[Puppet Users] Re: Advocacy Material
Hi there, I think that the customer case studies make excellent propaganda material: http://puppetlabs.com/customers/case-studies/ Take a look at them, but maybe puppetlabs employees have some powerpoint presentations you need and are willing to share. :) -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/8FTU22eFwTIJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Virtual Define-based resources can only be realized once
Hi all, here is what I have: A module that is responsible to roll out and configure TSM (a backup tool). Basically I need a text file that mentions all directories that have to be backed up. I want to make it a virtual resource and let other modules configure which parts of it have to be backed up, e.g. configure in the apache module that the apache logs of each defined virtual server have to be backed up: The node.pp is configured like this: apache::config {virtualserver1: blah } apache:config {virtualserver2: blah } @tsm::config { $hostname: tsm_backup = [/custdir1,/custdir2] } The @ means this is a virtual Define-based resource, so it is not implemented until it gets realized. /custdir1 and /custdir2 denote custom directories that have to be backed up, but aren't managed by other puppet modules. One module is supposed to add some directories to tsm_backup, I use this configuration inside the apache module's config.pp: Tsm::Config| title == $hostname | { tsm_backup + [$apache_logs,$docroot], } I can then use this array in the template for the conf file (dsm.sys, virtualmountpoint and Domain, for those who know TSM). Up until here it all works fine. The config file will contain /custdir1, /custdir2, / apache/virtualserver1/logs, /apache/virtualserver2/logs, apache/ virtualserver1/docroot, apache/virtualserver2/docroot But when I want to configure another module to also add its directories to tsm_backup, so basically have another module, say postfix config.pp which contains this: Tsm::Config| title == $hostname | { tsm_backup + [$postfix_logs], } It will either contain the apache backup dirs OR the postfix backup dirs, depending on which | | it finds first, but never both. This is unexpected, since if I use the same construct for non define- based virtual resources, like a user (see https://groups.google.com/group/puppet-users/browse_thread/thread/c13c1936dcd939fd/cff48a8c03734336 ) Does anybody have an idea? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Advocacy Material
On Fri, Nov 11, 2011 at 11:36 AM, Daniel Shaw dan...@point-oh.net wrote: Hi, I have dabbled with Puppet in previous positions, had success and loved it. My current employer does not have in place any systems management tools and is an ideal candidate for another Puppet installation. I obviously need to run this by a superior before I can implement it on production systems.. So, can anyone point me to any good less-technical overview articles, presentations or videos? I need to have something to present, and it'd be great to not re-invent the wheel as I imagine there must be some material out there. You can probably look for various presentation, just to name a few http://projects.puppetlabs.com/projects/1/wiki/Puppet_Presentations Ohad Regards, Daniel -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: How to use built-in resource in custom provider?
On Nov 14, 10:28 am, tmpup justin.francesc...@gmail.com wrote: What you alluded to in your final paragraph is exactly right - I'm basically trying to extend the file type. I'd like for a source to be S3, and be able to specify it much like you specify the source being the puppet file server (e.g puppet:/// would be s3://). So, I got the s3 part working, now I just need to have the type/provider handle files if the source is puppet. I figured the easiest way to do this was using the existing type. Right now, I can't envision how I'd make a definition work here, as a new provider is obviously required for the s3 part. For reference, removing the the catalog.apply method still left things with the same error (undefined method `add_resource'). Any advice is greatly appreciated. Normally I might suggest writing a custom provider for the File type instead of creating a separate custom type, but File appears to be a special case that eschews the usual type / provider structure. At least in some versions of Puppet. Nevertheless, you do have the option of modifying the File type itself. If you are at liberty to do so then you might even consider contributing the modifications to Puppetlabs for inclusion in future versions of Puppet (though I cannot say how likely it is that they would be accepted). You could also try copying the File type wholesale, renaming it, and making your modifications there. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Hiera - How to set a parameter to the value false
On 11-11-11 12:56 PM, Peter Meier wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I've been using hiera for a few weeks now, but I'm stuck now trying to set a value to false Basically, I have a class that read its parameter in hiera, and in a yaml file I have the following code: --- use_ecrypt_fs: true server_region: fr puppet_enable: false This ultimately leads to the following error: err: Could not retrieve catalog from remote server: Error 400 on SERVER: Could not find data item puppet_enable in any Hiera data file and no default supplied at When I set puppet_enable: true this works fine, but I can't figure out how to pass a false value (tried false, False, nil ) which version are you using? This have been fixed some time ago: https://github.com/ripienaar/hiera/commit/3cd4cecaea1b4ea014e4ba4567a8322f0b987284 ~pete -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk69YbYACgkQbwltcAfKi39v/wCcD62vk6u721kUwZ7sbfRO/89N YGsAoIX71R9eQQlcQ1EtJIQLYQVdiQsW =F/V8 -END PGP SIGNATURE- Yeah if I remember well I did file that bug... I should be running the latest git one, but may be there is something wrong in my install procedure. I'll come back here when this is sorted out. -- Bruno -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Advocacy Material
On Tue, Nov 15, 2011 at 8:16 AM, Ohad Levy ohadl...@gmail.com wrote: On Fri, Nov 11, 2011 at 11:36 AM, Daniel Shaw dan...@point-oh.net wrote: Hi, I have dabbled with Puppet in previous positions, had success and loved it. My current employer does not have in place any systems management tools and is an ideal candidate for another Puppet installation. I obviously need to run this by a superior before I can implement it on production systems.. So, can anyone point me to any good less-technical overview articles, presentations or videos? I need to have something to present, and it'd be great to not re-invent the wheel as I imagine there must be some material out there. You can probably look for various presentation, just to name a few http://projects.puppetlabs.com/projects/1/wiki/Puppet_Presentations There's more current slides at: http://www.slideshare.net/PuppetLabs. If you need to present some compelling business reasons, I thought DTO presentation at PuppetConf offered some good talking points: http://www.slideshare.net/dev2ops/operations-is-a-strategic-weapon-puppetconf I especially like slide 37 even though the numbers are just arbitrary but it delivers the point of why should we change things if what we do today works. Nan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] yumrepo absent not working on 2.6.12
