Re: [Puppet Users] err: Signing certificate error
2.7.19 It's weird but, i can use puppet without sudo, in fact, the initial problem appears without sudo. If i try run puppet as a root in order to sign, list o revoke certificates there aren't any problem. But if i try run puppet to launch an instance with root, i get the last error... On Monday, October 1, 2012 12:37:50 AM UTC+2, Clarence Beeks wrote: On Sun, Sep 30, 2012 at 2:22 PM, Ignasi López ignasi...@mmip.esjavascript: wrote: in fact i can't use puppet as a root: *sudo puppet help* *err: no such file to load -- puppet/face/node/install* *err: Try 'puppet help help help' for usage* First step is seeing if puppet will run for you. Puppet runs as root or you need to sudo and run it. What version of puppet are you running? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/hOuQoEiIagcJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Solaris Packages for Puppet 3.0.0-rc7, Facter 1.6.0 and Hiera 1.0.0
Thank you for the packaging: just what I needed! It makes the installation of puppet much much easier on Solaris 11 (especially now that doing a gem install puppet requires gcc…). Any hope to see similar packaging for mcollective in the near future? On Monday, October 1, 2012 12:47:43 PM UTC+8, Rahul wrote: The ext/ips folder in the main repos contains the necessary incantations. Use rake package:bootstrap at root to pull down the puppet/packaging repo and rake package:ips to build. On Saturday, September 29, 2012 12:41:44 AM UTC-7, Alan Chalmers wrote: Great to see some Solaris IPS love for these. I added these to my local repo went to use them and my only issue I'm running ruby 1.9.3 Any chance you can share your method for rolling these gems up into IPS as I'd prefer to keep with a more recent version of ruby. Cheers alan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/K2iUu7eDFZUJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Puppet 2.7, hiera 1.0 and hiera as an ENC
All, Do I understand I have hit a dead-end? On Wednesday, 26 September 2012 16:52:19 UTC+1, Guillem Liarte wrote: This is the situation I have: All my hosts are the* same OS.* All my host are in the* same puppet environment,* so I cannot use %{environment} I have a module that sets all the *basic* functionality for the OS, resolution, authentication, security, packages, etc I have a module for each application hosted. At the moment all the 'data' is in Puppet, mostly in parametrised classes in site.pp. What I want to get is a hiera set-up that allows me to use this structure: :hierarchy: - global # source of application names (classes? modules?) and environments list - basic # data for the basic class - prod/%{application}/%{hostname}# hostname files for specific data - prod/%{application}/%{env} # environmental data for each application (module) - prod/%{application}/default # default data for an application - nonprod/%{sysclass}/%{hostname} - nonprod/%{sysclass}/%{env} - nonprod/%{sysclass}/default Then to have something like this under the datadir: #├── global.yaml #├── basic.yaml #├── nonprod #│ ├── app1 #│ │ ├── common-integration.yamlAlfresco common integration #│ │ ├── continuous-integration.yaml #│ │ ├── dev.yaml #│ │ ├── default.yaml #│ │ ├── host1.yaml #│ │ ├── host2.yaml #│ │ ├── performance.yaml #│ │ ├── qa.yaml #│ │ ├── test.yaml #│ │ └── uat.yaml #│ └── app2 #└── prod #├── app1 #└── app2 # # etc. In global.yaml --- :classes: basic: app1: app2: app3: app4: :env: test: dev: commonint: continuousint: dev: performance: qa: test: uat: in app1 default.yaml: --- classes: app1: app1_version: 'latest' in app1 dev.yaml: --- app1_version: '3.0' If I wanted host1 and host2 to be part of dev for app1: host1.yaml: --- classes: basic: app1: env: dev: maybe in host2 I want to override version too: host2.yaml --- classes: basic: app1: env: dev: app1_version: '3.1' So in short, I would like hiera to be a source of facts, where I can get information that feeds Puppet in order to classify the nodes and to feed the parametrised classes. I recently found this blog entry: http://garyhetzel.com/2012/04/12/hiera_as_a_puppet_enc Gary has been very helpful and I have got an idea of what needs doing. I can query all the data the way I want using the hiera command. Something like these: hiera app1_version sysclass=app1 env=dev Returns the expected '3.0' and if I query by adding teh host: hiera app1_version sysclass=app1 env=dev hostname=host1 I get 3.1. Cool! Example using Gary's approach: /opt/puppet-data/nonprod/hieratest/default.yaml --- classes: hieratest env: hieratest_default /opt/puppet-data/nonprod/hieratest/host1.yaml --- classes: hieratest: env: 'hieratest_performance' # hiera env sysclass=hieratest --debug DEBUG: Wed Sep 26 16:40:46 +0100 2012: Hiera YAML backend starting DEBUG: Wed Sep 26 16:40:46 +0100 2012: Looking up type in YAML backend DEBUG: Wed Sep 26 16:40:46 +0100 2012: Looking for data source global DEBUG: Wed Sep 26 16:40:46 +0100 2012: Looking for data source basic DEBUG: Wed Sep 26 16:40:46 +0100 2012: Looking for data source nonprod/hieratest/default DEBUG: Wed Sep 26 16:40:46 +0100 2012: Found env in nonprod/hieratest/default hieratest_default # hiera type sysclass=hieratest hostname=host1 --debug DEBUG: Wed Sep 26 16:40:57 +0100 2012: Hiera YAML backend starting DEBUG: Wed Sep 26 16:40:57 +0100 2012: Looking up type in YAML backend DEBUG: Wed Sep 26 16:40:57 +0100 2012: Looking for data source global DEBUG: Wed Sep 26 16:40:57 +0100 2012: Looking for data source basic DEBUG: Wed Sep 26 16:40:57 +0100 2012: Looking for data source nonprod/hieratest/host1 DEBUG: Wed Sep 26 16:40:57 +0100 2012: Found env in nonprod/hieratest/host1 hieratest_performance But when it comes to use this in Puppet the results are not as I expect, nothing happens, it just does a run no classes are used. I see that the basic class custom facts are loaded, but nothing gets executed, as if the catalogue for host1 would not include it. In Puppet I expect to just have: in site.pp: node default {} And then in each application’s init.pp: $env = hiera(env) this allows me to get the right config files (with are maintained in a git repo) $app1_version = hiera(app1_version) this allows me to set the right RPM version (from satellite/spacewalk/RHN) As per Gary's post, I can use hiera as node terminus, and so it is set in puppet.conf. I would like to make emphasis in this: Gary's hiera as an ENC works, but for a more simple scenario than the one I am proposing, if I only wanted to classify
[Puppet Users] Re: in-module data with hiera
On Sunday, September 30, 2012 4:37:29 AM UTC-5, R.I. Pienaar wrote: I propose extending the module layout with a data/ directory that can go into each module and in this data directory would live a hiera config file (optionally) and module specific data: That sounds really attractive, but I'm not in a position to test it right now. Also (separately), I hope you have more distribution plans than just gem, because gem is a complete non-starter for me. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/_shrRB45IfkJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: custom function, setvar and variable scoping
On Saturday, September 29, 2012 8:10:43 AM UTC-5, Jérôme Loyet wrote: Hello, I'm trying to make a set of functions to simulate an array with which I would be able to append value in the same scope. The first function is called array_append which take 2 arguments: the variable name and the value to append. The function then iterates through variables #{name}_#{i} (with incrementing i from 0) until the variable does not exists and then set the value of this variable. This way I'm using one variable for each element of my array and I can simulate a real array from the puppet DSL. Here's the function I've made: module Puppet::Parser::Functions newfunction(:array_append) do |args| i = 0 i += 1 while lookupvar(#{args[0]}_#{i}) puts I've set #{args[0]}_#{i} to #{args[1]} setvar(#{args[0]}_#{i}, args[1]) end end If I'm calling this function from a manifest it works as expected: test.pp array_append(toto, prout0) array_append(toto, prout1) array_append(toto, prout2) #puppet agent test.pp I've set toto_0 to prout0 I've set toto_1 to prout1 I've set toto_2 to prout2 Finished catalog run in 0.02 seconds But if I want to set a global variable it does not work anymore and I've errors. It seams that test2.pp: array_append(::toto, prout0) array_append(::toto, prout1) array_append(::toto, prout2) #puppet agent test2.pp I've set ::toto_0 to prout0 I've set ::toto_0 to prout1 Error: Cannot reassign variable ::toto_0 at /root/puppet/manifests/test.pp:9 on node www1.egasys.com Error: Cannot reassign variable ::toto_0 at /root/puppet/manifests/test.pp:9 on node www1.egasys.com Then if I'm calling array_append from a module defined resource: test3.pp network::route::add_net {42.42.42.0/24: gw = 192.168.0.1} network::route::add_net {54.54.54.0/24: gw = 192.168.0.1} modules/network/manifests/route/add_net.pp define network::route::add_net($gw) { array_append(::routes_net, {name = $name, gw = $gw}) } #puppet agent test3.pp I've set ::routes_net_0 to name42.42.42.0/24gw192.168.0.1 I've set ::routes_net_0 to name54.54.54.0/24gw192.168.0.1 this time: no errors but setvar is not working: it's like setvar does nothing I can't understand why case #2 and #3 are not working and if it's a normal behaviour or a bug. if you have any ideas ? My guess would be that setvar() is attempting to use the full string you supplied as a simple variable name, instead of resolving it as a qualified name. That would make sense because setvar() probably itself resolves to or wraps scope.setvar(), where 'scope' is the scope object representing the current namespace scope. It may be possible to find and use the scope object for the scope you want, but it would be all-around better to avoid attempting to modify a different scope than the one in which the function call appears. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/pPO5OOihX90J. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: custom type in ruby - invalid resource type at .../site.pp
multiple times ... I had these few minutes of frustration before, too ;) thanks, axel. Am Freitag, 28. September 2012 15:18:07 UTC+2 schrieb Trevor Vaughan: I'm assuming that you did this, but did you restart your master after finishing the plugin? I've forgotten to do this on occasion which amounted in a few minutes of frustration. Good luck, Trevor On Fri, Sep 28, 2012 at 8:44 AM, Axel Bock axel...@arbeitsagentur.dejavascript: wrote: Okay, I am one step farther. After seeing Invalid resource for about 100 times I symlinked the type and provider dirs to /var/.../puppet/ (the global, core putty installation files). I basically wanted to see if I have an invalid ruby file, or if puppet simply doesn't notice the downloaded plugins. It turns out - the latter. in the global puppet dir I get no more Invalid type errors, and my debug print statement in the exists? method gets printed. Now - what do I have to do to make puppet realize that this stupid plugin is there? It _does_ even autoload it - if I change it I get a diff printed, the code gets executed (I see print statements I put in there) - but once the type shall be acutally used puppet chickens out. This is so extremely annoying. Pluginsync = true is activated in the [main] and [master] section of client and master. Does nobody have any idea? I am using puppet 2.6.17 from the SuSE SLES 11 SP2 repo. thanks in advance greetings! Axel. Am Freitag, 28. September 2012 08:15:14 UTC+2 schrieb Axel Bock: plugincheck on client: check. commented out property: check. unfortunately same result :( thanks, axel. Am Donnerstag, 27. September 2012 21:37:02 UTC+2 schrieb Jakov Sosic: On 09/27/2012 05:21 PM, Axel Bock wrote: p.s.: my type can be seen here: http://pastebin.com/20N8teKV and the provider here: http://pastebin.com/SjqyWegu Try commenting out whole sync_direction property section in your type type definition file. You defined property but you don't have methods in your provider... Also make sure you are doing the pluginsync on the client. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/28aheY-ZZS8J. To post to this group, send email to puppet...@googlegroups.comjavascript:. To unsubscribe from this group, send email to puppet-users...@googlegroups.com javascript:. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Trevor Vaughan Vice President, Onyx Point, Inc (410) 541-6699 tvau...@onyxpoint.com javascript: -- This account not approved for unencrypted proprietary information -- -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/VCzN4obcvAAJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: custom type in ruby - invalid resource type at .../site.pp
On Friday, September 28, 2012 7:44:02 AM UTC-5, Axel Bock wrote: Okay, I am one step farther. After seeing Invalid resource for about 100 times I symlinked the type and provider dirs to /var/.../puppet/ (the global, core putty installation files). I basically wanted to see if I have an invalid ruby file, or if puppet simply doesn't notice the downloaded plugins. It turns out - the latter. in the global puppet dir I get no more Invalid type errors, and my debug print statement in the exists? method gets printed. Now - what do I have to do to make puppet realize that this stupid plugin is there? It _does_ even autoload it - if I change it I get a diff printed, the code gets executed (I see print statements I put in there) - but once the type shall be acutally used puppet chickens out. This is so extremely annoying. Pluginsync = true is activated in the [main] and [master] section of client and master. Does nobody have any idea? I am using puppet 2.6.17 from the SuSE SLES 11 SP2 repo. This is standard behavior. The master does not load types or providers directly from modules. If it is its own client then it will sync them to itself when the agent runs, or else you can copy them into position manually. Under some circumstances you will need to restart the master after the type and provider are synced, though I thought that was mostly when you modify an existing type / provider. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/Iojb7yC_FfgJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: in-module data with hiera
- Original Message - From: jcbollinger john.bollin...@stjude.org To: puppet-users@googlegroups.com Sent: Monday, October 1, 2012 2:15:22 PM Subject: [Puppet Users] Re: in-module data with hiera On Sunday, September 30, 2012 4:37:29 AM UTC-5, R.I. Pienaar wrote: I propose extending the module layout with a data/ directory that can go into each module and in this data directory would live a hiera config file (optionally) and module specific data: That sounds really attractive, but I'm not in a position to test it right now. Also (separately), I hope you have more distribution plans than just gem, because gem is a complete non-starter for me. personally the end goal would be to just merge it with hiera or puppet. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Where do you store sensitive files with puppet+git approach?
