Re: [Puppet Users] Download and unzip to install a webapp
I can advice you to use fmp[1] for this and build a native debian package for your distribution. The tool also supports rpm with the same configuration almost all the time(at least for me). I think that with fpm, you shouldn't *ever* use a zip again. I have a bunch of Makefiles that build my packages and the life is so much better this way. If you prefer other build systems you can use them too ofc. Best, Nikola [1] https://github.com/jordansissel/fpm/wiki On Sun, Feb 10, 2013 at 11:09:10PM +0100, Andreas Hilboll wrote: Hi, I would like to install Piwik [*], which is a PHP webstatistics package, on some of my nodes, using Puppet. The underlying servers are running Debian Squeeze. Piwik is distributed as a .zip or .tar.gz file, which is available at their website. They provide a constant URL always pointing to the latest release: http://builds.piwik.org/latest.zip How can I download and unzip this package to a defined location on my nodes, changing the UID/GID of the unzipped files from root to www-data? Your help is greatly appreciated! Cheers, Andreas. [*] http://piwik.org/ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: issue storing facts values in mysql on puppet master 3.0.2
Hi guys, can anyone have any solution of this problem? On Friday, February 8, 2013 2:54:21 PM UTC+5:30, Heena wrote: Hi, I got the following error:- Error: Could not retrieve catalog from remote server: wrong header line format In puppet.conf file on puppetmaster, I added following lines - facts_terminus = inventory_active_record dbadapter = mysql dbname = dashboard dbuser = test dbpassword = test123 dbserver = puppet-master.com dbsocket = /var/run/mysqld/mysqld.sock How can i solve this error? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Puppet F5: Graceful Server Shutdown
Hi Nan, cool, thanks for your reply. We are running both versions of F5, so i think i will give it a try and see if this works. Cheers, Cesar -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Puppet F5: Graceful Server Shutdown
Another option (I do not know if this would work), would be to translate this script: https://devcentral.f5.com/wiki/icontrol.pspoolmembercontrol.ashx to ruby and execute it when deploying a new application. What do you think?? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Puppet 3.1 - remove packages in order/with dependancies.
Hi All. I would like to remove packages in a specified order because they are connected with dependencies. I use: #cat /etc/redhat-release;uname -r CentOS release 6.3 (Final) 2.6.32-279.9.1.el6.centos.plus.x86_64 #rpm -qa | grep -i puppet puppet-3.1.0-1.el6.noarch In my module manifest: class base::dell { .. package { Lib_Utils: ensure = absent } package { MegaCli: ensure = absent } .. } Is there a way to ensure that MegaCli will be uninstalled before Lib_Utils and then Lib_Utils will be removed? How can I in puppet language enforce package dependencies in this case? Best regards, Rafal Radecki. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Certificate nightmares
It was this problem. After nuking the /var/lib/puppet/ssl directory, it re-synced with the server just fine. Thanks! On Friday, February 8, 2013 6:58:22 PM UTC-5, Nick Fagerlund wrote: If a brand new never-seen-before agent starts up, it goes like this: * Do I have a private key? Nope? Better generate one. * Okay, do I have a certificate? Nope? See if the master already has one for me. This looks like a GET request to /certificate/node name. * If it gets one, it's good to go. * Master didn't give me a cert. Okay, have I submitted a certificate signing request before? Look in $ssldir/certificate_requests for my own name. * If there's one there, it bails and waits, assuming it's waiting for the master to sign that thing. * Okay, there's nothing there, but maybe I developed amnesia. Better ask the master if I've asked for one. This looks like a GET request to /certificate_request/node name. * If the master says it's already asked, it will just bail and say I'm still waiting for that. * Okay, I never even asked for a cert, it looks like. Well, time to ask for one. This looks like a PUT request to /certificate_request/node name. * Now if autosign is turned on, it can GET /certificate/node name and continue; otherwise it'll bail and go through this whole process again next time, in which case it says yes I have a private key, no I don't have a cert and gets to work on the second step above. What I'm seeing in that snippet from your log is that it seems to think it has submitted a certificate request before. I just tested with my own machines, and it looks like if your agent still has a $ssldir/certificate_requests/name.pem file sitting around (and crucially, it doesn't automatically destroy these when it gets a cert, so if it used to have a cert and you didn't nuke the whole SSLdir, it's probably there), it asks for a cert but doesn't ask the master if it's ever asked for a cert. So check that certificate_requests dir and nuke it if there's anything there, then get back to us? On Wednesday, February 6, 2013 10:23:28 AM UTC-8, Bret Wortman wrote: My test node doesn't have its certs either. I've now started puppetmaster in verbose mode: # puppet master --no-daemonize --verbose : : : Info: Could not find certificate for 'nodename.my.net' Info: Could not find certificate for 'nodename.my.net' Info: Could not find certificate for 'nodename.my.net' This will repeat three times whenever I try to connect. For another node that tried to connect while I was testing, I get something more sinister: Warning: Denying access: Forbidden request: othernode.my.net(10.0.0.1) access to /file_metadata/plugins [search] at :99 Error: Forbidden request: othernode.my.net(10.0.0.1) access to /file_metadata/plugins [search] at :99 Info: access[/]: defaulting to no access for othernode.my.net Also repeating four times; one [search], two [find]s and a [save]. On Wednesday, February 6, 2013 1:18:52 PM UTC-5, Wolf Noble wrote: Did you try removing the cert from a node and seeing if that changes the behavior? you removed the certs from the master, but the node still thinks it has a valid cert maybe? This message may contain confidential or privileged information. If you are not the intended recipient, please advise us immediately and delete this message. See http://www.datapipe.com/legal/email_disclaimer/ for further information on confidentiality and the risks of non-secure electronic communication. If you cannot access these links, please notify us by reply message and we will send the contents to you. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Certificate nightmares
On Friday, February 8, 2013 11:58:22 PM UTC, Nick Fagerlund wrote: If a brand new never-seen-before agent starts up, it goes like this: * Do I have a private key? Nope? Better generate one. * Okay, do I have a certificate? Nope? See if the master already has one for me. This looks like a GET request to /certificate/node name. * If it gets one, it's good to go. * Master didn't give me a cert. Okay, have I submitted a certificate signing request before? Look in $ssldir/certificate_requests for my own name. * If there's one there, it bails and waits, assuming it's waiting for the master to sign that thing. * Okay, there's nothing there, but maybe I developed amnesia. Better ask the master if I've asked for one. This looks like a GET request to /certificate_request/node name. * If the master says it's already asked, it will just bail and say I'm still waiting for that. * Okay, I never even asked for a cert, it looks like. Well, time to ask for one. This looks like a PUT request to /certificate_request/node name. * Now if autosign is turned on, it can GET /certificate/node name and continue; otherwise it'll bail and go through this whole process again next time, in which case it says yes I have a private key, no I don't have a cert and gets to work on the second step above. Nick that's a pretty awesome explanation of the handshake and corresponding REST calls. Is that written down anywhere official? Perhaps with corresponding Puppet Master / Agent log entries? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] non-US-ASCII charapters in manifests (windows puppet 3.1)
Puppet 3.1 is released, but problem not fixed. Puppet 3.0 and 2.x don't test manifest for non-ASCII and write uncorrect characters to system (like file names, folders, files and other) . But now Puppet 3.1 test manifest and stop.https://lh5.googleusercontent.com/-aRLPbc_OYbA/UQY4w9ivc6I/ACU/nqH8b5IRbgI/s1600/puppet%2B3.1b2.png -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Certificate nightmares
