[Puppet Users] Re: puppetdb listening on TCP Ports 1099 and 58772
So, nobody is able to explain to me why puppetdb is running Java RMI service on all interfaces when it's otherwise not configured to? Really, there's got to be a way to stop this aside from using iptables. $ lsof -i -n -P | grep java | grep LISTEN java 31464 puppetdb 21u IPv6 715671 0t0 TCP *:1099 (LISTEN) java 31464 puppetdb 22u IPv6 717146 0t0 TCP *:40196 (LISTEN) # note: port changes since original post java 31464 puppetdb 39u IPv6 717150 0t0 TCP 127.0.0.1:8080 (LISTEN) java 31464 puppetdb 44u IPv6 715700 0t0 TCP 127.0.0.1:8081 (LISTEN) $ uname -a Linux neocrime.net 3.6.11 #5 SMP Sat Dec 22 21:02:13 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux $ lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description:Ubuntu 12.04.1 LTS Release:12.04 Codename: precise $dpkg -l puppetdb puppetmaster postgresql rubygems openjdk-6-jre-headless ... ii openjdk-6-jre-headle 6b24-1.11.5-0ubuntu1 OpenJDK Java runtime, using Hotspot JIT (headless) ii postgresql 9.1+129ubuntu1 object-relational SQL database (supported version) ii puppetdb 1.0.5-1puppetlabs1 PuppetDB Centralized Storage. ii puppetmaster 3.0.2-1puppetlabs1 Centralized configuration management - master startup an ii rubygems 1.8.21-0~28~precise1 package management framework for Ruby libraries/applicat $ cat /etc/apt/sources.list.d/PuppetLabs.list deb http://apt.puppetlabs.com precise main $ cat /etc/puppetdb/conf.d/* | grep -v '^#' [global] vardir = /var/lib/puppetdb logging-config = /etc/puppetdb/conf.d/../log4j.properties resource-query-limit = 2 [command-processing] [database] classname = org.postgresql.Driver subprotocol = postgresql subname = //localhost:5432/puppetdb log-slow-statements = 10 syntax_pgs = true gc-interval = 60 username = puppetdb password = redacted [jetty] host = localhost port = 8080 ssl-host = localhost ssl-port = 8081 keystore = /etc/puppetdb/ssl/keystore.jks truststore = /etc/puppetdb/ssl/truststore.jks key-password = redacted trust-password = redacted [repl] enabled = false type = nrepl port = 8082 On Monday, December 24, 2012 1:27:24 AM UTC-8, Michael Henry wrote: PuppetDB is operating fine, but I can't figure out how to disable it from listening globally on TCP 1099 or 58722 How do I disable them from listening globally without having to resort to iptables? $ lsof -i -n -P | grep java | grep LISTEN java 30115 puppetdb 22u IPv6 119118 0t0 TCP *:1099 (LISTEN) java 30115 puppetdb 23u IPv6 117236 0t0 TCP *:58772 (LISTEN) java 30115 puppetdb 40u IPv6 117241 0t0 TCP 127.0.0.1:8080(LISTEN) java 30115 puppetdb 45u IPv6 117247 0t0 TCP 127.0.0.1:8081(LISTEN) $ netstat -tnlp | grep java tcp6 0 0 :::1099 :::* LISTEN 30115/java tcp6 0 0 127.0.0.1:8080 :::* LISTEN 30115/java tcp6 0 0 127.0.0.1:8081 :::* LISTEN 30115/java tcp6 0 0 :::58772:::* LISTEN 30115/java This is what NMAP says they are: PORT STATE SERVICE VERSION 1099/tcp open jrmiJava RMI 58772/tcp open unknown Java RMI: http://en.wikipedia.org/wiki/Java_remote_method_invocation My relevant configurations: $ egrep '(port|host|1099|58772)' /etc/puppetdb/conf.d/* /etc/puppetdb/conf.d/database.ini:# For PostgreSQL: //host:port/databaseName /etc/puppetdb/conf.d/database.ini:subname = //localhost:5432/puppetdb /etc/puppetdb/conf.d/jetty.ini:# Hostname to list for clear-text HTTP. Default is localhost /etc/puppetdb/conf.d/jetty.ini:host = localhost /etc/puppetdb/conf.d/jetty.ini:port = 8080 /etc/puppetdb/conf.d/jetty.ini:ssl-host = localhost /etc/puppetdb/conf.d/jetty.ini:ssl-port = 8081 /etc/puppetdb/conf.d/repl.ini:# What port the REPL should listen on /etc/puppetdb/conf.d/repl.ini:port = 8082 OS: Ubuntu 12.04 LTS x86_64 Puppetdb 1.0.5 Puppet 3.0.1 Is there a setting I've missed? Thanks in advance. Respectfully, Michael Henry (Mike) -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/6gA8u8I8NAcJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] module version support?
Does puppet have any built in support for applying different versions of modules to different nodes? I haven't come across any documentation describing such a feature so I assume no but wanted to verify. As a follow up question are there any best practices to do such a thing? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/zzn_ldfcOoIJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Problems building puppet 3.x for SLES
Working packages for SLES, and all current SuSE releases, are available in open build service. These are the packages that feed the distributions. https://build.opensuse.org/package/show?package=puppetproject=systemsmanagement%3Apuppet -- Later, Darin On Wed, Dec 26, 2012 at 10:53 PM, Jagga Soorma jagg...@gmail.com wrote: Hi Guys, I am new to puppet and have a mix of both RHEL5.x and SLES11.x servers in my environment. I have been able to build the puppet client with some modifications on RHEL5.x with the spec files just fine but can't seem to build for SLES11.x. I was wondering if anyone here is using the puppet 3.x client with SLES11 yet? If so, do you know what the best way is to install all the dependencies and the puppet client for SLES11.x. Any help would be appreciated. Thanks, -J -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/UrZPC54IbswJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: in-module data with hiera
Hello, What is still needed to get this issue 'moving'? I have 2 customers where i have to start a new Puppet environment starting in January 2013 and i would really like to be able to use this functionality for those. Regards, Stefan - Zipkid - Goethals. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/qpmxRhRUIhsJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Broken rsync mirroring for PuppetLabs APT repo
Hi, I have sent this mail to i...@puppetlabs.com and received no answer, so I'm posting here as well; I hope somebody at PuppetLabs will be able to help. I have a local mirror of apt.puppetlabs.com which has been broken for at least a few days: the apt/dists/ subdirectory only contains symlinks to non-existent files. [mirror@excellent dists]$ ls -l total 0 lrwxrwxrwx 1 mirror mirror 29 21 déc. 01:45 hardy - hardy-20121220164502045137453 lrwxrwxrwx 1 mirror mirror 29 21 déc. 01:53 lucid - lucid-20121220165208876527646 lrwxrwxrwx 1 mirror mirror 29 21 déc. 01:57 natty - natty-20121220165607590234617 lrwxrwxrwx 1 mirror mirror 31 21 déc. 01:47 oneiric - oneiric-20121220164616495945899 lrwxrwxrwx 1 mirror mirror 31 21 déc. 01:54 precise - precise-20121220165341748274165 lrwxrwxrwx 1 mirror mirror 31 21 déc. 01:46 quantal - quantal-20121220164539080938625 lrwxrwxrwx 1 mirror mirror 27 21 déc. 01:49 sid - sid-20121220164825095308145 lrwxrwxrwx 1 mirror mirror 31 21 déc. 01:52 squeeze - squeeze-20121220165038896453411 lrwxrwxrwx 1 mirror mirror 30 21 déc. 01:50 stable - stable-20121220164951162557153 lrwxrwxrwx 1 mirror mirror 31 21 déc. 01:48 testing - testing-20121220164736915534425 lrwxrwxrwx 1 mirror mirror 32 21 déc. 01:58 unstable - unstable-20121220165727244887087 lrwxrwxrwx 1 mirror mirror 30 21 déc. 01:56 wheezy - wheezy-20121220165450654775488 This mirror is maintained with rsync. I have tried downloading a fresh copy of the repo on another machine in case I have somehow setup rsync wrong, and I can confirm the issue is not on my side. -- A -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] module version support?
