com/guides/rest_api.html#file-server -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: howto trigger action on another client
Thanks for these infos. I think I got at least a vague idea how this works and
can already use it for some simple cases.
One more question:
If I define checks for the exported exec (like creates or onlyif will
these run on the exporting agent or the executing agent? (my guess is the second
but want to make sure)
If this is the case is there a way to run the exec depending on some checks on
the exporting agent?
regards, Andreas
jcbollinger wrote:
On Jun 24, 9:18 am, Andreas Kuntzagk andreas.kuntz...@mdc-berlin.de
wrote:
Daniel Maher wrote:
On 06/24/2011 03:39 PM, Andreas Kuntzagk wrote:
Exported resources are the Puppet means for one node to provide
resources for another. In this case, the execution host could export
an Exec resource for the master to collect and apply.
Hmm, in the (very short) time I've been working with puppet I have not
stumbled across exported resources. Any pointer where I should start
reading?
Exported resources are great fun. :)
http://docs.puppetlabs.com/guides/exported_resources.html
http://projects.puppetlabs.com/projects/1/wiki/Using_Stored_Configura...
According to these exported resources are somewhat similar to virtual resources.
Problem is until now I cannot wrap my brain arount virtual resources so I don't
understand the exported resources examples.
Exported resources are an extended version of virtual resources. It
took me a while to catch on to virtual resources, too, but once I got
it I realized how useful they are. I'll attempt to explain:
Normal resource declarations have two key aspects. First, they
describe a resource, and second, by their presence in a manifest they
indicate that that resource should be managed. For example,
user { john:
ensure = absent
}
describes a User resource whose username is john, and if it is
present in a node's manifest then that tells Puppet that the matching
user should be managed on that node -- in this case, User john must be
ensured absent from the node.
Virtual resources separate those key aspects. They allow a resource
to be declared (described) without specifying whether that resource
should be managed. For example,
@user { john:
ensure = absent
}
describes a User resource whose username is john, but by itself it
does not direct the Puppet agent to do anything about that user.
Elsewhere in the manifest, however, that user can be realized to
indicate to Puppet that yes, User [john] should indeed be managed
(in this example, poor john would then again be ensured absent).
Virtual resources that are not realized for a particular node have no
effect on that node.
There are at least two ways in which this is useful:
1) If there are resources that must be managed only on some nodes,
then it can be clean and convenient to declare them virtually, all in
one place, for all nodes, and then realize just the needed ones on
each node. This is a good alternative to bracketing each resource
with a complicated conditional statement.
2) Although resources, including virtual ones, can only be *declared*
once, virtual resources can be *realized* any number of times. For
instance, if you had several different classes that wanted to drop
files in /etc/cron.d/, then they might all want to ensure that that
directory is present. They can't all declare it, else the
declarations would collide. One possibility would be to declare it
virtually, and let all the classes realize it. (Another would be to
declare it concretely in a separate class, and have the other classes
each include that class.)
Exported resources are much like virtual ones. The main difference is
that exported resources can be collected by any node, not just the
node that declares them. For example, suppose you want all your nodes
to be listed in each other's /etc/hosts file. Each node knows its own
name and IP address (suppose for simplicity that it has only one), but
it doesn't a priori know the others'. You can do this:
# Export a Host resource describing this node:
@@host { $fqdn:
ip = $ipaddress,
host_aliases = $hostname,
ensure = present
}
# Collect all nodes' exported Host resources
# (including this node's)
Host | |
One of the major drawbacks of exported resources is that they require
persistent storage. Puppet uses a database for that, which is a bit
heavy. That's one reason why exported resources may not be worth the
trouble if this is your only use for them.