I think this should be put somewhere in a wiki or the docs. /me referencing this email for future Best, Nikola On Fri, Feb 08, 2013 at 03:58:22PM -0800, Nick Fagerlund wrote: If a brand new never-seen-before agent starts up, it goes like this: * Do I have a private key? Nope? Better generate one. * Okay, do I have a certificate? Nope? See if the master already has one for me. This looks like a GET request to /certificate/node name. * If it gets one, it's good to go. * Master didn't give me a cert. Okay, have I submitted a certificate signing request before? Look in $ssldir/certificate_requests for my own name. * If there's one there, it bails and waits, assuming it's waiting for the master to sign that thing. * Okay, there's nothing there, but maybe I developed amnesia. Better ask the master if I've asked for one. This looks like a GET request to /certificate_request/node name. * If the master says it's already asked, it will just bail and say I'm still waiting for that. * Okay, I never even asked for a cert, it looks like. Well, time to ask for one. This looks like a PUT request to /certificate_request/node name. * Now if autosign is turned on, it can GET /certificate/node name and continue; otherwise it'll bail and go through this whole process again next time, in which case it says yes I have a private key, no I don't have a cert and gets to work on the second step above. What I'm seeing in that snippet from your log is that it seems to think it has submitted a certificate request before. I just tested with my own machines, and it looks like if your agent still has a $ssldir/certificate_requests/name.pem file sitting around (and crucially, it doesn't automatically destroy these when it gets a cert, so if it used to have a cert and you didn't nuke the whole SSLdir, it's probably there), it asks for a cert but doesn't ask the master if it's ever asked for a cert. So check that certificate_requests dir and nuke it if there's anything there, then get back to us? On Wednesday, February 6, 2013 10:23:28 AM UTC-8, Bret Wortman wrote: My test node doesn't have its certs either. I've now started puppetmaster in verbose mode: # puppet master --no-daemonize --verbose : : : Info: Could not find certificate for 'nodename.my.net' Info: Could not find certificate for 'nodename.my.net' Info: Could not find certificate for 'nodename.my.net' This will repeat three times whenever I try to connect. For another node that tried to connect while I was testing, I get something more sinister: Warning: Denying access: Forbidden request: othernode.my.net(10.0.0.1) access to /file_metadata/plugins [search] at :99 Error: Forbidden request: othernode.my.net(10.0.0.1) access to /file_metadata/plugins [search] at :99 Info: access[/]: defaulting to no access for othernode.my.net Also repeating four times; one [search], two [find]s and a [save]. On Wednesday, February 6, 2013 1:18:52 PM UTC-5, Wolf Noble wrote: Did you try removing the cert from a node and seeing if that changes the behavior? you removed the certs from the master, but the node still thinks it has a valid cert maybe? This message may contain confidential or privileged information. If you are not the intended recipient, please advise us immediately and delete this message. See http://www.datapipe.com/legal/email_disclaimer/ for further information on confidentiality and the risks of non-secure electronic communication. If you cannot access these links, please notify us by reply message and we will send the contents to you. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Certificate nightmares
It was. I filed it away for future reference! * * * Bret Wortman*** http://bretwortman.com/ http://twitter.com/BretWortman On Mon, Feb 11, 2013 at 7:55 AM, Nikola Petrov nikol...@gmail.com wrote: I think this should be put somewhere in a wiki or the docs. /me referencing this email for future Best, Nikola On Fri, Feb 08, 2013 at 03:58:22PM -0800, Nick Fagerlund wrote: If a brand new never-seen-before agent starts up, it goes like this: * Do I have a private key? Nope? Better generate one. * Okay, do I have a certificate? Nope? See if the master already has one for me. This looks like a GET request to /certificate/node name. * If it gets one, it's good to go. * Master didn't give me a cert. Okay, have I submitted a certificate signing request before? Look in $ssldir/certificate_requests for my own name. * If there's one there, it bails and waits, assuming it's waiting for the master to sign that thing. * Okay, there's nothing there, but maybe I developed amnesia. Better ask the master if I've asked for one. This looks like a GET request to /certificate_request/node name. * If the master says it's already asked, it will just bail and say I'm still waiting for that. * Okay, I never even asked for a cert, it looks like. Well, time to ask for one. This looks like a PUT request to /certificate_request/node name. * Now if autosign is turned on, it can GET /certificate/node name and continue; otherwise it'll bail and go through this whole process again next time, in which case it says yes I have a private key, no I don't have a cert and gets to work on the second step above. What I'm seeing in that snippet from your log is that it seems to think it has submitted a certificate request before. I just tested with my own machines, and it looks like if your agent still has a $ssldir/certificate_requests/name.pem file sitting around (and crucially, it doesn't automatically destroy these when it gets a cert, so if it used to have a cert and you didn't nuke the whole SSLdir, it's probably there), it asks for a cert but doesn't ask the master if it's ever asked for a cert. So check that certificate_requests dir and nuke it if there's anything there, then get back to us? On Wednesday, February 6, 2013 10:23:28 AM UTC-8, Bret Wortman wrote: My test node doesn't have its certs either. I've now started puppetmaster in verbose mode: # puppet master --no-daemonize --verbose : : : Info: Could not find certificate for 'nodename.my.net' Info: Could not find certificate for 'nodename.my.net' Info: Could not find certificate for 'nodename.my.net' This will repeat three times whenever I try to connect. For another node that tried to connect while I was testing, I get something more sinister: Warning: Denying access: Forbidden request: othernode.my.net(10.0.0.1) access to /file_metadata/plugins [search] at :99 Error: Forbidden request: othernode.my.net(10.0.0.1) access to /file_metadata/plugins [search] at :99 Info: access[/]: defaulting to no access for othernode.my.net Also repeating four times; one [search], two [find]s and a [save]. On Wednesday, February 6, 2013 1:18:52 PM UTC-5, Wolf Noble wrote: Did you try removing the cert from a node and seeing if that changes the behavior? you removed the certs from the master, but the node still thinks it has a valid cert maybe? This message may contain confidential or privileged information. If you are not the intended recipient, please advise us immediately and delete this message. See http://www.datapipe.com/legal/email_disclaimer/ for further information on confidentiality and the risks of non-secure electronic communication. If you cannot access these links, please notify us by reply message and we will send the contents to you. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Nagios Contacts(groups)
I'm currently defining nagioscontacts one-by-one like so; @@nagios_contact { username1: ensure = present, use = generic-contact, contact_name = username1, alias = user1, email = emailaddress1, target = /etc/nagios/conf.d/contacts/username1.cfg, notify = Exec[fix_nagios_perms] } @@nagios_contactgroup { groupname1: ensure = present, contactgroup_name = groupname1, alias = group1, members = members1, contactgroup_members = , target = /etc/nagios/conf.d/contactgroups/groupname1.cfg, notify = Exec[fix_nagios_perms] } And generating them with; Nagios_contactgroup || Nagios_contact || Is there a way to create a list such as ; name1:username1:emailaddress1 name2:username2:emailaddress2 And loop the creation? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Yum Repositories appear to be offline
Doing a yum check-update just now and got: http://yum.puppetlabs.com/el/5Server/dependencies/x86_64/repodata/repomd.xml: [Errno 12] Timeout: urlopen error timed out Trying other mirror. http://yum.puppetlabs.com/el/5Server/products/x86_64/repodata/repomd.xml: [Errno 12] Timeout: urlopen error timed out Trying other mirror. “Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us.” Bill Waterson (Calvin Hobbes) -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Puppet resources and Nagios Contacts\Contactgroups
I'm currently defining nagioscontacts one-by-one like so; @@nagios_contact { username1: ensure = present, use = generic-contact, contact_name = username1, alias = user1, email = emailaddress1, target = /etc/nagios/conf.d/contacts/username1.cfg, notify = Exec[fix_nagios_perms] } @@nagios_contactgroup { groupname1: ensure = present, contactgroup_name = groupname1, alias = group1, members = members1, contactgroup_members = , target = /etc/nagios/conf.d/contactgroups/groupname1.cfg, notify = Exec[fix_nagios_perms] } And generating them with; Nagios_contactgroup || Nagios_contact || Is there a way to create a list such as ; name1:username1:emailaddress1 name2:username2:emailaddress2 And loop the creation? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Yum Repositories appear to be offline
+1 the repository is down for me too. Is there any known mirror? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Puppet 3.1 - remove packages in order/with dependancies.