Environments would probably be a good starting point for what your after. http://docs.puppetlabs.com/guides/environment.html On Thu, Dec 27, 2012 at 8:06 AM, Schofield dbschofi...@gmail.com wrote: Does puppet have any built in support for applying different versions of modules to different nodes? I haven't come across any documentation describing such a feature so I assume no but wanted to verify. As a follow up question are there any best practices to do such a thing? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/zzn_ldfcOoIJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Hostname wildcards in module
I'm new to Puppet (yay!) and working through having a different resolv.conf for systems that contain a certain string in their hostname. I've got the following in my modules/system/files.pp: class system::files { case $hostname { /^uklab*$/: { $file = resolv-isg.conf } default: { $file = resolv-internal.conf } } file { '/etc/resolv.conf': source = puppet:///modules/system/$file } } For some reason it always uses the default, what am I doing wrong? I've done loads of Googling around but can't seem to find a reasonable answer. I know I could use a different module per node but didn't want to have loads of per-node nodules but is this the only way? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/ycBO-sSvP6sJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Avoiding a ball of yarn and technical debt
On 12/27/2012 12:47 AM, Brian Dunbar wrote: Questions: Would it be better pause for a few weeks and upgrade to Puppet 2.7 3 now? If you can afford it - then absolutely. Is there consensus on the best way to avoid a yarn-ball of messy code? Use at least puppet parser validate + puppet-lint in pre-commit hook, keep your code in modules and not in site.pp, and try to separate data from the code via hiera, and you'll be pretty much OK. -- Jakov Sosic www.srce.unizg.hr -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] generate() function help
Hi. I want to run script which is distributed with my module, but the problem is I have to then hardcode the path to the script in the generate function call, for example: generate(/etc/puppet/environments/${environment}/modules/mymodule/scripts/myscript) But what If some other site uses other path to their modules, or doesn't use environments at all? Is it possible somehow to detect the dir in which the module is installed, so that I can use something like: generate($modulepath/scripts/myscript) -- Jakov Sosic www.srce.unizg.hr -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Hostname wildcards in module
On Thu, Dec 27, 2012 at 5:29 AM, Allan Mullan ammul...@gmail.com wrote: I'm new to Puppet (yay!) and working through having a different resolv.conf for systems that contain a certain string in their hostname. I've got the following in my modules/system/files.pp: class system::files { case $hostname { Off the top of my head you may want to try $::fqdn instead. Thanks, Roman. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] generate() function help
On Thu, Dec 27, 2012 at 10:29 AM, Jakov Sosic jso...@srce.hr wrote: I want to run script which is distributed with my module, but the problem is I have to then hardcode the path to the script in the generate function call, for example: generate(/etc/puppet/**environments/${environment}/** modules/mymodule/scripts/**myscript) But what If some other site uses other path to their modules, or doesn't use environments at all? Is it possible somehow to detect the dir in which the module is installed, so that I can use something like: generate($modulepath/scripts/**myscript) See stdlib: https://github.com/puppetlabs/puppetlabs-stdlib/blob/master/lib/puppet/parser/functions/get_module_path.rb HTH, Nan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Announce: Hiera 1.1.2 available
Hiera 1.1.2 is a bugfix release in the 1.x series. Downloads are available at: * Source: https://downloads.puppetlabs.com/hiera/hiera-1.1.2.tar.gz RPMs are available at https://yum.puppetlabs.com/el or /fedora Rubygem available at http://rubygems.org/gems/hiera Debs are available at https://apt.puppetlabs.com Mac package is available at https://downloads.puppetlabs.com/mac/hiera-1.1.2.dmg Please report feedback via the Puppet Labs Redmine site, using an affected version of 1.1.2: http://projects.puppetlabs.com/projects/hiera/ ## Hiera 1.1.2 Bug Fixes ## (#18214) Update gem dependency to json_pure from json As the json gem requires ruby-dev, gcc, and other tools to install via rubygems, this commit changes the dependency to json_pure for gems, which will lessen the dependencies required for install, as json_pure is pure ruby, with no compilation required. (#17087) Fix backend key in hiera.yaml Previously the hiera.yaml that is laid down in packaged installs used 'backend' instead of 'backends' which means that hiera falls through to the default yaml backend, as no 'backends' key exists in the config. This commit fixes the hiera.yaml file to use 'backends' instead. ## Hiera 1.1.2 Changelog ## Jeff McCune (1): 0eaa709 (Maint) Make Hiera operate with /dev/null config file Matthaus Owens (8): 483f58b Add quantal to default cows list in build_defaults. 8439326 Remove fedora 15 mocks from default mocks in build_defaults. fa794bd (#17087) Fix backend key in hiera.yaml 9937977 (maint) Handle lack of RSpec::Core::RakeTask gracefully 3d8785c Update Hiera VERSION to 1.1.2-rc1 1fd1466 (#18214) Update gem dependency to json_pure from json a9c0e14 Update Hiera VERSION to 1.1.2-rc2 89c0a32 Update Hiera VERSION to 1.1.2 Sharif Nassar (1): ee341f7 Spelling. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Announce: Facter 1.6.17 available