John
--
You received this message because you are subscribed to the Google Groups Puppet
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Ruby script to download files without 'puppet agent'
On Mon, Jun 27, 2011 at 7:27 AM, zu...@puzzle.ch wrote: We have often the Problem that some files need to be checked for updates faster than the cycle of the puppet agent. I try to solve this with a script which tries to download the files directly from the fileserver of the puppetmaster. So far i couldn't get it to work. Have you considered using tags instead to filter for a subset of your resources? I need to check 1 file and 1 directory every 5min from 600 puppet nodes. As far as i know the puppetmaster still needs to compile the whole catalog. I did not test this, but i think this would not scale well. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Ruby script to download files without 'puppet agent'
On Mon, Jun 27, 2011 at 7:41 AM, zu...@puzzle.ch wrote: On Mon, Jun 27, 2011 at 7:27 AM, zu...@puzzle.ch wrote: We have often the Problem that some files need to be checked for updates faster than the cycle of the puppet agent. I try to solve this with a script which tries to download the files directly from the fileserver of the puppetmaster. So far i couldn't get it to work. Have you considered using tags instead to filter for a subset of your resources? I need to check 1 file and 1 directory every 5min from 600 puppet nodes. As far as i know the puppetmaster still needs to compile the whole catalog. I did not test this, but i think this would not scale well. Possibly. You could also do something like this. Put the thing you need to check frequently into a module, we'll call it frequent for now, and structure your setup with environments like the following: # normal environment [normal] modulepath=/var/lib/puppet/env/normal/modules:/var/lib/puppet/env/frequent/modules [frequent] modulepath=/var/lib/puppet/env/frequent/modules Then you could choose to run every 5 minutes against the frequent environment, and you'd have a very minimal catalog for the rapid runs, and a more comprehensive one for your normal runs. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] puppet CA expired
On Mon, Jun 27, 2011 at 4:52 PM, j...@squirk.org j...@squirk.org wrote: Le 16/06/2011 20:12, Nathan Clemons a écrit : Thanks. I think having to go out across the board once every 5 years is quite acceptable, although advance warning from the master that it's going to happen would definitely be a good thing. Jean: Kudos to running Puppet for 5 years! :) yes i was planning to install cfengine when the first puppet appeard, i really liked the way of thinking of the creator that seemed to me a very good approach of the issue so i jumped in. as i needed to make change to all the nodes i simply recreated a 20year CA and got to everynode removing the ssl certs and sign again all nodes on the master. If someone knows how to spot a client coming to puppet and failing the ssl handcheck it would help a lot to spot the one i missed out if any ! :) one simple way is simply to look at foreman puppet certificate list. you can also query it via the api, and evaluate the certificate expire date. Ohad regards, Jean. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Ruby script to download files without 'puppet agent'
On Mon, Jun 27, 2011 at 7:27 AM, zu...@puzzle.ch wrote:
I don't know if i got the URL right, i did not find any examples on the
REST API documentation for the fileserver.
This should cover it.
http://docs.puppetlabs.com/guides/rest_api.html#file-server
This isn't still clear to me. Would appreciate if someone could give a
concrete example how a path in a module or in the filepath would tanslate.
Here is what i try:
fileserver.conf
[files]
path /etc/puppet/manifests/files
allow 127.0.0.1
allow *.smobi.mobicorp.test
The file is located at /etc/puppet/manifests/files/sudo/sudoers
[root@foo me]# ./puppet-wget file_content/sudo/sudoers
https://foo.bar:8140/file_content/sudo/sudoers
warning: peer certificate won't be verified in this SSL session
/usr/lib/ruby/1.8/net/http.rb:2099:in `error!': 403 Forbidden request:
foo.bar(10.2.3.4) access to /sudo/sudoers [find] authenticated at line 93
(Net::HTTPServerException)
from ./puppet-wget:56
from ./puppet-wget:43:in `each'
from ./puppet-wget:43
AFAIK if something is wrong with the certs the server would answer with a
401 and not 403. It really looks to me as if i get that path wrong.
--
#!/bin/env ruby
#
# Puppet Wget
#
# Downloads files from the puppetmaster without the puppet agent
require 'optparse'
require 'puppet/rails'
require 'uri'
require 'net/https'
# Parse all Options
options = {}
OptionParser.new do |opts|
opts.banner = Usage: puppet-wget [options] module/path/to/file
opts.on(-r, --recursive, Download directory recursively) do |r|
options[:recursive] = r
end
end.parse!