Hi Rafal, the before meta-parameter would help you here: package{ 'Lib_Utils': ensure = absent, before = Package['MegaCli'], } Cheers Steve On Monday, February 11, 2013 11:00:58 AM UTC, Rafał Radecki wrote: Hi All. I would like to remove packages in a specified order because they are connected with dependencies. I use: #cat /etc/redhat-release;uname -r CentOS release 6.3 (Final) 2.6.32-279.9.1.el6.centos.plus.x86_64 #rpm -qa | grep -i puppet puppet-3.1.0-1.el6.noarch In my module manifest: class base::dell { .. package { Lib_Utils: ensure = absent } package { MegaCli: ensure = absent } .. } Is there a way to ensure that MegaCli will be uninstalled before Lib_Utils and then Lib_Utils will be removed? How can I in puppet language enforce package dependencies in this case? Best regards, Rafal Radecki. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: Yum Repositories appear to be offline
I've alerted operations. Thanks guys. On Mon, Feb 11, 2013 at 1:38 PM, Gregory B. gregorybec...@notonthehighstreet.com wrote: +1 the repository is down for me too. Is there any known mirror? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: Yum Repositories appear to be offline
Ken Barber wrote: I've alerted operations. Thanks guys. On Mon, Feb 11, 2013 at 1:38 PM, Gregory B. Ops tell me they are back up and running. Regards James -- James Turnbull 1-503-734-8571 To schedule a meeting with me: http://doodle.com/jamtur01 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] how to implement cascading defaults based on puppet classes
On Sunday, February 10, 2013 12:58:48 PM UTC-6, Roman Shaposhnik wrote: On Sun, Feb 10, 2013 at 9:32 AM, Keith Burdis ke...@burdis.orgjavascript: wrote: Have you looked at using hiera [1] for your configuration? It is very good for cascading defaults with more specific config at the top of the hierarchy and the least specific at the bottom. It is part of Puppet 3 and an add on for 2.7. Yes, I have looked at it. My problem with Hiera is that it resides completely outside of Puppet's DSL and is arguably pretty orthogonal to the parameterized classes API. Separating configuration data from your manifests is precisely what Hiera is for. The prevailing opinion around here is that that's a *good* thing. Besides, if you want the data in Puppet DSL then you can just declare it as variables of some class or classes. Or your ENC can set it as the values of global variables. Furthermore, Puppet 3 integrates Hiera with parameterized classes by using hiera to look up values for class parameters that are not explicitly declared, before ultimately falling back to any defaults written into the class itself. There are good reasons to rely on that function completely, instead of declaring parameters explicitly anywhere, though those reasons are somewhat weaker if you use a custom ENC. I like parameterized classes precisely because they are dynamic. IOW, I can have my ENC instantiate classes with particular parameters depending on any criteria I want *without* affecting anything else on the system. If I want my cluster instantiated during odd numbered hours to have auth = 'simple' and the rest auth = 'kerberos' -- that's just ENC's job. If I want to pull off that same trick with Hiera -- I'm essentially signing up to change a bunch of global variables that can potentially affect my entire site. Is that a bona fide use case for you? That would be unusual. In any case, if you rely on the Hiera integration with parametrized classes then you can draw your data from Hiera under normal circumstances without losing the ability to override via your ENC. That said, I'm starting to suspect that any solution to my problem that can be hidden inside of parsing step has to either be parsing order dependent (yuk!) or it has to rely on some global state that is guaranteed to be consistent before the parser takes over. Hiera fits that description, but it is too global. I really don't understand what you mean by too global. Hiera's architecture appears to be an excellent fit for your cascading defaults, and as I already discussed, you can apply local overrides via your ENC in the event that you actually need to do. It is also easy to define your data hierarchy so that you can provide per-machine data where you want to do that (or per-rack, or per-datacenter, etc., provided only that Puppet can identify the target machines via their node facts). Perhaps I can simply teach my ENC to spew out the top-level parameter called cascading_defaults which would be a hiera-like hash for looking up those very same values. Then my params class could be made rewritten as: class cluster::hdfs::params { auth = hlookup('auth', $::cascading_defaults, ['cluster', 'hdfs'], 'simple') } Does it make sense? That sounds like a workable solution, but whether it makes sense depends on information I don't have. I am inclined to suspect, however, that you are rejecting Hiera based on mis- or limited understanding of what it can do for you. If Hiera can in fact do the job adequately, then I think it makes the *most* sense to use it instead of building your own custom solution. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: Yum Repositories appear to be offline
Yup ! I can see them now. Thanks, Ops “Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us.” Bill Waterson (Calvin Hobbes) - Original Message - From: James Turnbull ja...@puppetlabs.com To: puppet-users@googlegroups.com Sent: Monday, February 11, 2013 9:38:05 AM Subject: Re: [Puppet Users] Re: Yum Repositories appear to be offline Ken Barber wrote: I've alerted operations. Thanks guys. On Mon, Feb 11, 2013 at 1:38 PM, Gregory B. Ops tell me they are back up and running. Regards James -- James Turnbull 1-503-734-8571 To schedule a meeting with me: http://doodle.com/jamtur01 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Puppet 3.1 - remove packages in order/with dependancies.
On Monday, February 11, 2013 7:52:23 AM UTC-6, steve foster wrote: Hi Rafal, the before meta-parameter would help you here: package{ 'Lib_Utils': ensure = absent, before = Package['MegaCli'], } Or you could turn it around and use require = Package['Lib_Utils'] metaparameter on Package['MegaCli']. For inter-packages dependencies on a system with a decent package manager (such as CentOS with yum/rpm), however, I would urge you to make sure your packages declare their dependencies correctly, and then just let the package manager handle it. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Puppet Nagios/NRPE with Plugins...