Facter 1.6.17 is a maintenance release in the 1.6.x series with bug fixes. Downloads are available at: * Source: https://downloads.puppetlabs.com/facter/facter-1.6.17.tar.gz RPMs are available at https://yum.puppetlabs.com/el or /fedora Rubygem available at http://rubygems.org/gems/facter Debs are available at https://apt.puppetlabs.com Mac package is available at https://downloads.puppetlabs.com/mac/facter-1.6.17.dmg Please report feedback via the Puppet Labs Redmine site, using a affected version of 1.6.17: http://projects.puppetlabs.com/projects/facter/ Release Notes at: https://projects.puppetlabs.com/projects/facter/wiki/Wiki Fixes targeted at the final of this version in our bug tracker: http://projects.puppetlabs.com/versions/359 === ## Facter 1.6.17 Changelog ## === Adrien Thebo (2): e35acbb (#17840) Use enum_cpuinfo for x86 arch e5ca916 (maint) Remove processor_spec duplicate stubbing Alex Harvey (1): b62b3f6 (#17487) Add support for HPUX NIC bonding in IP facts Chris Barker (1): 3628533 (#15708) fixes facter file mappings for pkgbuild Jared Curtis (2): 41909b7 (#15001) ifconfig regex will optionally match 'addr:' ae34893 Test data for net-tools 1.60 Jeff McCune (4): c0b123b (#16626) Exercise IP.get_interface_value(bond0,macaddress) 10a1380 (Maint) Add YARD doc for get_interface_value 656c5ae (#17925) Fix ec2_userdata: 404 Not Found Error 0e514b8 (#15001) Add spec examples for ipaddress fact Jos Backus (1): 7bba9b2 (#16626) Fix handling of bonded Linux interfaces Josh Cooper (1): 0b672ed (#17855) Rescue Timeout::Error Matthaus Owens (3): 09ad0bb Remove fedora 15 mocks, as f15 is EOL. 5cfd683 Add quantal to default cows list. 70c6c92 Update FACTERVERSION to 1.6.17 Moses Mendoza (1): d770aec Update lib/facter/version.rb for 1.6.17-rc1 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Trying, Trying and Trying and still cannot make puppet and client work :-(
I have two box with centos 6.3 and centos 5.8 running puppet master 3.0 and puppet client 2.7 respectively. I can make master work when I use puppet apply on it and it works fine but I have not been able to do that with client, I cannot make it work, when i run the following command in client it shows the following output *puppet agent --test --server='puppet.xyz.com'* info: Caching catalog for puppetclient.xyz.com info: Applying configuration version '1356631880' notice: Finished catalog run in 0.06 seconds * *and on master when i give the following command it works* puppet apply -e include squid* /Stage[main]/Squid/Package[squid]/ensure: created Finished catalog run in 39.18 seconds Puppet master has the init.pp files in /etc/puppet/modules/squid/manifests/init.pp which contains following lines :- class squid { case $operatingsystem { centos, redhat: { $service_name = 'squid' $conf_file= 'squid.conf' } } package { 'squid': ensure = 'installed', } service { 'squid': ensure = 'stopped', enable = 'false', require = Package [ 'squid' ] } } What else do I need to do to make client work. I have searched internet and they show different command and some of them not even work what should I do to learn puppet and make it work. Thank you for your input. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/DL2UfFd74iYJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Hostname wildcards in module
I think you might have an error in your regex. In particular, it looks like you're missing a '.', so /^uklab*$/ should probably be /^uklab.*$/ Cheers, Aaron Russo IST Infrastructure Services, Unix Group UC Berkeley --- Desk: 510-643-5550Mobile: 510-206-1532 IM: aru...@berkeley.edu (XMPP/Jabber) On Thu, Dec 27, 2012 at 5:29 AM, Allan Mullan ammul...@gmail.com wrote: case $hostname { /^uklab*$/: { $file = resolv-isg.conf } default: { $file = resolv-internal.conf } -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] How do I check content of a file in puppet
How do I check content of a file in puppet? ex: I want to see if PermitRootLogin is no in /etc/ssh/sshd_config file (RHEL). If it's yes i want to show it on compliance report. For now I don't want make any changes to the sshd_config file through puppet. Here is something I have: define line($file, $line, $ensure = 'present') { $line = PermitRootLogin no $file = /etc/ssh/sshd_config case $ensure { default : { err ( unknown ensure value ${ensure} ) } present: { warning/flag code: unless = /bin/grep '${line}' '${file}' } } } -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/M8gmxMKkp58J. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Announce: Facter 1.6.17 available
I'm trying to update this from the PuppetLabs yum repo, but I'm getting error reports about the rpm not being signed. Any insights? On Thursday, December 27, 2012 11:00:43 AM UTC-8, Matthaus Litteken wrote: Facter 1.6.17 is a maintenance release in the 1.6.x series with bug fixes. Downloads are available at: * Source: https://downloads.puppetlabs.com/facter/facter-1.6.17.tar.gz RPMs are available at https://yum.puppetlabs.com/el or /fedora Rubygem available at http://rubygems.org/gems/facter Debs are available at https://apt.puppetlabs.com Mac package is available at https://downloads.puppetlabs.com/mac/facter-1.6.17.dmg Please report feedback via the Puppet Labs Redmine site, using a affected version of 1.6.17: http://projects.puppetlabs.com/projects/facter/ Release Notes at: https://projects.puppetlabs.com/projects/facter/wiki/Wiki Fixes targeted at the final of this version in our bug tracker: http://projects.puppetlabs.com/versions/359 === ## Facter 1.6.17 Changelog ## === Adrien Thebo (2): e35acbb (#17840) Use enum_cpuinfo for x86 arch e5ca916 (maint) Remove processor_spec duplicate stubbing Alex Harvey (1): b62b3f6 (#17487) Add support for HPUX NIC bonding in IP facts Chris Barker (1): 3628533 (#15708) fixes facter file mappings for pkgbuild Jared Curtis (2): 41909b7 (#15001) ifconfig regex will optionally match 'addr:' ae34893 Test data for net-tools 1.60 Jeff McCune (4): c0b123b (#16626) Exercise IP.get_interface_value(bond0,macaddress) 10a1380 (Maint) Add YARD doc for get_interface_value 656c5ae (#17925) Fix ec2_userdata: 404 Not Found Error 0e514b8 (#15001) Add spec examples for ipaddress fact Jos Backus (1): 7bba9b2 (#16626) Fix handling of bonded Linux interfaces Josh Cooper (1): 0b672ed (#17855) Rescue Timeout::Error Matthaus Owens (3): 09ad0bb Remove fedora 15 mocks, as f15 is EOL. 5cfd683 Add quantal to default cows list. 70c6c92 Update FACTERVERSION to 1.6.17 Moses Mendoza (1): d770aec Update lib/facter/version.rb for 1.6.17-rc1 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/nRij7U6BL0AJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Announce: Facter 1.6.17 available
