Re: [Puppet Users] Commands within commands within a manifest
You could try: tee /path/to/where-I-want-logfile-$(date +%Y%m%d-%H%M%S).log Alternatively, since it doesn't look like you're using any puppet variables in the command string, you could try using single quotes (i.e. restart = '/path/ ...') so puppet won't try to interpret anything it sees in there. Best, Dan On 12/15/2011 12:48 PM, Dan White wrote: Here is what I am trying to do: service{ foo: ... restart = /path/to/script/to/run 21 | tee /path/to/where-I-want-logfile-`date +%Y%m%d-%H%M%S`.log, ... } What I get is a log file named /path/to/where-I-want-logfile-`date I have unsuccessfully tried escaping the command quotes with a back-slash. Other than wrapping the while thing in another script, is there any way to fix this ? “Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us.” Bill Waterson (Calvin Hobbes) -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Recommendations for comment blocks of .pp files?
On 14.12.2011 19:14, Andreas Haerter wrote: I'm asking because there might be some kind of standard and/or tools to parse the source code of .pp files to generate Docs for the puppet modules I'm going to write. Ok, got my question answered on IRC. If you have Rdoc-formatted text blocks before your classes, you can use the puppet doc tool to generate HTML documentation. The Wiki provides some information: http://projects.puppetlabs.com/projects/puppet/wiki/Puppet_Manifest_Documentation -- Andreas http://blog.andreas-haerter.com O ascii ribbon campaign - stop html mail - www.asciiribbon.org signature.asc Description: OpenPGP digital signature
[Puppet Users] Recommendations for comment blocks of .pp files?
Hi *, I'm new to puppet. Before writing and modifying tons of source code to get my environment up and running, it would be nice to hear if there are any recommendations regarding the format of a) comment blocks to document classes and files b) comment blocks to document other stuff (e.g. defines) c) # vs /* */ for multi-line comments I'm asking because there might be some kind of standard and/or tools to parse the source code of .pp files to generate Docs for the puppet modules I'm going to write. Or is RDoc[1] the format one would use (because Puppet is written in Ruby)? If so, are there any existing RDoc comment header templates/examples to get a quick start? Thanks [1]http://en.wikipedia.org/wiki/RDoc **tl;dr** Is there something like like PHPDoc/JavaDoc-DocBlocks for puppet .pp manifest files? Example: /** * Foobar * * yadda yadda yadda * * @license GPLv2 (http://www.gnu.org/licenses/gpl2.html) * @author John Doe john...@example.comm * @link http://example.com/helpful-page */ -- Andreas http://blog.andreas-haerter.com O ascii ribbon campaign - stop html mail - www.asciiribbon.org signature.asc Description: OpenPGP digital signature
Re: [Puppet Users] Dependencies across different nodes - possible?
On Thu, Dec 15, 2011 at 07:22, Malte Janduda malte.jand...@googlemail.com wrote: is there a possibility to define dependencies across multiple nodes? Not at this point in time, no, although Luke had a prototype of a stop and wait resource ages ago that handled this. We have it on our roadmap, but the problem is surprisingly complicated once you scratch the surface, so we can't make any promises about timeline or anything. Daniel -- ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Commands within commands within a manifest
Thanks for the suggestions. tee /path/to/where-I-want-logfile-$(date +%Y%m%d-%H%M%S).log did not work. bash: syntax error near unexpected token `(' I will let you know if the single quote option works. “Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us.” Bill Waterson (Calvin Hobbes) - Dan Rao dhana...@cs.wisc.edu wrote: You could try: tee /path/to/where-I-want-logfile-$(date +%Y%m%d-%H%M%S).log Alternatively, since it doesn't look like you're using any puppet variables in the command string, you could try using single quotes (i.e. restart = '/path/ ...') so puppet won't try to interpret anything it sees in there. Best, Dan On 12/15/2011 12:48 PM, Dan White wrote: Here is what I am trying to do: service{ foo: ... restart = /path/to/script/to/run 21 | tee /path/to/where-I-want-logfile-`date +%Y%m%d-%H%M%S`.log, ... } What I get is a log file named /path/to/where-I-want-logfile-`date I have unsuccessfully tried escaping the command quotes with a back-slash. Other than wrapping the while thing in another script, is there any way to fix this ? “Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us.” Bill Waterson (Calvin Hobbes) -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Variable Scoping. Argh.
Gr. On Thu, Dec 15, 2011 at 9:11 AM, Douglas Garstang doug.garst...@gmail.com wrote: I have this: node /prod\-(blitz|cisco|masdar|dow)\-app\-01.c3\-e.com/ inherits basenode-rhel { $splunk_loghost = loghost.c3platform.com include splunkforwarder::c3_app_server } class splunkforwarder::c3_app_server inherits splunkforwarder::common { notice(loghost=$splunk_loghost) } In the c3_app_server class, when notice() is called, the splunk_loghost variable is not set. How come? This is puppet version 2.6.2. Doug. -- Regards, Douglas Garstang http://www.linkedin.com/in/garstang Email: doug.garst...@gmail.com Cell: +1-805-340-5627 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Variable Scoping. Argh.