Pete Bit of a blast from the past, but this is next on my hit-list... Code looks like it fits quite well overall, however I'm struggling to see how you handle adding additional plugin scripts to the boxes... Can see plugin.pp adding the required nagios cfg additions, but it doesnt appear to be copying the actual plugin file(s)... Is that something you handle separately? Cheers Gavin On Thursday, 6 December 2012 02:32:33 UTC, Pete wrote: Cool. Let me know how it goes. I am making a start at splitting out my code for nagios into a module by itself and setting up one for icinga as well. Will likely post to the list when it's ready for consumption. Pete. On 5 December 2012 23:17, Gavin Williams fatm...@gmail.com javascript:wrote: Pete Cheers for that... Will have a read through the code and give it a spin :) Cheers Gavin On Wednesday, 5 December 2012 04:45:05 UTC, Pete wrote: Hi again, It seems github is a better option as they have an issue tracker. https://github.com/rendhalver/**puppet-nrpehttps://github.com/rendhalver/puppet-nrpe On 5 December 2012 13:30, Peter Brown rendh...@gmail.com wrote: Hi Gav, I just put my nrpe module up on gitorious. https://gitorious.org/**rendhalver-puppet/nrpehttps://gitorious.org/rendhalver-puppet/nrpe I had to pull out my nrpe::firewall class for now because it uses my firewall module which I will be releasing at some point as well. I tagged the stable release as v1.0 so if you are going to clone it check out that tag if you prefer. The docs are non-existent as yet but the code is pretty self explanatory. it sets up nrpe on a node and you use the nrpe::plugin define to add new services. I use nrpe::params to set my variables so you need something in your node like this to set those. You can of course use hiera if you prefer. include nrpe class {'nrpe::params': nagios_extra_plugins = '/srv/scripts/nagios', nagios_ips = '192.168.0.1', } You can also set the port, user and group nrpe runs as as well as a few other vars. the nrpe::plugin works something like this. class monitoring::service::disk ( $ensure = $nagios_ensure, $host_name = $nagios_host_name, $service_type = 'standard_service', $notifications = $nagios_notifications ) { @@nagios_service { ${host_name}_disk: ensure = $ensure, use = $service_type, host_name = $host_name, service_description = 'DISK', servicegroups = $nagios_host_type ? { 'nonotify_server' = 'system', default = 'system,important_email' }, check_command = 'check_nrpe!check_disk', contact_groups = $nagios_sms_alerts ? { false = 'admins,linux_admins', true = 'admins,linux_admins,linux_**admin_sms' }, notifications_enabled = $notifications ? { default = undef, false = 0 }, register= 1, notify = Service[nagios], tag = nagios_${monitoring_server}, } nrpe::plugin { 'disk': ensure = $ensure, plugin = 'main', sudo = true, # you will need an sudo rule for that. check_command = 'check_disk -w 20% -c 10% --all', notify = Class['nrpe::service'], } } That is how I use that define in my monitoring class which will get released as well once I split out the nagios code into it's own module. if you find any bugs please let me know and I shall fix them as soon as I can. I will be putting it on puppet forge as well once I work out how that works. Hope that helps. If anyone else is keen to try it out let me know how it goes. Pete. On 5 December 2012 09:26, Peter Brown rendh...@gmail.com wrote: On 4 December 2012 17:05, fatmcgav fatm...@gmail.com wrote: Pete Sounds good to me... N be easier than me re-inventing the wheel... Would be happy to guinea pig... :) Awesome. I have an account on gitorious which I am going to use to put my code on. Gimme a bit to get my module cleaned up and make sure it works by itself. Will let you know when it's up there. Pete. Cheers Gav On 3 December 2012 23:56, Peter Brown rendh...@gmail.com wrote: Hi Gavin, I have a module i wrote that seems like it will do what you need. I also have a nagios module that uses it to setup nrpe services on each node and exports nagios checks to be imported into a nagios instance. I basically setup nrpe on each node to use a config directory and have a define that uses templates to generate each nrpe service that need to be setup. My nagios module needs some rewriting before I will be happy releasing it. The nrpe module is pretty much good to go though. It can also use sudo, also managed by another module I have (Yeah I have a lot olf modules and most of them talk to other modules I wrote) I am going start putting my stuff on github and puppet forge as soon as I have them ready. Are you interested in being a guinea pig? :) Pete. On 3 December
[Puppet Users] Error: Could not find class class for host on node host
I'm a first time user that just installed Puppet 3.1.0 over the weekend and hit a road block that I can't seem to get across. I have a Linux master (Mageia 2) and two Windows 7 clients. I was able to get basic recipes working by putting the resources directly in the node definitions. Now I'm trying to move to the next step and start using classes. I am *not* using modules, yet. From the docs, it appeared that that is Ok. However, no matter what I've attempted, the Puppet Master is not able to find the class definition. I started out having my classes in separate .pp files, but I'm currently just trying to define them in init.pp. Here's my current simple example that is failing: *init.pp* class blahwin { file { 'harris2.txt': path = 'c:/temp/harris2.txt', ensure = file, } } class blah { file { 'harris3.txt': path = '/tmp/harris3.txt', ensure = file, } } *site.pp* node 'base' { } node 'magic.example.com' inherits base { include blah } node 'nfs-desktop' inherits base { include blahwin } node 'nfs-desktop.example.com' inherits nfs-desktop { file { 'harris.txt': path = 'c:/temp/harris.txt', ensure = file, } } Currently, I'm using the inheritance approach since someone on stack overflow mentioned it helped having the FQDN node inherit from the host name. For me it made no difference. I have applied those .pp files. magic.example.com is the puppet master. Before I added include blah to the master node definition, here is the output I get when I run the agent on the nfs-desktop: C:\Program Files (x86)\Puppet Labs\Puppet\binpuppet agent --test --verbose Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Could not find class blahwin for nfs-desktop.example.com on node nfs-desktop.example.com Warning: Not using cache on failed catalog Error: Could not retrieve catalog; skipping run Now that include blah is part of the master definition, here is what I get when I try to run sudo puppet apply site.pp on the master: [josh@magic] /etc/puppet/manifests puppet apply site.pp NOTE: Gem.latest_load_paths is deprecated with no replacement. It will be removed on or after 2011-10-01. Gem.latest_load_paths called from /usr/lib/ruby/site_ruby/1.8/puppet/util/rubygems.rb:54 . Error: Could not find class blah for magic.example.com on node magic.example.com Error: Could not find class blah for magic.example.com on node magic.example.com So even attempting to use the class on the master is problematic. At one point I did have the classes in unique .pp files, but moved them into init.pp after hitting this very error. Any help is appreciated. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Puppet Certificate verify failed
I have the same issue right now trying to connect a puppet master on CENTOS 6 and an agent on Red Hat 4. Did you finally found a solution?? Il giorno giovedì 10 marzo 2011 15:18:10 UTC+1, Romgo ha scritto: Hello, I am trying to configure a new puppet server on Debian Squeeze, so the server version will be 2.6.2-4. I am trying to configure a client running Lenny, the puppet version is 0.25.4-2 I declare the new client with the command : #puppetd --server puppet.domain.tld --waitforcert 60 --test on the server : #puppetca --sign client.domain.tld When the client finish to execute the first command I have the following output : * info: Caching certificate for host.domain.tld info: Retrieving plugin info: Caching certificate_revocation_list for ca err: /File[/var/lib/puppet/lib]: Failed to retrieve current state of resource: Could not retrieve information from source(s) puppet://puppet.domain.tld/plugins info: Caching catalog for host.domain.tld info: Applying configuration version '1299765672' info: Creating state file /var/lib/puppet/state/state.yaml notice: Finished catalog run in 0.01 seconds * Then if I run on the client : # puppetd -vt I get a certificate error : * info: Retrieving plugin err: /File[/var/lib/puppet/lib]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed err: /File[/var/lib/puppet/lib]: Failed to retrieve current state of resource: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed Could not retrieve file metadata for puppet://puppet/plugins: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed err: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed warning: Not using cache on failed catalog err: Could not retrieve catalog; skipping run I read some post about such error, date is sync between the server and client (using the same ntp server). Any help appreciated ! Hugo -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] file resource, multiple owner values
With Puppet 2.7.20, it seems that when I write file { '/tmp/bla': owner = ['root', 'jared'] } then if the owner of /tmp/bla is either root or jared, nothing happens, and if not, the owner is changed to root. More generically speaking, my reading of the code suggests that if the owner of the file is in the given list (the 'should' value), the owner property of the file is insync, and if owner is not insync, the file is chowned to should[0]. And likewise with the group property. But I couldn't find anything in the documentation that says I can provide multiple values for these properties, and what I should expect to happen. This behavior when I provide multiple values for owner is just what I want! But I don't want to depend on it if it might go away. Does anyone else use the owner and group properties this way? Is there documentation for this behavior that I've missed? -- Jared Jennings, RHCE, Network Admin, SURVICE Engineering Co. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] f5 module usage/debugging tips?