Stephen, Thanks for pointing that out. I'm re-signing the rpms right now and will have them shipped in a few minutes. On Thu, Dec 27, 2012 at 11:25 AM, Stephen Price ste...@gmail.com wrote: I'm trying to update this from the PuppetLabs yum repo, but I'm getting error reports about the rpm not being signed. Any insights? On Thursday, December 27, 2012 11:00:43 AM UTC-8, Matthaus Litteken wrote: Facter 1.6.17 is a maintenance release in the 1.6.x series with bug fixes. Downloads are available at: * Source: https://downloads.puppetlabs.com/facter/facter-1.6.17.tar.gz RPMs are available at https://yum.puppetlabs.com/el or /fedora Rubygem available at http://rubygems.org/gems/facter Debs are available at https://apt.puppetlabs.com Mac package is available at https://downloads.puppetlabs.com/mac/facter-1.6.17.dmg Please report feedback via the Puppet Labs Redmine site, using a affected version of 1.6.17: http://projects.puppetlabs.com/projects/facter/ Release Notes at: https://projects.puppetlabs.com/projects/facter/wiki/Wiki Fixes targeted at the final of this version in our bug tracker: http://projects.puppetlabs.com/versions/359 === ## Facter 1.6.17 Changelog ## === Adrien Thebo (2): e35acbb (#17840) Use enum_cpuinfo for x86 arch e5ca916 (maint) Remove processor_spec duplicate stubbing Alex Harvey (1): b62b3f6 (#17487) Add support for HPUX NIC bonding in IP facts Chris Barker (1): 3628533 (#15708) fixes facter file mappings for pkgbuild Jared Curtis (2): 41909b7 (#15001) ifconfig regex will optionally match 'addr:' ae34893 Test data for net-tools 1.60 Jeff McCune (4): c0b123b (#16626) Exercise IP.get_interface_value(bond0,macaddress) 10a1380 (Maint) Add YARD doc for get_interface_value 656c5ae (#17925) Fix ec2_userdata: 404 Not Found Error 0e514b8 (#15001) Add spec examples for ipaddress fact Jos Backus (1): 7bba9b2 (#16626) Fix handling of bonded Linux interfaces Josh Cooper (1): 0b672ed (#17855) Rescue Timeout::Error Matthaus Owens (3): 09ad0bb Remove fedora 15 mocks, as f15 is EOL. 5cfd683 Add quantal to default cows list. 70c6c92 Update FACTERVERSION to 1.6.17 Moses Mendoza (1): d770aec Update lib/facter/version.rb for 1.6.17-rc1 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/nRij7U6BL0AJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Matthaus Owens Release Manager, Puppet Labs -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Announce: Facter 1.6.17 available
No, thank you! On Thursday, December 27, 2012 11:41:38 AM UTC-8, Matthaus Litteken wrote: Stephen, Thanks for pointing that out. I'm re-signing the rpms right now and will have them shipped in a few minutes. On Thu, Dec 27, 2012 at 11:25 AM, Stephen Price ste...@gmail.comjavascript: wrote: I'm trying to update this from the PuppetLabs yum repo, but I'm getting error reports about the rpm not being signed. Any insights? On Thursday, December 27, 2012 11:00:43 AM UTC-8, Matthaus Litteken wrote: Facter 1.6.17 is a maintenance release in the 1.6.x series with bug fixes. Downloads are available at: * Source: https://downloads.puppetlabs.com/facter/facter-1.6.17.tar.gz RPMs are available at https://yum.puppetlabs.com/el or /fedora Rubygem available at http://rubygems.org/gems/facter Debs are available at https://apt.puppetlabs.com Mac package is available at https://downloads.puppetlabs.com/mac/facter-1.6.17.dmg Please report feedback via the Puppet Labs Redmine site, using a affected version of 1.6.17: http://projects.puppetlabs.com/projects/facter/ Release Notes at: https://projects.puppetlabs.com/projects/facter/wiki/Wiki Fixes targeted at the final of this version in our bug tracker: http://projects.puppetlabs.com/versions/359 === ## Facter 1.6.17 Changelog ## === Adrien Thebo (2): e35acbb (#17840) Use enum_cpuinfo for x86 arch e5ca916 (maint) Remove processor_spec duplicate stubbing Alex Harvey (1): b62b3f6 (#17487) Add support for HPUX NIC bonding in IP facts Chris Barker (1): 3628533 (#15708) fixes facter file mappings for pkgbuild Jared Curtis (2): 41909b7 (#15001) ifconfig regex will optionally match 'addr:' ae34893 Test data for net-tools 1.60 Jeff McCune (4): c0b123b (#16626) Exercise IP.get_interface_value(bond0,macaddress) 10a1380 (Maint) Add YARD doc for get_interface_value 656c5ae (#17925) Fix ec2_userdata: 404 Not Found Error 0e514b8 (#15001) Add spec examples for ipaddress fact Jos Backus (1): 7bba9b2 (#16626) Fix handling of bonded Linux interfaces Josh Cooper (1): 0b672ed (#17855) Rescue Timeout::Error Matthaus Owens (3): 09ad0bb Remove fedora 15 mocks, as f15 is EOL. 5cfd683 Add quantal to default cows list. 70c6c92 Update FACTERVERSION to 1.6.17 Moses Mendoza (1): d770aec Update lib/facter/version.rb for 1.6.17-rc1 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/nRij7U6BL0AJ. To post to this group, send email to puppet...@googlegroups.comjavascript:. To unsubscribe from this group, send email to puppet-users...@googlegroups.com javascript:. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Matthaus Owens Release Manager, Puppet Labs -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/JBhQAzIpT7gJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] How do I check content of a file in puppet
You might be better off putting together a custom fact about this. Then you can check fact(s) on the host(s) without trying to manage-but-not-manage something inside puppet. On Thu, Dec 27, 2012 at 11:15:14AM -0800, pdiddy wrote: How do I check content of a file in puppet? ex: I want to see if PermitRootLogin is no in /etc/ssh/sshd_config file (RHEL). If it's yes i want to show it on compliance report. For now I don't want make any changes to the sshd_config file through puppet. Here is something I have: define line($file, $line, $ensure = 'present') { $line = PermitRootLogin no $file = /etc/ssh/sshd_config case $ensure { default : { err ( unknown ensure value ${ensure} ) } present: { warning/flag code: unless = /bin/grep '${line}' '${file}' } } } -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit [1]https://groups.google.com/d/msg/puppet-users/-/M8gmxMKkp58J. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. References Visible links 1. https://groups.google.com/d/msg/puppet-users/-/M8gmxMKkp58J -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Announce: Puppet Dashboard 1.2.16 Available!