On Dec 15, 11:11 am, Douglas Garstang doug.garst...@gmail.com wrote: I have this: node /prod\-(blitz|cisco|masdar|dow)\-app\-01.c3\-e.com/ inherits basenode-rhel { $splunk_loghost = loghost.c3platform.com include splunkforwarder::c3_app_server } class splunkforwarder::c3_app_server inherits splunkforwarder::common { notice(loghost=$splunk_loghost) } In the c3_app_server class, when notice() is called, the splunk_loghost variable is not set. How come? This is puppet version 2.6.2. Two possibilities come to mind: 1) node basenode-rhel directly or indirectly includes class splunkforwarder::c3_app_server, so $splunk_loghost is evaluated in that node's dynamic scope, instead of in the scope you expect. 2) class splunkforwarder::common sets an empty value for a variable $splunk_loghost in its namespace, and the subclass resolves $splunk_loghost to its superclass's variable instead of to the node variable. This is the sort of problem that parameterized classes were designed to solve, and that external data solves better. I recommend choosing one of those approaches so that the source of your $splunk_loghost data is clear and well-defined. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: restarting service when configuration changes
On Dec 15, 8:33 am, Felix Frank felix.fr...@alumni.tu-berlin.de wrote: On 12/15/2011 03:08 PM, jcbollinger wrote: Right. As far as I know, classes do not forward signals to resources they contain. Which really is a major pitfall. Any insight on why it's not done? I suspect some historical inertia, but it's also not clear to me that the historical behavior is less desirable. It might be reasonable if the effect of refreshing a class were to refresh all of its resources, but I don't see that as the singular right thing to do. Furthermore, I suspect that making class refreshes work that way is a far more complicated proposal than it might at first appear. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: restarting service when configuration changes
On Dec 15, 10:16 am, Sans r.santanu@gmail.com wrote: On Dec 15, 2:08 pm, jcbollinger john.bollin...@stjude.org wrote: On Dec 14, 4:37 pm, Jo Rhett jrh...@netconsonance.com wrote: Try notify = Service['autofs'] Right. As far as I know, classes do not forward signals to resources they contain. Are you absolutely sure about that? As far as I know was meant to convey that no, I am not absolutely sure. My understanding was to use something like Class['zmfs::service'] only to avoid running individual services separately in that class. That's understandable, but evidently it doesn't work with resource signaling. Moreover, it's not obvious to me that that's what you really want anyway. For instance, do you care in what order the resources in class zmfs::service get refreshed? If so, then signaling via the class would not be correct anyway. Furthermore, you should consider whether it would be appropriate to combine your two classes. That a resource belonging to one wants to signal a resource belonging to the other is a hint in that direction (but no more than that). I'm not seeing what you gain by defining such fine-grained classes, especially with the implicit dependencies among them (see next). Those three code snippets are in three different files, namely definition.pp, config.pp and service.pp respectively. That's entirely beside the point, which is that resources that are closely related to each other typically belong in the same class. Consider: would any node ever want to include class zmfs::config but not class zmfs::service? Would it be correct for a node to include zmfs::service but not zmfs::config? If the anwer is no to both questions, then why are these separate classes? Note that as your manifests now stand, any node that includes zmfs::config *must* also include zmfs::service, else its catalog will not compile. And there is a config.pp where The line_check definition gets reused for various files in the module. Very good, no problem with that. [re]Starting zmfs is not just enough, it's needs some other services to be restarted, autofs being one of the most important ones. So, what I want is to restart autofs as soon as the /zmfs / etc/auto.zmfs is added to the auto.master file, say for example for the very first time. zmfs itself still just works without restarting (even starting) the autofs but it won't be completely usable. So what you're saying is that notify = Service['autofs'] is *exactly* what you want. You don't need to signal the other resources in class zmfs::service; you only need to signal Service['autofs']. So, in fact, this is the actual service.pp file: *** class zmfs::service { service { 'zmfs': enable = true, ensure = running, hasstatus = true, hasrestart = true, #status = '/etc/zmfs/service_zmfs', require = Package['zmfs','zmfs-init-scripts']; 'autofs': enable = true, ensure = running, hasstatus = true, hasrestart = true, status = 'service zmfs probe', require = Package['zmfs','zmfs-init-scripts']; }} *** I wrote (at least trying to) this module to use by the several other sys-admins, where either autofs is already running and in some cases the auto.master itself is being maintained by another puppet module. So in that case, putting Service['autofs'] in class zmfs::service is probably harmful, unless you can be certain that every node that wants to use autofs also wants to use zmfs, now and forever. Indeed, it is quite strange that you contemplate managing the autofs service and one of its configuration files in completely separate modules. So, I had to make sure my module must restart autofs after adding the appropriate line to the file. but that's not happening. We understand what you are trying to accomplish, and it's quite reasonable. Jo suggested a way for you to reach your objective -- notifying the Service instead of the class declaring it -- and the more you explain, the more that suggestion seems exactly the right thing to do. On the other hand, if I take the 'service autofs' out of the equation and use an external script (service_zmfs) with status #!/usr/bin/perl # file: service_zmfs use strict; use warnings; my @checks = ( serviceautofs restart, service zmfs probe, ); for my $check ( @checks ) { $check .= 21 /dev/null; # suppress output system( $check ) == 0 or exit 1;} * it works. Still don't fully get it. What does one have to do with the other? If you prefer to use an external script then fine, but that has nothing to do with how you must write your Puppet manifests