Hi People, I have a quick question, which hopefully you will have an answer to. I am slowly moving towards puppet and git with multiple branches for different environments. Things are going pretty well, but now I have a small issue. The question is where should I store sensitive files, for instance SSL private keys or some files which contain sensitive data? I am aware of hiera-gpg storage backend, but that is more suitable for storing plain text strings rather than actual files - correct me if I am wrong? I am looking forward to hear your opinion on this subject. Thanks in advance. -- Vaidas -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/DjQqqdK2NJ4J. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: LDAP Account Manager supports Puppet
Hello Rolan, I can't find the puppet tab , you mentioned in the mail. Can you please elaborate more , on how to switch to puppet tab after modifying a host entry. Thanks, Nisahnt On Tuesday, September 25, 2012 2:03:02 PM UTC-4, Roland Gruber wrote: Hi all, the latest release of LDAP Account Manager supports to manage your Puppet LDAP entries via a web GUI. You can download it here (free, GPL license): https://www.ldap-account-manager.org/ There is also a live demo provided on the homepage. There you can try it online. Just edit a host entry and then switch to tab Puppet. I hope you like it. ;-) Best regards Roland -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/4TTW49p2NSIJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: How to recursively ship files while keeping their modes
Hi, On Mon, Sep 17, 2012 at 07:39:38AM -0700, Alessandro Franceschi wrote: Have you tried to add: mode = undef, it might work (not tested). thanks for answering. I have lost my puppetmaster VM due to filesystem failure[1] and have not yet built a new one[2]. I will report whether your hint worked when I have built a new one. Greetings Marc [1] and, it being a test system, it was of course not backed up [2] and I cannot try that in the live puppet due to team rules -- - Marc Haber | I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things.Winona Ryder | Fon: *49 621 31958061 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 31958062 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Passing http_proxy_host option
On Sunday, September 30, 2012 11:40:42 PM UTC-5, drew khoury wrote: May have spoken too soon. If I set the env variable, and I'm manually logged, then I run puppet all is good. I'm still not clear on how I set the env variable when puppet is invoked from Vagrant (this might end up being a question for Vagrant not puppet?). Yes, that would be a Vagrant question. You could, however, have Vagrant invoke a wrapper script that sets the desired variable instead of invoking puppet apply directly. I'm not sure how that differs from what you tried but it should work. Something like this: #!/bin/bash export http_proxy=my.proxy puppet apply $@ Setting the env variable in a bash script invoked via the puppet manifest proved to be useless, as it doesn't have any scope OUTSIDE the bash script. Indeed not. That's why you need to put the Puppet invocation inside the script. I've tried a combination of setting the variable in /home/vagrant/.bashrc AND keeping the env via env_keep in sudoers but I'm not sure I'm understanding how Vagrant is invoking Puppet. Command runners typically are very careful and selective about the environment they provide to commands they run. Puppet is a good example, and likely Vagrant is, too. Such programs normally have a way to configure the environment for each command along with the command itself, and they usually provide little or nothing else in those environments. In particular, they normally do not pass on their own environment to commands. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/rjRkJx1zdjQJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: in-module data with hiera
I am looking forward to testing this out in my test lab, as this is something I have been looking for for quite a while. (That, and a good deployment mechanism, while waiting for Razor to mature.) Thank you for putting this out for testing/reflection. -- Patrick Roberts On Sunday, September 30, 2012 4:37:29 AM UTC-5, R.I. Pienaar wrote: hello, Till now hiera-puppet was the only way I know that allowed hiera data to be loaded from inside a module. The problem with this was that it was still subject to the site specific hierarchy which means a module author had a pretty hard time to store his data in a proper way in his module thus perpetuating the use of the params classes pattern. Now that Puppet 3 is out and it's gem extensible I can finally try some ideas I had but put off implementing because it was too hard to install and distribute these extensions. I propose extending the module layout with a data/ directory that can go into each module and in this data directory would live a hiera config file (optionally) and module specific data: your_module ├── data │ ├── hiera.json │ └── osfamily │ ├── Debian.json │ └── RedHat.json └── manifests └── init.pp Here the data/hiera.json is optional and specifies a hierarchy that the module author chooses and is unique to the specific backend. The default contents would be this is the file is absent: {hierarchy: [osfamily/%{osfamily}, common]} But a module author can pick anything there, should even be able to rely on facts that is shipped with the module in its lib dir since that'll get pluginsynced out before compile time: Now given the data files for Redhat: {apache::package : httpd} ...and Debian: {apache::package : apache2} And your main hiera site config being something like: :backends: - json - module_json You should be able to just write module code like this: class apache($package=apache) { package{$package: ensure = present} } If no data is specified in the site hiera backends then this will use the in-module hierarchy and data and just do the right thing on RedHat and Debian systems but as always the site can still override the data using hard coding, site specific data, ENCs etc. So the important thing here is the module author has control over the hierarchy that gets used when the data in his module gets loaded. The site can has its own hierarchy policy but this backend will only use the hierarchy that is recorded in the module by its author. If you want to play with this idea on your Puppet 3 install just do 'gem install hiera-module-json' So I am looking for feedback from the community on this pattern, will it solve the problem of author-supplied module data better than we have today? I've heard this problem brought up quite a lot so keen to hear feedback. I'd imagine eventually a backend like this might be a hard-coded backend shipped with puppet and always there as the lowest priority backend below any that the site might specify in their site wide hiera config so everyone can rely on this being there and with the new lookup helpers this should also be backward compatible - old Puppets or ones who specifically disable the hiera indirector will just not have data and will need to supply it some other way. --- R.I.Pienaar -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/J0XkwA_MAQUJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Puppet 2.7, hiera 1.0 and hiera as an ENC
On Wednesday, September 26, 2012 10:52:19 AM UTC-5, Guillem Liarte wrote: This is the situation I have: All my hosts are the* same OS.* All my host are in the* same puppet environment,* so I cannot use %{environment} I have a module that sets all the *basic* functionality for the OS, resolution, authentication, security, packages, etc I have a module for each application hosted. At the moment all the 'data' is in Puppet, mostly in parametrised classes in site.pp. What I want to get is a hiera set-up that allows me to use this structure: I suspect that one of the reasons you are having trouble is that you are trying to employ a usage paradigm that is inconsistent with hiera's design (more below). :hierarchy: - global # source of application names (classes? modules?) and environments list - basic # data for the basic class There's nothing wrong with those levels. - prod/%{application}/%{hostname}# hostname files for specific data - prod/%{application}/%{env} # environmental data for each application (module) - prod/%{application}/default # default data for an application But there *is* a problem with those. It may be possible to make it work, but it's shaky to use variable hierarchy levels for data *selection*. That's what keys are for. With that said, recent Puppet releases provide automatic $calling_module and $calling_class variables, one of which you could probably use in place of $application. As I understand it, that's intended to provide (better) support for module-specific data, which might be a good way to cast that part of your problem. - nonprod/%{sysclass}/%{hostname} - nonprod/%{sysclass}/%{env} - nonprod/%{sysclass}/default You additionally have a fundamental problem with %{env}. Hiera will attempt to resolve that as a *Puppet* variable, to which the presence of a matching key somewhere in the Hiera hierarchy is irrelevant. Hiera needs to know the value to resolve the hierarchy (as you have defined it), and it would need, in principle, to resolve the hierarchy before it could look up the value in your data store. What actually happens, I'm sure, is that hiera uses the value of $::env that it looks up in Puppet at function entry. You might be able to work around that by setting that variable in Puppet before looking up other data, such as by putting $env = hiera('env') at top scope near the beginning of your site.pp. So in short, I would like hiera to be a source of facts, where I can get information that feeds Puppet in order to classify the nodes and to feed the parametrised classes. As an aside, throwing parametrized classes into this mix has only downside as far as I am concerned, except inasmuch as you may want to use parametrized classes that are (unwisely) provided by modules written by others. Since you want to rely on hiera (which is good), it is superior to write your classes like this wherever you are in control of module interfaces: class mymodule::class1 { $param1 = hiera('mymodule::class1::param1') $param2 = hiera('mymodule::class1::param2') # or with simpler keys enabled by use of # %{calling_module} and/or %{calling_class} } There are several advantages, among them that you can encode interclass parse-order dependencies via the built-in 'include' function, and that you can use hiera's 'hiera_include()' function to assign such classes to nodes. I recently found this blog entry: http://garyhetzel.com/2012/04/12/hiera_as_a_puppet_enc Gary appears to have done some cool work there, but as you have discovered, it's not going to overcome the inherent problem with self-referrential data. It might be possible to work around this by augmenting Gary's hiera additions/modifications with a separate pre-lookup of needed extra variables, but you're then talking about a distinctly non-trivial effort and a substantial branch away from stock hiera. I would like to make emphasis in this: Gary's hiera as an ENC works, but for a more simple scenario than the one I am proposing, if I only wanted to classify Classes and Hosts, it does work fine. Where I have not been able to succeed is in adding an 'env' layer after the application (classes, organised in modules). You are classifying based only on hostname, because that's the only data you want to consider that actually originates from the node being classified. Everything else is logic and structure of the ENC you are trying to build. The problem is that you are trying to implement a data structure that Hiera does not natively support. You can make it work, but you will need either significant changes in hiera, or a different usage mode. I would suggest the latter. Were I you, I would consider writing a separate, hiera-based ENC instead of trying to build all the ENC features you want directly into hiera itself. Among other
[Puppet Users] Re: Massive Import/Include
On Friday, September 28, 2012 9:56:51 AM UTC-5, pierre-emmanuel degand wrote: my module bind : - init.pp : class bind { include bind::install include bind::service } -install.pp : class bind::install ( $packages = $bind::params::server_packages ) inherits bind::params { package { $packages : ensure = present, } file { /etc/bind/zones: ensure = directory, owner = root, group = root, mode= 0755, } file { /etc/bind/named.conf.local: owner = root, group = root, mode = 0644, source = puppet:///modules/bind/named.conf.local, } } service.pp : class bind::service ( $service = $bind::params::server_services ) inherits bind::params { service { $service : enable = true, ensure = running, hasrestart = true, hasstatus = true, } } params.pp : class bind::params { $server_packages = [bind9] $server_services = bind9 } config.pp (the one i use to configure each domain) : define bind::config ($dns_server = $fqdn, $domain, $type_ip = A, $ip_serv = '', $type_ip2 = $type_ip, $ip_serv2 = $ip_serv, $sub_domain='', $mx=false, $ip_mx1 = xxx.xxx.xxx.xxx, $domain_mx1 = $domain, $type_mx1 = A, $ip_mx2 = xxx.xxx.xxx.xxx, $domain_mx2 = $domain_mx1, $type_mx2 = A, $ip_ns1 = xxx.xxx.xxx.xxx, $type_ns1 = A, $ip_ns2 = xxx.xxx.xxx.xxx, $type_ns2 = A, $ip_ns3 = xxx.xxx.xxx.xxx, $type_ns3 = A, $www = true ){ include bind file { /etc/bind/zones/${domain}.db: content = template(bind/zone.db.erb), owner = root, group = root, mode = 0644, } } Having so many parameters is pretty ugly, but perhaps that's the best available way. Puppet supports arrays and hashes, however, and your ERB template could easily make use of such objects, so perhaps it would be both cleaner and more convenient to replace some groups of parameters with array or hash parameters. That might even be more flexible, too. More importantly, items in your parameter list must not refer to other items in the same list. That is, parameter list items such as $type_ip2 = $type_ip, will not reliably do what you expect. The order of the parameter list is irrelevant to this issue. Your best bets would be to restructure your parameter space some way that does not require duplication, or to convert some or all of your parameters into ordinary variables and set them via a mechanism that allows you to specify a default value (hiera() and even extlookup() can do this). There are cleaner alternatives now, but the traditional approach follows this model: define bind::config (... $type_ip2 = 'UNSET', ...) { $real_type_ip2 = $type_ip2 ? { 'UNSET' = $type_ip, default = $type_ip2 } ... } Alternatively, you could put similar code into your template instead of your manifest. And for each domainX_conf.pp : class conf_bind::bind_domain_fr { Note that Puppet will expect to find a class of that name in module_path/conf_bind/manifests/bind_domain_fr.pp (that is, not in a subdirectory). bind::config { domain.fr: domain = domain.fr, ip_serv = xxx.xxx.xxx.xxx, sub_domain = [domain.fr. IN MX 20 mx2.ovh.net., domain.fr. IN MX 10 mx1.ovh.net., domain.fr. IN MX 100 mxb.ovh.net., domain.fr. IN TXT \v=spf1 ip4:xxx.xxx.xxx.xxx ip4:xxx.xxx.xxx.xxx -all\, subdomain1 IN A xxx.xxx.xxx.xxx, subdomain2 IN A xxx.xxx.xxx.xxx, pop3 IN CNAME ns0.ovh.net., ], } } At the beginning, all the configuration was in the node.pp, but i had too much ligns so i split all the configuration like that... Then in the module's init.pp you would have: class conf_bind { include 'conf_bind::bind::domain1_conf' include 'conf_bind::bind::domain2_conf' # ... include 'conf_bind::bind::domain200_conf' } == it's what i want to avoid :s I understand that you want to avoid listing each class individually in your manifests, but you cannot do that without changes of one kind or another. Here are some of your options: - The general structure of your module is much as I suspected, quite suitable for a conversion to storing all the domain data in hiera and then using create_resources() to declare all the domains. You already have bind::config as the resource type that you would specify to create_resources(). The limitations here are that you would need to convert all those classes to suitably-structured YAML (or build the YAML data some other way), and that it would probably all need to go into one YAML file. - You could write a custom function that reads the directory containing the per-domain manifests, converts file names to corresponding (fully-qualified) class names, and returns an array of the class names. I think you can pass such an array to the