Hi all, Seems that ensure = absent is not working on puppet 2.6.12 yumrepo type. 'sl-5.5-base' : baseurl = 'http://reposerver/computing-SL-55-base-x86_64/RPMS.base/', descr = 'SL 5.5 base', enabled = absent, exclude = 'yum-conf* c-ares'; # ls -lsa /etc/yum.repos.d/sl-5.5-base.repo 4 -rw-r--r-- 1 root root 187 Nov 15 15:35 /etc/yum.repos.d/sl-5.5-base.repo #puppetd --test --server $server [...] info: create new repo sl-5.5-base in file /etc/yum.repos.d/sl-5.5-base.repo notice: /Stage[pre]/Common::Os::Release5::Sl55::Repos/Yumrepo[sl-5.5-base]/descr: descr changed '' to 'SL 5.5 base' notice: /Stage[pre]/Common::Os::Release5::Sl55::Repos/Yumrepo[sl-5.5-base]/baseurl: baseurl changed '' to 'http://reposerver/computing-SL-55-base-x86_64/RPMS.bas e/' notice: /Stage[pre]/Common::Os::Release5::Sl55::Repos/Yumrepo[sl-5.5-base]/gpgcheck: gpgcheck changed '' to '0' notice: /Stage[pre]/Common::Os::Release5::Sl55::Repos/Yumrepo[sl-5.5-base]/exclude: exclude changed '' to 'yum-conf* c-ares' notice: /Stage[pre]/Common::Os::Release5::Sl55::Repos/Yumrepo[sl-5.5-base]/enablegroups: enablegroups changed '' to '1' notice: /Stage[pre]/Common::Os::Release5::Sl55::Repos/Yumrepo[sl-5.5-base]/metadata_expire: metadata_expire changed '' to '43200' info: changing mode of /etc/yum.repos.d/sl-5.5-base.repo from 600 to 644 info: create new repo sl-5.5-fastbugs in file /etc/yum.repos.d/sl-5.5-fastbugs.repo [...] notice that enabled parameter is ignored I've been looking at list and bug and only found something nearly related: http://projects.puppetlabs.com/issues/9410 but it's not my problem. Is this a know problem/bug? TIA, Arnau -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: yumrepo absent not working on 2.6.12
Sorry, forgot to mention that if we set 0 instead of absent, the parameter works: notice: /Stage[pre]/Common::Os::Release5::Sl55::Repos/Yumrepo[sl-5.5-base]/enabled: enabled changed '' to '0' Cheers, Arnau -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: yumrepo absent not working on 2.6.12
On Tue, Nov 15, 2011 at 9:53 AM, Arnau Bria arnaub...@pic.es wrote: Sorry, forgot to mention that if we set 0 instead of absent, the parameter works: notice: /Stage[pre]/Common::Os::Release5::Sl55::Repos/Yumrepo[sl-5.5-base]/enabled: enabled changed '' to '0' A quick glance at the type shows you need to set 1 or 0, absent means the property should not exist rather than puppet should configure the value to 0. present/absent is not an alias for 1/0. A quick test confirms this: # puppet resource yumrepo foreman yumrepo { 'foreman': baseurl = 'http://yum.theforeman.org/stable', descr= 'Foreman Repo', enabled = '1', gpgcheck = '0', } # puppet resource yumrepo foreman enabled=absent notice: /Yumrepo[foreman]/enabled: undefined 'enabled' from '1' yumrepo { 'foreman': } # puppet resource yumrepo foreman yumrepo { 'foreman': baseurl = 'http://yum.theforeman.org/stable', descr= 'Foreman Repo', gpgcheck = '0', } Nan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Knowing if a file is managed by puppet
Hi, I'm looking for a simple way to check if a file on a client (where puppetd is running) is managed by puppet. At this time, I have to put a comment on the file and have to run a puppetd -to --noop in order to see if puppet triggers actions on this file. Is there any way to simply find if a file on the client is supervised by puppet ? Regards, Carl Chenet -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Accessing definition parameter value out of scope
Hi everybody. i'm running Puppet 2.6.2 and I have the following problem. Assuming I have a definition toto::tutu instanced as follows: --% --- define toto::tutu ($key = 'default_val') { ... } toto::tutu { 'example1': key = 'val1' } toto::tutu { 'example2': key = 'val2' } -- Is there now a way in another scope (for instance in the definition 'tata' to access the value 'val2' for instance? I was hoping that the syntax $val = Toto::Tutu['exemple2'][key] would work but that's not the case. Any suggestion? Note that the problem comes from the fact that I'm dealing here with definitions and not classes. Classes are uniquely defined (and instanced) such that I would then be able to access the value of the key parameter by toto::tutu::key (assuming of course I did not duplicate the instanciation). Thanks! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] password management with puppet
Hello, I am using accounts::user for managing user accounts on my infrastructure. I know that we can set passwords in manifests for the users we are managing. I would like to know if there is way that a user which does not have access to the puppet master, but has access to the puppet clients, can change his password on the client and update the manifests on the master. This is something like LDAP, where each user can change his/her password from any LDAP client to update the LDAP database. I want these users to change their passwords at will and somehow puppet finds that out and updates its manifests. Thanks Sunny -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Rounding in variable expressions
Hi, Can you round in variable assignment expressions? I would like to be able to set $my_var = floor(::processorcount * 0.8) Cheers, Tom -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: NFS clients - puppet hang when mount point
FYI, We ended up going with a mix of the two suggestions: having 'bg' specified as one of the mount point options, and also having the mount resource specify = present instead of = mounted, and then we use an exec to force the remount, constrained by an unless and onlyif: exec { remount-storage: command = mount -a, unless = grep $brand /proc/mounts, onlyif = nc -zv $nfs_server 2049 -w 3, } The works for us in all use cases, and seems to be the best way forwards :) - Andrew On Nov 11, 11:03 am, madAndroid andrewsta...@gmail.com wrote: Thank you so much to all who responded - we've managed to rewrite our classes to use the mount directive rather (and quite quickly and painlessly), and it seems a much better way than we had before (using file and exec resources/directives). Still experiencing the timeouts during the puppet run when the NFS box goes away (in a dev environment during testing the new class structure), but we haven't tried the two options that Len suggested - will be giving those a go, with the trade- offs in mind. Yes, I agree with John that it does feel like more of a problem with the way we are implementing the mounts, will give those suggestions a try as well. Thanks again, Andrew On Nov 10, 3:10 pm, jcbollinger john.bollin...@stjude.org wrote: On Nov 10, 6:02 am, madAndroid andrewsta...@gmail.com wrote: That sounds a little heavy handed ... also, I feel that it would probably stop the mount from happening at all? how would the fstab initiate the nfs mount if it's not able to resolve the address of the nfs server correctly? unless I'm missing something .. On Nov 9, 7:12 pm, Guy Matz gm...@matz.org wrote: OK. This may seem like a bad idea, but it's a workaround that has worked for me: I add the nfs server to the 127.0.0.1 entry of the hosts file which causes NFS to time out pretty immediately. :-\ On Wed, Nov 9, 2011 at 10:00 AM, madAndroid andrewsta...@gmail.com wrote: We've only recently discovered that puppet can manage mount points using the mount directive; however, a short while back we built annfs clientand server classes without using this resource, and we've encountered a problem where puppet seems to hang when the nfs server is unavailable. Using --debug doesn't seem to specify exactly at which point the run is failing, which could steer us in the right direction around putting something in place in the classes in question. Is there anything we can do, short of switching over to using the mount directive/resource, in order to mitigate the problem when the nfs server is unavailable? It's preventing us from managing other resources on the clients when this happens.. It all comes down to mount options. I'd recommend you absorb the material in nfs(5), but options of particular interest include 'retry', 'retrans', and 'timeo'. Do notice that the latter two will affect all operations on the mounted filesystem, not just the initial mount (and maybe not the initial mount at all -- the docs aren't quite clear on that). Unlike Len, I would not recommend using the bg option. Doing so likely would prevent Puppet from hanging for a long time attempting the mount, but it would also prevent Puppet from correctly managing the resource. Puppet needs to know whether it has succeeded in mounting the remote filesystem. It may also cause you trouble later if the client never does succeed in mounting the filesystem. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: NFS clients - puppet hang when mount point