Puppet Dashboard 1.2.16 is a maintenance release of the 1.2 series of Puppet Dashboard with bug fixes and minor features. This is the first release of Puppet Dashboard with Aaron Stone (sodabrew on github) having commit rights. He has already helped shepherd many pull requests from submission to merge. Thanks Aaron! This release is available for download at: https://downloads.puppetlabs.com/dashboard/puppet-dashboard-1.2.16.tar.gz Debian packages are available at https://apt.puppetlabs.com RPM packages are available at https://yum.puppetlabs.com Please report feedback via the Puppet Labs Redmine site, using an affected version of 1.2.16: http://projects.puppetlabs.com/projects/dashboard Documentation is available at: http://docs.puppetlabs.com/dashboard/index.html Contributors: Aaron Stone, Glenn Poston, Matthaus Owens = ## Puppet Dashboard 1.2.16 Release Notes ## = Add listclasses, delclass to nodegroup rake tasks Previously once a class had been added to a nodegroup, there was no way of removing it, short of deleting the group and adding the desired classes back. However, if you wanted to list the classes in that group, you were still out of luck, because there was no listclasses task for the nodegroup namespace. This commit adds both of those tasks to the nodegroup namespace. listclasses lists the classes assigned to a nodegroup and delclass removes a class from a nodegroup, if such a class exists in the nodegroup. Add tabs to filter reports based on status - supporting named_scopes in report model - supporting routes - supporting controller actions == ## Puppet Dashboard 1.2.16 Changelog ## == Aaron Stone (7): ba35090 'verb'! do |success, failure| is only for verbs create, update, destroy; everything else must use 'verb'! do |format|. 9c8626b Call Metric.new instead of metrics.new, which caused a duplication of all metrics. c77afe9 Report.create_from_yaml does several retries, so mock with 'stubs' instead of 'expects' to handle any number of retry calls. 3784739 Revert (maint) fix failing tests 9d162d3 Fix tests after merging 0aadf8876d from master. 6088c93 Begin the changelog for the next release 138922c Update changelog with today's merges. Glenn Poston (2): d052a9c added tabs to filter reports based on status - supporting named_scopes in report model - supporting routes - supporting controller actions 5635147 added tabs to filter reports based on status - supporting named_scopes in report model - supporting routes - supporting controller actions Matthaus Owens (6): 2c7c96a Retab rescue block to line up with other flow control 4445672 Add listclasses, delclass to nodegroup rake tasks f9d6d72 Style tweaks to new tasks. Better tabbing, remove escaped single quotes. 310fa54 Add quantal to default cows list. e955daf Revert Merge pull request #112 from gposton/master fcdff5d Update CHANGELOG, VERSION for 1.2.16-rc1 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] How do I check content of a file in puppet
Understood, but is it possible to get it done via puppet? I've management requirement. On Thursday, December 27, 2012 2:52:31 PM UTC-5, Christopher Wood wrote: You might be better off putting together a custom fact about this. Then you can check fact(s) on the host(s) without trying to manage-but-not-manage something inside puppet. On Thu, Dec 27, 2012 at 11:15:14AM -0800, pdiddy wrote: How do I check content of a file in puppet? ex: I want to see if PermitRootLogin is no in /etc/ssh/sshd_config file (RHEL). If it's yes i want to show it on compliance report. For now I don't want make any changes to the sshd_config file through puppet. Here is something I have: define line($file, $line, $ensure = 'present') { $line = PermitRootLogin no $file = /etc/ssh/sshd_config case $ensure { default : { err ( unknown ensure value ${ensure} ) } present: { warning/flag code: unless = /bin/grep '${line}' '${file}' } } } -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit [1]https://groups.google.com/d/msg/puppet-users/-/M8gmxMKkp58J. To post to this group, send email to puppet...@googlegroups.comjavascript:. To unsubscribe from this group, send email to puppet-users...@googlegroups.com javascript:. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. References Visible links 1. https://groups.google.com/d/msg/puppet-users/-/M8gmxMKkp58J -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/2kXlOB5em10J. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] module version support?
On Thursday, December 27, 2012 8:38:47 AM UTC-6, Jesse Throwe wrote: Environments would probably be a good starting point for what your after. http://docs.puppetlabs.com/guides/environment.html Not quite what I was after. I already have dev/test/production environments that handle different versions of modules during the release process. I'm pondering the situation where a version of a module makes it to the production environment and is not backwards compatible on some nodes. At this point I am wondering if puppet has any support for applying the new version of the module to some set of nodes and applying the old version to the remaining nodes? After researching I have to conclude no. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/0l0XZq_5SqMJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] How do I check content of a file in puppet
Metaphorically, your management is asking you to drive nails with a screwdriver. The right tool for the job here is facter, not puppet. (And puppet already uses facter, so your management apparently doesn't understand the stack here.) While this is ultimately their problem, it sounds like you have to act as an enabler in order to keep your job and buy your groceries. Anyway, on to the helpful stuff! I have no idea what sort of thing is in this compliance report. I will assume that it is checking which hosts have successfully completed a puppet agent run. To deliberately fail this in your scenario I might: -write a script which checks the value of PermitRootLogin -script should exit with a non-zero status if the value is undesired -package this script in a deb (or rpm on your platform) -use puppet to distribute my deb everywhere -use an exec to run the script Then you will see the same style of failure as if you ran this: $ puppet apply -e 'exec { /bin/false: }' err: /Stage[main]//Exec[/bin/false]/returns: change from notrun to 0 failed: /bin/false returned 1 instead of one of [0] at line 1 notice: Finished catalog run in 0.08 seconds And that means the host is non-compliant. Another item on my original point: ensure your communications with management on this matter are all documented via email. When they finally figure out how much technical debt they are accruing you will not wish to be left holding their bag. On Thu, Dec 27, 2012 at 12:01:08PM -0800, pdiddy wrote: Understood, but is it possible to get it done via puppet? I've management requirement. On Thursday, December 27, 2012 2:52:31 PM UTC-5, Christopher Wood wrote: You might be better off putting together a custom fact about this. Then you can check fact(s) on the host(s) without trying to manage-but-not-manage something inside puppet. On Thu, Dec 27, 2012 at 11:15:14AM -0800, pdiddy wrote: How do I check content of a file in puppet? ex: I want to see if PermitRootLogin is no in /etc/ssh/sshd_config file (RHEL). If it's yes i want to show it on compliance report. For now I don't want make any changes to the sshd_config file through puppet. Here is something I have: define line($file, $line, $ensure = 'present') { $line = PermitRootLogin no $file = /etc/ssh/sshd_config case $ensure { default : { err ( unknown ensure value ${ensure} ) } present: { warning/flag code: unless = /bin/grep '${line}' '${file}' } } } -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit [1][1]https://groups.google.com/d/msg/puppet-users/-/M8gmxMKkp58J. To post to this group, send email to [2]puppet...@googlegroups.com. To unsubscribe from this group, send email to [3]puppet-users...@googlegroups.com. For more options, visit this group at [4]http://groups.google.com/group/puppet-users?hl=en. References Visible links 1. [5]https://groups.google.com/d/msg/puppet-users/-/M8gmxMKkp58J -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit [6]https://groups.google.com/d/msg/puppet-users/-/2kXlOB5em10J. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. References Visible links 1. https://groups.google.com/d/msg/puppet-users/-/M8gmxMKkp58J 2. javascript: 3. javascript: 4. http://groups.google.com/group/puppet-users?hl=en 5. https://groups.google.com/d/msg/puppet-users/-/M8gmxMKkp58J 6. https://groups.google.com/d/msg/puppet-users/-/2kXlOB5em10J -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] module version support?