Re: [Puppet Users] puppet kick getting hostname not match with the server certificate
John Kennedy wrote: OS - RHEL5.7 Installation Source - epel-testing repo Puppet server version - 2.6.6 puppetd version - 2.6.6 I searched Google and none of the answers were a match for my set up... I can do 'puppetd --test' from the client and things work as expected. When doing puppet kick hostname I get the following: Triggering hostname Host hostname failed: hostname not match with the server certificate hostname finished with exit code 2 Failed: hostname John Did you ever work out the issue here? Regards James Turnbull -- James Turnbull Puppet Labs 1-503-734-8571 To schedule a meeting with me: http://tungle.me/jamtur01 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: restarting service when configuration changes
On Thu, Dec 15, 2011 at 2:56 PM, jcbollinger john.bollin...@stjude.orgwrote: On Dec 15, 10:16 am, Sans r.santanu@gmail.com wrote: On Dec 15, 2:08 pm, jcbollinger john.bollin...@stjude.org wrote: On Dec 14, 4:37 pm, Jo Rhett jrh...@netconsonance.com wrote: Try notify = Service['autofs'] Right. As far as I know, classes do not forward signals to resources they contain. Are you absolutely sure about that? As far as I know was meant to convey that no, I am not absolutely sure. You can notify a class, and it forwards the signal to resources it contains. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Does someone have a working config of nginx+passenger for Puppet
I see, that is the passenger_set_cgi_param which was missing. I was using proxy_set_header and that was not working. And clearly my config.ru was missing a lot too, and i had to make symlinks and stuff to point to my Puppet installation dirs Thanks a lot, Alex On 13 déc, 22:14, windowsrefund windowsref...@gmail.com wrote: nginx bits... server { server_name puppet; listen 8140 default ssl; client_max_body_size 10M; passenger_enabled on; passenger_set_cgi_param HTTP_X_CLIENT_DN $ssl_client_s_dn; passenger_set_cgi_param HTTP_X_CLIENT_VERIFY $ssl_client_verify; root /opt/nginx/html/puppet-production/public; ssl_certificate /etc/puppet/ssl/certs/puppet.pem; ssl_certificate_key /etc/puppet/ssl/private_keys/puppet.pem; ssl_crl /etc/puppet/ssl/ca/ca_crl.pem; ssl_client_certificate /etc/puppet/ssl/certs/ca.pem; ssl_protocols SSLv3 TLSv1; ssl_ciphers HIGH:+MEDIUM; ssl_prefer_server_ciphers on; ssl_verify_client optional; ssl_verify_depth 1; ssl_session_cache shared:SSL:128m; ssl_session_timeout 5m; } passenger bits (config.ru)... $0 = puppetmasterd require 'puppet' ARGV --rack ARGV --confdir=/etc/puppet.production ARGV --vardir=/var/puppet.production ARGV --reportdir=/var/puppet.production/reports ARGV --ssldir=/etc/puppet/ssl ARGV --ssl_client_header=SSL_CLIENT_S_DN ARGV --ssl_client_verify_header=SSL_CLIENT_VERIFY require 'puppet/application/puppetmasterd' run Puppet::Application[:puppetmasterd].run -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Puppet with Ruby1.9 issue
Hi, I have a running puppetmaster with nginx and passenger and ruby 1.9.2. When i do puppet cert --trace --list . i get the following error. /usr/lib64/ruby/gems/1.9.1/gems/puppet-2.7.9/lib/puppet/application/ cert.rb:43:in `block (2 levels) in class:Cert' /usr/lib64/ruby/gems/1.9.1/gems/puppet-2.7.9/lib/puppet/application.rb: 357:in `block (2 levels) in parse_options' /usr/lib64/ruby/1.9.1/optparse.rb:1277:in `call' /usr/lib64/ruby/1.9.1/optparse.rb:1277:in `block in parse_in_order' /usr/lib64/ruby/1.9.1/optparse.rb:1264:in `catch' /usr/lib64/ruby/1.9.1/optparse.rb:1264:in `parse_in_order' /usr/lib64/ruby/1.9.1/optparse.rb:1258:in `order!' /usr/lib64/ruby/1.9.1/optparse.rb:1349:in `permute!' /usr/lib64/ruby/1.9.1/optparse.rb:1370:in `parse!' /usr/lib64/ruby/gems/1.9.1/gems/puppet-2.7.9/lib/puppet/application.rb: 364:in `parse_options' /usr/lib64/ruby/gems/1.9.1/gems/puppet-2.7.9/lib/puppet/application/ cert.rb:230:in `parse_options' /usr/lib64/ruby/gems/1.9.1/gems/puppet-2.7.9/lib/puppet/application.rb: 302:in `block (2 levels) in run' /usr/lib64/ruby/gems/1.9.1/gems/puppet-2.7.9/lib/puppet/application.rb: 410:in `hook' /usr/lib64/ruby/gems/1.9.1/gems/puppet-2.7.9/lib/puppet/application.rb: 302:in `block in run' /usr/lib64/ruby/gems/1.9.1/gems/puppet-2.7.9/lib/puppet/application.rb: 401:in `exit_on_fail' /usr/lib64/ruby/gems/1.9.1/gems/puppet-2.7.9/lib/puppet/application.rb: 302:in `run' /usr/lib64/ruby/gems/1.9.1/gems/puppet-2.7.9/lib/puppet/util/ command_line.rb:69:in `execute' /usr/lib64/ruby/gems/1.9.1/gems/puppet-2.7.9/bin/puppet:4:in `top (required)' /usr/bin/puppet:19:in `load' /usr/bin/puppet:19:in `main' Could not parse options: wrong number of arguments (1 for 0) I have seen this bug on http://projects.puppetlabs.com/issues/7428 However i am unable to solve the problem given in the link. I changed /usr/lib64/ruby/gems/1.9.1/gems/puppet-2.7.9/lib/puppet/ application/cert.rb Eg: option(--all, -a) do @all = true end to option(--all, -a) do |*_| @all = true end Am i doing anything wrong. Regards, Kevin -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Separate CA's
Hello, I have a desire to have separate primary/secondary CA servers, and separate puppet master servers running behind a load balancer (ultimately an F5 but will use an Apache mod_proxy.. setup initially to test). The Pro Puppet books suggest this with everything running with Passenger which is fine but is it really necessary for the CA's or is there an alternative ? Anyone got any example config's that I can crib off. If that's the best way then I can start with that and think about the SSL issues that will inevitably arise. Any pointers would be much appreciated. Thanks -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Puppet 2.7.9 package for Solaris