FYI, We ended up going with a mix of the two suggestions: having 'bg' specified as one of the mount point options, and also having the mount resource specify = present instead of = mounted, and then we use an exec to force the remount, constrained by an unless and onlyif: exec { remount-storage: command = mount -a, unless = grep $brand /proc/mounts, onlyif = nc -zv $nfs_server 2049 -w 3, } The works for us in all use cases, and seems to be the best way forwards :) - Andrew On Nov 11, 11:03 am, madAndroid andrewsta...@gmail.com wrote: Thank you so much to all who responded - we've managed to rewrite our classes to use the mount directive rather (and quite quickly and painlessly), and it seems a much better way than we had before (using file and exec resources/directives). Still experiencing the timeouts during the puppet run when the NFS box goes away (in a dev environment during testing the new class structure), but we haven't tried the two options that Len suggested - will be giving those a go, with the trade- offs in mind. Yes, I agree with John that it does feel like more of a problem with the way we are implementing the mounts, will give those suggestions a try as well. Thanks again, Andrew On Nov 10, 3:10 pm, jcbollinger john.bollin...@stjude.org wrote: On Nov 10, 6:02 am, madAndroid andrewsta...@gmail.com wrote: That sounds a little heavy handed ... also, I feel that it would probably stop the mount from happening at all? how would the fstab initiate the nfs mount if it's not able to resolve the address of the nfs server correctly? unless I'm missing something .. On Nov 9, 7:12 pm, Guy Matz gm...@matz.org wrote: OK. This may seem like a bad idea, but it's a workaround that has worked for me: I add the nfs server to the 127.0.0.1 entry of the hosts file which causes NFS to time out pretty immediately. :-\ On Wed, Nov 9, 2011 at 10:00 AM, madAndroid andrewsta...@gmail.com wrote: We've only recently discovered that puppet can manage mount points using the mount directive; however, a short while back we built annfs clientand server classes without using this resource, and we've encountered a problem where puppet seems to hang when the nfs server is unavailable. Using --debug doesn't seem to specify exactly at which point the run is failing, which could steer us in the right direction around putting something in place in the classes in question. Is there anything we can do, short of switching over to using the mount directive/resource, in order to mitigate the problem when the nfs server is unavailable? It's preventing us from managing other resources on the clients when this happens.. It all comes down to mount options. I'd recommend you absorb the material in nfs(5), but options of particular interest include 'retry', 'retrans', and 'timeo'. Do notice that the latter two will affect all operations on the mounted filesystem, not just the initial mount (and maybe not the initial mount at all -- the docs aren't quite clear on that). Unlike Len, I would not recommend using the bg option. Doing so likely would prevent Puppet from hanging for a long time attempting the mount, but it would also prevent Puppet from correctly managing the resource. Puppet needs to know whether it has succeeded in mounting the remote filesystem. It may also cause you trouble later if the client never does succeed in mounting the filesystem. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Knowing if a file is managed by puppet
- Original Message - Hi, I'm looking for a simple way to check if a file on a client (where puppetd is running) is managed by puppet. At this time, I have to put a comment on the file and have to run a puppetd -to --noop in order to see if puppet triggers actions on this file. Is there any way to simply find if a file on the client is supervised by puppet ? I wrote https://github.com/ripienaar/puppet-parselocalconfig some time ago that can do this on the node - I am not sure if it still works with latest puppet version but worth a try -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Knowing if a file is managed by puppet
R.I.Pienaar a écrit : I wrote https://github.com/ripienaar/puppet-parselocalconfig some time ago that can do this on the node - I am not sure if it still works with latest puppet version but worth a try We are using a modified version of this script and it is mandatory for us. I do not know how to work with Puppet if you do not have an easy way to know which resources are managed by puppet or not. The only other solution if to do some kind of 'grep -r my_object /etc/puppet/* ' which is very unfriendly for admins... Aurélien -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: yumrepo absent not working on 2.6.12
On Tue, 15 Nov 2011 10:06:43 -0500 Nan Liu wrote: [...] A quick glance at the type shows you need to set 1 or 0, absent means the property should not exist rather than puppet should configure the value to 0. Ok. I understood that absent removes the file. My fault. any way for removing the repo without using a file type? Many thanks for your reply Nan, Arnau -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] yumrepo absent not working on 2.6.12
On Tue, Nov 15, 2011 at 03:49:57PM +0100, Arnau Bria wrote: Hi all, Seems that ensure = absent is not working on puppet 2.6.12 yumrepo type. 'sl-5.5-base' : baseurl = 'http://reposerver/computing-SL-55-base-x86_64/RPMS.base/', descr = 'SL 5.5 base', enabled = absent, exclude = 'yum-conf* c-ares'; # ls -lsa /etc/yum.repos.d/sl-5.5-base.repo 4 -rw-r--r-- 1 root root 187 Nov 15 15:35 /etc/yum.repos.d/sl-5.5-base.repo #puppetd --test --server $server [...] info: create new repo sl-5.5-base in file /etc/yum.repos.d/sl-5.5-base.repo notice: /Stage[pre]/Common::Os::Release5::Sl55::Repos/Yumrepo[sl-5.5-base]/descr: descr changed '' to 'SL 5.5 base' notice: /Stage[pre]/Common::Os::Release5::Sl55::Repos/Yumrepo[sl-5.5-base]/baseurl: baseurl changed '' to 'http://reposerver/computing-SL-55-base-x86_64/RPMS.bas e/' notice: /Stage[pre]/Common::Os::Release5::Sl55::Repos/Yumrepo[sl-5.5-base]/gpgcheck: gpgcheck changed '' to '0' notice: /Stage[pre]/Common::Os::Release5::Sl55::Repos/Yumrepo[sl-5.5-base]/exclude: exclude changed '' to 'yum-conf* c-ares' notice: /Stage[pre]/Common::Os::Release5::Sl55::Repos/Yumrepo[sl-5.5-base]/enablegroups: enablegroups changed '' to '1' notice: /Stage[pre]/Common::Os::Release5::Sl55::Repos/Yumrepo[sl-5.5-base]/metadata_expire: metadata_expire changed '' to '43200' info: changing mode of /etc/yum.repos.d/sl-5.5-base.repo from 600 to 644 info: create new repo sl-5.5-fastbugs in file /etc/yum.repos.d/sl-5.5-fastbugs.repo [...] notice that enabled parameter is ignored I've been looking at list and bug and only found something nearly related: http://projects.puppetlabs.com/issues/9410 but it's not my problem. Is this a know problem/bug? There is a at least a feature request to be able to remove a certain repository (not just disabling it but removing it all together) https://projects.puppetlabs.com/issues/9293 -Stefan pgpxcajkB08Nf.pgp Description: PGP signature