(Following up to my own post for posterity's sake, see xkcd.com/979.) Short form: for me this isn't yet as easy as a file resource but the puppetized management payoff will be worth the work. My issues are most likely a reflection of my own puppet/ruby/iControl/SOAP skill. I am going to explore a personalized set of F5 types/providers that I can use without first loading up the wsdl file for every involved iControl interface, version, and hotfix. Points from my various BigIP/puppet experimentations: a) The f5-icontrol-10.2.0.2.gem doesn't necessarily work with LTM 11.1.0. (Or I haven't figured it out, also quite likely.) This could be because the gem ships different wsdl files but I couldn't get it to work with later iControl wsdl files anyway. b) In LTM 11, F5 deprecated some interfaces so puppet f5 module providers like f5_node are suddenly using deprecated interfaces. c) Some parts of the iControl api are being updated/fixed over time, for instance the hotfix id 388590 reading Certificates can now successfully be updated using the iControl Management::KeyCertificate interface, see: http://support.f5.com/kb/en-us/solutions/public/14000/100/sol14175.html d) Judging by my soap-newbie eye the soap4r package appears abandonware, savon isn't up to complicated data structures and I have yet to dive into handsoap (the starter page says to start with a wsdl, see my wsdl-tracking issues). Picking the right soap package to use is likely going to be job 1. (If the list has any feedback to the above, I'm very much all ears.) On Thu, Jan 17, 2013 at 05:07:36PM -0500, Christopher Wood wrote: On Thu, Jan 17, 2013 at 03:48:08PM -0600, Nan Liu wrote: On Thu, Jan 17, 2013 at 3:37 PM, Christopher Wood [1]christopher_w...@pobox.com wrote: Usually when I make a change via the gui or tmsh I see the change reflected in the text config right away. Good to know. � � �If you run puppet again does it attempt to make the same changes again? Yes, it does. Interesting, what version of F5 are you using? BIG-IP 11.1.0 Build 1943.0 Final Sounds like the f5-icontrol-10.2.0.2.gem could not work with that (unless anybody here has a different experience). I'll file a case with F5 to ask them. If you trim the manifests down, isolate to just an iRule and enable --debug do you see this line: Puppet::Provider::F5_Rule: creating {rule_name} [2]https://github.com/puppetlabs/puppetlabs-f5/blob/master/lib/puppet/provider/f5_rule/f5_rule.rb#L35 I do see these for both: Debug: Puppet::Provider::F5_Node: creating F5 node 192.168.127.1 Debug: Puppet::Provider::F5_Rule: creating cw1 Possibly time to go bother F5 about their gem. Does this message show up? In most cases any failure will result in an appropriate SOAP error, so I'm curious if the transport should be investigated or the puppet version (since you mentioned 3.0.2). Thanks, Nan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. References Visible links 1. mailto:christopher_w...@pobox.com 2. https://github.com/puppetlabs/puppetlabs-f5/blob/master/lib/puppet/provider/f5_rule/f5_rule.rb#L35 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
RE: [Puppet Users] file resource, multiple owner values
This behavior when I provide multiple values for owner is just what I want! But I don't want to depend on it if it might go away. Does anyone else use the owner and group properties this way? Is there documentation for this behavior that I've missed? Ah. From http://docs.puppetlabs.com/guides/custom_types.html#customizing-behavio ur: By default, if a property is assigned multiple values in an array: It is considered in sync if any of those values matches the current value. If none of those values match, the first one will be used when syncing the property. -- Jared Jennings, RHCE, Network Admin, SURVICE Engineering Co. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] How To Expand an .erb Template Without Doing a Full Puppet Run?
I have a similar requirement as Jon Forrest who opened this topic. I notice some time has passed since then, so I thought I'd just tap you guys up to see if anyone had any further solutions. I'd like to use Jenkins to Unit Test come configs we use whenever someone commits them. The idea is that we'd take a particular config, compile the templates and copy them to test box and fire up the relevant apps. We can then shoot our Unit Tests at applications on the test box and report on how many tests passed or failed. In order to do this, I need to find a way to compile the .erb templates into their resulting config files. I'll then push them onto my test server and start up the apps. This would check the syntax of the configs, but mostly means I have an box running that is pretty much the same as what I'm going to deploy in the future. In Jon's case, this would mean he'd have a name server that not only has a valid syntax, but also could respond to queries (so could be unit tested). In my case, I can just fire some HTTP requests at the box and make sure it's what I thought it was going to be. Does anyone know if it's possible to do something like compile the templates? In an ideal world, I'd just run something like puppet_generate_file /etc/httpd/conf.d/vhosts.conf and get the resulting file on STDOUT (possibly on the machine that would normally receive the file in question). Even better would be if I could do this on an entirely different machine and still get the same result (maybe something like puppet_generate_file otherserver.example.com:/etc/httpd/conf.d/vhosts.conf). Any ideas? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] how to implement cascading defaults based on puppet classes
On Mon, Feb 11, 2013 at 6:39 AM, jcbollinger john.bollin...@stjude.org wrote: I am inclined to suspect, however, that you are rejecting Hiera based on mis- or limited understanding of what it can do for you. If Hiera can in fact do the job adequately, then I think it makes the most sense to use it instead of building your own custom solution. Honestly, I started this thread to be educated on various options. If you have the patience to bear with me -- that'll be mostly appreciated. I may ask some silly questions, though -- so patience is the keyword here ;-) Now, before you read further let me state a few assumptions that I have as far as using Hiera with a very custom ENC is concerned and see if they hold true. Here's my ideal state of things as far as how I'd like to use Puppet: #1 I'd like to have a very flexible set of Puppet classes capable of deploying radically different topologies of Bigtop Hadoop clusters. ASSUMPTION: to me this means a set of module(s) full of highly parameterized classes #2 Given that there's nothing static about my environment (I'm not running a datacenter -- I'm running a utility that lets users deploy random configurations of Bigtop Hadoop clusters on VMs) I'd rather minimize the # of things I have to configure/interact with when describing how the next N VMs should look like. ASSUMPTION: to me this means relying exclusively on a very custom ENC that would instantiate classes with precisely the right set of parameters, instead of updating Hiera backend everytime a new deployment is asked for. #3 Even though I can make my ENC spew out a setting for every single parameter that each class needs I'd rather check with the collective Puppet intelligence first to figure out whether there's a DSL-level language construct that would allow a parameter in a 'base' class affect the defaults in the 'child' one. NOTE: I'm NOT talking about dragging data/settings into my classes, I'm purely asking whether there's a sane way for the following bit of my ENC output: classes: cluster::hdfs auth: kerberos to affect all the children such as cluster::hdfs::namenode so the ENC doesn't have to do it explicitly. ASSUMPTION: I do realize that Hiera is one option to make this happen, however, it seems that in my case the trade off is: I need to teach my ENC to manipulate the state of Hiera backend. If I decide to do that it seems that I might as well make my ENC output extremely verbose. Separating configuration data from your manifests is precisely what Hiera is for. The prevailing opinion around here is that that's a good thing. Besides, if you want the data in Puppet DSL then you can just declare it as variables of some class or classes. Or your ENC can set it as the values of global variables. An ideal place for me to keep this data is at the level of ENC. I really *DO NOT* want it at the level of the DSL itself. What I do need at the level of the DSL are the hooks to make the kind of interfacing with the ENC possible. Furthermore, Puppet 3 integrates Hiera with parameterized classes by using hiera to look up values for class parameters that are not explicitly declared, before ultimately falling back to any defaults written into the class itself. There are good reasons to rely on that function completely, instead of declaring parameters explicitly anywhere, though those reasons are somewhat weaker if you use a custom ENC. That's precisely my use case -- a very custom ENC. In fact, I'd rather have my ENC be a single source of truth for all *parameterization* Is that a bona fide use case for you? That would be unusual. It seems to be (unless given my description above you will draw a different conclusion). I really don't understand what you mean by too global. Sorry for the poor choice of words. What I really meant was that in my case, where: # the knowledge of how defaults cascade changes with every single deployment # such knowledge originates with an ENC having Hiera in the mix would mean yet another subsytem which state I'd have to keep consistent with the state of my ENC. That sounds like a workable solution, but whether it makes sense depends on information I don't have. Well, you know know the full story. If you could help making the right choice here -- that'll be, as I said, appreciated. Thanks, Roman. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to