Folks, I've rolled 2.7.9 for Solaris as an OpenCSW package[1]. You can get it from the 'unstable' catalog now. Regards, --Mark [1] http://www.opencsw.org/packages/puppet http://www.opencsw.org/packages/puppetmaster -- Mark Phillips http://probably.co.uk http://vntx.cc -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: restarting service when configuration changes
On Dec 14, 4:37 pm, Jo Rhett jrh...@netconsonance.com wrote: Try notify = Service['autofs'] Right. As far as I know, classes do not forward signals to resources they contain. Furthermore, you should consider whether it would be appropriate to combine your two classes. That a resource belonging to one wants to signal a resource belonging to the other is a hint in that direction (but no more than that). I'm not seeing what you gain by defining such fine-grained classes, especially with the implicit dependencies among them (see next). Also, if you do not combine classes, then be sure each class 'include's the other classes whose resources it references. For instance, class zmfs::service should contain include 'zmfs::config' at the beginning of its body. Class zmfs::service should 'include' whatever class(es) declares the the 'zmfs' and 'zmfs-init-scripts' packages. On the practical side, this protects you from catalog compilation failures arising from varying parse order. On the conceptual side, it's the Right Thing for classes to formally declare their dependencies. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Puppet does not connect to ldap at secure port because of ssl certificate signed by cacert.org
I upgraded my puppetmaster server to the version 2.7.9. All started working again. But after about 18-20 hours, it again stopped working. We are now using puppet behind passenger and Apache: Details are as below: 1. Puppet: 2.6.9 2. Rack: 1.2.2 3. Passenger: 3.0.7 4. OS: CentOS 6 Before it stopped working at port 1636, all was perfect after I had upgraded puppet at 2.7.9 version. The other important point is: This Was A Fresh Server. --- Thanks Ganesh On Nov 29, 11:07 pm, Ganesh Sharma worldiswelc...@gmail.com wrote: Hi Den, Sure I can provide the debug information as well, though I could see nothing much. I concatenated cacert's root.crt and class3.crt to /var/lib/puppet/ssl/ ca/ca_crt.pem. That did not help me. In the next post I provide my debug information i.e the output of: puppetmasterd --no-daemonize --verbose --debug Kindly let me know if you want to see the output of any other commands as well. I'll provide those too. --- Thanks Ganesh On Nov 29, 2:51 am, Denmat tu2bg...@gmail.com wrote: Hi, Can you provide any debug information? If you say it was working, can you think of any change that might have contributed? The only other thing I can think of without looking at the code would be to append the cacert.org ca to thepuppetca and see if that helps. Logs onLDAPmight also point to clue. Den On 29/11/2011, at 6:31, Ganesh Sharma worldiswelc...@gmail.com wrote: Let me ask my question more specifically: How canpuppettrustthe certificate presented by myldapserver which is signed by cacerts.org? If I am able to do that somehow, my problem can be resolved. Any ideas? On Nov 29, 12:29 am, Ganesh Sharma worldiswelc...@gmail.com wrote: Thanks Den for your reply. Yes search works perfectly. I tried it multiple times and it still works. It works at non-ssl port as well. So far as non-standard port is concerned, openDSLDAPuses 1636 port as standard. Moreover it had been working in past at port 1636. Here is thepuppet.conf file in use: At present ssl settings are commented out. === [main] # ThePuppetlog directory. # The default value is '$vardir/log'. logdir = /var/log/puppet # WherePuppetPID files are kept. # The default value is '$vardir/run'. rundir = /var/run/puppet # Where SSL certificates are kept. # The default value is '$confdir/ssl'. ssldir = $vardir/ssl node_terminus = ldap [agent] # The file in which puppetd stores a list of the classes # associated with the retrieved configuratiion. Can be loaded in # the separate ``puppet`` executable using the ``--loadclasses`` # option. # The default value is '$confdir/classes.txt'. classfile = $vardir/classes.txt # Where puppetd caches the local configuration. An # extension indicating the cache format is added automatically. # The default value is '$confdir/localconfig'. localconfig = $vardir/localconfig server =puppet-server.domain.com report = false runinterval = 30 [master] node_terminus = ldap ldapssl = false #ldapssl = true ldapserver =ldap-server.domain.com ldapbase = ou=appliances,o=gluu #ldapport = 1636 ldapport = 1389 ldapuser = cn=directory manager ldappassword = === On Nov 26, 2:22 am, Denmat tu2bg...@gmail.com wrote: Hi, I don't useldapmyself so I may be of limited value. First it would also useful to confirm thatldapworks as expected over ssl by performing a ldapsearch -vx -ZZ whatever you need to test your search from your puppetmaster using the credentials you need. It would also be good to see thepuppet.conf you are using that shows yourldapsettings. I do notice you're using non standard ldaps port. Cheers, Den On 26/11/2011, at 7:24, Ganesh Sharma worldiswelc...@gmail.com wrote: Hello, First of all thanks for such a great software and that too for no cost. I'm describing the problem below along with my Environment Details: 1.LDAP: openDS 2.Puppet: Version 2.7.3 (Both clients and servers) 3. Certificates being used: Signed by cacert.org 4. Node Definitions: in openDS 5.LDAP(SSL) Port: 1636 6.PuppetPort: 8140 7.PuppetRuns by: Webrick Problem: We have lot of servers which we control bypuppetand thepuppetnode definitions are stored inLDAP. Everything was going perfect earlier. But for few days I see below error: --- warning: RetryingLDAPconnection err: Failed when searching for node x.domain.com :LDAPSearch failed --- This error is for all the nodes. The server runs perfectly at port 1389 which is non-ssl port.