Re: [Puppet Users] Knowing if a file is managed by puppet
On Tue, Nov 15, 2011 at 8:14 AM, Nan Liu n...@puppetlabs.com wrote: On Tue, Nov 15, 2011 at 5:38 AM, chaica lordcha...@free.fr wrote: I'm looking for a simple way to check if a file on a client (where puppetd is running) is managed by puppet. At this time, I have to put a comment on the file and have to run a puppetd -to --noop in order to see if puppet triggers actions on this file. Is there any way to simply find if a file on the client is supervised by puppet ? In Puppet 2.7 you can issue the command: puppet catalog select $hostname $type Also as of 2.7.6, we automatically dump this info in a text file on the agents. cat $(puppet agent --configprint resourcefile) file[/etc/puppetlabs/mcollective/ssl/mcollective-private.pem] file[/opt/puppet/libexec/mcollective/mcollective/agent/package.rb] file[/etc/puppetlabs/activemq/broker.p12] file[/etc/puppetlabs/activemq/broker.ts] file[/etc/puppetlabs/mcollective/ssl/mcollective-cert.pem] file[/opt/puppet/share/puppet-dashboard/.ssh/authorized_keys] file[/var/lib/peadmin/.mcollective.d/peadmin-private.pem] file[/opt/puppet/libexec/mcollective/mcollective/registration/meta.rb] file[/opt/puppet/libexec/mcollective/mcollective/util] file[/etc/puppetlabs/mcollective/ssl/clients/mcollective-public.pem] group[peadmin] user[peadmin] ... -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Knowing if a file is managed by puppet
I'm using the puppet-ls script for this purpose. https://github.com/deanwilson/puppet-scripts/blob/master/puppet-ls vince On Tue, Nov 15, 2011 at 9:22 AM, Nigel Kersten ni...@puppetlabs.com wrote: On Tue, Nov 15, 2011 at 8:14 AM, Nan Liu n...@puppetlabs.com wrote: On Tue, Nov 15, 2011 at 5:38 AM, chaica lordcha...@free.fr wrote: I'm looking for a simple way to check if a file on a client (where puppetd is running) is managed by puppet. At this time, I have to put a comment on the file and have to run a puppetd -to --noop in order to see if puppet triggers actions on this file. Is there any way to simply find if a file on the client is supervised by puppet ? In Puppet 2.7 you can issue the command: puppet catalog select $hostname $type Also as of 2.7.6, we automatically dump this info in a text file on the agents. cat $(puppet agent --configprint resourcefile) file[/etc/puppetlabs/mcollective/ssl/mcollective-private.pem] file[/opt/puppet/libexec/mcollective/mcollective/agent/package.rb] file[/etc/puppetlabs/activemq/broker.p12] file[/etc/puppetlabs/activemq/broker.ts] file[/etc/puppetlabs/mcollective/ssl/mcollective-cert.pem] file[/opt/puppet/share/puppet-dashboard/.ssh/authorized_keys] file[/var/lib/peadmin/.mcollective.d/peadmin-private.pem] file[/opt/puppet/libexec/mcollective/mcollective/registration/meta.rb] file[/opt/puppet/libexec/mcollective/mcollective/util] file[/etc/puppetlabs/mcollective/ssl/clients/mcollective-public.pem] group[peadmin] user[peadmin] ... -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Rounding in variable expressions
On 2011-11-15 07:24 , Tom Hall wrote: Hi, Can you round in variable assignment expressions? I would like to be able to set $my_var = floor(::processorcount * 0.8) Cheers, Tom That should work just fine as long as you define an rvalue function called 'floor'. There should be a bunch of good examples of how to do this in the stdlib[0] repo in lib/puppet/parser/functions. [0] https://github.com/puppetlabs/puppetlabs-stdlib/ -- Jacob Helwig http://about.me/jhelwig signature.asc Description: OpenPGP digital signature
[Puppet Users] Adding users by using 'spaceship' syntax
Hello, I have setup scripts / modules that allow adding ssh users courtesy of the Puppet Wiki. I have defined my users in a central file called 'sshusers.pp' and am importing that file into my 'nodes.pp' file. One question am I trying to resolve is how to add multiple users without having to specify the user names. Keep in mind that the ssh::auth class from the Puppet wiki defines almost everything virtually, so as I understand, I have to 'realize' those users that are defined. Here is an example: from /etc/puppet/manifests/sshusers.pp, I define a user: users::define_ssh {'jspies': name = 'Justin Spies', email = 'jus...@gmail.com', userid = 1001 } users::define_ssh {'jdoe': name = 'John Doe, email = 'j...@doe.com', userid = 1002 } in /etc/puppet/manifests/nodes.pp, I then realize the users and call a custom defined code block (users::create) to create the users, create the user home directories, create the SSH keys, and copy the SSH keys to the users authorized_keys file on the server: # Realize all users that are a member of the 'users' group User | group == 'ssh' | { ensure = present } # Actually create the users and their SSH keys #users::create{User | group = 'ssh' |: ensure = present } users::create{['jspies', 'lspies']: ensure = present } So I'd like to avoid having to type the user titles in the call to users::create. Is there a way to do this using the 'User | group == 'ssh' |' syntax to select what I want? Or do I need to just define an array in the sshusers.pp file and pass the array to the users::create? I'd like to use dynamic logic rather than having to code and update an array every time we add/remove users. Thanks! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Knowing if a file is managed by puppet
Depends on why you want this info ... but its available in the catalog on the box for 'grepping' (more or less). Something I recommend to some people: http://www.tenshu.net/2010/08/adventures-in-puppet-tangled-strings.html Which does more or less that ... but shows a banner in VIM for users to warn them the file is puppet managed before they modify it. ken. On Tue, Nov 15, 2011 at 10:38 AM, chaica lordcha...@free.fr wrote: Hi, I'm looking for a simple way to check if a file on a client (where puppetd is running) is managed by puppet. At this time, I have to put a comment on the file and have to run a puppetd -to --noop in order to see if puppet triggers actions on this file. Is there any way to simply find if a file on the client is supervised by puppet ? Regards, Carl Chenet -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Rounding in variable expressions
On 15 November 2011 16:57, Jacob Helwig ja...@puppetlabs.com wrote: On 2011-11-15 07:24 , Tom Hall wrote: Hi, Can you round in variable assignment expressions? I would like to be able to set $my_var = floor(::processorcount * 0.8) Cheers, Tom That should work just fine as long as you define an rvalue function called 'floor'. There should be a bunch of good examples of how to do this in the stdlib[0] repo in lib/puppet/parser/functions. [0] https://github.com/puppetlabs/puppetlabs-stdlib/ I suspect it won't be a trivial or generic function. Puppet won't be able to do the initial arithmetic within the braces because $::processorcount is a string. So you might end up with something like multiply_floor($::processorcount, 0.8) or floor(str2int($::processorcount) * 0.8). Alternatively the cheap and hacky approach: $foo = inline_template(%= (processorcount.to_i * 0.8).floor -%) -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Adding users by using 'spaceship' syntax