[Puppet Users] file and http source
Hi, We would like to use a file resource with a source with an HTTP URL. Feature #5783 describes this need, and if I understood the comments, it is under development. Is it possible to know if this feature is available in a patch or something like that ? Of course, there is the bypass described on the net : using a wget but wget does not exist natively on windows ... Cordialement, Bernard Granier CE Plateforme Système bernard.gran...@morpho.com 01 58 11 32 51 # This e-mail and any attached documents may contain confidential or proprietary information. If you are not the intended recipient, you are notified that any dissemination, copying of this e-mail and any attachments thereto or use of their contents by any means whatsoever is strictly prohibited. If you have received this e-mail in error, please advise the sender immediately and delete this e-mail and all attached documents from your computer system. # -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Strange Could not evaluate error on a File resource
I am in the process of upgrading a Tomcat module to support version 7. As such I copied one of the template files and made the slightest change to the filename, from etc-initd-tomcat6 to etc-initd-tomcat7. The permissions and ownership on the files are identical however when invoking Puppet it throws the following error. err: /File[/etc/init.d/tomcat_sso01]: Could not evaluate: Could not retrieve information from environment dev source(s) puppet:///modules/tomcat/etc-initd-tomcat7 I validated that it isn't the contents of the file as I've tried changing the file to only include simple text with no difference. The File code is: file { /etc/init.d/tomcat_sso01: source = puppet:///modules/tomcat/etc-initd-tomcat7, mode = 755, owner = root, group = root, ensure = present } If I change the 7 to a 6 in the source line everything works fine. As you can see, the files and permissions are the same. -rw-rw-r-- 1 root root 2848 Nov 15 18:07 etc-sysconfig-tomcat6.erb -rw-rw-r-- 1 root root 2848 Nov 15 18:07 etc-sysconfig-tomcat7.erb I'm running Puppet 2.6.17. I've tried running the server in debug mode but no errors are reported on that side. When running the agent in debug mode it doesn't show anything indicative of a problem: debug: file_metadata supports formats: b64_zlib_yaml pson raw yaml; using pson err: /File[/etc/init.d/tomcat_sso01]: Could not evaluate: Could not retrieve information from environment dev source(s) puppet:///modules/tomcat/etc-initd-tomcat7 at /mnt/nas01/puppetmaster/src/lib/dev/tomcat/manifests/defines/app_builder.pp:225 debug: file_metadata supports formats: b64_zlib_yaml pson raw yaml; using pson I've been using Puppet for 3 years and have never seen anything like this. Any thoughts? Thanks, John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Alternatives to a dynamic scope lookup
Hi! now that dynamic scope lookup is going away, I'm looking for a good alternative for the following use case: suppose I have a set of classes that all set up a pretty rich internal state with quite a few variables defined in their namespace. On top of that all of them need to do a common set of steps. Previously I'd capture that set of steps into a custom define that would server a purpose of a macro: define this_is_really_a_macro { notify { $var1 ... $varN: } } and then 'expand' that macro inside of each of the classes class foo { $var1 = ... this_is_really_a_macro { macro 1: } } Then, because of the dynamic scope lookup everything would work just fine. Question: what's the recommended way of migrating to Puppet 3.X+ world here? Thanks, Roman. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Certificate verify fails without indications
I have a puppet master on Centos 6.3 connected and working properly with other Centos 6.3 agent. I installed puppet agent via gems on a RED HAT 4 node. This is what happens when I try to sign certificate for the new node: AGENT [root@FP2 ~]$ puppet agent -t Info: Creating a new SSL key for fp2 Info: Caching certificate for ca Info: Creating a new SSL certificate request for fp2 Info: Certificate Request fingerprint (SHA1): 35:51:A0:12:CF:2E:F7:73:22:C3:5E:51:DC:03:AF:4C:FC:54:5C:10 Exiting; no certificate found and waitforcert is disabled MASTER [root@puppet centos]# puppet cert list fp2 (SHA1) 35:51:A0:12:CF:2E:F7:73:22:C3:5E:51:DC:03:AF:4C:FC:54:5C:10 [root@puppet centos]# puppet cert sign fp2 Notice: Signed certificate request for fp2 Notice: Removing file Puppet::SSL::CertificateRequest fp2 at '/var/lib/puppet/ssl/ca/requests/fp2.pem' AGENT [root@FP2 ~]$ puppet agent -t Info: Caching certificate for fp2 Warning: Unable to fetch my node definition, but the agent run will continue: Warning: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate signature failure for /CN=Puppet CA: master] Info: Retrieving plugin Error: /File[/var/lib/puppet/lib]: Failed to generate additional resources using 'eval_generate: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate signature failure for /CN=Puppet CA: master] Error: /File[/var/lib/puppet/lib]: Could not evaluate: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate signature failure for /CN=Puppet CA: master] Could not retrieve file metadata for puppet://puppet/plugins: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate signature failure for /CN=Puppet CA: master] Error: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate signature failure for /CN=Puppet CA: master] Warning: Not using cache on failed catalog Error: Could not retrieve catalog; skipping run Error: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate signature failure for /CN=Puppet CA: master] I tryied several times to clear certificare on master and agent but I have always the same result. To help to understand and debug the issue, here are some other informations: – clocks are syncronized on server and agent -I installed puppet agent on Red Hat 4 node using the following procedure: Install ruby a. wget ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.7-p72.tar.gz b. tar -xzvf ruby-1.8.7.tar.gz c. cd ruby-1.8.7 d. ./configure e. make f. make install Install rubygems a. wget http://rubyforge.org/frs/download.php/70696/rubygems-1.3.7.tgz b. tar xvzf rubygem*.tgz * *c. cd rubygem* d. ruby setup.rb Install library openssl-devel (needed to instal openssl support for ruby, otherwise nothing works) a. wget ftp://ftp.pbone.net/mirror/ftp.wesmo.com/pub/redhat/i386/openssl-devel-0.9.7-1.i386.rpm b. rpm –i openssl-devel-0.9.7-1.i386.rpm (Note: 0.9.7 is the most updated version of openssl library that can be installed on red hat 4) Install openssl support for ruby a. cd /${ruby_src}/ext/openssl b. ruby extconf.rb c. make d. make install a. Gem install puppet - puppet.conf is the same on working and non-working agent I’m afraid this problem is related to openssl… rpm -qa | grep openssl: On Centos (master and working nodes) openssl-devel-1.0.0-25.el6_3.1.i686 openssl-1.0.0-25.el6_3.1.i686 on Red Hat 4 agent: openssl-0.9.7a-43.17.el4_6.1 openssl-devel-0.9.7-1 Hope someone could help.. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] How to take a (VMWare) Virtual Machine's Snapshot using Puppet