[Puppet Users] Re: restarting service when configuration changes
On Dec 14, 7:35 am, Sans r.santanu@gmail.com wrote: Another question: Can I just do service { 'autofs': or service { 'nfs': (or any given standard unix/linux service) just like that? As opposed to what? The service name to use is whatever the system's tools use to refer to the service. For example, if your system provides the 'chkconfig' and 'service' commands for managing services, then your Puppet manifests should name Service resources with the names that you would use with those tools. I'm wondering if that part is being completely ignored. Unlikely. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Puppet does not connect to ldap at secure port because of ssl certificate signed by cacert.org
Sorry, a typo again. The puppet version is: 2.7.9. So, details are: 1. Puppet: 2.7.9 2. Rack: 1.2.2 3. Passenger: 3.0.7 4. OS: CentOS 6 On Dec 15, 7:14 pm, Ganesh Sharma worldiswelc...@gmail.com wrote: I upgraded my puppetmaster server to the version 2.7.9. All started working again. But after about 18-20 hours, it again stopped working. We are now using puppet behind passenger and Apache: Details are as below: 1. Puppet: 2.6.9 2. Rack: 1.2.2 3. Passenger: 3.0.7 4. OS: CentOS 6 Before it stopped working at port 1636, all was perfect after I had upgraded puppet at 2.7.9 version. The other important point is: This Was A Fresh Server. --- Thanks Ganesh On Nov 29, 11:07 pm, Ganesh Sharma worldiswelc...@gmail.com wrote: Hi Den, Sure I can provide the debug information as well, though I could see nothing much. I concatenated cacert's root.crt and class3.crt to /var/lib/puppet/ssl/ ca/ca_crt.pem. That did not help me. In the next post I provide my debug information i.e the output of: puppetmasterd --no-daemonize --verbose --debug Kindly let me know if you want to see the output of any other commands as well. I'll provide those too. --- Thanks Ganesh On Nov 29, 2:51 am, Denmat tu2bg...@gmail.com wrote: Hi, Can you provide any debug information? If you say it was working, can you think of any change that might have contributed? The only other thing I can think of without looking at the code would be to append the cacert.org ca to thepuppetca and see if that helps. Logs onLDAPmight also point to clue. Den On 29/11/2011, at 6:31, Ganesh Sharma worldiswelc...@gmail.com wrote: Let me ask my question more specifically: How canpuppettrustthe certificate presented by myldapserver which is signed by cacerts.org? If I am able to do that somehow, my problem can be resolved. Any ideas? On Nov 29, 12:29 am, Ganesh Sharma worldiswelc...@gmail.com wrote: Thanks Den for your reply. Yes search works perfectly. I tried it multiple times and it still works. It works at non-ssl port as well. So far as non-standard port is concerned, openDSLDAPuses 1636 port as standard. Moreover it had been working in past at port 1636. Here is thepuppet.conf file in use: At present ssl settings are commented out. === [main] # ThePuppetlog directory. # The default value is '$vardir/log'. logdir = /var/log/puppet # WherePuppetPID files are kept. # The default value is '$vardir/run'. rundir = /var/run/puppet # Where SSL certificates are kept. # The default value is '$confdir/ssl'. ssldir = $vardir/ssl node_terminus = ldap [agent] # The file in which puppetd stores a list of the classes # associated with the retrieved configuratiion. Can be loaded in # the separate ``puppet`` executable using the ``--loadclasses`` # option. # The default value is '$confdir/classes.txt'. classfile = $vardir/classes.txt # Where puppetd caches the local configuration. An # extension indicating the cache format is added automatically. # The default value is '$confdir/localconfig'. localconfig = $vardir/localconfig server =puppet-server.domain.com report = false runinterval = 30 [master] node_terminus = ldap ldapssl = false #ldapssl = true ldapserver =ldap-server.domain.com ldapbase = ou=appliances,o=gluu #ldapport = 1636 ldapport = 1389 ldapuser = cn=directory manager ldappassword = === On Nov 26, 2:22 am, Denmat tu2bg...@gmail.com wrote: Hi, I don't useldapmyself so I may be of limited value. First it would also useful to confirm thatldapworks as expected over ssl by performing a ldapsearch -vx -ZZ whatever you need to test your search from your puppetmaster using the credentials you need. It would also be good to see thepuppet.conf you are using that shows yourldapsettings. I do notice you're using non standard ldaps port. Cheers, Den On 26/11/2011, at 7:24, Ganesh Sharma worldiswelc...@gmail.com wrote: Hello, First of all thanks for such a great software and that too for no cost. I'm describing the problem below along with my Environment Details: 1.LDAP: openDS 2.Puppet: Version 2.7.3 (Both clients and servers) 3. Certificates being used: Signed by cacert.org 4. Node Definitions: in openDS 5.LDAP(SSL) Port: 1636 6.PuppetPort: 8140 7.PuppetRuns by: Webrick Problem: We have lot of servers which we control bypuppetand thepuppetnode definitions are stored
Re: [Puppet Users] Re: restarting service when configuration changes
On 12/15/2011 03:08 PM, jcbollinger wrote: Right. As far as I know, classes do not forward signals to resources they contain. Which really is a major pitfall. Any insight on why it's not done? Cheers, Felix -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: restarting service when configuration changes
On Dec 15, 2:08 pm, jcbollinger john.bollin...@stjude.org wrote: On Dec 14, 4:37 pm, Jo Rhett jrh...@netconsonance.com wrote: Try notify = Service['autofs'] Right. As far as I know, classes do not forward signals to resources they contain. Are you absolutely sure about that? My understanding was to use something like Class['zmfs::service'] only to avoid running individual services separately in that class. Furthermore, you should consider whether it would be appropriate to combine your two classes. That a resource belonging to one wants to signal a resource belonging to the other is a hint in that direction (but no more than that). I'm not seeing what you gain by defining such fine-grained classes, especially with the implicit dependencies among them (see next). Those three code snippets are in three different files, namely definition.pp, config.pp and service.pp respectively. And there is a config.pp where The line_check definition gets reused for various files in the module. [re]Starting zmfs is not just enough, it's needs some other services to be restarted, autofs being one of the most important ones. So, what I want is to restart autofs as soon as the /zmfs / etc/auto.zmfs is added to the auto.master file, say for example for the very first time. zmfs itself still just works without restarting (even starting) the autofs but it won't be completely usable. So, in fact, this is the actual service.pp file: *** class zmfs::service { service { 'zmfs': enable= true, ensure= running, hasstatus= true, hasrestart = true, #status = '/etc/zmfs/service_zmfs', require = Package['zmfs','zmfs-init-scripts']; 'autofs': enable = true, ensure = running, hasstatus = true, hasrestart = true, status = 'service zmfs probe', require = Package['zmfs','zmfs-init-scripts']; } } *** I wrote (at least trying to) this module to use by the several other sys-admins, where either autofs is already running and in some cases the auto.master itself is being maintained by another puppet module. So, I had to make sure my module must restart autofs after adding the appropriate line to the file. but that's not happening. On the other hand, if I take the 'service autofs' out of the equation and use an external script (service_zmfs) with status #!/usr/bin/perl # file: service_zmfs use strict; use warnings; my @checks = ( serviceautofs restart, service zmfs probe, ); for my $check ( @checks ) { $check .= 21 /dev/null; # suppress output system( $check ) == 0 or exit 1; } * it works. Still don't fully get it. Cheers!! Also, if you do not combine classes, then be sure each class 'include's the other classes whose resources it references. For instance, class zmfs::service should contain include 'zmfs::config' at the beginning of its body. Class zmfs::service should 'include' whatever class(es) declares the the 'zmfs' and 'zmfs-init-scripts' packages. On the practical side, this protects you from catalog compilation failures arising from varying parse order. On the conceptual side, it's the Right Thing for classes to formally declare their dependencies. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Commands within commands within a manifest
Here is what I am trying to do: service{ foo: ... restart = /path/to/script/to/run 21 | tee /path/to/where-I-want-logfile-`date +%Y%m%d-%H%M%S`.log, ... } What I get is a log file named /path/to/where-I-want-logfile-`date I have unsuccessfully tried escaping the command quotes with a back-slash. Other than wrapping the while thing in another script, is there any way to fix this ? “Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us.” Bill Waterson (Calvin Hobbes) -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet with Ruby1.9 issue
On Thu, Dec 15, 2011 at 02:33, linuxbsdfreak linuxbsdfr...@gmail.com wrote: Hey there. I have a running puppetmaster with nginx and passenger and ruby 1.9.2. I see something odd here - 1.9.2 in the line above, and ... When i do puppet cert --trace --list . i get the following error. /usr/lib64/ruby/gems/1.9.1/gems/puppet-2.7.9/lib/puppet/application/ cert.rb:43:in `block (2 levels) in class:Cert' ... 1.9.1 here. Which we don't actually support. My guess is you are running with 1.9.1 accidentally, and that is breaking. Daniel -- ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] filtering exported resources...