Hi Justin, So I'd like to avoid having to type the user titles in the call to users::create. Is there a way to do this using the 'User | group == 'ssh' |' syntax to select what I want? Unfortunately the spaceship operator can't contain anything other than == and !=, and doesn't accept anything but simple variables. Actually I doubt User | group == 'ssh' | will work that well. During past tests I did, it only found the first member of an array. So if you had a user defined like this: users::define_ssh {'jspies': [...] group = ['group1','ssh'], } it wouldn't be realized by User | group == 'ssh' |, because ssh is at the second position of the group parameter. Maybe that wasn't discovered yet over at this wiki you mentioned. Or do I need to just define an array in the sshusers.pp file and pass the array to the users::create? May I ask what your reason is for not ensuring that users should be present right away? Sounds like you want to add all your new users right away. In this case you don't have to have separate user::define and user::create groups. Would be enough just to have the ensure = present inside the user::define and then include or require it in your node, eg. your default node. Hope that helps Stephan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: password management with puppet
On Nov 15, 4:22 am, Sunny jaisinghani.su...@gmail.com wrote: Hello, I am using accounts::user for managing user accounts on my infrastructure. I know that we can set passwords in manifests for the users we are managing. I would like to know if there is way that a user which does not have access to the puppet master, but has access to the puppet clients, can change his password on the client and update the manifests on the master. This is something like LDAP, where each user can change his/her password from any LDAP client to update the LDAP database. I want these users to change their passwords at will and somehow puppet finds that out and updates its manifests. Puppet does not provide a mechanism for this sort of thing, and indeed, it goes strongly against Puppet's grain. When Puppet is managing a property of some resource, then *by definition* the master is authoritative about the proper value, not any of the clients. Moreover, what you ask is inferior to the various standard mechanisms for centralized authentication management. Stephan covered most of the widely used ones, to which I add NIS; I recommend that you use one of those. If you insist on taking the Puppet-managed route then you're going to have to build your own tools. What exactly you would need depends on the systems under management, but it should grab all the account management hooks so as to catch password chanages via all available mechanisms, and it should immediately update whatever password store you use on the master, failing the change if it cannot update the master. Do not wait for the next Puppet run to sync up, and be prepared to work around some ordering issues for the scenario when a user chanages his password while the Puppet agent is applying a catalog. But really, think again: you don't want to do this. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Accessing definition parameter value out of scope
On Nov 15, 7:07 am, Falkor sebastien.varre...@gmail.com wrote: Hi everybody. i'm running Puppet 2.6.2 and I have the following problem. Assuming I have a definition toto::tutu instanced as follows: --% --- define toto::tutu ($key = 'default_val') { ... } toto::tutu { 'example1': key = 'val1' } toto::tutu { 'example2': key = 'val2' } -- Is there now a way in another scope (for instance in the definition 'tata' to access the value 'val2' for instance? I was hoping that the syntax $val = Toto::Tutu['exemple2'][key] would work but that's not the case. Any suggestion? To my knowledge, you cannot access variables of a defined type instance. I'm not sure they even exist outside the definition. What you can do is establish a source of truth outside the definition that the definition and all other interested parties draw on. That could be a variable in some shared lexical scope, a global or class variable, or external data accessed via extlookup() or hiera. That would be a pretty good design strategy even if you were using classes rather than definitions. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Adding users by using 'spaceship' syntax
On Nov 15, 12:27 pm, Stephan stephan.eckwei...@admin.ox.ac.uk wrote: Hi Justin, So I'd like to avoid having to type the user titles in the call to users::create. Is there a way to do this using the 'User | group == 'ssh' |' syntax to select what I want? Unfortunately the spaceship operator can't contain anything other than == and !=, and doesn't accept anything but simple variables. Actually I doubt User | group == 'ssh' | will work that well. During past tests I did, it only found the first member of an array. So if you had a user defined like this: users::define_ssh {'jspies': [...] group = ['group1','ssh'], } it wouldn't be realized by User | group == 'ssh' |, because ssh is at the second position of the group parameter. Maybe that wasn't discovered yet over at this wiki you mentioned. Or do I need to just define an array in the sshusers.pp file and pass the array to the users::create? May I ask what your reason is for not ensuring that users should be present right away? Sounds like you want to add all your new users right away. In this case you don't have to have separate user::define and user::create groups. Would be enough just to have the ensure = present inside the user::define and then include or require it in your node, eg. your default node. Hi Stephan, thanks for the reply. The example I'm following / using is http://projects.puppetlabs.com/projects/puppet/wiki/Module_Ssh_Auth_Patterns Great question regarding 'why', and it made me think hard about what I'm trying to accomplish. My reason for not realizing users immediately is because I wanted to define a user in one place (sshusers.pp) and then realize those users on most (but not all) of my servers (let's say there are 20 servers.) So the users are defined virtually in sshusers.pp using the users::define_ssh and then they are realized (inside of each node definition) using users::create based on which users go on each server. I would prefer to add users to a group and then in the node definition, specify to the server 'ensure that all users who are a member of group ssh are created'. A better example, perhaps, would be if you think in terms of a DBA group. I only want to add the DBA users, who are in the DBA group, to the database servers. So for a web server node, I would have 'user::create{ User | group == 'webservers' |: ensure = present }' and 'user::create{ User | group == 'dba' |: ensure = absent }'. That would create the web server admins on the web server, and ensure the DBA users were not there (admittedly, I'm not sure what the results would be if I had one user in both groups). On the DB server, I would just reverse the value of the ensure parameter so that the web server users are not created and the DBA users are created. I am not stuck on the use of the spaceship syntax, it was just my starting point. I was hoping to just extract an array of users some how and pass that to the users::create definition. I am also open to suggestions on how to better structure this if I'm going off in some crazy direction. I am new to Puppet and am still getting a grasp on how it works and how to properly code up classes and defines. Thanks again. Hope that helps Stephan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] can we alter the 30-min run time?