Hi, Here is the scenario: I am on an ubuntu 12.04 host, and want to be able to run a puppet script on another ubuntu 12.04 and Centos 6.3 host, which are VMWare VM's and be able to: 1. Start / Stop The VM 2. Take a snap Shot 3. delete the VM 4. make a FRESH copy of a BASELINE VM, and start it up I only have ssh capability to the remote machines, but i can also run the ssh command via Jenkins ( Continuous Integration Server ) The search for this sort of capability leads me to : The answers i found lead me towards using [perl api for VMware orchestration.][1] or [VirtuallyGhetto][2] but cannot find puppet samples, where a user can get permissions to create a VM SnapShot, and also revert it, without having root access, or admin rights. I also found [vmth][3] but VMTH currently only works in a QEMU+KVM environment [1]: http://www.vmware.com/support/developer/viperltoolkit/index.html [2]: http://www.virtuallyghetto.com/p/vmware-vsphere-sdk-for-perl-vi-perl.html [3]: https://github.com/gregretkowski/vmth/ to me this is something very basic, and SHOULD be available in puppet natively, but i just cannot seem to find it. Thanks, -Kamal. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Error: Could not find class class for host on node host
The simple answer is to put include manifests/*.pp in your site.pp, but real answer to follow the module convention: http://docs.puppetlabs.com/puppet/2.7/reference/modules_fundamentals.html -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Error: Could not find class class for host on node host
On Monday, February 11, 2013 9:24:14 AM UTC-6, Josh D wrote: I'm a first time user that just installed Puppet 3.1.0 over the weekend and hit a road block that I can't seem to get across. I have a Linux master (Mageia 2) and two Windows 7 clients. I was able to get basic recipes working by putting the resources directly in the node definitions. Now I'm trying to move to the next step and start using classes. I am *not* using modules, yet. There is no reason to defer using modules. Indeed, not doing so is part of your problem. From the docs, it appeared that that is Ok. You can use Puppet without modules, but in some ways it's actually harder. However, no matter what I've attempted, the Puppet Master is not able to find the class definition. I started out having my classes in separate .pp files, but I'm currently just trying to define them in init.pp. The file name init.pp is special only for modules. A file init.pp in your main manifests/ directory is not special in any way. Puppet will not see anything you put there unless you use the 'import' function in your site.pp (which *is* special) to instruct Puppet to parse its contents. But don't do that, please. Even if you're not going to split your code into multiple modules, you owe it to yourself to at least create and use *one*, in which you can put all your classes. Here's my current simple example that is failing: *init.pp* class blahwin { file { 'harris2.txt': path = 'c:/temp/harris2.txt', ensure = file, } } class blah { file { 'harris3.txt': path = '/tmp/harris3.txt', ensure = file, } } One way you could make a module out of that would be to create a directory modules/site/manifests/ (where the modules/ directory is a sibling of your main manifests/ directory), and in it to create these files: blahwin.pp: -- class site::blahwin { file { 'harris2.txt': path = 'c:/temp/harris2.txt', ensure = file, } } blah.pp: class site::blah { file { 'harris3.txt': path = 'c:/temp/harris3.txt', ensure = file, } } Then *site.pp* node 'base' { } node 'magic.example.com' inherits base { include blah That becomes include 'site::blah'. } node 'nfs-desktop' inherits base { include blahwin And that becomes include 'site::blahwin'. Voila, you're using modules. } node 'nfs-desktop.example.com' inherits nfs-desktop { file { 'harris.txt': path = 'c:/temp/harris.txt', ensure = file, } } Currently, I'm using the inheritance approach since someone on stack overflow mentioned it helped having the FQDN node inherit from the host name. For me it made no difference. I have applied those .pp files. magic.example.com is the puppet master. Your problem was not related to node inheritance, which you should not use without understanding why you are doing so. Some would say you shouldn't use it at all, though I am not among those myself. Before I added include blah to the master node definition, here is the output I get when I run the agent on the nfs-desktop: C:\Program Files (x86)\Puppet Labs\Puppet\binpuppet agent --test --verbose Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Could not find class blahwin for nfs-desktop.example.com on node nfs-desktop.example.com Warning: Not using cache on failed catalog Error: Could not retrieve catalog; skipping run Yes. Puppet is telling you that it doesn't know where to find the definition of class blahwin (refer to my earlier comments about init.pp in your main manifests directory not being special). One of the more important things that modules give you is a way to lay out your manifest files so that Puppet will find the classes you create without you explicitly telling it where to look. My comments above may serve as an introduction to that, but you should really read the docs at http://docs.puppetlabs.com/puppet/3/reference/modules_fundamentals.html. Now that include blah is part of the master definition, here is what I get when I try to run sudo puppet apply site.pp on the master: [josh@magic] /etc/puppet/manifests puppet apply site.pp NOTE: Gem.latest_load_paths is deprecated with no replacement. It will be removed on or after 2011-10-01. Gem.latest_load_paths called from /usr/lib/ruby/site_ruby/1.8/puppet/util/rubygems.rb:54 . Error: Could not find class blah for magic.example.com on node magic.example.com Error: Could not find class blah for magic.example.com on node magic.example.com The problem is the same, but you should not do that. If you want the master to manage itself, then do so via the agent (i.e. run the agent on the system that is also running the master). John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and
[Puppet Users] Re: Error: Could not find class class for host on node host
On Monday, February 11, 2013 1:46:30 PM UTC-6, joe wrote: The simple answer is to put include manifests/*.pp in your site.pp You misspelled 'import'. As we apparently agree, however, that's a suboptimal solution. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] f5 module usage/debugging tips?
On Mon, Feb 11, 2013 at 8:27 AM, Christopher Wood christopher_w...@pobox.com wrote: (Following up to my own post for posterity's sake, see xkcd.com/979.) Short form: for me this isn't yet as easy as a file resource but the puppetized management payoff will be worth the work. My issues are most likely a reflection of my own puppet/ruby/iControl/SOAP skill. I am going to explore a personalized set of F5 types/providers that I can use without first loading up the wsdl file for every involved iControl interface, version, and hotfix. Points from my various BigIP/puppet experimentations: a) The f5-icontrol-10.2.0.2.gem doesn't necessarily work with LTM 11.1.0. (Or I haven't figured it out, also quite likely.) This could be because the gem ships different wsdl files but I couldn't get it to work with later iControl wsdl files anyway. b) In LTM 11, F5 deprecated some interfaces so puppet f5 module providers like f5_node are suddenly using deprecated interfaces. c) Some parts of the iControl api are being updated/fixed over time, for instance the hotfix id 388590 reading Certificates can now successfully be updated using the iControl Management::KeyCertificate interface, see: http://support.f5.com/kb/en-us/solutions/public/14000/100/sol14175.html d) Judging by my soap-newbie eye the soap4r package appears abandonware, savon isn't up to complicated data structures and I have yet to dive into handsoap (the starter page says to start with a wsdl, see my wsdl-tracking issues). Picking the right soap package to use is likely going to be job 1. (If the list has any feedback to the above, I'm very much all ears.) Have you tried the v11 gem? https://devcentral.f5.com/internal-forums/aff/2306. The module certainly needs to updates against v11 API, but seems like it would be a better starting point. Nan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Managing puppeteer modules with git
How do other people organize their puppet configs in Git? Right now we are using SVN, with about 100 modules and 4 environments. Each module and environment has their own trunk/tag trees, which makes it easy for each product team to manage their individual manifests. (We deploy by tag.) However, we are looking to move to Git, and I am wondering how other people have tackled this? I'd like to maintain the independent versioning of the modules, so individual git repos for each module seems the right way to go? It feels a little overweight, but am I over thinking it? We are running gitlab, so it's easy for us to spin up new repos. I've also been looking for some examples of how people have implemented continuous integration and deployment of their puppet manifests from git. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] f5 module usage/debugging tips?