# Get some settings for the puppet config
Puppet[:config] = /etc/puppet/puppet.conf
Puppet.parse_config
puppet_conf = Puppet.settings.instance_variable_get(:@values)[:main]
# default values
puppet_conf[:server] ||= 'puppet'
puppet_conf[:masterport] ||= '8140'
puppet_conf[:ssldir] ||= '/etc/puppet/ssl'
server= puppet_conf[:server]
port = puppet_conf[:masterport]
certpath = puppet_conf[:ssldir] + '/certs/'+ ENV['HOSTNAME'] +
'.pem'
pkey_path = puppet_conf[:ssldir] + '/private_keys/' + ENV['HOSTNAME'] +
'.pem'
ARGV.each do |filepath|
url = URI.parse(https://#{server}:#{port}/#{filepath};)
req = Net::HTTP::Get.new(#{url.path}?#{url.query}, Accept = 's')
puts url
# make ssl request
connection = Net::HTTP.new(url.host, url.port)
connection.use_ssl = true
connection.cert = OpenSSL::X509::Certificate.new(File.read(certpath))
connection.key = OpenSSL::PKey::RSA.new(File.read(pkey_path))
res = connection.start { |http| http.request(req) }
res.error! unless res.code_type == Net::HTTPOK
puts res.body
end
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet 2.6.9 2.7.1 packages for Solaris
On 27 Jun 2011, at 15:01, Andreas Kuntzagk wrote: Mark Phillips wrote: I'm not sure what the deal is with sharing the /opt/csw space these days, so I'm afraid I can't comment on whether it will play ball or not. The dependency list isn't so large, so if you've got CSWruby on your machine you may find it all installs correctly. It's your choice I'm afraid Andreas - give it a go? I will stall this for now since my prio 1 is setting up puppet on our linux boxes. If later I'm able to config the solaris boxes as well that would be the icing on the cake. Not a problem. If you have any queries about Puppet on Solaris from the CSW packages just drop me a note. Cheers, --Mark -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Setting requirements using collection -vs- before/require meta-parameters
Hello Nigel,
Thank you for clarifying the syntax. I suspect that Puppet does not
apply this dependency consistently. The failure is intermittent. I
am using a clumsy workaround to avoid the dependency failure.
My manifest is written so that 'infrastructure' is separate from
'roles'. On my local workstation, I create a 'local' node using VM
Workstation. When this 'local' node connects, puppet should first
connect the NFS share, which contains the Sun Java binary. I then
assign a frontend role to this node. This frontend role has a
Java class that expects the binary to exist in the /share directory.
Here is the actual node-role assignment I am using on one of the
testing VMs where the dependency fails:
-
node 'node02' inherits local {
S_nfs::Client | | - Class['role_frontend']
class{ 'role_frontend':
add_sampledata = 'true',
}
s_nfs::client { '/opt/share':
action = 'mount',
share_server = '10.10.10.14',
share_source = '/c/UserSource/Linux',
before = Class['s_java', 'tomcat'],
}
}
-
In the above, I am using BOTH forms of the dependency assignment. I
think this is wrong, but it has made the NFS-Class dependency work
consistently for the past few days.
When only one form of the dependency is used (either the 'collection'
or 'before'), then Class['java'] sometimes fails because the NFS
share is mounted AFTER the class is applied.
I believe that the issue is with Puppet because I make changes ONLY to
Class['s_java'] or Class['tomcat']. The node-role assignment above
does not changed.
As I develop the classes, I restore VM Workstation 'node02' to the
original 'clean' snapshot. This snapshot does not have the NFS share
mounted, so Puppet must first mount the NFS share. When only one form
of the dependency assignment is used, the Class['s_java'] is
incorrectly applied before the NFS mount about 30% of the time.
After adding both forms of the dependency (the 'collection' as well as
'before'), I have not had a failure for the past few days.
I believe my syntax is right and that the issue is specific to the
dependency. I wonder if a timeout is occurring before the NFS share
is mounted, but this timeout failure is not being reported. I am not
sure how to isolate the issue further, but the workaround has been OK.