You are not limited to just dev/test/prod. So if you were aware of the incompatibility you could create a 'prod-migration' environment and move sets of machines over at a time. Or take it one step further and integrate your SCM and puppet ( http://puppetlabs.com/blog/git-workflow-and-puppet-environments/ ), and use an ENC such as dashboard, foreman, LDAP, etc to make changing the environment a simple data change. This combination of things is the basis that we use to develop vet and migrate incompatible changes to the production environment. Ultimately it seems you may be trying to solve a problem that is not really a puppet problem per-se. On Thu, Dec 27, 2012 at 3:04 PM, Schofield dbschofi...@gmail.com wrote: On Thursday, December 27, 2012 8:38:47 AM UTC-6, Jesse Throwe wrote: Environments would probably be a good starting point for what your after. http://docs.puppetlabs.com/**guides/environment.htmlhttp://docs.puppetlabs.com/guides/environment.html Not quite what I was after. I already have dev/test/production environments that handle different versions of modules during the release process. I'm pondering the situation where a version of a module makes it to the production environment and is not backwards compatible on some nodes. At this point I am wondering if puppet has any support for applying the new version of the module to some set of nodes and applying the old version to the remaining nodes? After researching I have to conclude no. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/0l0XZq_5SqMJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] How do I check content of a file in puppet
Hi, Couldn't he run --noop as a scanner for hosts out of compliance and then when one is found, run normal puppet run (obviously you don't have to run in noop and just run normal runs and monitor reports). That way management can see that non compliant host are being made compliant ( a much more useful report one would think). So the solution would be to describe the state of the sshd_config file the way it should be and enforce that. Reporting options on that are normal puppet reports. Cheers, Den On 28/12/2012, at 7:23, Christopher Wood christopher_w...@pobox.com wrote: Metaphorically, your management is asking you to drive nails with a screwdriver. The right tool for the job here is facter, not puppet. (And puppet already uses facter, so your management apparently doesn't understand the stack here.) While this is ultimately their problem, it sounds like you have to act as an enabler in order to keep your job and buy your groceries. Anyway, on to the helpful stuff! I have no idea what sort of thing is in this compliance report. I will assume that it is checking which hosts have successfully completed a puppet agent run. To deliberately fail this in your scenario I might: -write a script which checks the value of PermitRootLogin -script should exit with a non-zero status if the value is undesired -package this script in a deb (or rpm on your platform) -use puppet to distribute my deb everywhere -use an exec to run the script Then you will see the same style of failure as if you ran this: $ puppet apply -e 'exec { /bin/false: }' err: /Stage[main]//Exec[/bin/false]/returns: change from notrun to 0 failed: /bin/false returned 1 instead of one of [0] at line 1 notice: Finished catalog run in 0.08 seconds And that means the host is non-compliant. Another item on my original point: ensure your communications with management on this matter are all documented via email. When they finally figure out how much technical debt they are accruing you will not wish to be left holding their bag. On Thu, Dec 27, 2012 at 12:01:08PM -0800, pdiddy wrote: Understood, but is it possible to get it done via puppet? I've management requirement. On Thursday, December 27, 2012 2:52:31 PM UTC-5, Christopher Wood wrote: You might be better off putting together a custom fact about this. Then you can check fact(s) on the host(s) without trying to manage-but-not-manage something inside puppet. On Thu, Dec 27, 2012 at 11:15:14AM -0800, pdiddy wrote: How do I check content of a file in puppet? ex: I want to see if PermitRootLogin is no in /etc/ssh/sshd_config file (RHEL). If it's yes i want to show it on compliance report. For now I don't want make any changes to the sshd_config file through puppet. Here is something I have: define line($file, $line, $ensure = 'present') { $line = PermitRootLogin no $file = /etc/ssh/sshd_config case $ensure { default : { err ( unknown ensure value ${ensure} ) } present: { warning/flag code: unless = /bin/grep '${line}' '${file}' } } } -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit [1][1]https://groups.google.com/d/msg/puppet-users/-/M8gmxMKkp58J. To post to this group, send email to [2]puppet...@googlegroups.com. To unsubscribe from this group, send email to [3]puppet-users...@googlegroups.com. For more options, visit this group at [4]http://groups.google.com/group/puppet-users?hl=en. References Visible links 1. [5]https://groups.google.com/d/msg/puppet-users/-/M8gmxMKkp58J -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit [6]https://groups.google.com/d/msg/puppet-users/-/2kXlOB5em10J. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. References Visible links 1. https://groups.google.com/d/msg/puppet-users/-/M8gmxMKkp58J 2. javascript: 3. javascript: 4. http://groups.google.com/group/puppet-users?hl=en 5. https://groups.google.com/d/msg/puppet-users/-/M8gmxMKkp58J 6. https://groups.google.com/d/msg/puppet-users/-/2kXlOB5em10J -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at
Re: [Puppet Users] How do I check content of a file in puppet
I suppose so, but I haven't ever worked with puppet reporting. My questions about the business issue behind this request are more along the lines of what his management wants the information for. There are a number of corollary questions that come up, including but not limited to: -Why are you checking this data? Is for some form of compliance, or something else? -Why are you reporting on an invalid (presumably) sshd_config without enforcing the correct configuration? -Why only report an issue whenever puppet is run? If it's important to audit when sshd_config is changed and/or the daemon is restarted, shouldn't you check that between puppet runs too? -Why only check through puppet? If somebody disables the agent (temporary lab work, for instance) don't you still want PermitRootLogin checked? -Why do a single puppet run? That is still using cpu/io for a whole agent run to check a single item. -Why do two puppet agent runs at all? That is twice the cpu/io to find a single data point. They all seem to come down to how his management wants to check validity in puppet rather than enforce it and report what happened. As we've both demonstrated, going down that path automatically requires extra effort making puppet do something that it's sensibly not quite designed for. On Fri, Dec 28, 2012 at 08:19:02AM +1100, Denmat wrote: Hi, Couldn't he run --noop as a scanner for hosts out of compliance and then when one is found, run normal puppet run (obviously you don't have to run in noop and just run normal runs and monitor reports). That way management can see that non compliant host are being made compliant ( a much more useful report one would think). So the solution would be to describe the state of the sshd_config file the way it should be and enforce that. Reporting options on that are normal puppet reports. Cheers, Den On 28/12/2012, at 7:23, Christopher Wood christopher_w...