Re: [Puppet Users] Re: Puppet 2.7, hiera 1.0 and hiera as an ENC
Guillem, Sorry for the delayed response. Anyway, John is correct about what you're trying to do with Hiera. I can say as far as the ENC Gary has written follows all the rules of what an ENC 'should do' as per the documentation. http://docs.puppetlabs.com/guides/external_nodes.html Keep in mind also, when the ENC is run, the only information it has access to is the Facts from the node. The manifests are not compiled until after the ENC returns the classes it has determined should be declared. This ENC does it in one call to hiera for classes. When this Hiera ENC processes, it never adds the discovered parameters and other variables to the current running context. While that could achieve what you want, it could also complicate things in unexpected ways. So as I said above, when the ENC runs, you only have just the facts from the host as your current context. John's suggestion of a new usage model that aligns better with Hiera's design is probably the best answer. That being a case, I would suggest custom facts to help you navigate your hiera tree in a more controlled/granular manner. -- Tom Linkin Professional Services Engineer http://puppetlabs.com/ twitter: @trlinkin On Monday, October 1, 2012 at 10:47 AM, jcbollinger wrote: On Wednesday, September 26, 2012 10:52:19 AM UTC-5, Guillem Liarte wrote: This is the situation I have: All my hosts are the same OS. All my host are in the same puppet environment, so I cannot use %{environment} I have a module that sets all the basic functionality for the OS, resolution, authentication, security, packages, etc I have a module for each application hosted. At the moment all the 'data' is in Puppet, mostly in parametrised classes in site.pp. What I want to get is a hiera set-up that allows me to use this structure: I suspect that one of the reasons you are having trouble is that you are trying to employ a usage paradigm that is inconsistent with hiera's design (more below). :hierarchy: - global # source of application names (classes? modules?) and environments list - basic # data for the basic class There's nothing wrong with those levels. - prod/%{application}/%{hostname}# hostname files for specific data - prod/%{application}/%{env} # environmental data for each application (module) - prod/%{application}/default # default data for an application But there is a problem with those. It may be possible to make it work, but it's shaky to use variable hierarchy levels for data selection. That's what keys are for. With that said, recent Puppet releases provide automatic $calling_module and $calling_class variables, one of which you could probably use in place of $application. As I understand it, that's intended to provide (better) support for module-specific data, which might be a good way to cast that part of your problem. - nonprod/%{sysclass}/%{hostname} - nonprod/%{sysclass}/%{env} - nonprod/%{sysclass}/default You additionally have a fundamental problem with %{env}. Hiera will attempt to resolve that as a Puppet variable, to which the presence of a matching key somewhere in the Hiera hierarchy is irrelevant. Hiera needs to know the value to resolve the hierarchy (as you have defined it), and it would need, in principle, to resolve the hierarchy before it could look up the value in your data store. What actually happens, I'm sure, is that hiera uses the value of $::env that it looks up in Puppet at function entry. You might be able to work around that by setting that variable in Puppet before looking up other data, such as by putting $env = hiera('env') at top scope near the beginning of your site.pp. So in short, I would like hiera to be a source of facts, where I can get information that feeds Puppet in order to classify the nodes and to feed the parametrised classes. As an aside, throwing parametrized classes into this mix has only downside as far as I am concerned, except inasmuch as you may want to use parametrized classes that are (unwisely) provided by modules written by others. Since you want to rely on hiera (which is good), it is superior to write your classes like this wherever you are in control of module interfaces: class mymodule::class1 { $param1 = hiera('mymodule::class1::param1') $param2 = hiera('mymodule::class1::param2') # or with simpler keys enabled by use of # %{calling_module} and/or %{calling_class} } There are several advantages, among them that you can encode interclass parse-order dependencies via the built-in 'include' function, and that you can use hiera's 'hiera_include()' function to assign such classes to nodes. I recently found this blog entry: http://garyhetzel.com/2012/04/12/hiera_as_a_puppet_enc Gary appears to have done some cool
Re: [Puppet Users] Re: Could use another set of eyes to assist
On Saturday, September 29, 2012 12:03:33 AM UTC-5, Jeremy wrote: On Fri, Sep 28, 2012 at 5:37 PM, jcbollinger john.bo...@stjude.orgjavascript: wrote: [...] How big are the real deployment files? I wouldn't think that parsing and processing even moderately large YAML files would be prohibitively expensive in itself, especially when compared to the work the master must perform to compile all the DSL code. In any case, you should be able to test that against real data by wrapping a test harness around the innards of your function. Looking at the report metrics I can see that successful runs show config retrieval taking up to 130 seconds but most common is around 110 seconds so not much difference. When it fails it usually fails with a Could not retrieve catalog from remote server: execution expired and a Could not retrieve catalog; skipping run error messages and then proceeds with the cached catalog. Currently the catalog has 370-390 resources defined with a change usually involving 170-180 resources. 370-390 resources is not unreasonably large. It's somewhat surprising that so many changes happen each run (after the first), but that doesn't factor into catalog compilation time. The timings you report are potentially important, however, because they're running right about at the default client-side timeout for catalog requests (120s). You could try setting the configtimeout configuration parameter to something a bit larger, say 150 (in the agent section). That doesn't answer the question of what is causing compilation to take that long, but it probably gets you a lot fewer timeouts. I still maintain that loading a file over the network is a pretty likely performance-killer. I/O is in general far, far slower than computation, and network I/O is typically both slower and less consistent than local I/O. As with anything performance-related, however, there is no alternative to testing for determining reliable performance characteristics. You may also want to check whether your master is under-resourced. The master typically consumes 100s of MB, and if it has to swap parts of that back and forth between physical and virtual memory then that will slow everything down. Also, if you're using the built-in webrick server then you should be aware that it doesn't scale especially well, especially for medium-large catalogs. It is single-threaded, so if two nodes request catalogs at the same time, then one has to wait for the master to serve the other first. The usual advice for that situation is to run the master via passenger. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/QHeykExDSRIJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Could use another set of eyes to assist
On Mon, Oct 1, 2012 at 12:13 PM, jcbollinger john.bollin...@stjude.orgwrote: On Saturday, September 29, 2012 12:03:33 AM UTC-5, Jeremy wrote: On Fri, Sep 28, 2012 at 5:37 PM, jcbollinger john.bo...@stjude.orgwrote: [...] How big are the real deployment files? I wouldn't think that parsing and processing even moderately large YAML files would be prohibitively expensive in itself, especially when compared to the work the master must perform to compile all the DSL code. In any case, you should be able to test that against real data by wrapping a test harness around the innards of your function. Looking at the report metrics I can see that successful runs show config retrieval taking up to 130 seconds but most common is around 110 seconds so not much difference. When it fails it usually fails with a Could not retrieve catalog from remote server: execution expired and a Could not retrieve catalog; skipping run error messages and then proceeds with the cached catalog. Currently the catalog has 370-390 resources defined with a change usually involving 170-180 resources. 370-390 resources is not unreasonably large. It's somewhat surprising that so many changes happen each run (after the first), but that doesn't factor into catalog compilation time. The timings you report are potentially important, however, because they're running right about at the default client-side timeout for catalog requests (120s). You could try setting the configtimeout configuration parameter to something a bit larger, say 150 (in the agent section). That doesn't answer the question of what is causing compilation to take that long, but it probably gets you a lot fewer timeouts. I've taken the suggestion and increased the agent configtimeout on the client machines to see if this helps decrease the execution timeouts that the engineer is seeing and complaining about. I still maintain that loading a file over the network is a pretty likely performance-killer. I/O is in general far, far slower than computation, and network I/O is typically both slower and less consistent than local I/O. As with anything performance-related, however, there is no alternative to testing for determining reliable performance characteristics. I'm working on a process to retrieve the deployment configuration file from the S3 bucket outside of Puppet control so I can process it locally and see if that improves the config generation time. You may also want to check whether your master is under-resourced. The master typically consumes 100s of MB, and if it has to swap parts of that back and forth between physical and virtual memory then that will slow everything down. Also, if you're using the built-in webrick server then you should be aware that it doesn't scale especially well, especially for medium-large catalogs. It is single-threaded, so if two nodes request catalogs at the same time, then one has to wait for the master to serve the other first. The usual advice for that situation is to run the master via passenger. This is a relatively small installation with only a handfull of clients. Still the master is running Apache with Passenger instead of Webrick and utilizing async queuing. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/QHeykExDSRIJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] PuppetConf speakers contact info
I'm trying to find email addresses of some of the speakers from Puppet Conf last week. They aren't on the web site... maybe due to spamming concerns. Short of Googling, how can I get these? Also... are there slides available yet? What about video? Doug -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] is it possible to save dashboard inventory searches
You can bookmark a search in the browser, but beyond that, there's no saved search feature in Dashboard itself. On Thu, Sep 27, 2012 at 8:45 AM, Eddie Hart ed.h...@gmail.com wrote: Hello: Is it possible to save dashboard inventory searches? I'm a relatively new puppet user. I've checked the puppetlabs documentation for an answer to my question - but didn't turn anything up. Thanks! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/xIcYlrRJZq0J. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Deploy nagios client on windows
Hi Thomas, On Thu, Sep 27, 2012 at 12:59 PM, Thomas Bendler thomas.bend...@gmail.com wrote: Hi @all, does anyone manage the NSClient++ deployment with puppet? I have the strange behavior that I can distribute the installation package to the target server and install the package with the MSI provider. The relevant code is here: if $windows { file { c:/local/source: ensure = directory, mode = 0770, owner = Administrators, group = Administrators; c:/local/source/NSClient++-0.3.9-x64.msi: ensure = present, mode = 0660, owner = Administrators, group = Administrators, require = File[c:/local/source], path = $::operatingsystem ? { default = c:/local/source/NSClient++-0.3.9-x64.msi }, source = puppet:///modules/monitor/nagios/NSClient++-0.3.9-x64.msi; This require shouldn't be necessary as the file will autorequire its ancestor directories. c:/local/nsclient/boot.ini: ensure = present, mode = 0664, owner = Administrators, group = SYSTEM, require = Package[NSClientpp], notify = Service[NSClientpp], path = $::operatingsystem ? { default = c:/local/nsclient/boot.ini }, content = template(monitor/nagios/client/boot.ini.erb); c:/local/nsclient/nsc.ini: ensure = present, mode = 0664, owner = Administrators, group = SYSTEM, require = Package[NSClientpp], notify = Service[NSClientpp], path = $::operatingsystem ? { default = c:/local/nsclient/nsc.ini }, content = template(monitor/nagios/client/nsc.ini.erb); } package { NSClientpp: ensure = installed, provider = msi, source = 'c:\local\source\NSClient++-0.3.9-x64.msi', install_options = { 'INSTALLLOCATION' = 'c:\local\nsclient', 'ADDLOCAL' = 'ALL', 'START_SERVICE_ON_EXIT' = '1' }; } service { NSClientpp: name = $::operatingsystem ? { default = NSClientpp }, ensure = running, enable = true, require = Package[NSClientpp]; } } Now to the strange thing, when the package is installed with the MSI provider, the service entry from the NSClient++ disapear. When I manually execute the installation package with option repair, it apears again ... until the next puppet run where it disapear again. So calling the service resource fail because of the missing service entry. The OS is a 2003SP2 x64, the puppet client has the version 2.7.19. Any ideas? The name of the package needs to match the DisplayName as specified in the registry (and Add/Remove Programs). This used to be in the puppet wiki page, but I don't see it in the new documentation. I'll file a doc bug about this. For this package, it should be NSClient++ (x64), both in the package resource and the service resource that requires it. It appears what is occurring is that the second time puppet runs, it thinks the package is not installed, so it installs it again (really a repair). For some reason, the NSClient MSI gets confused and uninstalls the service during the repair. In any case, the second time you run puppet (with --debug), you should see something like: Debug: /Stage[main]//File[c:/local/nagios/NSClient++-0.3.9-x64.msi]/require: requires File[c:/local/nagios] Debug: /Stage[main]//Service[NSClientpp]/require: requires Package[NSClient++ (x64)] ... Debug: Prefetching msi resources for package Debug: Service[NSClientpp](provider=windows): Service NSClientpp is running Debug: Service[NSClientpp](provider=windows): Service NSClientpp start type is auto start But you should not see: Debug: Executing 'msiexec.exe /qn /norestart /i c:\local\nagios\NSClient++-0.3.9-x64.msi ADDLOCAL=ALL INSTALLLOCATION=c:\local\nsclient START_SERVICE_ON_EXIT=1' Josh -- Josh Cooper Developer, Puppet Labs -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Where do you store sensitive files with puppet+git approach?