Regards,
Jon
On Jun 25, 10:12 am, Nigel Kersten ni...@puppetlabs.com wrote:
On Fri, Jun 24, 2011 at 5:44 PM, Jon Jaroker goo...@jaroker.com wrote:
Hello,
Could someone explain why a relationship implemented with a collection
is honored by Puppet, but a 'before' or 'require' meta-parameter fails
for the example below.
--- THIS WORKS --
Nfs::Client | | - Class['myclass']
class { 'myclass': }
nfs::client { '/share':}
-- DEPENDENCY IS NOT HONORED BY PUPPET HERE -
class{'myclass': require = Nfs::Client['/share'] }
nfs::client{'/share':}
The nfs share must be mounted before packages can be installed in
Class['myclass']. Defining this relationship using 'before' or
'require' meta-parameters did not succeed: In the bottom example,
Puppet would attempt to install packages contained in the class even
though the nfs share was not mounted.
I realize that the top example is applying the relationship to all
'nfs::client' defined types (which is fine). But why should this
method work while the explicit 'before' or 'require' approach fail?
At first glance I think that should work. What version of Puppet are
you running?
--
Nigel Kersten
Product, Puppet Labs
@nigelkersten
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Puppet Dashboard without MySQL
All, Can puppet dashboard be used WITHOUT MySQL? Can't find it documented here: http://docs.puppetlabs.com/guides/installing_dashboard.html#external_node_classification Doug. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet Dashboard without MySQL
On Mon, 27 Jun 2011 10:24:38 -0700, Douglas Garstang wrote: All, Can puppet dashboard be used WITHOUT MySQL? Can't find it documented here: http://docs.puppetlabs.com/guides/installing_dashboard.html#external_node_classification Doug. There are some MySQLisms in the currently released versions of Dashboard that we're working on getting rid of, but right now Dashboard does need MySQL to work properly. If all you're interested is external node classification (and not the report collection) then you might be able to get away with using something else, as long as you don't mind certain pages blowing up. I haven't actually tried this though, and I'm fairly certain that the main page is one of the ones that will blow up. -- Jacob Helwig signature.asc Description: Digital signature
Re: [Puppet Users] Puppet Dashboard without MySQL
Oh. That's a deal breaker. :( Makes the puppet dashboard unusable. On Mon, Jun 27, 2011 at 10:32 AM, Jacob Helwig ja...@puppetlabs.com wrote: On Mon, 27 Jun 2011 10:24:38 -0700, Douglas Garstang wrote: All, Can puppet dashboard be used WITHOUT MySQL? Can't find it documented here: http://docs.puppetlabs.com/guides/installing_dashboard.html#external_node_classification Doug. There are some MySQLisms in the currently released versions of Dashboard that we're working on getting rid of, but right now Dashboard does need MySQL to work properly. If all you're interested is external node classification (and not the report collection) then you might be able to get away with using something else, as long as you don't mind certain pages blowing up. I haven't actually tried this though, and I'm fairly certain that the main page is one of the ones that will blow up. -- Jacob Helwig -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iQGcBAEBAgAGBQJOCL6mAAoJEHJabXWGiqEB2FEMAJoHbfmlqN+Vj1wzUVxqV7rs 7xzCVkHh6VN4h53kJmSZGnVlfyvjw5Ry/GLg1SboneKJJVbxY84IVsLPEhA+6WiB R3LMNb+88BrXAfx4aIZjmyLxCDBYRv57y9gYn3tf7TFu32H6fdxa97PPDLdbulIf kGKQdLianpJijCX4sd0A8fmAmEhR27cY+B2a3dxgGkaxR6zB7FgUwyLXPo5jqka8 e1zry40+wPk0yVHrRBxV9RM2vB0bIq0wgyUTfsU0EzdD7pK8aGkNJGhVlpXPxMDH lN5Qdau72A3eF1/kf3sSnhR8JUl1RV+ndMFXjEUZ2UtPcf/uQLoVrzPpQZXYBHZW XNAPPHbb747M+54QV0OxX7FlMrAz6RGsiFbIYGRRLbn1rQE84+hR+JPdkS8hAocx JEGfMOVAvgdMsF86t99HK6yDAEWHhzmBgPWXWp43FMFjmg1yZcMe0TYkuvaovhFX juPi8Cf7N4rAxcSTlLV51YEbsbqCIL3a3jP/0sRSYQ== =4Xrj -END PGP SIGNATURE- -- Regards, Douglas Garstang http://www.linkedin.com/in/garstang Email: doug.garst...@gmail.com Cell: +1-805-340-5627 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Puppet Dashboard without MySQL