I'm currently searching around/reading up on exported resources, but figured I'd ping the list to see if someone had a quick answer. I'm collecting and exporting ssh keys, basically like the example in ProPuppet and in the wiki etc. I was collecting both rsa and dsa keys, and exporting all keys. I've stopped collecting dsa keys, we don't care about those, and are looking to cut our run times down (about 1750 hosts). However, I'm assuming that a new node brought online will still get all the dsa keys since they have already been collected, right? Can I do something like: class ssh::knownhosts { Sshkey | type= 'rsa' | {ensure = present} } to only hand out the rsa ssh keys? -- Matthew Nicholson -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet with Ruby1.9 issue
Dan - Some distro's pinned these kind of directories at 1.9.1. For example in Debian the package is called ruby-1.9.1 even though its version 1.9.2/1.9.3 (depending on release). # ruby1.9.1 --version ruby 1.9.3p0 (2011-10-30 revision 33570) [x86_64-linux] # ls /usr/lib/ruby/ 1.8 1.9.1 vendor_ruby Anyhow ... what is interesting, is that I can replicate this on wheezy. # gem1.9.1 install puppet # ruby1.9.1 /usr/local/bin/puppet cert --list /var/lib/gems/1.9.1/gems/facter-1.6.4/lib/facter/util/config.rb:7: Use RbConfig instead of obsolete and deprecated Config. /usr/lib/ruby/1.9.1/rubygems/custom_require.rb:36:in `require': iconv will be deprecated in the future, use String#encode instead. Could not parse options: wrong number of arguments (1 for 0) And switching back to the packaged version: # /usr/bin/puppet cert --list --all + dashboard(B6:1F:91:F3:70:E4:AD:C5:4C:B8:40:BF:0D:2A:7D:C5) + db1.vms.cloud.bob.sh (C6:B2:F7:3E:9A:DB:F7:75:22:CD:6F:30:55:3E:C5:06) + foremanweb1.vms.cloud.bob.sh (F8:0D:12:BB:F8:D1:3A:AD:A2:73:46:E2:78:85:69:86) + k...@bob.sh (CB:9C:4E:67:41:59:4B:43:39:0C:4B:DD:25:A2:19:D8) + lb1.vms.cloud.bob.sh (73:C7:B3:4D:C9:5A:1D:D6:80:C2:57:96:B5:0A:A9:C1) + mc-server-global (52:63:C0:02:14:83:CD:9D:36:0D:82:3F:E3:19:03:E1) + node1.cloud.bob.sh (4B:12:11:DE:8F:21:71:EA:50:3A:70:97:81:0C:A9:E4) (alt names: DNS:puppet, DNS:node1.cloud.bob.sh, DNS:puppet.cloud.bob.sh) + web1.vms.cloud.bob.sh(68:CC:0A:6F:80:CC:84:DE:3D:37:0A:02:E5:2A:BA:6D) root@node1:~# Odd. I'll dig a bit further. ken. On Thu, Dec 15, 2011 at 7:20 PM, Daniel Pittman dan...@puppetlabs.com wrote: On Thu, Dec 15, 2011 at 02:33, linuxbsdfreak linuxbsdfr...@gmail.com wrote: Hey there. I have a running puppetmaster with nginx and passenger and ruby 1.9.2. I see something odd here - 1.9.2 in the line above, and ... When i do puppet cert --trace --list . i get the following error. /usr/lib64/ruby/gems/1.9.1/gems/puppet-2.7.9/lib/puppet/application/ cert.rb:43:in `block (2 levels) in class:Cert' ... 1.9.1 here. Which we don't actually support. My guess is you are running with 1.9.1 accidentally, and that is breaking. Daniel -- ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet with Ruby1.9 issue
Okay - so its a known issue: http://projects.puppetlabs.com/issues/7428 Looks like there is a workaround there Kevin. Let us know how you go. ken. On Thu, Dec 15, 2011 at 7:40 PM, Ken Barber k...@puppetlabs.com wrote: Dan - Some distro's pinned these kind of directories at 1.9.1. For example in Debian the package is called ruby-1.9.1 even though its version 1.9.2/1.9.3 (depending on release). # ruby1.9.1 --version ruby 1.9.3p0 (2011-10-30 revision 33570) [x86_64-linux] # ls /usr/lib/ruby/ 1.8 1.9.1 vendor_ruby Anyhow ... what is interesting, is that I can replicate this on wheezy. # gem1.9.1 install puppet # ruby1.9.1 /usr/local/bin/puppet cert --list /var/lib/gems/1.9.1/gems/facter-1.6.4/lib/facter/util/config.rb:7: Use RbConfig instead of obsolete and deprecated Config. /usr/lib/ruby/1.9.1/rubygems/custom_require.rb:36:in `require': iconv will be deprecated in the future, use String#encode instead. Could not parse options: wrong number of arguments (1 for 0) And switching back to the packaged version: # /usr/bin/puppet cert --list --all + dashboard (B6:1F:91:F3:70:E4:AD:C5:4C:B8:40:BF:0D:2A:7D:C5) + db1.vms.cloud.bob.sh (C6:B2:F7:3E:9A:DB:F7:75:22:CD:6F:30:55:3E:C5:06) + foremanweb1.vms.cloud.bob.sh (F8:0D:12:BB:F8:D1:3A:AD:A2:73:46:E2:78:85:69:86) + k...@bob.sh (CB:9C:4E:67:41:59:4B:43:39:0C:4B:DD:25:A2:19:D8) + lb1.vms.cloud.bob.sh (73:C7:B3:4D:C9:5A:1D:D6:80:C2:57:96:B5:0A:A9:C1) + mc-server-global (52:63:C0:02:14:83:CD:9D:36:0D:82:3F:E3:19:03:E1) + node1.cloud.bob.sh (4B:12:11:DE:8F:21:71:EA:50:3A:70:97:81:0C:A9:E4) (alt names: DNS:puppet, DNS:node1.cloud.bob.sh, DNS:puppet.cloud.bob.sh) + web1.vms.cloud.bob.sh (68:CC:0A:6F:80:CC:84:DE:3D:37:0A:02:E5:2A:BA:6D) root@node1:~# Odd. I'll dig a bit further. ken. On Thu, Dec 15, 2011 at 7:20 PM, Daniel Pittman dan...@puppetlabs.com wrote: On Thu, Dec 15, 2011 at 02:33, linuxbsdfreak linuxbsdfr...@gmail.com wrote: Hey there. I have a running puppetmaster with nginx and passenger and ruby 1.9.2. I see something odd here - 1.9.2 in the line above, and ... When i do puppet cert --trace --list . i get the following error. /usr/lib64/ruby/gems/1.9.1/gems/puppet-2.7.9/lib/puppet/application/ cert.rb:43:in `block (2 levels) in class:Cert' ... 1.9.1 here. Which we don't actually support. My guess is you are running with 1.9.1 accidentally, and that is breaking. Daniel -- ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Separate CA's