We use hiera-gpg for ours. Files containing sensitive information are converted into templates so that only the necessary strings are included in gpg. If we really needed to distribute full files I would probably build a separate directory tree backed by its own repository for this. It's just never been necessary for us. On Oct 1, 2012 6:47 AM, Vaidas Jablonskis jablons...@gmail.com wrote: Hi People, I have a quick question, which hopefully you will have an answer to. I am slowly moving towards puppet and git with multiple branches for different environments. Things are going pretty well, but now I have a small issue. The question is where should I store sensitive files, for instance SSL private keys or some files which contain sensitive data? I am aware of hiera-gpg storage backend, but that is more suitable for storing plain text strings rather than actual files - correct me if I am wrong? I am looking forward to hear your opinion on this subject. Thanks in advance. -- Vaidas -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/DjQqqdK2NJ4J. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: PuppetConf speakers contact info
If the speaker's contact information has not been published, there's probably a good reason why. I'd suggest something along the lines of: Hi, I am trying to reach ___ about their Presentation at PuppetConf. If you are __, can you please contact me off-line? I have a few questions and can be reached at the following email address: _ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/CwJ84wL1zWEJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: PuppetConf speakers contact info
+1 for slides. GREAT PuppetConf, btw ;) On Mon, Oct 1, 2012 at 10:59 AM, windowsrefund windowsref...@gmail.comwrote: If the speaker's contact information has not been published, there's probably a good reason why. I'd suggest something along the lines of: Hi, I am trying to reach ___ about their Presentation at PuppetConf. If you are __, can you please contact me off-line? I have a few questions and can be reached at the following email address: _ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/CwJ84wL1zWEJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- GVoice: 707.646.9180 LinkedIn: http://www.linkedin.com/in/brendanobra -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: PuppetConf speakers contact info
http://info.puppetlabs.com/puppetconf-video-registration.html use that to get notified when the video / audio + slides becomes available. All sessions, except I think the lab ones, were recorded and should be available in the near future (this week I think, but soon for sure) On Monday, October 1, 2012 1:19:13 PM UTC-5, Brendan O'Bra wrote: +1 for slides. GREAT PuppetConf, btw ;) On Mon, Oct 1, 2012 at 10:59 AM, windowsrefund window...@gmail.comjavascript: wrote: If the speaker's contact information has not been published, there's probably a good reason why. I'd suggest something along the lines of: Hi, I am trying to reach ___ about their Presentation at PuppetConf. If you are __, can you please contact me off-line? I have a few questions and can be reached at the following email address: _ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/CwJ84wL1zWEJ. To post to this group, send email to puppet...@googlegroups.comjavascript: . To unsubscribe from this group, send email to puppet-users...@googlegroups.com javascript:. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- GVoice: 707.646.9180 LinkedIn: http://www.linkedin.com/in/brendanobra -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/t9X95XopNOUJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet/Passenger :: Could not retrieve catalog from remote server:Error 403 on server
Does anyone have a hint to address this problem? Or, Is this destined to stump many a puppet enthusiast? If this is a bug, where does one notify puppet labs of it? LL -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/gmqnS25CCdYJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Puppet cron job class stamps file with date-time. How?
New puppet user. I see that the cron class creates a cronjob with a date-time in the header, which is cool. # HEADER: This file was autogenerated at Mon Oct 01 11:43:25 -0500 2012 by puppet. # HEADER: While it can still be managed manually, it is definitely not recommended. 1. How does it do that? 2. I'd like to be able to edit the text, customize it. 3. More particularly, how can I put a date/time stamp in other managed files? I tried to do so with a template but that was not working out so well. Regards, ~brian -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/Wsckx5euwRgJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: [Puppet-dev] Announce: Puppet 3.0.0-rc7 Available
Hi Jos -- Looks like the rpm specifies 'ruby(abi) = 1.8' so it should be OK out of the box for 1.9.x -- what's the error you're seeing? On Sep 25, 2012, at 10:49 AM, Jos Backus wrote: Hi Matthaus, Would it be possible to publish el6 RPMs for Ruby 1.9 which have 1.9.1 as the library version? The current 3.0.0 RPMs use 1.8. It looks like the RedHat spec file is already set up to handle this. Thanks! Eric Sorenson - eric.soren...@puppetlabs.com -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Where do you store sensitive files with puppet+git approach?
We use hiera-gpg for file type sensitive information as well.For sensitive information which is actually a file (ssh private keys) we moved that into hiera-gpg and just set the yaml markup accordingly so the information could be used to populate the file in question in the correct format. For example this is what a private key looks like in yaml. The | and leading indentation keeps the content in the same format as it passes through the hands of the different villagers on the way to it's home in the id_dsa file. professor_plumbs_private_key: | -BEGIN DSA PRIVATE KEY- GOODSTUFFHERE THEGOODSTUFFCONTINUES -END DSA PRIVATE KEY- Then to create the key file. (Hiera call done as part of class param) file { /blah/blah/.ssh/id_dsa: content = $professor_plumbs_private_key; } I'm sure the same approach could be taken for ssl keys. However we have been wielding the hiera hammer pretty hard and had to stop short of using it in place of DNS so you may not like this approach;) HTH. On Oct 1, 10:40 am, Aaron Grewell aaron.grew...@gmail.com wrote: We use hiera-gpg for ours. Files containing sensitive information are converted into templates so that only the necessary strings are included in gpg. If we really needed to distribute full files I would probably build a separate directory tree backed by its own repository for this. It's just never been necessary for us. On Oct 1, 2012 6:47 AM, Vaidas Jablonskis jablons...@gmail.com wrote: Hi People, I have a quick question, which hopefully you will have an answer to. I am slowly moving towards puppet and git with multiple branches for different environments. Things are going pretty well, but now I have a small issue. The question is where should I store sensitive files, for instance SSL private keys or some files which contain sensitive data? I am aware of hiera-gpg storage backend, but that is more suitable for storing plain text strings rather than actual files - correct me if I am wrong? I am looking forward to hear your opinion on this subject. Thanks in advance. -- Vaidas -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/DjQqqdK2NJ4J. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Storing ssh passphrase
Hello everybody, There's a way to asks to user which is the ssh key passphrase ? I'm provisioning to a vagrant machine, i've copied my ssh keys but i'm not allowed to git clone or do other stuff via puppet because the passphrase it's not remembered by the ssh. How you guys handle with this? Thank you, Guilherme -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/7OtRk0joy-0J. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Puppetd
Hi guys, I updated my 3.0.1 to 2.7.19 puppet, puppet command but disappeared. How do I sync manually? example pupped-vt hugs, -- Douglas Brancaglion Security Analist -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Puppetd
puppet agent has replaced the puppetd command. On Monday, October 1, 2012 2:38:39 PM UTC-5, Douglas Brancaglion wrote: Hi guys, I updated my 3.0.1 to 2.7.19 puppet, puppet command but disappeared. How do I sync manually? example pupped-vt hugs, -- Douglas Brancaglion Security Analist -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/FtFvsOm1MJAJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: puppet instllation error
Can you any one let me know what could be the issue on this? On Friday, September 28, 2012 3:56:53 PM UTC-7, skrishna12 wrote: I tried the credential (mail id and password) stored in answer.lastun.xxx and got the following error. Even after clearing the cookies and caches .. no luck with the mail id and password This webpage has a redirect loop The webpage at * https://puppet-master.etouch.net:3000/?ticket=ST-1348829403r7DD1A83EF03491318C * has resulted in too many redirects. Clearing your cookies for this site or allowing third-party cookies may fix the problem. If not, it is possibly a server configuration issue and not a problem with your computer. Here are some suggestions: - Reloadhttps://puppet-master.etouch.net:3000/?ticket=ST-1348829403r7DD1A83EF03491318C this webpage later. - Learn morehttps://www.google.com/support/chrome/bin/answer.py?answer=95626hl=en-US about this problem. Error 310 (net::ERR_TOO_MANY_REDIRECTS): There were too many redirects. On Friday, September 28, 2012 2:37:39 PM UTC-7, Matthaus Litteken wrote: Glad that helped you get through the installation. The installer should have asked you those questions during the interview, and they are saved in the answers file as well. The console admin user and password will be in the puppet-enterprise-2.6.0-el5-x86_64 directory (wherever you have the installer located) in a file named answers.lastrun.fqdn of machine (which for you will be 'answers.lastrun.puppet-master.etouch.net') The answers you need to look for in that file are: q_puppet_enterpriseconsole_auth_password= q_puppet_enterpriseconsole_auth_user_email= HTH On Fri, Sep 28, 2012 at 2:16 PM, skrishna12 shiva...@gmail.com wrote: The auto generated user name password is here # cat etc/puppetlabs/installer/database_info.install q_puppet_enterpriseconsole_auth_database_name=console_auth q_puppet_enterpriseconsole_auth_database_password=c8ZwU6TVlgcdvTA5ysv6 q_puppet_enterpriseconsole_auth_database_user=console_auth q_puppet_enterpriseconsole_database_install=n q_puppet_enterpriseconsole_database_name=console q_puppet_enterpriseconsole_database_password=2kjrLEVGna95KXQPHac3 q_puppet_enterpriseconsole_database_remote=n q_puppet_enterpriseconsole_database_root_password=eTouch6789 q_puppet_enterpriseconsole_database_user=console thanks On Friday, September 28, 2012 2:13:32 PM UTC-7, skrishna12 wrote: Thanks!! I removed all mysql pkg and reinstall PE . I got the following messages. I can see admin console but not sure about the username and passwd. This time when i installed . the installer didnot ask any console username and password. Pls help me this out Puppet Enterprise has been installed to /opt/puppet, and its configuration files are located in /etc/puppetlabs. ## Answers from this session saved to './answers.lastrun.puppet-master.etouch.net' ## In addition, auto-generated database users and passwords, including the ROOT MySQL password, have been saved to /etc/puppetlabs/installer/database_info.install !!! WARNING: Do not discard these files! All auto-generated database users and passwords, including the ROOT Mysql password, have been saved in them. = The console can be reached at the following URI: * https://puppet-master.etouch.net:3000 If you have a firewall running, please ensure the following TCP ports are open: 8140, 61613, 3000 NOTICE: This system has 1.96 GB of memory, which is below the 4 GB we recommend for the puppet master role. Although this node will be a fully functional puppet master, you may experience poor performance with large numbers of nodes. You can improve the puppet master's performance by increasing its memory. Thanks On Friday, September 28, 2012 11:26:26 AM UTC-7, skrishna12 wrote: Hi I downloaded puppet master puppet-enterprise-2.6.0-el-5-x86_64 on centos 5.2 server. When I tried to install , I got the following error messages. ! ERROR: Could not connect to the mysql server using the root credentials provided. Please verify your credentials and try again. Can you any one suggest what could be the solution to resove the issue? I am struck here. Thanks -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/EAJdw4q6xg8J. To post to this group, send email to puppet...@googlegroups.com. To unsubscribe from this group, send email to puppet-users...@googlegroups.com. For more options, visit this group at
[Puppet Users] Force yum to remove a package?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I want puppet to manage some packages. On CentOS, puppet correctly uses the yum provider to manage rpms. Normally I can do: package { ...: ensure = present } but the rpms I want to install conflict with existing rpms. Ok, you say. so ensure = present on the ones I want and ensure = absent on the ones to remove. How do I cope with the fact that there are other installed packages that depend on the ones I want to remove? The new packages will fulfill the dependency as well, so effectively I just want to force the transaction. Effectively, I want puppet/yum to execute ``rpm -e --nodeps``; can I tell puppet to do it that way? Or do I need to find a workaround, such as an exec? - -- Duncan Hutty http://www.allgoodbits.org -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iEYEARECAAYFAlBp9t8ACgkQCFuTFybf1wrG/wCcD6uBPihYc4eXwql23ae4RUEr WeoAoIWIdVv4XDi43S1hH73DjcEUMgGc =BNC1 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet runs extremly slow on 1 of 18 Windows Server
On Mon, Sep 3, 2012 at 2:07 AM, David Schmitt da...@dasz.at wrote: On 03.09.2012 09:45, Jan Ziegler wrote: Hi, We have 18 Windows Server in the same environment. All Windows Server are build with an individual Windows Image, we created before, which means, that all Windows Machines have the same configuration except ip/mac address and hostname. 17 of those Windows Server run Puppet within 120 seconds per run. But one of those Server took 49 hours for the run...the second one wasn't faster. We already installed this machine from bottom up several times, to be sure, that this server has the same configuration as the other ones... but without success. The last lines before it takes some hours are: info: Loading facts in C:\.. and so on info: Loading facts in C:\.. and so on info: Caching catalog for windowstest.domain info: Applying configuration version '1346550140' Any idea why this machine is so slow? It uses the same puppet classes as the other 17 server. use --evaltrace to see which resources are evaluated. Maybe this gives you a hint what's happening. Since you seem to be pretty sure this is not a problem rooted in the machine itself, the attentions focuses on the environment: Perhaps there is an IP-collision with another device on the network? Perhaps the switchport is faulty? The underlying virtualisation has something fishy configured? The nameserver is acting up? etc. Good hunting, D. Did this issue get resolved? If not, what did --evaltrace show? Are you managing file owner and group? Josh -- Josh Cooper Developer, Puppet Labs -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] How to create a directory if that path does not yet exist?