Actually, to be more specific, our nodes are stored in yaml files, and I'd like to keep them that way, and continue to have the yaml files as the source of truth, not a MySQL database. Puppet dashboard should read from those yaml files. Doug. On Mon, Jun 27, 2011 at 10:24 AM, Douglas Garstang doug.garst...@gmail.comwrote: All, Can puppet dashboard be used WITHOUT MySQL? Can't find it documented here: http://docs.puppetlabs.com/guides/installing_dashboard.html#external_node_classification Doug. -- Regards, Douglas Garstang http://www.linkedin.com/in/garstang Email: doug.garst...@gmail.com Cell: +1-805-340-5627 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Custom facts - chicken or the egg
On Jun 25, 2011, at 7:51 AM, Nigel Kersten wrote: On Fri, Jun 24, 2011 at 4:28 PM, Craig White craig.wh...@ttiltd.com wrote: 1. I want to require = /etc/puppet/modules/custom/lib/facter/$SOME_CUSTOM_FACT is actually executed and the fact is established before a particular package is installed/configured. I can't seem to find the proper syntax for requiring that fact first - before the attempted installation. If you're distributing facts as plugins in modules like this, the pluginsync should cause the fact to be evaluated before the manifests are parsed and the catalog is compiled. Something is going wrong if you're not getting your fact evaluated on first run. You definitely have pluginsync on on the node? Got this solved - custom facts syntax seems to be a little particular about 'exec' commands and apparently much prefers 'system' commands and that is why I was having issues getting it to run - fixed now. Yes, I had pluginsync on the node. 2. It seems that the custom/lib/facter directory is a bit squirrelly in that it gags on the automatic backup files created by emacs (FILENAME.rb~) and if I create a resource that depends upon a fact, the resource installation fails and the fact is never established when I was sort of expecting facter to run at the outset of any agent activity. Best practice in my opinion is to have all this in version control, and have your version control system ignore all such backup files, but it might be worth reporting a feature request to automatically exclude the common text editor backup files. OK - starting up doesn't always involve best practices ;-)In my case, I am racing to get up to a certain point and working with multiple VMWare images as my test bed and thus working full-time in a production mode and delaying the inevitable switch over to SVN and development test modes. But I am sure that the issue will still remain in 'development' and 'test' modes if I actively edit in 'lib' directories instead of on my own desktop and commit via SVN. This does however leave the last remaining chicken or the egg issue however and that is if I change the version in my passenger gem setup, it would take 2 separate runs of puppet agent... the first one to update the passenger gem and the next one to discover that 'fact' before the changes are implemented into the nginx apache templates. I suppose I can leave this messy for now unless someone has a methodology that I can syntactically require the custom 'fact' to be applied immediately after the gem is updated but before the apache nginx 'configure.pp' is 'notified' by passenger.pp. Thanks Craig -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Puppet Dashboard without MySQL