On Nov 5, 2011, at 9:42 AM, Nigel Kersten wrote: On Thu, Nov 3, 2011 at 12:41 PM, Jo Rhett jrh...@netconsonance.com wrote: Nigel, As you've said, the time chosen for the run cycle will be consistent. All of these settings are already set -- this isn't a question of how to change how often to run, it's how to affect the chosen runtime? I've got an awful lot of systems ( 100) which have decided to all roll at 28 and 58 minutes after the hour. How can I rebalance them? This should be what the splay settings do for you Jo. Even though those agents all roll at 28/58 minutes past the hour, if you set splay to true, they'll then wait a random amount of time up to splaylimit before they *actually* perform the run. splay breaks many things, including puppet kick. It simply won't work until you break splay out to only affect normal running. I tried enabling it, and found that it simply didn't affect the systems enough. I am deeply curious as to why you are avoiding the main question here: 1. How does puppet decide when its 30 minutes is up? Is this stored in a file somewhere? 2. How can we change its calculation? (can we edit a file, run a command, …?) On Nov 3, 2011, at 8:38 AM, Nigel Kersten wrote: On Thu, Nov 3, 2011 at 8:36 AM, Jo Rhett jrh...@netconsonance.com wrote: For a long time it appeared that run cycles were fairly balanced -- a few every 30 seconds over the 30 minute period. Right now I'm seeing more than 100 systems hit in the same minute: 28 and 58 minutes after the hour. Is there some way to alter the spread of these systems back to even out the load? Or passenger options which could limit the effects of this? In your puppet.conf agent block: # How often puppet agent applies the client configuration; in seconds. # Note that a runinterval of 0 means run continuously rather than # never run. If you want puppet agent to never run, you should start # it with the `--no-client` option. # The default value is '1800'. runinterval = 1800 ... # The maximum time to delay before runs. Defaults to being the same as the # run interval. # The default value is '$runinterval'. splaylimit = 1800 ... # Whether to sleep for a pseudo-random (but consistent) amount of time before # a run. splay = false -- Jo Rhett Net Consonance : consonant endings by net philanthropy, open source and other randomness -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Nigel Kersten Product Manager, Puppet Labs -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Jo Rhett Net Consonance : consonant endings by net philanthropy, open source and other randomness -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Nigel Kersten Product Manager, Puppet Labs -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Jo Rhett Net Consonance : consonant endings by net philanthropy, open source and other randomness -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Editing a variable defined in the same scope
I tried the following (names changed to protect the innocent and guilty): class myclass ( $param ) { $myvar = [ foo, bar ] if $param == special { $myvar += [ blah ] } } and got the message ...Cannot append, variable myvar is defined in this scope According to the docs, variables cannot be modified in the same scope because of the declarative nature of Puppethttp://docs.puppetlabs.com/guides/language_guide.html . However, if I change the plus-signment statment to $myclass::myvar += [ blah ] it works fine. Can someone explain this aspect of scoping? (Or is this possibly a bug...?) Justin -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Editing a variable defined in the same scope
On Tue, Nov 15, 2011 at 01:42:24PM -0800, Justin Lloyd wrote: I tried the following (names changed to protect the innocent and guilty): class myclass ( $param ) { ��� $myvar = [ foo, bar ] ��� if $param == special { ��� $myvar += [ blah ] ��� } } and got the message ...Cannot append, variable myvar is defined in this scope According to the docs, [1]variables cannot be modified in the same scope because of the declarative nature of Puppet. However, if I change the plus-signment statment to $myclass::myvar += [ blah ] it works fine. Can someone explain this aspect of scoping? (Or is this possibly a bug...?) Justin Simpler example, but I get bar\n in both files: $ cat /tmp/scope1.pp class myclass { $myvar = [ foo\n, bar\n ] file { /tmp/a1: content = $myvar } $myclass::myvar += [ blah ] file { /tmp/a2: content = $myclass::myvar, } } class { myclass: } $ puppet apply /tmp/scope1.pp notice: /Stage[main]/Myclass/File[/tmp/a2]/ensure: defined content as '{md5}d3b07384d113edec49eaa6238ad5ff00' notice: /Stage[main]/Myclass/File[/tmp/a1]/ensure: defined content as '{md5}d3b07384d113edec49eaa6238ad5ff00' $ cat /tmp/a1 bar $ cat /tmp/a2 bar Maybe it's not emitting an error, but I can't get $myclass::myvar with a different value. Not that I know so much about what's going on. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. References Visible links 1. http://docs.puppetlabs.com/guides/language_guide.html -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] ANNOUNCE: Puppet Labs stdlib module version 2.2.0 released
James, I love the idea of this module but the wiki page you listed below is fairly broken. The syntax under anchor certainly wouldn't parse, and I'm staring at it and I'm not even sure what some of it is intending to say... On Nov 8, 2011, at 2:39 PM, James Turnbull wrote: We're pleased to announce a new release of the Puppet Labs stdlib module. This module provides a standard library of resources for developing Puppet Modules. This modules will include the following additions to Puppet: * Default Stages * Facts * Functions * Defined resource types * Types * Providers This module is officially curated and provided by Puppet Labs. The modules Puppet Labs writes and distributes will make heavy use of this standard library. The CHANGELOG since the last release is: 2011-11-08 Puppet Labs supp...@puppetlabs.com - 2.2.0 * #10285 - Refactor json to use pson instead. * Maint - Add watchr autotest script * Maint - Make rspec tests work with Puppet 2.6.4 * #9859 - Add root_home fact and tests The module is available via the Puppet Labs Forge at http://forge.puppetlabs.com/puppetlabs/stdlib. Regards James Turnbull -- James Turnbull Puppet Labs 1-503-734-8571 To schedule a meeting with me: http://tungle.me/jamtur01 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Jo Rhett Net Consonance : consonant endings by net philanthropy, open source and other randomness -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] How to debug intermittent puppet catalog failure
Are you running the latest centos or redhat-based kernel? If so, 274.7.1 is corked. Backgrade from 274.7.1 to 274.3.1 and the problem will disappear. This is documented in https://projects.puppetlabs.com/issues/10418 And RedHat bug https://bugzilla.redhat.com/show_bug.cgi?id=751214 On Nov 10, 2011, at 11:27 AM, Len Rugen wrote: It seems like I have two sets of similar symptoms. I have another set of servers where puppetd -tv runs fine, but the daemon will never finish a catalog run. Again, puppetdlock lingers. I think the first problem may track to a database backup. The clients with similar timestamps are near that time. I've changed that process and will see if that fixes the problem. On Thu, Nov 10, 2011 at 8:32 AM, Len Rugen lenru...@gmail.com wrote: Also, the timestamp on several clients puppetdlock file will be within minutes of each other, so it appears to be some sort of infrastructure issue. The puppet master is a VM and the backend mysql server physical. On Thu, Nov 10, 2011 at 8:24 AM, Len Rugen lenru...@gmail.com wrote: We've recently developed a problem where a puppetd scheduled catalog run will hang or fail, then never resume. The puppetdlock file is present, but I can't find any logged errors. If I stop the daemon, it will restart and run the catalog without problem. Any suggestions on how to identify the problem? Puppet version 2.7.6 on both client and server and Foreman is managing nodes. Thanks -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Jo Rhett Net Consonance : consonant endings by net philanthropy, open source and other randomness -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Knowing if a file is managed by puppet
+1 for tangled strings On 16 November 2011 04:03, Ken Barber k...@puppetlabs.com wrote: Depends on why you want this info ... but its available in the catalog on the box for 'grepping' (more or less). Something I recommend to some people: http://www.tenshu.net/2010/08/adventures-in-puppet-tangled-strings.html Which does more or less that ... but shows a banner in VIM for users to warn them the file is puppet managed before they modify it. ken. On Tue, Nov 15, 2011 at 10:38 AM, chaica lordcha...@free.fr wrote: Hi, I'm looking for a simple way to check if a file on a client (where puppetd is running) is managed by puppet. At this time, I have to put a comment on the file and have to run a puppetd -to --noop in order to see if puppet triggers actions on this file. Is there any way to simply find if a file on the client is supervised by puppet ? Regards, Carl Chenet -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: How to debug intermittent puppet catalog failure