Marc, There is no way in the resource declaration for 'file' to stop it from ensuring your symlink is made into a directory. That is because this is the state you're asking to have ensured when you compile that resource into a catalog. What you may want to do is find a way to have the resource either ensure a symlink for those hosts or not be in your catalog. I recommend the finding a way to have it ensure a symlink. You could probably do this most easily by wrapping it in a conditional that responds to a top-level variable (either from your ENC or in your node definition). If you are using hiera, perhaps you can keep the variable there. Another option, could be to create a custom fact that detects when you've created a symlink. However, this method does not really capture the fact that you've done the symlink anywhere except on the host. Were this host to fail in an unrecoverable manner, or even just be rebuilt by someone who is not you, this detail may be missed. -- Tom Linkin Professional Services Engineer http://puppetlabs.com/ twitter: @trlinkin On Friday, September 28, 2012 at 11:01 AM, Marc Haber wrote: Hi, I have the following resource defined: file { /var/lib/foo: ensure = directory, owner = root, group = root, mode = 0755, } On some systems, but not on all, I have /var/lib/foo symlinked to another partition with more space. Those symlinks (/var/lib/foo = /space/foo) are replaced during the puppet run with a local directory. Neither the force nor the replace parameter to the File resource seems to stop this behavior. Is there anyway to obtain this behavior short of using an exec? Greetings Marc -- - Marc Haber | I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things. Winona Ryder | Fon: *49 621 31958061 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 31958062 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com (mailto:puppet-users@googlegroups.com). To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com (mailto:puppet-users+unsubscr...@googlegroups.com). For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Where do you store sensitive files with puppet+git approach?
Great stuff. I have a better idea now. Thanks for that guys. On Monday, 1 October 2012 20:33:57 UTC+1, Derek Olsen wrote: We use hiera-gpg for file type sensitive information as well.For sensitive information which is actually a file (ssh private keys) we moved that into hiera-gpg and just set the yaml markup accordingly so the information could be used to populate the file in question in the correct format. For example this is what a private key looks like in yaml. The | and leading indentation keeps the content in the same format as it passes through the hands of the different villagers on the way to it's home in the id_dsa file. professor_plumbs_private_key: | -BEGIN DSA PRIVATE KEY- GOODSTUFFHERE THEGOODSTUFFCONTINUES -END DSA PRIVATE KEY- Then to create the key file. (Hiera call done as part of class param) file { /blah/blah/.ssh/id_dsa: content = $professor_plumbs_private_key; } I'm sure the same approach could be taken for ssl keys. However we have been wielding the hiera hammer pretty hard and had to stop short of using it in place of DNS so you may not like this approach;) HTH. On Oct 1, 10:40 am, Aaron Grewell aaron.grew...@gmail.com wrote: We use hiera-gpg for ours. Files containing sensitive information are converted into templates so that only the necessary strings are included in gpg. If we really needed to distribute full files I would probably build a separate directory tree backed by its own repository for this. It's just never been necessary for us. On Oct 1, 2012 6:47 AM, Vaidas Jablonskis jablons...@gmail.com wrote: Hi People, I have a quick question, which hopefully you will have an answer to. I am slowly moving towards puppet and git with multiple branches for different environments. Things are going pretty well, but now I have a small issue. The question is where should I store sensitive files, for instance SSL private keys or some files which contain sensitive data? I am aware of hiera-gpg storage backend, but that is more suitable for storing plain text strings rather than actual files - correct me if I am wrong? I am looking forward to hear your opinion on this subject. Thanks in advance. -- Vaidas -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/DjQqqdK2NJ4J. To post to this group, send email to puppet...@googlegroups.com javascript:. To unsubscribe from this group, send email to puppet-users...@googlegroups.com javascript:. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/ID3-P5dinc4J. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet windows -
Hi Josh, Thanks that you remember my case. Unfortunately I couldn't wait and restart server on weekend and now puppet works fine. Before it I started ruby -e require 'digest/sha1' And It completed ok. I didn't change Path (and never add ruby to path, as I understand puppet use environment.bat) or install puppet updates/patches. I couldn't do any test now, because problem was fixed after restart. But if it happen again I may replay and I hope provide more information. ** *Best Regards,* *Pavel Drobushevich* *mailto:* p.drobushev...@gmail.com* **skype*: pavel_drabushevich *profile:* http://www.google.com/profiles/p.drobushevich On Mon, Oct 1, 2012 at 11:02 PM, Josh Cooper j...@puppetlabs.com wrote: Hi Pavel, Can you try the following: ruby -e require 'digest/sha1'; puts Digest::SHA1.hexdigest('foo') If that works, try: ruby -e require 'digest/sha1'; puts Digest::SHA1.hexdigest('C:/puppet/sys/ruby/lib/ruby/1.8/i386-mingw32/digest/sha1.so') You should get: 7479672868457859e36fd0a0e35fc20dc066ebe1 Also, what is your PATH and RUBYLIB? Did you recently update (Patch Tuesday)? Josh On Wed, Sep 26, 2012 at 4:32 AM, Pavel Drobushevich p.drobushev...@gmail.com wrote: Hi Josh, I've installed puppet from official msi puppet-enterprise-2.5.0.msi. There are no any other ruby installation on this machine. Ruby version returns following info: 1.8.7 (2011-12-28 patchlevel 357) [i386-mingw32] It've been working about 2 months, but suddenly yesterday stopped. Thanks, Pavel On Wednesday, September 26, 2012 12:55:29 AM UTC+3, Josh Cooper wrote: Hi Pavel, On Tue, Sep 25, 2012 at 2:28 PM, Pavel Drobushevich p.drobu...@gmail.com wrote: Hi all, We use puppet on many windows machines (Windows Server2008R2 x64). It works fine, but on one of them it was fail down and couldn't start work again. I try to reinstall, but it didn't help. May be you have any idea. Thanks in advance. Error message from puppet C:/puppet/puppet/lib/puppet/util/autoload.rb:85:in `load': Could not autoload co mponent: 193: %1 is not a valid Win32 application. - C:/puppet/sys/ruby/lib/ru by/1.8/i386-mingw32/digest/sha1.so (Puppet::Error) from C:/puppet/puppet/lib/puppet/util/autoload.rb:73:in `each' from C:/puppet/puppet/lib/puppet/util/autoload.rb:73:in `load' from C:/puppet/puppet/lib/puppet/metatype/manager.rb:116:in `type' from C:/puppet/puppet/lib/puppet/type.rb:1966 from C:/puppet/sys/ruby/lib/ruby/site_ruby/1.8/rubygems/custom_require.r b:36:in `gem_original_require' from C:/puppet/sys/ruby/lib/ruby/site_ruby/1.8/rubygems/custom_require.r b:36:in `require' from C:/puppet/puppet/lib/puppet.rb:121 from C:/puppet/puppet/lib/puppet/application.rb:272:in `require' from C:/puppet/puppet/lib/puppet/application.rb:272:in `initialize' from C:/puppet/puppet/lib/puppet/util/command_line.rb:60:in `new' from C:/puppet/puppet/lib/puppet/util/command_line.rb:60:in `execute' from C:/puppet/puppet/bin/puppet:4 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/tszwlQxzKpYJ. To post to this group, send email to puppet...@googlegroups.com. To unsubscribe from this group, send email to puppet-users...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. Are you using a different ruby version than is included in the MSI? On my local dev system with Puppet installed I don't see an i386-mingw32 directory: c:/puppet/sys/ruby/lib/ruby/1.8/i386-mingw32 I do see the following however: installdir/puppet/sys/ruby/lib/ruby/1.8/digest/sha2.rb Also this link describes the same problem, may be a ruby 1.9.3-p0 issue on Windows: https://github.com/oneclick/rubyinstaller/issues/102 Or perhaps your system PATH and/or RUBYLIB is picking up a different version than the one the MSI installed. Josh -- Josh Cooper Developer, Puppet Labs -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/3K8q52uLCdsJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Josh Cooper Developer, Puppet Labs -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send
Re: [Puppet Users] Custom ruby gem continuously updates
Does it actually install? I find if package resources try to install on each run it means they don't get installed correctly. On 28 September 2012 13:22, jmadtech jdi...@jmadtechnologies.com wrote: Hey all, I'm not sure if there's a real issue or if I'm doing something incorrectly. I have a custom compiled gem that I'm installing via: package { sapnwrfc-0.24: ensure = 'installed', provider = 'gem', source = /export/admin_scripts/sapnwrfc-0.24, } On first run, it installs correctly. A 'gem list' shows it as: sapnwrfc (0.24 x86_64-linux) However, every subsequent checkin with the master results in: Thu Sep 27 20:07:34 -0700 2012 Puppet (notice): Starting Puppet client version 2.7.19 Thu Sep 27 20:07:49 -0700 2012 /Stage[main]/my_app/Package[sapnwrfc-0.24]/ensure (notice): created Thu Sep 27 20:07:53 -0700 2012 Puppet (notice): Finished catalog run in 12.90 seconds I've tried changing the ensure from 'installed' to '0.24', '0.24 x86_64-linux', etc. to no avail... it keeps registering a change. what am I doing wrong? Thanks in advance! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/I_o9G1NySfUJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: [pe-users] Watch PuppetConf remotely
Hi Stuart, We're working on getting the videos up on our site. We've got a sign-up page to be notified as soon as they're up here: http://info.puppetlabs.com/puppetconf-video-registration.html which is probably the best bet for now. Let me know if you have any other questions. Thanks, Michelle On Mon, Oct 1, 2012 at 12:39 PM, Stuart Cracraft smcracr...@me.com wrote: What are the URL's for the recordings/archive of the conference? --Stuart Via Apple iPhone 4S on the ATT Wireless Network On Sep 27, 2012, at 9:16 AM, Michelle Carroll miche...@puppetlabs.com wrote: Hello, PuppetConf is happening now, and we wanted to make sure everyone knew about the live streaming video. Even if you couldn't make it to San Francisco, you can watch talks in two of the large rooms. The schedule for streaming is posted here: http://puppetlabs.com/blog/watch-the-puppetconf-live-video-stream/ and Luke is halfway through his keynote. Thanks, Michelle -- Michelle Carroll miche...@puppetlabs.com Join us for PuppetConf 2012 in San Francisco: http://bit.ly/pcsig12 -- You received this message because you are subscribed to the Google Groups Puppet Enterprise Users group. To unsubscribe from this group, send email to pe-users+unsubscr...@puppetlabs.com. Visit this group at http://groups.google.com/a/puppetlabs.com/group/pe-users/?hl=en-US. -- You received this message because you are subscribed to the Google Groups Puppet Enterprise Users group. To unsubscribe from this group, send email to pe-users+unsubscr...@puppetlabs.com. Visit this group at http://groups.google.com/a/puppetlabs.com/group/pe-users/?hl=en-US. -- Michelle Carroll miche...@puppetlabs.com Join us for PuppetConf 2012 in San Francisco: http://bit.ly/pcsig12 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: [Puppet-dev] Announce: Puppet 3.0.0-rc7 Available
The builds of puppet require ruby, but are built with ruby 1.8, so they put all of puppet's lib in the sitelibdir of the ruby they were built with, so they go in /usr/lib/ruby/site_ruby/1.8 . For EL, we support whatever ruby distros have available and what is in epel. If there is ever a ruby 1.9 package in those repos, we will certainly look at building puppet 3.x to support it. In the meantime, you can rebuild the puppet 3.0.0 source rpm against your ruby package and as long as it defines the sitelibdir to be in your ruby 1.9's load path, it should work just fine. You would also need to rebuild the facter and hiera rpms in the same way for puppet to find them in its load path. On Mon, Oct 1, 2012 at 12:12 PM, Eric Sorenson eric.soren...@puppetlabs.com wrote: Hi Jos -- Looks like the rpm specifies 'ruby(abi) = 1.8' so it should be OK out of the box for 1.9.x -- what's the error you're seeing? On Sep 25, 2012, at 10:49 AM, Jos Backus wrote: Hi Matthaus, Would it be possible to publish el6 RPMs for Ruby 1.9 which have 1.9.1 as the library version? The current 3.0.0 RPMs use 1.8. It looks like the RedHat spec file is already set up to handle this. Thanks! Eric Sorenson - eric.soren...@puppetlabs.com -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Matthaus Owens Release Manager, Puppet Labs -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Custom ruby gem continuously updates
The gem is there and installed. I didn't install it by hand, so it did get installed by puppet at some point. I'm assuming it's because the gem source file is local so it has no way to verify the file version versus the installed version. On Monday, October 1, 2012 4:42:46 PM UTC-4, Pete wrote: Does it actually install? I find if package resources try to install on each run it means they don't get installed correctly. On 28 September 2012 13:22, jmadtech jdi...@jmadtechnologies.comjavascript: wrote: Hey all, I'm not sure if there's a real issue or if I'm doing something incorrectly. I have a custom compiled gem that I'm installing via: package { sapnwrfc-0.24: ensure = 'installed', provider = 'gem', source = /export/admin_scripts/sapnwrfc-0.24, } On first run, it installs correctly. A 'gem list' shows it as: sapnwrfc (0.24 x86_64-linux) However, every subsequent checkin with the master results in: Thu Sep 27 20:07:34 -0700 2012 Puppet (notice): Starting Puppet client version 2.7.19 Thu Sep 27 20:07:49 -0700 2012 /Stage[main]/my_app/Package[sapnwrfc-0.24]/ensure (notice): created Thu Sep 27 20:07:53 -0700 2012 Puppet (notice): Finished catalog run in 12.90 seconds I've tried changing the ensure from 'installed' to '0.24', '0.24 x86_64-linux', etc. to no avail... it keeps registering a change. what am I doing wrong? Thanks in advance! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/I_o9G1NySfUJ. To post to this group, send email to puppet...@googlegroups.comjavascript:. To unsubscribe from this group, send email to puppet-users...@googlegroups.com javascript:. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/2-aZE0n23ewJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] how to stop puppet from checking a service
Is there an way for puppet to not check whether a service is running or not? I'm basically looking for the equivalent of enable = manual for Linux systems, I think. This would be useful when the service itself is under the control of a CRM like Pacemaker or I want to give control of the service to an end user, say both tomcat and glassfish are on the same box and they want to run one instead of the other. Supposedly the Example42 modules support this by disableboot=true, but that doesn't appear to do anything other than set enable = false for the service and I don't see how that stops Puppet from checking whether the service is up or down. Thanks! -- Later, Darin -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] More Puppet 3.0 upgrade issues: rest.rb and runinterval ?