On Mon, Jun 27, 2011 at 10:35 AM, Douglas Garstang doug.garst...@gmail.com wrote: Actually, to be more specific, our nodes are stored in yaml files, and I'd like to keep them that way, and continue to have the yaml files as the source of truth, not a MySQL database. Puppet dashboard should read from those yaml files. Doug. You can use Dashboard in any of the following combination: ENC Reporting ENC + Reporting. If you have an existing ENC that reads those YAML files you can keep that process intact and only use dashboard for reporting. Nan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Puppet Dashboard without MySQL
On Mon, Jun 27, 2011 at 10:49 AM, Nan Liu n...@puppetlabs.com wrote: On Mon, Jun 27, 2011 at 10:35 AM, Douglas Garstang doug.garst...@gmail.com wrote: Actually, to be more specific, our nodes are stored in yaml files, and I'd like to keep them that way, and continue to have the yaml files as the source of truth, not a MySQL database. Puppet dashboard should read from those yaml files. Doug. You can use Dashboard in any of the following combination: ENC Reporting ENC + Reporting. Kinda wanted to use it for more than reporting. Shame, really. It would be nice if there was a tool that could translate any external node format. Doug. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Puppet Dashboard without MySQL
On Mon, Jun 27, 2011 at 9:40 PM, Douglas Garstang doug.garst...@gmail.com wrote: On Mon, Jun 27, 2011 at 10:49 AM, Nan Liu n...@puppetlabs.com wrote: On Mon, Jun 27, 2011 at 10:35 AM, Douglas Garstang doug.garst...@gmail.com wrote: Actually, to be more specific, our nodes are stored in yaml files, and I'd like to keep them that way, and continue to have the yaml files as the source of truth, not a MySQL database. Puppet dashboard should read from those yaml files. Doug. You can use Dashboard in any of the following combination: ENC Reporting ENC + Reporting. Kinda wanted to use it for more than reporting. Shame, really. It would be nice if there was a tool that could translate any external node format. not sure what do you mean by translate, but Foreman can import information from other ENC's Ohad Doug. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Ruby script to download files without 'puppet agent'
On Mon, Jun 27, 2011 at 5:55 PM, zu...@puzzle.ch wrote:
On Mon, Jun 27, 2011 at 7:27 AM, zu...@puzzle.ch wrote:
I don't know if i got the URL right, i did not find any examples on the
REST API documentation for the fileserver.
This should cover it.
http://docs.puppetlabs.com/guides/rest_api.html#file-server
This isn't still clear to me. Would appreciate if someone could give a
concrete example how a path in a module or in the filepath would tanslate.
Here is what i try:
fileserver.conf
[files]
path /etc/puppet/manifests/files
allow 127.0.0.1
allow *.smobi.mobicorp.test
The file is located at /etc/puppet/manifests/files/sudo/sudoers
[root@foo me]# ./puppet-wget file_content/sudo/sudoers
https://foo.bar:8140/file_content/sudo/sudoers
warning: peer certificate won't be verified in this SSL session
/usr/lib/ruby/1.8/net/http.rb:2099:in `error!': 403 Forbidden request:
foo.bar(10.2.3.4) access to /sudo/sudoers [find] authenticated at line 93
(Net::HTTPServerException)
from ./puppet-wget:56
from ./puppet-wget:43:in `each'
from ./puppet-wget:43
AFAIK if something is wrong with the certs the server would answer with a
401 and not 403. It really looks to me as if i get that path wrong.
--
#!/bin/env ruby
#
# Puppet Wget
#
# Downloads files from the puppetmaster without the puppet agent
require 'optparse'
require 'puppet/rails'
require 'uri'
require 'net/https'
# Parse all Options
options = {}
OptionParser.new do |opts|
opts.banner = Usage: puppet-wget [options] module/path/to/file
opts.on(-r, --recursive, Download directory recursively) do |r|
options[:recursive] = r
end
end.parse!