Hi Len, On Thu, Nov 10, 2011 at 11:27 AM, Len Rugen lenru...@gmail.com wrote: It seems like I have two sets of similar symptoms. I have another set of servers where puppetd -tv runs fine, but the daemon will never finish a catalog run. Again, puppetdlock lingers. I think the first problem may track to a database backup. The clients with similar timestamps are near that time. I've changed that process and will see if that fixes the problem. On Thu, Nov 10, 2011 at 8:32 AM, Len Rugen lenru...@gmail.com wrote: Also, the timestamp on several clients puppetdlock file will be within minutes of each other, so it appears to be some sort of infrastructure issue. The puppet master is a VM and the backend mysql server physical. On Thu, Nov 10, 2011 at 8:24 AM, Len Rugen lenru...@gmail.com wrote: We've recently developed a problem where a puppetd scheduled catalog run will hang or fail, then never resume. The puppetdlock file is present, but I can't find any logged errors. If I stop the daemon, it will restart and run the catalog without problem. Any suggestions on how to identify the problem? I would run truss/strace/dtrace to see what puppet is doing when it's hung. Puppet version 2.7.6 on both client and server and Foreman is managing nodes. Thanks We recently fixed a bug[1] that caused puppet to take a long time to run when managing many files (more than an order of magnitude slower in 2.7 than 2.6). For example, managing a directory recursively with 1k+ files. The bug is present in 2.7.0-2.7.6, and fixed in 2.7.7rc2, released yesterday. If the trace shows puppet stat'ing files with long pauses in between, then this may be part of the problem. Josh [1] https://projects.puppetlabs.com/issues/9671 -- Josh Cooper Developer, Puppet Labs -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Adding users by using 'spaceship' syntax
Hmm, I see. We went another avenue. We create all users on all systems and then let another instance decide which users to let log in to which machine. RADIUS servers or Kerberos servers are capable of this. But depending on the surroundings this might be overkill. So I agree that for you the spaceship makes sense. But am afraid won't be of much help. Am still struggling myself to get my head around it, and must admit, am not really overly impressed by it so far. But rule 1 with open source: contribute nothing, expect nothing On Nov 15, 7:30 pm, Justin Spies jus...@thespies.org wrote: On Nov 15, 12:27 pm, Stephan stephan.eckwei...@admin.ox.ac.uk wrote: Hi Justin, So I'd like to avoid having to type the user titles in the call to users::create. Is there a way to do this using the 'User | group == 'ssh' |' syntax to select what I want? Unfortunately the spaceship operator can't contain anything other than == and !=, and doesn't accept anything but simple variables. Actually I doubt User | group == 'ssh' | will work that well. During past tests I did, it only found the first member of an array. So if you had a user defined like this: users::define_ssh {'jspies': [...] group = ['group1','ssh'], } it wouldn't be realized by User | group == 'ssh' |, because ssh is at the second position of the group parameter. Maybe that wasn't discovered yet over at this wiki you mentioned. Or do I need to just define an array in the sshusers.pp file and pass the array to the users::create? May I ask what your reason is for not ensuring that users should be present right away? Sounds like you want to add all your new users right away. In this case you don't have to have separate user::define and user::create groups. Would be enough just to have the ensure = present inside the user::define and then include or require it in your node, eg. your default node. Hi Stephan, thanks for the reply. The example I'm following / using ishttp://projects.puppetlabs.com/projects/puppet/wiki/Module_Ssh_Auth_P... Great question regarding 'why', and it made me think hard about what I'm trying to accomplish. My reason for not realizing users immediately is because I wanted to define a user in one place (sshusers.pp) and then realize those users on most (but not all) of my servers (let's say there are 20 servers.) So the users are defined virtually in sshusers.pp using the users::define_ssh and then they are realized (inside of each node definition) using users::create based on which users go on each server. I would prefer to add users to a group and then in the node definition, specify to the server 'ensure that all users who are a member of group ssh are created'. A better example, perhaps, would be if you think in terms of a DBA group. I only want to add the DBA users, who are in the DBA group, to the database servers. So for a web server node, I would have 'user::create{ User | group == 'webservers' |: ensure = present }' and 'user::create{ User | group == 'dba' |: ensure = absent }'. That would create the web server admins on the web server, and ensure the DBA users were not there (admittedly, I'm not sure what the results would be if I had one user in both groups). On the DB server, I would just reverse the value of the ensure parameter so that the web server users are not created and the DBA users are created. I am not stuck on the use of the spaceship syntax, it was just my starting point. I was hoping to just extract an array of users some how and pass that to the users::create definition. I am also open to suggestions on how to better structure this if I'm going off in some crazy direction. I am new to Puppet and am still getting a grasp on how it works and how to properly code up classes and defines. Thanks again. Hope that helps Stephan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] lighttpd / modifying variables in templates?
I'm trying to get puppet to manage my lighttpd install, but I use vhosts. The line I'd normally use is something like this: $HTTP[host] =~ site\.example\.tld { server.document-root= /var/www/site.example.tld accesslog.filename = /var/log/lighttpd/ site.example.tld-access.log } I would like to be able to pass the template a single variable, the domain name, and have it inserted into the 3 locations above. The only problem is the first one needs to have the escape characters inserted. Is there anyway to modify the variable in the template to add those slashes or am I stuck passing the information in twice? Thanks -- Jon [[User:ShakataGaNai]] / KJ6FNQ http://snowulf.com/ http://www.linkedin.com/in/shakataganai http://twitter.com/shakataganai -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] dropping support for ruby 1.85?
On Nov 9, 2011, at 5:47 AM, Ohad Levy wrote: Ruby 1.87 support Foreman 0.4 would be the last major version supporting Ruby older then 1.87. This has to be done since the upstream rails community no longer supports older versions, which means that critical security patches are no longer available if we keep supporting that. if required, we would release 0.4.x maintenance releases, but since ruby 1.87+ is available on most distribution these days, you are encouraged to upgrade. No distribution based on RHEL5 has a supported version of ruby other than 1.85 AFAIK. It's pretty much a roll-your-own-RPM for 1.87, and that's not possible for most sites. -- Jo Rhett Net Consonance : consonant endings by net philanthropy, open source and other randomness -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] dropping support for ruby 1.85?
Not supported, but Karanbir Singh has made available 1.8.7 RPMs: http://centos.karan.org/el5/ruby187/ -Eric -- Eric Shamow Professional Services http://puppetlabs.com/ (c)631.871.6441 On Tuesday, November 15, 2011 at 8:30 PM, Jo Rhett wrote: On Nov 9, 2011, at 5:47 AM, Ohad Levy wrote: Ruby 1.87 support Foreman 0.4 would be the last major version supporting Ruby older then 1.87. This has to be done since the upstream rails community no longer supports older versions, which means that critical security patches are no longer available if we keep supporting that. if required, we would release 0.4.x maintenance releases, but since ruby 1.87+ is available on most distribution these days, you are encouraged to upgrade. No distribution based on RHEL5 has a supported version of ruby other than 1.85 AFAIK. It's pretty much a roll-your-own-RPM for 1.87, and that's not possible for most sites. -- Jo Rhett Net Consonance : consonant endings by net philanthropy, open source and other randomness -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com (mailto:puppet-users@googlegroups.com). To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com (mailto:puppet-users+unsubscr...@googlegroups.com). For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] dropping support for ruby 1.85?