@pobox.com wrote: Metaphorically, your management is asking you to drive nails with a screwdriver. The right tool for the job here is facter, not puppet. (And puppet already uses facter, so your management apparently doesn't understand the stack here.) While this is ultimately their problem, it sounds like you have to act as an enabler in order to keep your job and buy your groceries. Anyway, on to the helpful stuff! I have no idea what sort of thing is in this compliance report. I will assume that it is checking which hosts have successfully completed a puppet agent run. To deliberately fail this in your scenario I might: -write a script which checks the value of PermitRootLogin -script should exit with a non-zero status if the value is undesired -package this script in a deb (or rpm on your platform) -use puppet to distribute my deb everywhere -use an exec to run the script Then you will see the same style of failure as if you ran this: $ puppet apply -e 'exec { /bin/false: }' err: /Stage[main]//Exec[/bin/false]/returns: change from notrun to 0 failed: /bin/false returned 1 instead of one of [0] at line 1 notice: Finished catalog run in 0.08 seconds And that means the host is non-compliant. Another item on my original point: ensure your communications with management on this matter are all documented via email. When they finally figure out how much technical debt they are accruing you will not wish to be left holding their bag. On Thu, Dec 27, 2012 at 12:01:08PM -0800, pdiddy wrote: Understood, but is it possible to get it done via puppet? I've management requirement. On Thursday, December 27, 2012 2:52:31 PM UTC-5, Christopher Wood wrote: You might be better off putting together a custom fact about this. Then you can check fact(s) on the host(s) without trying to manage-but-not-manage something inside puppet. On Thu, Dec 27, 2012 at 11:15:14AM -0800, pdiddy wrote: How do I check content of a file in puppet? ex: I want to see if PermitRootLogin is no in /etc/ssh/sshd_config file (RHEL). If it's yes i want to show it on compliance report. For now I don't want make any changes to the sshd_config file through puppet. Here is something I have: define line($file, $line, $ensure = 'present') { $line = PermitRootLogin no $file = /etc/ssh/sshd_config case $ensure { default : { err ( unknown ensure value ${ensure} ) } present: { warning/flag code: unless = /bin/grep '${line}' '${file}' } } } -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit [1][1]https://groups.google.com/d/msg/puppet-users/-/M8gmxMKkp58J. To post to this group, send email to
Re: [Puppet Users] How do I check content of a file in puppet
Yes, you can do what you want if you already have a puppet master (server) in your puppet environment, but you may need configure or install some add-ons. All puppet installations include a tool called facter. Facter gathers various facts or data about your systems. The system can be configured to sent this data back to the puppet server. Various puppet add-ons offer the ability to create reports based on the data that was sent back to the server. For you needs, you will likely need to write a custom fact. Here are some links that might be helpful: Info on facter: http://puppetlabs.com/blog/facter-part-1-facter-101/ How to do custom facts: http://docs.puppetlabs.com/guides/custom_facts.html Puppet reporting: http://docs.puppetlabs.com/guides/reporting.html If you don't use a puppet server, then I think there are other options for gathering the reporting data. Sincerely, Jason P.S. My apologies to other posters, but I didn't see a clear answer to the question. On 12/27/2012 03:01 PM, pdiddy wrote: Understood, but is it possible to get it done via puppet? I've management requirement. On Thursday, December 27, 2012 2:52:31 PM UTC-5, Christopher Wood wrote: You might be better off putting together a custom fact about this. Then you can check fact(s) on the host(s) without trying to manage-but-not-manage something inside puppet. On Thu, Dec 27, 2012 at 11:15:14AM -0800, pdiddy wrote: How do I check content of a file in puppet? ex: I want to see if PermitRootLogin is no in /etc/ssh/sshd_config file (RHEL). If it's yes i want to show it on compliance report. For now I don't want make any changes to the sshd_config file through puppet. Here is something I have: define line($file, $line, $ensure = 'present') { $line = PermitRootLogin no $file = /etc/ssh/sshd_config case $ensure { default : { err ( unknown ensure value ${ensure} ) } present: { warning/flag code: unless = /bin/grep '${line}' '${file}' } } } -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit [1]https://groups.google.com/d/msg/puppet-users/-/M8gmxMKkp58J. To post to this group, send email to puppet...@googlegroups.comjavascript:. To unsubscribe from this group, send email to puppet-users...@googlegroups.com javascript:. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. References Visible links 1. https://groups.google.com/d/msg/puppet-users/-/M8gmxMKkp58J -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Trying to use a facter information in manifest.
I am trying to use information that facter gathers on the agent server in the manifest. I am trying to use domain = dev.com depending on what domain is I deploy the file. I ran the manifest and it did not give me an error but it did not fdeploy the file. My code is below. In my files directory for this manifest I have these files aliases submit.cf.dev.com submit.cf.test.com MY init.pp file is the one below class sendmailnew { exec { mail: command = /usr/bin/yum -y install sendmail, } exec { restart: command = /etc/init.d/sendmail restart, } file { /etc/mail/aliases: ensure = file, source = puppet:///sendmailnew/aliases, owner = root, group = root, mode = 644; } exec { mailaliases: command = /usr/bin/newaliases, } } class submitcf ($domain) { file { submit: path = $domain ? { default = /etc/mail/submit.cf, }, ensure = file, owner = root, group = root, mode = 644, source = puppet:///sendmailnew/submit.cf.$domain; } } -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/_jEyytVTYGUJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] generate() function help
On 12/27/2012 07:57 PM, Nan Liu wrote: On Thu, Dec 27, 2012 at 10:29 AM, Jakov Sosic jso...@srce.hr mailto:jso...@srce.hr wrote: I want to run script which is distributed with my module, but the problem is I have to then hardcode the path to the script in the generate function call, for example: generate(/etc/puppet/__environments/${environment}/__modules/mymodule/scripts/__myscript) But what If some other site uses other path to their modules, or doesn't use environments at all? Is it possible somehow to detect the dir in which the module is installed, so that I can use something like: generate($modulepath/scripts/__myscript) See stdlib: https://github.com/puppetlabs/puppetlabs-stdlib/blob/master/lib/puppet/parser/functions/get_module_path.rb I've found that already. But I've decided to write my own function which returns path to current module directory. If that doesn't succeed then I'll use get_module_path. -- Jakov Sosic www.srce.unizg.hr -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users]
http://mordagan.com/wp-content/plugins/cat-description-editor/gmm.html -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Module to add another puppetmaster?
The fastest way to rapidly scale is to have SSL terminated at the load balancer so you do not need to update the the ssl certificate. The configuration to do it depends on what is being used for the load balancer. If you are using an F5 LTM then you can easily handle the SSL termination at the F5 and add new puppet servers to the pool with the F5 module from puppetlabs. If you are using Apache then you would follow the same principle with the SSL terminated at the Apache load balancer. If you use mod_passenger you are already terminating SSL at the Apache layer so its not too different at that point. On Thu, Dec 27, 2012 at 2:08 PM, Tom Fox tom...@gmail.com wrote: I'm working on getting my system setup for rapid scaling. Without resorting to some ugly hacks what is the preferred method of adding more puppetmasters? My puppetmasters sit behind a load balancer vip so the certificate needs to be updated when I add a puppetmaster. Does anyone have a module written for this already? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Module to add another puppetmaster?