The last issue I had was missing init.d scripts and the removed puppetmaster in favor of puppet master. I upgraded back to 3.0, uninstalled the old versions to avoid conflict. Puppet master starts, but the client is choking on this error: Oct 1 16:55:46 central puppet-agent[26980]: Could not autoload puppet/indirector/certificate/rest: Invalid duration format '900 # 15 mins' for parameter: runinterval Oct 1 16:55:46 central puppet-agent[26980]: Could not prepare for execution: Could not autoload puppet/indirector/certificate/rest: Invalid duration format '900 # 15 mins' for parameter: runinterval Here's the code to rest.rb require 'puppet/ssl/certificate' require 'puppet/indirector/rest' class Puppet::SSL::Certificate::Rest Puppet::Indirector::REST desc Find and save certificates over HTTP via REST. use_server_setting(:ca_server) use_port_setting(:ca_port) use_srv_service(:ca) def find(request) return nil unless result = super result.name = request.key unless result.name == request.key result end I have a very simple setup. Here is my puppet.conf: [main] server=my.server.com vardir = /var/lib/puppet logdir = /var/log/puppet rundir = /var/run/puppet ssldir = $vardir/ssl [agent] classfile = $vardir/classes.txt localconfig = $vardir/localconfig runinterval = 900 # 15 mins syslogfacility = local4 report = true listen = true [master] syslogfacility = local4 modulepath = /etc/puppet/modules:/usr/share/puppet/modules report = true So I am guessing the runinterval = 900 is triggering the problem. But as I recall, this was set in the default puppet.conf file that was shipped. Thanks. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/nO-1EbrdTtYJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: More Puppet 3.0 upgrade issues: rest.rb and runinterval ?
I fixed the problem. Seems puppet isn't smart enough to parse out a hash comment at the end of the line... that should be fixed. So, changing it from runinterval = 900 # 15 mins to: # 15 mins runinterval = 900 fixed the problem. I'll consider filing a bug report. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/uAaknTj5y-0J. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] sharing a storeconfigs db between masters (across versions)
On 2012-09-29 16:42, Gabriel Filion wrote: From what I understand of storeconfigs, it is possible to plug both puppetmasters on the same MySQL db. Are there any possibilities of issues with having two puppetmasters with *different versions* hit on the same db ? FYI I ran a test run and got my answer. It is *not* a good idea :P the 2.6 client run on the 2.6 master got the following error: err: Could not run Puppet configuration client: Parameter require failed: No title provided and #YAML::Object:0x7f8e7719a520 is not a valid resource reference and after that, the storeconfigs DB was screwed up on the 0.25.4 master. clients kept getting the following error: err: Could not retrieve catalog from remote server: Error 400 on SERVER: Could not render to pson: undefined method `title' for nil:NilClass dropped the db and restored the dump I had made before the test and client runs started working again against the 0.25.4 master. -- Gabriel Filion -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: PuppetConf speakers contact info
Where did you have in mind for me sending that template? I don't know... maybe this list? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/uwBFg1FAFIwJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: More Puppet 3.0 upgrade issues: rest.rb and runinterval ?
On Mon, Oct 1, 2012 at 2:07 PM, Forrie for...@gmail.com wrote: I fixed the problem. Seems puppet isn't smart enough to parse out a hash comment at the end of the line... that should be fixed. So, changing it from runinterval = 900 # 15 mins to: # 15 mins runinterval = 900 fixed the problem. I'll consider filing a bug report. If that syntax worked in Puppet 2.7, then this is a regression. Opening a bug report would be hugely appreciated. Thanks, Branan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Announce: Puppet 3.0.0 Live
Hi, Any chance we will see Ruby 1.9-compatible RPMs for Puppet 3.0.0 and Facter 2.0.0 soon? Thanks, Jos -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/0vjFVf-13KQJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: how to stop puppet from checking a service
On Monday, October 1, 2012 3:56:42 PM UTC-5, Darin Perusich wrote: Is there an way for puppet to not check whether a service is running or not? I'm basically looking for the equivalent of enable = manual for Linux systems, I think. This would be useful when the service itself is under the control of a CRM like Pacemaker or I want to give control of the service to an end user, say both tomcat and glassfish are on the same box and they want to run one instead of the other. I suspect it's not possible to prevent Puppet from *checking* whether a managed service is running, but it may be possible to prevent it from * managing* whether the service is running. Try omitting the 'ensure' parameter altogether. Note that if you're not managing whether the service is running, then the only other thing about it you can be managing is whether it starts at boot (via the 'enable' parameter). If you don't want to manage that either, then just don't declare a Service resource in the first place. Supposedly the Example42 modules support this by disableboot=true, but that doesn't appear to do anything other than set enable = false for the service and I don't see how that stops Puppet from checking whether the service is up or down. It doesn't, but what's the harm in just checking? I haven't looked at the modules you're talking about, but perhaps they do as I suggested? It would be fairly easy to overlook complete omission of a parameter -- much more so than to overlook a special parameter value. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/GdMKCawsHsoJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Force yum to remove a package?
On Monday, October 1, 2012 3:02:48 PM UTC-5, Duncan Hutty wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I want puppet to manage some packages. On CentOS, puppet correctly uses the yum provider to manage rpms. Normally I can do: package { ...: ensure = present } but the rpms I want to install conflict with existing rpms. Ok, you say. so ensure = present on the ones I want and ensure = absent on the ones to remove. How do I cope with the fact that there are other installed packages that depend on the ones I want to remove? The new packages will fulfill the dependency as well, so effectively I just want to force the transaction. No, you *never* want to do that. As soon as you do, you are no longer justified in having full confidence in your RPM database. Probably things work out ok, if you've been careful, at least, but there are gotchas even for the careful. The proper way to do this from the command line is to use yum shell to set up and run a transaction set that removes the unwanted RPMs and adds the replacements in the same go. Or perhaps you can allow the dependant packages to be uninstalled and reinstalled (supposing they are all managed by Puppet, or you're willing to make them so). Effectively, I want puppet/yum to execute ``rpm -e --nodeps``; can I tell puppet to do it that way? Or do I need to find a workaround, such as an exec? The Package type does not provide a mechanism to specify additional flags for provider actions. Furthermore, it manages packages one by one. If you need to automate this switch via Puppet, then you probably do need an Exec. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/UxUtEsui_i0J. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: More Puppet 3.0 upgrade issues: rest.rb and runinterval ?
This is definitely a bug in 3.0.0. I've filed http://projects.puppetlabs.com/issues/16676 to track it. Please update with any additional information you may have. Thanks, -Jeff On Mon, Oct 1, 2012 at 2:07 PM, Forrie for...@gmail.com wrote: I fixed the problem. Seems puppet isn't smart enough to parse out a hash comment at the end of the line... that should be fixed. So, changing it from runinterval = 900 # 15 mins to: # 15 mins runinterval = 900 fixed the problem. I'll consider filing a bug report. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/uAaknTj5y-0J. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: [Puppet-dev] Re: Announce: Puppet 3.0.0 Live
On Mon, Oct 1, 2012 at 2:44 PM, Jos Backus j...@catnook.com wrote: Hi, Any chance we will see Ruby 1.9-compatible RPMs for Puppet 3.0.0 and Facter 2.0.0 soon? Jos, We're currently building and maintaining our own ruby 1.8.7 packages and the Puppet and Facter RPM's depend on these. What Ruby 1.9 packages would these RPM's depend on? Are the existing packages _incompatible_ with Ruby 1.9 ? -Jeff -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Puppet 3.0 fails install on Solaris 10 w/ ruby 1.8.7
There's a problem installing puppet on Solaris 10 -- in this situation, we aren't really doing anything with puppet there. The version we're using is: ruby 1.8.7 (2011-02-18 patchlevel 334) [i386-solaris2.9] Here's the first error: # gem update puppet Updating installed gems Updating puppet Building native extensions. This could take a while... ERROR: Error installing puppet: ERROR: Failed to build gem native extension. /opt/csw/bin/ruby18 extconf.rb extconf.rb:1:in `require': no such file to load -- mkmf (LoadError) from extconf.rb:1 Gem files will remain installed in /opt/csw/lib/ruby/gems/1.8/gems/json-1.7.5 for inspection. Results logged to /opt/csw/lib/ruby/gems/1.8/gems/json-1.7.5/ext/json/ext/generator/gem_make.out Nothing to update So I decided to uninstall the old version and try again: # gem uninstall puppet Remove executables: filebucket, pi, puppet, puppetdoc, ralsh, puppetca, puppetd, puppetmasterd, puppetqd, puppetrun in addition to the gem? [Yn] y Removing filebucket Removing pi Removing puppet Removing puppetdoc Removing ralsh Removing puppetca Removing puppetd Removing puppetmasterd Removing puppetqd Removing puppetrun Successfully uninstalled puppet-2.7.18 Now a fresh install: # gem install puppet Building native extensions. This could take a while... ERROR: Error installing puppet: ERROR: Failed to build gem native extension. /opt/csw/bin/ruby18 extconf.rb extconf.rb:1:in `require': no such file to load -- mkmf (LoadError) from extconf.rb:1 Gem files will remain installed in /opt/csw/lib/ruby/gems/1.8/gems/json-1.7.5 for inspection. Results logged to /opt/csw/lib/ruby/gems/1.8/gems/json-1.7.5/ext/json/ext/generator/gem_make.out The content of this last file is the same as the above error message: extconf.rb:1:in `require': no such file to load -- mkmf (LoadError) from extconf.rb:1 Anyone know what the issue is? Thanks. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/6bxXifJJK1AJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: [Puppet-dev] Re: Announce: Puppet 3.0.0 Live
The builds of puppet require ruby, but are built with ruby 1.8 (at least on EL 5 and 6, and Fedora 15 and 16), so they put all of puppet's lib in the sitelibdir of the ruby they were built with, so they go in /usr/lib/ruby/site_ruby/1.8 . For EL, we support whatever ruby distros have available and what is in epel (and our own 1.8.7 package for el5, as Jeff mentioned). If there is ever a ruby 1.9 package in those repos, we will certainly look at building puppet 3.x to support it. In the meantime, you can rebuild the puppet 3.0.0 source rpm against your ruby package and as long as it defines the sitelibdir to be in your ruby 1.9's load path, it should work just fine. You would also need to rebuild the facter and hiera rpms in the same way for puppet to find them in its load path. The only exception currently is Fedora 17, which is built against the system ruby, which for Fedora 17 is ruby 1.9. Fedora 17 rpms will work with ruby 1.9. On Mon, Oct 1, 2012 at 4:13 PM, Jeff McCune j...@puppetlabs.com wrote: On Mon, Oct 1, 2012 at 2:44 PM, Jos Backus j...@catnook.com wrote: Hi, Any chance we will see Ruby 1.9-compatible RPMs for Puppet 3.0.0 and Facter 2.0.0 soon? Jos, We're currently building and maintaining our own ruby 1.8.7 packages and the Puppet and Facter RPM's depend on these. What Ruby 1.9 packages would these RPM's depend on? Are the existing packages _incompatible_ with Ruby 1.9 ? -Jeff -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Matthaus Owens Release Manager, Puppet Labs -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet 3.0 fails install on Solaris 10 w/ ruby 1.8.7