On Tue, Nov 15, 2011 at 11:30 PM, Jo Rhett jrh...@netconsonance.com wrote: On Nov 9, 2011, at 5:47 AM, Ohad Levy wrote: Ruby 1.87 support Foreman 0.4 would be the last major version supporting Ruby older then 1.87. This has to be done since the upstream rails community no longer supports older versions, which means that critical security patches are no longer available if we keep supporting that. if required, we would release 0.4.x maintenance releases, but since ruby 1.87+ is available on most distribution these days, you are encouraged to upgrade. No distribution based on RHEL5 has a supported version of ruby other than 1.85 AFAIK. It's pretty much a roll-your-own-RPM for 1.87, and that's not possible for most sites. -- Jo Rhett Net Consonance : consonant endings by net philanthropy, open source and other randomness -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. Jo, Not speaking for Ohad here, but I do know that rails 3.x would have major issues with Ruby versions = 1.8.6, and are explicitly not supported. As it stands foreman is not alone here, as puppetlabs is not supporting ruby 1.8.5 for the latest versions of puppet dashboard either. 1.8.7 is the minimum to support puppet dashboard 1.2.x. Being that Foreman is just a single server in your environment, is this really that big of a deal? Is there anything the Foreman project could do to ease the issues with supporting a newer versions of Ruby? There are some options here. The packages that Eric mentioned, REE source install, RVM, etc. -Brian -- http://aws.amazon.com/solutions/solution-providers/brandorr/ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] ANNOUNCE: Puppet Labs stdlib module version 2.2.0 released
Jo Rhett wrote: James, I love the idea of this module but the wiki page you listed below is fairly broken. The syntax under anchor certainly wouldn't parse, and I'm staring at it and I'm not even sure what some of it is intending to say... Jo The syntax does parse from what I can see and the wiki documentation is automatically generated from the code inside the module so it's not 100% perfect yet and needs some more work. I'll add a ticket mentioning the documentation parser needs to be cleaned up a little or you're welcome to do the same! The module contains additional documentation for the type that I've reproduced below: A simple resource type intended to be used as an anchor in a composite class. class ntp { class { 'ntp::package': } - class { 'ntp::config': } - class { 'ntp::service': } # These two resources anchor the composed classes # such that the end user may use require and before # relationships with Class['ntp'] anchor { 'ntp::begin': } - class { 'ntp::package': } class { 'ntp::service': } - anchor { 'ntp::end': } } This resource allows all of the classes in the ntp module to be contained within the ntp class from a dependency management point of view. This allows the end user of the ntp module to establish require and before relationships easily: class { 'ntp': } - class { 'mcollective': } class { 'mcollective': } - class { 'ntp': } Hope that helps! Regards James Turnbull -- James Turnbull Puppet Labs 1-503-734-8571 To schedule a meeting with me: http://tungle.me/jamtur01 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: [Puppet-dev] Re: ERROR: Connection reset by peer
Dmitry wrote: Or, if this situation is too uncommon, is there any way to ask puppet agent to always act as if master is running on remote host, even if it runs on the same host and to always communicate via network? Thanks. On Nov 15, 7:13 pm, Dmitry trtrmi...@gmail.com wrote: Hello! I use puppet-2.7.6 to sync several config files in my network. I use neither Mongrel nor Passenger (which probably means I use Webrick as http backend). When I run puppet agent from another machine, everything is fine. When I run agent from the same machine server is running on, I get the following error: # puppet agent --server =hostname.com --no-daemonize --onetime --verbose --no-show_diff skip err: /Stage[main]/Bsd/File[/root/.ssh/authorized_keys]: Could not evaluate: Conn ection reset by peer Could not retrieve file metadata for puppet:///modules/bsd/ root/.ssh/authorized_keys: Connection reset by peer at /usr/local/etc/ puppet/mod ules/bsd/manifests/init.pp:117 If I run same command several times, I usually get the same error at different stages (during request to different files puppet manages). But error is always the same: Connection reset by peer. Sometimes it finishes w/o error, but almost always I get this error. Some kind of random. What does it mean and how can I avoid it? Thanks! Probably best to ask this question on the Puppet-user list rather than the Puppet-dev list. Regards James Turnbull -- James Turnbull Puppet Labs 1-503-734-8571 To schedule a meeting with me: http://tungle.me/jamtur01 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Atomic update of several config files
Hello! Imagine I have some service which config is split into several config files. How should I configure puppet to manage those files so that: 1) service is restarted only once after all configs were synced 2) if some error occurs during update (network error, disk full, any other) I want to be sure that either all config files are refreshed or none of them are (so that service is always in consistent state). Thanks! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Duplicate resource problem for localhost
Hi, I have a module to manage /etc/hosts that works fine for RHEL, but not on Solaris. Basically I've defined all our hosts as virtual host resources, and grouped them various ways by tagging them. These are then realized based on the tags for each node as appropriate. Hosts can have multiple tags and not have any issues with duplicate resource declarations as they are virtual. Any unmanaged host is then purged from the hosts file. The problem for Solaris occurs with the localhost entries: ::1 localhost 127.0.0.1 localhost You can't define host resources with the same name. I would prefer to keep using the host resource if I can as it all works beautifully on our RHEL servers (the localhost names are unique). I thought I might be able to: 1. Template the beginning of the hosts file to include the localhost entries appropriate to the os, writing out to /tmp/hosts_head. 2. Generate another file in /tmp/hosts_body that contains the remainder of the hosts using my current method of realizing the virtual hosts. 3. Concatenate the two. However, when I redirect the target for all the host resources to /tmp/hosts_body, it rips out the contents in the real /etc/inet/hosts: notice: /Stage[after]/Hosts::Virtual/Host[george]/target: target changed '/etc/inet/hosts' to '/tmp/hosts_body' Has anyone solved this problem on Solaris or can offer some suggestions? Thanks in advance, Karen -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: dropping support for ruby 1.85?
On Wed, Nov 16, 2011 at 6:30 AM, Jo Rhett jrh...@netconsonance.com wrote: On Nov 9, 2011, at 5:47 AM, Ohad Levy wrote: Ruby 1.87 support Foreman 0.4 would be the last major version supporting Ruby older then 1.87. This has to be done since the upstream rails community no longer supports older versions, which means that critical security patches are no longer available if we keep supporting that. if required, we would release 0.4.x maintenance releases, but since ruby 1.87+ is available on most distribution these days, you are encouraged to upgrade. No distribution based on RHEL5 has a supported version of ruby other than 1.85 AFAIK. It's pretty much a roll-your-own-RPM for 1.87, and that's not possible for most sites. The way I see it: Don't upgrade to ruby 1.87 == known security holes that could exploit your foreman server (impacting everyone). Upgrade to ruby 1.87 == Pain of migrating foreman to a newer distribution (impacting only a subset of the users)** We are also planning to have a maintenance release in the 0.4.x versions, so critical bugs (and probably less than critical) would be fixed there as well. Ohad ** which imho is a non issue, as : 1. there is a fully automated puppet module to install foreman 2. you only need to pass the db and a couple of config files. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.