Thanks. Good point about the cert. Unfortunately Netscalers are the standard in my environment and to the best of my knowledge there is no love from puppet for them so pool management will still require some key pressing. Matthew Black wrote: The fastest way to rapidly scale is to have SSL terminated at the load balancer so you do not need to update the the ssl certificate. The configuration to do it depends on what is being used for the load balancer. If you are using an F5 LTM then you can easily handle the SSL termination at the F5 and add new puppet servers to the pool with the F5 module from puppetlabs. If you are using Apache then you would follow the same principle with the SSL terminated at the Apache load balancer. If you use mod_passenger you are already terminating SSL at the Apache layer so its not too different at that point. On Thu, Dec 27, 2012 at 2:08 PM, Tom Foxtom...@gmail.com wrote: I'm working on getting my system setup for rapid scaling. Without resorting to some ugly hacks what is the preferred method of adding more puppetmasters? My puppetmasters sit behind a load balancer vip so the certificate needs to be updated when I add a puppetmaster. Does anyone have a module written for this already? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Broken rsync mirroring for PuppetLabs APT repo
Arnaud Gomes-do-Vale wrote: Hi, I have sent this mail to i...@puppetlabs.com and received no answer, so I'm posting here as well; I hope somebody at PuppetLabs will be able to help. Arnaud I saw your saw email to info@. It arrived over Christmas so I am afraid people were thin on the ground at the office. I'll ask our Delivery and Ops teams to take a look and see if we can work out what's wrong. Thanks for letting us know! Regards James -- James Turnbull 1-503-734-8571 To schedule a meeting with me: http://doodle.com/jamtur01 We are moving! New address: Puppet Labs, Inc., 926 NW 13th Ave., Suite 210, Portland, OR 97209. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] err: Signing certificate error: Could not render to pson: getaddrinfo: Name or service not known
Hi, I am trying to bootstrap a new agent from my master node as below. puppet node_aws bootstrap \ --region us-east-1 \ --image ami-cc5af9a5 \ --login root \ --keyfile /root/.ssh/private.pem \ --install-script=puppet-enterprise \ --installer-payload=/usr/local/puppet/puppet-2.7.0.tar.gz \ --installer-answers=/usr/local/puppet/agent.txt \ --keyname icos-client \ --type t1.micro Node is created puppet is also installed but i am getting errors as below. [root@ip-10-224-122-211 tmp]# puppet node_aws bootstrap \ --region us-east-1 \ --image ami-cc5af9a5 \ --login root \ --keyfile /root/.ssh/private.pem \ --install-script=puppet-enterprise \ --installer-payload=/usr/local/puppet/puppet-2.7.0.tar.gz \ --installer-answers=/usr/local/puppet/agent.txt \ --keyname icos-client \ --type t1.micro notice: Creating new instance ... notice: Creating new instance ... Done notice: Creating tags for instance ... notice: Creating tags for instance ... Done notice: Launching server i-d47263aa ... ## notice: Server i-d47263aa is now launched notice: Server i-d47263aa public dns name: ec2-174-129-49-32.compute-1.amazonaws.com notice: Waiting for SSH response ... Text will be echoed in the clear. Please install the HighLine or Termios libraries to suppress echoed text. Enter passphrase for /root/.ssh/private.pem:icosroot notice: Waiting for SSH response ... Done Enter passphrase for /root/.ssh/private.pem:icosroot notice: Uploading Puppet Enterprise tarball ... Enter passphrase for :icosroot notice: Uploading Puppet Enterprise tarball ... Done Enter passphrase for :icosroot notice: Installing Puppet ... Enter passphrase for :icosroot Enter passphrase for /root/.ssh/private.pem:icosroot Enter passphrase for /root/.ssh/private.pem:icosroot notice: Puppet is now installed on: ec2-174-129-49-32.compute-1.amazonaws.com notice: No classification method selected notice: Signing certificate ... err: Signing certificate ... Failed err: Signing certificate error: Could not render to pson: getaddrinfo: Name or service not known I tried to manually sign certificate from master as below [root@ip-10-224-122-211 tmp]# puppet cert sign ip-10-196-90-236 notice: Signed certificate request for ip-10-196-90-236 notice: Removing file Puppet::SSL::CertificateRequest ip-10-196-90-236 at '/etc/puppetlabs/puppet/ssl/ca/requests/ip-10-196-90-236.pem' But when i am trying to test from agent, i am getting errors again. [root@ip-10-196-90-236 ~]# puppet agent -t info: Retrieving plugin err: /File[/var/opt/lib/pe-puppet/lib]: Failed to generate additional resources using 'eval_generate: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate revoked for /CN=ip-10-224-122-211.ec2.internal] err: /File[/var/opt/lib/pe-puppet/lib]: Could not evaluate: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate revoked for /CN=ip-10-224-122-211.ec2.internal] Could not retrieve file metadata for puppet://ip-10-224-122-211.ec2.internal/plugins: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate revoked for /CN=ip-10-224-122-211.ec2.internal] err: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate revoked for /CN=ip-10-224-122-211.ec2.internal] warning: Not using cache on failed catalog err: Could not retrieve catalog; skipping run err: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate revoked for /CN=ip-10-224-122-211.ec2.internal] Not sure where i am going wrong. Can anybody help? Regards. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/7-3tQ-sUaQEJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: err: Signing certificate error: Could not render to pson: getaddrinfo: Name or service not known
Hi, Even when i am trying to connect to master using below command, even then its same error. puppet agent --server ip-10-224-122-211.ec2.internal --waitforcert 60 --test info: Retrieving plugin err: /File[/var/opt/lib/pe-puppet/lib]: Failed to generate additional resources using 'eval_generate: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate revoked for /CN=ip-10-224-122-211.ec2.internal] err: /File[/var/opt/lib/pe-puppet/lib]: Could not evaluate: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate revoked for /CN=ip-10-224-122-211.ec2.internal] Could not retrieve file metadata for puppet://ip-10-224-122-211.ec2.internal/plugins: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate revoked for /CN=ip-10-224-122-211.ec2.internal] err: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate revoked for /CN=ip-10-224-122-211.ec2.internal] warning: Not using cache on failed catalog err: Could not retrieve catalog; skipping run err: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate revoked for /CN=ip-10-224-122-211.ec2.internal] -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/-JIIARID0vkJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] example curl-based puppetdb query equivalent to select node.name, node.role from nodes where dept = 'finance'
The examples in the puppetdb docs show how I can query for a list of node names. What if I want more fields? Could someone share an example of how you query puppetdb to return multiple values? Like what if you want the node's name and what the custom fact role says, for all nodes that have the custom fact dept = finance? In other words as an example SQL: select node.name, node.role from nodes where dept = 'finance' it's documented what you need to do for the WHERE part, but not really (or I overlooked it possibly) for the columns you want to select. Am I missing something? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/u2y-XQBMD78J. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Trying, Trying and Trying and still cannot make puppet and client work :-(
what does your puppetmaster's site.pp have in it? Also, I'm not super sure, but you might want to at least make the puppetmaster and client the same version. If you don't have the packages readily available you could install them easily via gem. On Thursday, December 27, 2012 10:55:38 AM UTC-8, ratotopi wrote: I have two box with centos 6.3 and centos 5.8 running puppet master 3.0 and puppet client 2.7 respectively. I can make master work when I use puppet apply on it and it works fine but I have not been able to do that with client, I cannot make it work, when i run the following command in client it shows the following output *puppet agent --test --server='puppet.xyz.com'* info: Caching catalog for puppetclient.xyz.com info: Applying configuration version '1356631880' notice: Finished catalog run in 0.06 seconds * *and on master when i give the following command it works* puppet apply -e include squid* /Stage[main]/Squid/Package[squid]/ensure: created Finished catalog run in 39.18 seconds Puppet master has the init.pp files in /etc/puppet/modules/squid/manifests/init.pp which contains following lines :- class squid { case $operatingsystem { centos, redhat: { $service_name = 'squid' $conf_file= 'squid.conf' } } package { 'squid': ensure = 'installed', } service { 'squid': ensure = 'stopped', enable = 'false', require = Package [ 'squid' ] } } What else do I need to do to make client work. I have searched internet and they show different command and some of them not even work what should I do to learn puppet and make it work. Thank you for your input. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/_uT7RCya4xIJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.