The puppet 3 gem requires hiera, whose latest version requires json, which can be either json (a c extension), or json_pure (a ruby implementation). If it is the c extension, make and gcc are required to build the c components. The mkmf error usually indicates that make and/or gcc are unavailable. On Mon, Oct 1, 2012 at 4:18 PM, Forrie for...@gmail.com wrote: There's a problem installing puppet on Solaris 10 -- in this situation, we aren't really doing anything with puppet there. The version we're using is: ruby 1.8.7 (2011-02-18 patchlevel 334) [i386-solaris2.9] Here's the first error: # gem update puppet Updating installed gems Updating puppet Building native extensions. This could take a while... ERROR: Error installing puppet: ERROR: Failed to build gem native extension. /opt/csw/bin/ruby18 extconf.rb extconf.rb:1:in `require': no such file to load -- mkmf (LoadError) from extconf.rb:1 Gem files will remain installed in /opt/csw/lib/ruby/gems/1.8/gems/json-1.7.5 for inspection. Results logged to /opt/csw/lib/ruby/gems/1.8/gems/json-1.7.5/ext/json/ext/generator/gem_make.out Nothing to update So I decided to uninstall the old version and try again: # gem uninstall puppet Remove executables: filebucket, pi, puppet, puppetdoc, ralsh, puppetca, puppetd, puppetmasterd, puppetqd, puppetrun in addition to the gem? [Yn] y Removing filebucket Removing pi Removing puppet Removing puppetdoc Removing ralsh Removing puppetca Removing puppetd Removing puppetmasterd Removing puppetqd Removing puppetrun Successfully uninstalled puppet-2.7.18 Now a fresh install: # gem install puppet Building native extensions. This could take a while... ERROR: Error installing puppet: ERROR: Failed to build gem native extension. /opt/csw/bin/ruby18 extconf.rb extconf.rb:1:in `require': no such file to load -- mkmf (LoadError) from extconf.rb:1 Gem files will remain installed in /opt/csw/lib/ruby/gems/1.8/gems/json-1.7.5 for inspection. Results logged to /opt/csw/lib/ruby/gems/1.8/gems/json-1.7.5/ext/json/ext/generator/gem_make.out The content of this last file is the same as the above error message: extconf.rb:1:in `require': no such file to load -- mkmf (LoadError) from extconf.rb:1 Anyone know what the issue is? Thanks. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/6bxXifJJK1AJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Matthaus Owens Release Manager, Puppet Labs -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: [Puppet-dev] Announce: Puppet 3.0.0-rc7 Available
On Mon, Oct 1, 2012 at 1:49 PM, Matthaus Owens matth...@puppetlabs.com wrote: The builds of puppet require ruby, but are built with ruby 1.8, so they put all of puppet's lib in the sitelibdir of the ruby they were built with, so they go in /usr/lib/ruby/site_ruby/1.8 . For EL, we support whatever ruby distros have available and what is in epel. If there is ever a ruby 1.9 package in those repos, we will certainly look at building puppet 3.x to support it. In the meantime, you can rebuild the puppet 3.0.0 source rpm against your ruby package and as long as it defines the sitelibdir to be in your ruby 1.9's load path, it should work just fine. You would also need to rebuild the facter and hiera rpms in the same way for puppet to find them in its load path. Is it a viable option to change the official RPM's to install Puppet into a location that could be shared by multiple ruby interpreters? Perhaps as a gem where two different ruby installations share a common element along the GEM_PATH? -Jeff -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet 3.0 fails install on Solaris 10 w/ ruby 1.8.7
On Mon, Oct 1, 2012 at 4:28 PM, Matthaus Owens matth...@puppetlabs.com wrote: The puppet 3 gem requires hiera, whose latest version requires json, which can be either json (a c extension), or json_pure (a ruby implementation). If it is the c extension, make and gcc are required to build the c components. The mkmf error usually indicates that make and/or gcc are unavailable. The development headers for ruby are also required, I believe ruby18-dev will pull in the gnu compiler utils as well if you install it: http://www.opencsw.org/packages/CSWruby18-dev/ http://www.opencsw.org/packages/CSWruby18-gcc4/ This is the same way most linux distros package ruby, so issues you see around compiling native extensions for linux should be equally helpful for you. Or you can install the pre-compiled json gem: http://www.opencsw.org/packages/CSWrb18-json-1-5-3/ - Justin On Mon, Oct 1, 2012 at 4:18 PM, Forrie for...@gmail.com wrote: There's a problem installing puppet on Solaris 10 -- in this situation, we aren't really doing anything with puppet there. The version we're using is: ruby 1.8.7 (2011-02-18 patchlevel 334) [i386-solaris2.9] Here's the first error: # gem update puppet Updating installed gems Updating puppet Building native extensions. This could take a while... ERROR: Error installing puppet: ERROR: Failed to build gem native extension. /opt/csw/bin/ruby18 extconf.rb extconf.rb:1:in `require': no such file to load -- mkmf (LoadError) from extconf.rb:1 Gem files will remain installed in /opt/csw/lib/ruby/gems/1.8/gems/json-1.7.5 for inspection. Results logged to /opt/csw/lib/ruby/gems/1.8/gems/json-1.7.5/ext/json/ext/generator/gem_make.out Nothing to update So I decided to uninstall the old version and try again: # gem uninstall puppet Remove executables: filebucket, pi, puppet, puppetdoc, ralsh, puppetca, puppetd, puppetmasterd, puppetqd, puppetrun in addition to the gem? [Yn] y Removing filebucket Removing pi Removing puppet Removing puppetdoc Removing ralsh Removing puppetca Removing puppetd Removing puppetmasterd Removing puppetqd Removing puppetrun Successfully uninstalled puppet-2.7.18 Now a fresh install: # gem install puppet Building native extensions. This could take a while... ERROR: Error installing puppet: ERROR: Failed to build gem native extension. /opt/csw/bin/ruby18 extconf.rb extconf.rb:1:in `require': no such file to load -- mkmf (LoadError) from extconf.rb:1 Gem files will remain installed in /opt/csw/lib/ruby/gems/1.8/gems/json-1.7.5 for inspection. Results logged to /opt/csw/lib/ruby/gems/1.8/gems/json-1.7.5/ext/json/ext/generator/gem_make.out The content of this last file is the same as the above error message: extconf.rb:1:in `require': no such file to load -- mkmf (LoadError) from extconf.rb:1 Anyone know what the issue is? Thanks. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/6bxXifJJK1AJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Matthaus Owens Release Manager, Puppet Labs -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: [Puppet-dev] Announce: Puppet 3.0.0-rc7 Available
If there were a standard shared location, that would be an option. Debian has moved along those lines (a shared vendor_ruby that both ruby 1.8 and ruby 1.9 load from), but for EL and Fedora currently, that doesn't exist. And without knowing which ruby 1.9 is being built against, it is impossible to guess what the libdir layout would look like. On Mon, Oct 1, 2012 at 4:36 PM, Jeff McCune j...@puppetlabs.com wrote: On Mon, Oct 1, 2012 at 1:49 PM, Matthaus Owens matth...@puppetlabs.com wrote: The builds of puppet require ruby, but are built with ruby 1.8, so they put all of puppet's lib in the sitelibdir of the ruby they were built with, so they go in /usr/lib/ruby/site_ruby/1.8 . For EL, we support whatever ruby distros have available and what is in epel. If there is ever a ruby 1.9 package in those repos, we will certainly look at building puppet 3.x to support it. In the meantime, you can rebuild the puppet 3.0.0 source rpm against your ruby package and as long as it defines the sitelibdir to be in your ruby 1.9's load path, it should work just fine. You would also need to rebuild the facter and hiera rpms in the same way for puppet to find them in its load path. Is it a viable option to change the official RPM's to install Puppet into a location that could be shared by multiple ruby interpreters? Perhaps as a gem where two different ruby installations share a common element along the GEM_PATH? -Jeff -- Matthaus Owens Release Manager, Puppet Labs -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet/Passenger :: Could not retrieve catalog from remote server:Error 403 on server
I don't think this is trivial. If it were, I would have already found the problem by looking at the obvious things. What I have seen from several posts is that there's other error similar to the one I've seen. I even came across a bug report filed a while back with the same error I see, but I lost the link and cannot find it. The problem is not even from a client to the master. The testing I've done is all in the master. I'll try strace instead of tcpdump, being that this is not a TCP communication problem over the wire but rather a file or directory access problem. LL -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/8D5D3RJ5dw0J. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: [Puppet-dev] Re: Announce: Puppet 3.0.0 Live
Hi Jeff, On Monday, October 1, 2012 4:14:05 PM UTC-7, Jeff McCune wrote: On Mon, Oct 1, 2012 at 2:44 PM, Jos Backus j...@catnook.com javascript: wrote: Hi, Any chance we will see Ruby 1.9-compatible RPMs for Puppet 3.0.0 and Facter 2.0.0 soon? Jos, We're currently building and maintaining our own ruby 1.8.7 packages and the Puppet and Facter RPM's depend on these. What Ruby 1.9 packages would these RPM's depend on? I use this: https://github.com/rilindo/ruby-1.9.3-rpm; it works fine. Are the existing packages _incompatible_ with Ruby 1.9 ? Yes, they have the wrong sitelibdir. Thanks, Jos -Jeff -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/Euz83y6Md3YJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Speed up file resource on Windows
On Thu, Aug 30, 2012 at 12:28 PM, Josh Cooper j...@puppetlabs.com wrote: Hi Roger, On Tue, Aug 28, 2012 at 2:59 PM, Roger rojspen...@gmail.com wrote: Puppet is taking about 5 minutes per run on a Windows 2008 R2 server. Here's the breakdown: config_retrieval 1.638 exec 1.0764 file 320.1297 Total 322.8441 There are only 13 file resources: 4 are directories 2 are small powershell scripts 6 are relatively small text files 1 image file (9K png file) Puppet version is 2.7.19 Why so long ensuring these files are correct? Are these on a local filesystem? Or vm shared folder (hgfs)? Or smb/cifs? Are you managing owner/group/mode? If so, can you try omitting those properties? Josh -- Josh Cooper Developer, Puppet Labs I've discovered some performance issues with how we're using WMI to resolve usernames into SIDs when managing file owner and group, see [1]. Is your Windows server joined to a domain? Do you have multiple domains? forests? Josh [1] https://projects.puppetlabs.com/issues/16681 -- Josh Cooper Developer, Puppet Labs -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: [Puppet-dev] Re: Announce: Puppet 3.0.0 Live
Hi Matthaus, On Monday, October 1, 2012 4:25:02 PM UTC-7, Matthaus Litteken wrote: The builds of puppet require ruby, but are built with ruby 1.8 (at least on EL 5 and 6, and Fedora 15 and 16), so they put all of puppet's lib in the sitelibdir of the ruby they were built with, so they go in /usr/lib/ruby/site_ruby/1.8 . For EL, we support whatever ruby distros have available and what is in epel (and our own 1.8.7 package for el5, as Jeff mentioned). If there is ever a ruby 1.9 package in those repos, we will certainly look at building puppet 3.x to support it. In the meantime, you can rebuild the puppet 3.0.0 source rpm against your ruby package and as long as it defines the sitelibdir to be in your ruby 1.9's load path, it should work just fine. You would also need to rebuild the facter and hiera rpms in the same way for puppet to find them in its load path. The only exception currently is Fedora 17, which is built against the system ruby, which for Fedora 17 is ruby 1.9. Fedora 17 rpms will work with ruby 1.9. Okay, I will build my own, as it's unlikely that Ruby 1.9 will be supported before EL7. Thanks for the heads-up. Cheers, Jos -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/zYNioNOGi-AJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Puppet 3.0: Not authorized to call find on /file_metadata, more issues?