The absolute nicest option is to use a bundled certificate authority where all CAs are signed by some higher level Cert, then most of these problems go away. Last I heard this was broken in Puppet / Ruby. That used to work before 0.25, sadly broken since. Ruby fully support that, and at the moment its broken in puppet afaik. Ohad Was this bug of yours about that? If so.. maybe others interested can vote it up. http://projects.puppetlabs.com/issues/3770 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/sTgY2Dlq2AwJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Dependencies across different nodes - possible?
Hey, is there a possibility to define dependencies across multiple nodes? I have the following situation: I want to deploy a web application on multiple servers. There are different services to set up: - database - shared volume - the application (tomcat) Every service runs on a different node. It is important that the database and shared volume are set up before the tomcat starts running. How do I declare the dependencies in this case? Thank you very much! Regards, Malte -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Using stored configs brakes on client update
Hi, We're using puppet from longer time, but now want to switch into stored configs. When I ran locally puppet on puppetmaster server, ie: puppet /var/lib/puppet/manifests/nodes.pp --debug it works smooth. When running client with debug I get message: root@puppet-client:~# puppet agent -v --fqdn=puppet-client.ig.local -- waitforcert 60 --onetime --no-daemonize --logdest console --test -- verbose --debug --trace debug: Failed to load library 'rubygems' for feature 'rubygems' debug: Failed to load library 'selinux' for feature 'selinux' debug: Puppet::Type::File::ProviderMicrosoft_windows: feature microsoft_windows is missing debug: Failed to load library 'ldap' for feature 'ldap' debug: /File[/var/lib/puppet/ssl/certs]: Autorequiring File[/var/lib/ puppet/ssl] debug: /File[/var/lib/puppet/clientbucket]: Autorequiring File[/var/ lib/puppet] debug: /File[/var/lib/puppet/client_yaml]: Autorequiring File[/var/lib/ puppet] debug: /File[/var/lib/puppet/ssl/certificate_requests]: Autorequiring File[/var/lib/puppet/ssl] debug: /File[/var/lib/puppet/ssl/crl.pem]: Autorequiring File[/var/lib/ puppet/ssl] debug: /File[/var/lib/puppet/state/graphs]: Autorequiring File[/var/ lib/puppet/state] debug: /File[/var/lib/puppet/state/state.yaml]: Autorequiring File[/ var/lib/puppet/state] debug: /File[/etc/puppet/puppet.conf]: Autorequiring File[/etc/puppet] debug: /File[/var/lib/puppet/ssl/private]: Autorequiring File[/var/lib/ puppet/ssl] debug: /File[/var/lib/puppet/ssl/private_keys]: Autorequiring File[/ var/lib/puppet/ssl] debug: /File[/var/lib/puppet/state/classes.txt]: Autorequiring File[/ var/lib/puppet/state] debug: /File[/var/lib/puppet/ssl]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/run]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/ssl/certs/puppet-client.ig.local.pem]: Autorequiring File[/var/lib/puppet/ssl/certs] debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/ puppet] debug: /File[/var/lib/puppet/ssl/public_keys]: Autorequiring File[/var/ lib/puppet/ssl] debug: /File[/var/lib/puppet/ssl/certs/ca.pem]: Autorequiring File[/ var/lib/puppet/ssl/certs] debug: /File[/var/lib/puppet/ssl/public_keys/puppet- client.ig.local.pem]: Autorequiring File[/var/lib/puppet/ssl/ public_keys] debug: /File[/var/lib/puppet/client_data]: Autorequiring File[/var/lib/ puppet] debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/ssl/private_keys/puppet- client.ig.local.pem]: Autorequiring File[/var/lib/puppet/ssl/ private_keys] debug: /File[/var/lib/puppet/log]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/facts]: Autorequiring File[/var/lib/ puppet] debug: Finishing transaction 23577982438900 debug: /File[/var/lib/puppet/ssl/public_keys]: Autorequiring File[/var/ lib/puppet/ssl] debug: /File[/var/lib/puppet/facts]: Autorequiring File[/var/lib/ puppet] debug: /File[/var/lib/puppet/ssl/private_keys]: Autorequiring File[/ var/lib/puppet/ssl] debug: /File[/var/lib/puppet/ssl/crl.pem]: Autorequiring File[/var/lib/ puppet/ssl] debug: /File[/var/lib/puppet/ssl/certs]: Autorequiring File[/var/lib/ puppet/ssl] debug: /File[/var/lib/puppet/log]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/ssl/private_keys/puppet- client.ig.local.pem]: Autorequiring File[/var/lib/puppet/ssl/ private_keys] debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/ puppet] debug: /File[/var/lib/puppet/run]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/ssl/public_keys/puppet- client.ig.local.pem]: Autorequiring File[/var/lib/puppet/ssl/ public_keys] debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/ssl]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/ssl/certificate_requests]: Autorequiring File[/var/lib/puppet/ssl] debug: /File[/var/lib/puppet/ssl/private]: Autorequiring File[/var/lib/ puppet/ssl] debug: /File[/var/lib/puppet/ssl/certs/ca.pem]: Autorequiring File[/ var/lib/puppet/ssl/certs] debug: /File[/var/lib/puppet/ssl/certs/puppet-client.ig.local.pem]: Autorequiring File[/var/lib/puppet/ssl/certs] debug: Finishing transaction 23577981939220 debug: Using cached certificate for ca debug: Using cached certificate for puppet-client.ig.local debug: Finishing transaction 23577981555200 debug: Loaded state in 0.00 seconds warning: Fact syncing is deprecated as of 0.25 -- use 'pluginsync' instead info: Retrieving fact debug: Using cached certificate for ca debug: Using cached certificate for puppet-client.ig.local debug: Using cached certificate_revocation_list for ca debug: file_metadata supports formats: b64_zlib_yaml marshal pson raw yaml; using pson debug: file_metadata supports formats: b64_zlib_yaml marshal pson raw yaml; using pson debug: file_metadata supports formats: b64_zlib_yaml marshal pson raw yaml; using pson debug: file_metadata supports formats: b64_zlib_yaml marshal pson raw yaml; using pson debug:
[Puppet Users] reloading changes stopped working
Hi, last thing i see in /var/log/daemon.log after trying /etc/init.d/puppet reload is notice: Starting Puppet client version 2.7.9 debug: Using cached certificate for ca debug: Using cached certificate for cypher.qype.com debug: Using cached certificate for ca debug: Using cached certificate_revocation_list for ca debug: Loaded state in 0.01 seconds if i completely remove puppet from machine and setup from scratch - everything will work exactly once and after that stop reloading configuration again how can i figure out where does it get stuck and why? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/zM-BNBA9-ukJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] time issue with puppet
Excuse the pseudo-code, but could you pipe the ntpdate command to at now +5 minutes? It'll exit with status 0, allowing puppet to go in its merry way, and the time will sync up soon, hopefully before puppet runs again. If you could force the module to run very late in the chain, you could shorten the delay you feed to at. Not sure if it's a bug, but this dies seen to be a common enough issue with VMs. -- Mason Turner (mobile) On Dec 14, 2011, at 7:00 PM, Corey Osman co...@logicminds.biz wrote: Hi, I have the following manifest that basically syncs the time for nodes really out of sync and ntpd can't drift the time back fast enough. The problem is that when puppet executes the catalog, and puppet changes the time, puppet never finishes because it can't calculate the run time since puppet changed the time during the puppet run. Is this a bug? Should I do something different? For example: 1. puppet starts at 3:53 pm 2. tmesync module alters the time accordingly back 10 minutes to 3:43 3. puppet is done, but never reports that it finished and appears hung since it probably cant output a negative number anyways. 4. a restart of puppet seems to fix the issue until the time changes again. # Class: timesync # # This module is a bandaid to keep virtual machines in sync with the time server. # This will basically sync the time whenver the time drifts out further than xx seconds. # # Parameters: # # Actions: syncs the time with the timeserver # # Requires: timeoffset fact (esentially ntpdate -q ntpserver) # # Sample Usage: # class timesync { # time in seconds that the clock needs to be out of sync before calling ntpdate $seconds=60 $timeserver=0.pool.ntp.org # only run max of six times per day schedule { timecheck: period = daily, repeat = 6, } # only execute if time is out of sync by specified seconds if ( $timeoffset $seconds ){ exec{synctime: path = [/bin, /usr/bin/, /sbin, /usr/sbin/], # schedule = timecheck, command = ntpdate $timeserver, } alert(Puppet had to sync the time as it was out of sync) } } Corey Osman co...@logicminds.biz Green I.T and Datacenter Automation Specialist -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] [Fileserver] Error with passenger
Hi everyone, I am a puppet newbie. But I am trying to setup a new puppet infrastructure based on Apache/Passenger. Facts: - My server is a debian Squeeze - Puppet setup with gem: [root@puppetmaster]:/etc/puppet # gem list puppet *** LOCAL GEMS *** puppet (2.7.6) puppet-module (0.3.4) - Rack setup with gem: [root@puppetmaster]:/etc/puppet # gem list rack *** LOCAL GEMS *** rack (1.3.5) rack-cache (1.1) rack-mount (0.8.3) rack-ssl (1.3.2) rack-test (0.6.1) - Passenger setup with gem: [root@puppetmaster]:/etc/puppet # gem list passenger *** LOCAL GEMS *** passenger (3.0.11) Problem: Ok when I try to acces https://puppetmaster:8140/ Everything works fine: I see the following message: “The environment must be purely alphanumeric, not ”” When I change the fileserver.conf as follow: [root@puppetmaster]:/etc/puppet # cat fileserver.conf # Files in the /path/to/files directory will be served # at puppet:///mount_point/. [modules] allow 127.0.0.0/8 allow *.lan deny* [plugins] allow 127.0.0.0/8 allow *.lan deny* I have the following error message: Error message: Could not run: Invalid pattern * at /etc/puppet/fileserver.conf:4 Any idea? Regards, J-M -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.