# Get some settings for the puppet config
Puppet[:config] = /etc/puppet/puppet.conf
Puppet.parse_config
puppet_conf = Puppet.settings.instance_variable_get(:@values)[:main]
# default values
puppet_conf[:server] ||= 'puppet'
puppet_conf[:masterport] ||= '8140'
puppet_conf[:ssldir] ||= '/etc/puppet/ssl'
server = puppet_conf[:server]
port = puppet_conf[:masterport]
certpath = puppet_conf[:ssldir] + '/certs/' + ENV['HOSTNAME'] +
'.pem'
pkey_path = puppet_conf[:ssldir] + '/private_keys/' + ENV['HOSTNAME'] +
'.pem'
ARGV.each do |filepath|
url = URI.parse(https://#{server}:#{port}/#{filepath};)
req = Net::HTTP::Get.new(#{url.path}?#{url.query}, Accept = 's')
puts url
# make ssl request
connection = Net::HTTP.new(url.host, url.port)
connection.use_ssl = true
connection.cert = OpenSSL::X509::Certificate.new(File.read(certpath))
connection.key = OpenSSL::PKey::RSA.new(File.read(pkey_path))
you are missing the CA file... something like
connection.ca_file = Puppet[:localcacert]
res = connection.start { |http| http.request(req) }
res.error! unless res.code_type == Net::HTTPOK
puts res.body
end
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Puppet Dashboard without MySQL
On Mon, Jun 27, 2011 at 12:30 PM, Ohad Levy ohadl...@gmail.com wrote: On Mon, Jun 27, 2011 at 9:40 PM, Douglas Garstang doug.garst...@gmail.com wrote: On Mon, Jun 27, 2011 at 10:49 AM, Nan Liu n...@puppetlabs.com wrote: On Mon, Jun 27, 2011 at 10:35 AM, Douglas Garstang doug.garst...@gmail.com wrote: Actually, to be more specific, our nodes are stored in yaml files, and I'd like to keep them that way, and continue to have the yaml files as the source of truth, not a MySQL database. Puppet dashboard should read from those yaml files. Doug. You can use Dashboard in any of the following combination: ENC Reporting ENC + Reporting. Kinda wanted to use it for more than reporting. Shame, really. It would be nice if there was a tool that could translate any external node format. not sure what do you mean by translate, but Foreman can import information from other ENC's I don't want to import the nodes, I want to leave the node information in YAML files and have Foreman read from that. When edits are made to the nodes, I want the edits to be made to the YAML files. Putting the node config into anything else removes the ability to do revision control, and importing the data info Foreman (I assume) obfuscates it to the point that I can't easily view/edit the files any more. Doug. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: gentoo linux and puppet
I ran into this as well. Figuring it had something to do with version inconsistency, I upgraded my master to 2.7.1 (which is the latest and greatest that my client ended up with) and it seemed to resolve the problem. Note that it DID introduce other unexpected behavior for me, so I might revert the master and all clients back to an older version for the time being. YMMV. On Jun 22, 11:19 am, Peter Berghold salty.cowd...@gmail.com wrote: Hi folks, I am building a server using Gentoo Linux and was about to start automating the package loads using puppet. First things first I loaded the latest and greatest facter and puppet from gems. Got the new SSL certificate loaded and ran puppetd --test and expected to see a base manifest loaded. Instead here is how it went: puppetd --test err: Could not retrieve catalog from remote server: Error 400 on SERVER: No support for http method POST warning: Not using cache on failed catalog err: Could not retrieve catalog; skipping run Eh? Never saw that before... -- Peter L. Berghold Owner, Shark River Technical Solutions LLC -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: gentoo linux and puppet
On Mon, Jun 27, 2011 at 14:10, Arthur Nisnevich art...@crowdspoke.com wrote: I ran into this as well. Figuring it had something to do with version inconsistency, I upgraded my master to 2.7.1 (which is the latest and greatest that my client ended up with) and it seemed to resolve the problem. It would. Specifically, we support a *newer* master than clients, but not the other way around. (It might, occasionally, work, but we make no promises in that direction.) So, if you have 2.7 clients you need a 2.7 master. Note that it DID introduce other unexpected behavior for me, so I might revert the master and all clients back to an older version for the time being. YMMV. I trust you filed bugs about those, so we can fix 'em. ;) daniel On Jun 22, 11:19 am, Peter Berghold salty.cowd...@gmail.com wrote: Hi folks, I am building a server using Gentoo Linux and was about to start automating the package loads using puppet. First things first I loaded the latest and greatest facter and puppet from gems. Got the new SSL certificate loaded and ran puppetd --test and expected to see a base manifest loaded. Instead here is how it went: puppetd --test err: Could not retrieve catalog from remote server: Error 400 on SERVER: No support for http method POST warning: Not using cache on failed catalog err: Could not retrieve catalog; skipping run Eh? Never saw that before... -- Peter L. Berghold Owner, Shark River Technical Solutions LLC -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- ⎋ Puppet Labs Developer – http://puppetlabs.com ✉ Daniel Pittman dan...@puppetlabs.com ✆ Contact me via gtalk, email, or phone: +1 (877) 575-9775 ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] gentoo linux and puppet