I've seen mention of this error in several places, with different causes. So before I posted here, I attempted to resolve this on my own. I corrected the change from puppet:///files to puppet:/// in my manifests *.pp files. No changes were made to the auth.conf file, and I did note in the ChangeLog that: Auth.conf differentiates between names and IPs – There’s a new allow_ip keyword in auth.conf if you want to permit IP addresses. (PR991) But I see no mention of that on the docs page at http://docs.puppetlabs.com/guides/rest_auth_conf.html. Our auth.conf is simple, and basically has either allow $1 or allow * both which appear to still be valid in 3.0. Here's an example, a simple example, an ntp.conf file: class ntp-client { file { /etc/ntp.conf: owner = root, group = root, mode= 644, source = puppet:///etc/ntp.conf, require = [ Package[ntp] ], notify = Service[ntpd], } package { ntp: ensure = latest, } service { ntpd: ensure = running, hasrestart = true, subscribe = File[/etc/ntp.conf], } } # ntp-client The error I'm seeing in the puppet.log, on the client system: Oct 1 20:02:28 test-fms puppet-agent[11062]: Starting Puppet client version 2.7.17 Oct 1 20:02:31 test-fms puppet-agent[11062]: (/Stage[main]/Ntp-client/File[/etc/ntp.conf]) Could not evaluate: Error 400 on SERVER: Not authorized to call find on /file_metadata/etc/ntp.conf Could not retrieve file metadata for puppet:///etc/ntp.conf: Error 400 on SERVER: Not authorized to call find on /file_metadata/etc/ntp.conf at /etc/puppet/manifests/classes/ntp-client.pp:10 The permissions from /etc/puppet/files are correct: -rw-r--r--. 1 puppet puppet 446 Mar 31 2011 etc/ntp.conf The client puppet.conf file doesn't have any custom references other than the basics. [main] server = ourpuppet.server.com vardir = /var/lib/puppet logdir = /var/log/puppet rundir = /var/run/puppet ssldir = $vardir/ssl [agent] classfile = $vardir/classes.txt localconfig = $vardir/localconfig syslogfacility = local4 report = true listen = true I ran puppet master in verbose mode and got these diagnostics: Starting Puppet master version 3.0.0 Info: access[^/catalog/([^/]+)$]: allowing 'method' find Info: access[^/catalog/([^/]+)$]: allowing $1 access Info: access[/certificate_revocation_list/ca]: allowing 'method' find Info: access[/certificate_revocation_list/ca]: allowing * access Info: access[/report]: allowing 'method' save Info: access[/report]: allowing * access Info: access[/file]: allowing * access Info: access[/certificate/ca]: adding authentication no Info: access[/certificate/ca]: allowing 'method' find Info: access[/certificate/ca]: allowing * access Info: access[/certificate/]: adding authentication no Info: access[/certificate/]: allowing 'method' find Info: access[/certificate/]: allowing * access Info: access[/certificate_request]: adding authentication no Info: access[/certificate_request]: allowing 'method' find Info: access[/certificate_request]: allowing 'method' save Info: access[/certificate_request]: allowing * access Info: access[/]: adding authentication any Info: Inserting default '~ ^/node/([^/]+)$' (auth true) ACL Info: Inserting default '/status' (auth true) ACL Warning: Host is missing hostname and/or domain: one-host.ourdomain.com Compiled catalog for one-host.ourdomain.com in environment production in 1.16 seconds Info: mount[files]: allowing 10.101.0.0/24 access Error: Error parsing fileserver configuration: wrong number of arguments (3 for 1); using old configuration Error: Not authorized to call find on /file_metadata/etc/ntp.conf Error: Not authorized to call find on /file_metadata/etc/sudoers Error: Not authorized to call find on /file_metadata/files/etc/ssh/ssh_known_hosts Error: Not authorized to call find on /file_metadata/files/etc/ssh/sshd_config Error: Not authorized to call find on /file_metadata/etc/puppet/namespaceauth.conf Error: Not authorized to call find on /file_metadata/etc/puppet/puppet.conf.agent Error: Not authorized to call find on /file_metadata/etc/puppet/auth.conf Error: Not authorized to call find on /file_metadata/etc/resolv.conf.test I reviewed the docs at http://docs.puppetlabs.com/guides/file_serving.html and our config looks fine. Reading through the issue at http://projects.puppetlabs.com/issues/16667, I'm not clear what the fix actually is. But, our config has been unaltered. We have unused modules in the /etc/puppet/modules directory, where most of the little stuff has been in /etc/puppet/manifests, referenced in site.pp by: import classes/* import nodes.pp And it's worked thus far. In the example above, with ntp-client, it's just a simple little ntp-client.pp file that references a file that should be transfered, nothing more. So I don't see how or why that wouldn't work
[Puppet Users] Removing intermediate variables in calculation
Hello, I have a small Puppet 2.7 module to configure Sonatype Nexus Professional. The module takes, among other things, a baseurl in the form of http://example.com/path; and I'd like it to extract the /path from that variable into a separate variable IF an optional path variable haven't been supplied. Here is an extract: class nexus::config( ... $baseurl, $webapp_context_path = '/' ) { if ($webapp_context_path != '') { $int_webapp_context_path = $webapp_context_path notify{using webapp_context_path \${webapp_context_path}\:} } else { $extracted_url_path = regsubst($baseurl, '^https?://[^/]+(/.*)', '\1') if ($extracted_url_path) { $int_webapp_context_path = $extracted_url_path } else { # in case we were given a $baseurl without the tailing / $int_webapp_context_path = '/' } notify{extracted int_webapp_context_path \${int_webapp_context_path}\ from url \${baseurl}\: } } # use $int_webapp_context_path in the .erb template file My question - this use of $int_webapp_context_path and $extracted_url_path looks a bit shabby. But I didn't find a way to use conditional assignments to remove these intermediate variables and either: 1. Assign the value I want to $webapp_context_path if it's not set yet. 2. Or at least get rid of the $extracted_url_path Is there a nicer way to achieve the above? Thanks. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/rNRGRX2LrzkJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: PuppetConf speakers contact info
Many of the speakers also put their slides on Speakerdeck and most people include an email address and/or twitter handle in their slides. Just another option. Googling for their names might also return some results. Another option. On Monday, 1 October 2012 at 2:15 PM, windowsrefund wrote: Where did you have in mind for me sending that template? I don't know... maybe this list? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/uwBFg1FAFIwJ. To post to this group, send email to puppet-users@googlegroups.com (mailto:puppet-users@googlegroups.com). To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com (mailto:puppet-users+unsubscr...@googlegroups.com). For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet 3.0: Not authorized to call find on /file_metadata, more issues?
In Puppet 3.x, allow directives are limited to hostnames, if you wish to allow an ip address, the allow_ip directive should be used. This was in response to CVE-2012-3408 (http://puppetlabs.com/security/cve/cve-2012-3408/). On Mon, Oct 1, 2012 at 5:48 PM, Forrie for...@gmail.com wrote: I've seen mention of this error in several places, with different causes. So before I posted here, I attempted to resolve this on my own. I corrected the change from puppet:///files to puppet:/// in my manifests *.pp files. No changes were made to the auth.conf file, and I did note in the ChangeLog that: Auth.conf differentiates between names and IPs – There’s a new allow_ip keyword in auth.conf if you want to permit IP addresses. (PR991) But I see no mention of that on the docs page at http://docs.puppetlabs.com/guides/rest_auth_conf.html. Our auth.conf is simple, and basically has either allow $1 or allow * both which appear to still be valid in 3.0. Here's an example, a simple example, an ntp.conf file: class ntp-client { file { /etc/ntp.conf: owner = root, group = root, mode= 644, source = puppet:///etc/ntp.conf, require = [ Package[ntp] ], notify = Service[ntpd], } package { ntp: ensure = latest, } service { ntpd: ensure = running, hasrestart = true, subscribe = File[/etc/ntp.conf], } } # ntp-client The error I'm seeing in the puppet.log, on the client system: Oct 1 20:02:28 test-fms puppet-agent[11062]: Starting Puppet client version 2.7.17 Oct 1 20:02:31 test-fms puppet-agent[11062]: (/Stage[main]/Ntp-client/File[/etc/ntp.conf]) Could not evaluate: Error 400 on SERVER: Not authorized to call find on /file_metadata/etc/ntp.conf Could not retrieve file metadata for puppet:///etc/ntp.conf: Error 400 on SERVER: Not authorized to call find on /file_metadata/etc/ntp.conf at /etc/puppet/manifests/classes/ntp-client.pp:10 The permissions from /etc/puppet/files are correct: -rw-r--r--. 1 puppet puppet 446 Mar 31 2011 etc/ntp.conf The client puppet.conf file doesn't have any custom references other than the basics. [main] server = ourpuppet.server.com vardir = /var/lib/puppet logdir = /var/log/puppet rundir = /var/run/puppet ssldir = $vardir/ssl [agent] classfile = $vardir/classes.txt localconfig = $vardir/localconfig syslogfacility = local4 report = true listen = true I ran puppet master in verbose mode and got these diagnostics: Starting Puppet master version 3.0.0 Info: access[^/catalog/([^/]+)$]: allowing 'method' find Info: access[^/catalog/([^/]+)$]: allowing $1 access Info: access[/certificate_revocation_list/ca]: allowing 'method' find Info: access[/certificate_revocation_list/ca]: allowing * access Info: access[/report]: allowing 'method' save Info: access[/report]: allowing * access Info: access[/file]: allowing * access Info: access[/certificate/ca]: adding authentication no Info: access[/certificate/ca]: allowing 'method' find Info: access[/certificate/ca]: allowing * access Info: access[/certificate/]: adding authentication no Info: access[/certificate/]: allowing 'method' find Info: access[/certificate/]: allowing * access Info: access[/certificate_request]: adding authentication no Info: access[/certificate_request]: allowing 'method' find Info: access[/certificate_request]: allowing 'method' save Info: access[/certificate_request]: allowing * access Info: access[/]: adding authentication any Info: Inserting default '~ ^/node/([^/]+)$' (auth true) ACL Info: Inserting default '/status' (auth true) ACL Warning: Host is missing hostname and/or domain: one-host.ourdomain.com Compiled catalog for one-host.ourdomain.com in environment production in 1.16 seconds Info: mount[files]: allowing 10.101.0.0/24 access Error: Error parsing fileserver configuration: wrong number of arguments (3 for 1); using old configuration Error: Not authorized to call find on /file_metadata/etc/ntp.conf Error: Not authorized to call find on /file_metadata/etc/sudoers Error: Not authorized to call find on /file_metadata/files/etc/ssh/ssh_known_hosts Error: Not authorized to call find on /file_metadata/files/etc/ssh/sshd_config Error: Not authorized to call find on /file_metadata/etc/puppet/namespaceauth.conf Error: Not authorized to call find on /file_metadata/etc/puppet/puppet.conf.agent Error: Not authorized to call find on /file_metadata/etc/puppet/auth.conf Error: Not authorized to call find on /file_metadata/etc/resolv.conf.test I reviewed the docs at http://docs.puppetlabs.com/guides/file_serving.html and our config looks fine. Reading through the issue at http://projects.puppetlabs.com/issues/16667, I'm not clear what the fix actually is. But, our config has been unaltered. We have unused modules in the /etc/puppet/modules directory, where most of the little
Re: [Puppet Users] Puppet 3.0: Not authorized to call find on /file_metadata, more issues?
Oh, sorry, you mention that you already found that changelog entry. I misread that part. On Mon, Oct 1, 2012 at 10:27 PM, Matthaus Owens matth...@puppetlabs.com wrote: In Puppet 3.x, allow directives are limited to hostnames, if you wish to allow an ip address, the allow_ip directive should be used. This was in response to CVE-2012-3408 (http://puppetlabs.com/security/cve/cve-2012-3408/). On Mon, Oct 1, 2012 at 5:48 PM, Forrie for...@gmail.com wrote: I've seen mention of this error in several places, with different causes. So before I posted here, I attempted to resolve this on my own. I corrected the change from puppet:///files to puppet:/// in my manifests *.pp files. No changes were made to the auth.conf file, and I did note in the ChangeLog that: Auth.conf differentiates between names and IPs – There’s a new allow_ip keyword in auth.conf if you want to permit IP addresses. (PR991) But I see no mention of that on the docs page at http://docs.puppetlabs.com/guides/rest_auth_conf.html. Our auth.conf is simple, and basically has either allow $1 or allow * both which appear to still be valid in 3.0. Here's an example, a simple example, an ntp.conf file: class ntp-client { file { /etc/ntp.conf: owner = root, group = root, mode= 644, source = puppet:///etc/ntp.conf, require = [ Package[ntp] ], notify = Service[ntpd], } package { ntp: ensure = latest, } service { ntpd: ensure = running, hasrestart = true, subscribe = File[/etc/ntp.conf], } } # ntp-client The error I'm seeing in the puppet.log, on the client system: Oct 1 20:02:28 test-fms puppet-agent[11062]: Starting Puppet client version 2.7.17 Oct 1 20:02:31 test-fms puppet-agent[11062]: (/Stage[main]/Ntp-client/File[/etc/ntp.conf]) Could not evaluate: Error 400 on SERVER: Not authorized to call find on /file_metadata/etc/ntp.conf Could not retrieve file metadata for puppet:///etc/ntp.conf: Error 400 on SERVER: Not authorized to call find on /file_metadata/etc/ntp.conf at /etc/puppet/manifests/classes/ntp-client.pp:10 The permissions from /etc/puppet/files are correct: -rw-r--r--. 1 puppet puppet 446 Mar 31 2011 etc/ntp.conf The client puppet.conf file doesn't have any custom references other than the basics. [main] server = ourpuppet.server.com vardir = /var/lib/puppet logdir = /var/log/puppet rundir = /var/run/puppet ssldir = $vardir/ssl [agent] classfile = $vardir/classes.txt localconfig = $vardir/localconfig syslogfacility = local4 report = true listen = true I ran puppet master in verbose mode and got these diagnostics: Starting Puppet master version 3.0.0 Info: access[^/catalog/([^/]+)$]: allowing 'method' find Info: access[^/catalog/([^/]+)$]: allowing $1 access Info: access[/certificate_revocation_list/ca]: allowing 'method' find Info: access[/certificate_revocation_list/ca]: allowing * access Info: access[/report]: allowing 'method' save Info: access[/report]: allowing * access Info: access[/file]: allowing * access Info: access[/certificate/ca]: adding authentication no Info: access[/certificate/ca]: allowing 'method' find Info: access[/certificate/ca]: allowing * access Info: access[/certificate/]: adding authentication no Info: access[/certificate/]: allowing 'method' find Info: access[/certificate/]: allowing * access Info: access[/certificate_request]: adding authentication no Info: access[/certificate_request]: allowing 'method' find Info: access[/certificate_request]: allowing 'method' save Info: access[/certificate_request]: allowing * access Info: access[/]: adding authentication any Info: Inserting default '~ ^/node/([^/]+)$' (auth true) ACL Info: Inserting default '/status' (auth true) ACL Warning: Host is missing hostname and/or domain: one-host.ourdomain.com Compiled catalog for one-host.ourdomain.com in environment production in 1.16 seconds Info: mount[files]: allowing 10.101.0.0/24 access Error: Error parsing fileserver configuration: wrong number of arguments (3 for 1); using old configuration Error: Not authorized to call find on /file_metadata/etc/ntp.conf Error: Not authorized to call find on /file_metadata/etc/sudoers Error: Not authorized to call find on /file_metadata/files/etc/ssh/ssh_known_hosts Error: Not authorized to call find on /file_metadata/files/etc/ssh/sshd_config Error: Not authorized to call find on /file_metadata/etc/puppet/namespaceauth.conf Error: Not authorized to call find on /file_metadata/etc/puppet/puppet.conf.agent Error: Not authorized to call find on /file_metadata/etc/puppet/auth.conf Error: Not authorized to call find on /file_metadata/etc/resolv.conf.test I reviewed the docs at http://docs.puppetlabs.com/guides/file_serving.html and our config looks fine. Reading through the issue at