On Wed, Jun 22, 2011 at 10:19 AM, Peter Berghold salty.cowd...@gmail.comwrote: err: Could not retrieve catalog from remote server: Error 400 on SERVER: No support for http method POST To explain this error a bit more, we've moved the catalog retrieval to a POST rather than a GET to avoid the compile-time size limitations on fact data that we had with GET. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Custom facts - chicken or the egg
On Jun 27, 12:44 pm, Craig White craig.wh...@ttiltd.com wrote: On Jun 25, 2011, at 7:51 AM, Nigel Kersten wrote: On Fri, Jun 24, 2011 at 4:28 PM, Craig White craig.wh...@ttiltd.com wrote: 1. I want to require = /etc/puppet/modules/custom/lib/facter/$SOME_CUSTOM_FACT is actually executed and the fact is established before a particular package is installed/configured. I can't seem to find the proper syntax for requiring that fact first - before the attempted installation. If you're distributing facts as plugins in modules like this, the pluginsync should cause the fact to be evaluated before the manifests are parsed and the catalog is compiled. Something is going wrong if you're not getting your fact evaluated on first run. You definitely have pluginsync on on the node? Got this solved - custom facts syntax seems to be a little particular about 'exec' commands and apparently much prefers 'system' commands and that is why I was having issues getting it to run - fixed now. Yes, I had pluginsync on the node. This is not a peculiarity of custom facts. Ruby's 'exec' command (and the shell's and the corresponding family of C functions, etc.) don't just execute a command: they *replace* the currently running process with the specified command. Among other things, that means that the exec'ed command never returns (since there's nothing for it to return to); its exit is instead the end of the program. There are excellent reasons to want that behavior under some circumstances (often in conjunction with 'fork'; at some level this is how 'system' is implemented), but custom facts are not typically among those circumstances. Always choose 'system' instead of 'exec' unless you know exactly why you want the latter. Cheers, John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: howto trigger action on another client
On Jun 27, 9:37 am, Andreas Kuntzagk andreas.kuntz...@mdc-berlin.de wrote: Thanks for these infos. I think I got at least a vague idea how this works and can already use it for some simple cases. One more question: If I define checks for the exported exec (like creates or onlyif will these run on the exporting agent or the executing agent? (my guess is the second but want to make sure) The 'unless' and / or 'onlyif' command will run on the same nodes that the main command runs on. Likewise the criterion implied by the 'creates' parameter is evaluated on the same nodes that the main command runs on. In all cases, that means these apply to the node(s) that *collect* the Exec resources. If this is the case is there a way to run the exec depending on some checks on the exporting agent? Certainly. Define one or more custom facts embodying the results of your tests (it's pretty easy). Distribute these via Puppet's pluginsync mechanism. Use conditionals based on the fact values to control whether the Exec's are exported, and / or to vary their parameters (e.g. setting unless = '/bin/true' is one way for the exporter to disable execution). In general, facts, including custom facts, are the Puppet means for providing nodes' state details to the puppetmaster. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Setting requirements using collection -vs- before/require meta-parameters
On Mon, Jun 27, 2011 at 9:36 AM, Jon Jaroker goo...@jaroker.com wrote: After adding both forms of the dependency (the 'collection' as well as 'before'), I have not had a failure for the past few days. I believe my syntax is right and that the issue is specific to the dependency. I wonder if a timeout is occurring before the NFS share is mounted, but this timeout failure is not being reported. I am not sure how to isolate the issue further, but the workaround has been OK. So it looks like we have a bug that I'm still trying to find in the database, and I think it might be affecting you. If you have a class that only declares other classes in it, and doesn't have any resources in it, then it gets removed from the dependency graph. It's clearly a bug, and we're going to fix it. Is this possibly your problem? Does the description fit? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