On Mon, Feb 11, 2013 at 12:40:12PM -0800, Nan Liu wrote: On Mon, Feb 11, 2013 at 8:27 AM, Christopher Wood [1]christopher_w...@pobox.com wrote: (Following up to my own post for posterity's sake, see [2]xkcd.com/979.) Short form: for me this isn't yet as easy as a file resource but the puppetized management payoff will be worth the work. My issues are most likely a reflection of my own puppet/ruby/iControl/SOAP skill. I am going to explore a personalized set of F5 types/providers that I can use without first loading up the wsdl file for every involved iControl interface, version, and hotfix. Points from my various BigIP/puppet experimentations: a) The f5-icontrol-10.2.0.2.gem doesn't necessarily work with LTM 11.1.0. (Or I haven't figured it out, also quite likely.) This could be because the gem ships different wsdl files but I couldn't get it to work with later iControl wsdl files anyway. b) In LTM 11, F5 deprecated some interfaces so puppet f5 module providers like f5_node are suddenly using deprecated interfaces. c) Some parts of the iControl api are being updated/fixed over time, for instance the hotfix id 388590 reading Certificates can now successfully be updated using the iControl Management::KeyCertificate interface, see: [3]http://support.f5.com/kb/en-us/solutions/public/14000/100/sol14175.html d) Judging by my soap-newbie eye the soap4r package appears abandonware, savon isn't up to complicated data structures and I have yet to dive into handsoap (the starter page says to start with a wsdl, see my wsdl-tracking issues). Picking the right soap package to use is likely going to be job 1. (If the list has any feedback to the above, I'm very much all ears.) Have you tried the v11 gem?�[4]https://devcentral.f5.com/internal-forums/aff/2306. The module certainly needs to updates against v11 API, but seems like it would be a better starting point. Nan� I might give that a go. That LTM 11 gem is for 11.1.0 and I'm already on 11.3.0 in the lab due to a key/cert management issue, but the gem should be fine if I rebuild it with the wsdl files from my lab device. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at [5]http://groups.google.com/group/puppet-users?hl=en. For more options, visit [6]https://groups.google.com/groups/opt_out. References Visible links 1. mailto:christopher_w...@pobox.com 2. http://xkcd.com/979 3. http://support.f5.com/kb/en-us/solutions/public/14000/100/sol14175.html 4. https://devcentral.f5.com/internal-forums/aff/2306 5. http://groups.google.com/group/puppet-users?hl=en 6. https://groups.google.com/groups/opt_out -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
RE: [Puppet Users] Managing puppeteer modules with git
We have seperate repos in git for every puppet module. Each module has a Jenkins job to auto test it and if it passes updates the super repo (Main repo with all the module repos in use as submodules). This allows all management of each module (rights, testing, etc) to be independent of all others. So far, it has worked well. Steven From: opsma...@gmail.com Subject: [Puppet Users] Managing puppeteer modules with git Date: Mon, 11 Feb 2013 15:53:34 -0500 To: puppet-users@googlegroups.com How do other people organize their puppet configs in Git? Right now we are using SVN, with about 100 modules and 4 environments. Each module and environment has their own trunk/tag trees, which makes it easy for each product team to manage their individual manifests. (We deploy by tag.) However, we are looking to move to Git, and I am wondering how other people have tackled this? I'd like to maintain the independent versioning of the modules, so individual git repos for each module seems the right way to go? It feels a little overweight, but am I over thinking it? We are running gitlab, so it's easy for us to spin up new repos. I've also been looking for some examples of how people have implemented continuous integration and deployment of their puppet manifests from git. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Foreman case sensitive to hostname?
Hi, I'm working with Foreman 1.1RC4 on CentOS 6.3 and a PostgreSQL 9.1.7 backend. I'm noticing that our Windows agents will report with a hostname that is uppercase (which it is on the agent), which show up fine in the Foreman GUI and the PSQL DB. The puppet certname in lowercase, of course. When a user clicks on the hostname in the GUI, it throws a Host not found page. e.g. http://foreman:3000/hosts/1OFOURSERVERS.domain.tld If you then add a '/facts' in the above URL, it goes through successfully to the hosts' facts page. This also works with '/audits' and '/reports'. I have also removed the uppercased host, renamed the Windows servers to a lowercase name and it all works okay. We just can't do this manual process for each of our three hundred machines. Can anyone help me with a workaround or help fix this bug? Thanks, Tim p.s. Apologizes for the xpost from the foreman users group. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Alternatives to a dynamic scope lookup
From the snippet you posted, I don't see why you can't pass $var1 into the define. No magic, just straightforward variable passing, right? On Feb 11, 2013, at 9:31 AM, Roman Shaposhnik wrote: now that dynamic scope lookup is going away, I'm looking for a good alternative for the following use case: suppose I have a set of classes that all set up a pretty rich internal state with quite a few variables defined in their namespace. On top of that all of them need to do a common set of steps. Previously I'd capture that set of steps into a custom define that would server a purpose of a macro: define this_is_really_a_macro { notify { $var1 ... $varN: } } and then 'expand' that macro inside of each of the classes class foo { $var1 = ... this_is_really_a_macro { macro 1: } } Then, because of the dynamic scope lookup everything would work just fine. Question: what's the recommended way of migrating to Puppet 3.X+ world here? Thanks, Roman. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out. -- Jo Rhett Net Consonance : net philanthropy to improve open source and internet projects. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Certificate verify fails without indications
Sounds like your puppet master isn't signing the cert with the name that the agent is connecting with? All cert problems are either time sync or certificate name issues. So it's one of those two. On Feb 11, 2013, at 9:35 AM, Luigi Martin Petrella wrote: I have a puppet master on Centos 6.3 connected and working properly with other Centos 6.3 agent. I installed puppet agent via gems on a RED HAT 4 node. This is what happens when I try to sign certificate for the new node: AGENT [root@FP2 ~]$ puppet agent -t Info: Creating a new SSL key for fp2 Info: Caching certificate for ca Info: Creating a new SSL certificate request for fp2 Info: Certificate Request fingerprint (SHA1): 35:51:A0:12:CF:2E:F7:73:22:C3:5E:51:DC:03:AF:4C:FC:54:5C:10 Exiting; no certificate found and waitforcert is disabled MASTER [root@puppet centos]# puppet cert list fp2 (SHA1) 35:51:A0:12:CF:2E:F7:73:22:C3:5E:51:DC:03:AF:4C:FC:54:5C:10 [root@puppet centos]# puppet cert sign fp2 Notice: Signed certificate request for fp2 Notice: Removing file Puppet::SSL::CertificateRequest fp2 at '/var/lib/puppet/ssl/ca/requests/fp2.pem' AGENT [root@FP2 ~]$ puppet agent -t Info: Caching certificate for fp2 Warning: Unable to fetch my node definition, but the agent run will continue: Warning: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate signature failure for /CN=Puppet CA: master] Info: Retrieving plugin Error: /File[/var/lib/puppet/lib]: Failed to generate additional resources using 'eval_generate: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate signature failure for /CN=Puppet CA: master] Error: /File[/var/lib/puppet/lib]: Could not evaluate: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate signature failure for /CN=Puppet CA: master] Could not retrieve file metadata for puppet://puppet/plugins: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate signature failure for /CN=Puppet CA: master] Error: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate signature failure for /CN=Puppet CA: master] Warning: Not using cache on failed catalog Error: Could not retrieve catalog; skipping run Error: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate signature failure for /CN=Puppet CA: master] I tryied several times to clear certificare on master and agent but I have always the same result. To help to understand and debug the issue, here are some other informations: – clocks are syncronized on server and agent -I installed puppet agent on Red Hat 4 node using the following procedure: Install ruby a. wget ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.7-p72.tar.gz b. tar -xzvf ruby-1.8.7.tar.gz c. cd ruby-1.8.7 d. ./configure e. make f. make install Install rubygems a. wget http://rubyforge.org/frs/download.php/70696/rubygems-1.3.7.tgz b. tar xvzf rubygem.tgz c. cd rubygem d. ruby setup.rb Install library openssl-devel (needed to instal openssl support for ruby, otherwise nothing works) a. wget ftp://ftp.pbone.net/mirror/ftp.wesmo.com/pub/redhat/i386/openssl-devel-0.9.7-1.i386.rpm b. rpm –i openssl-devel-0.9.7-1.i386.rpm (Note: 0.9.7 is the most updated version of openssl library that can be installed on red hat 4) Install openssl support for ruby a. cd /${ruby_src}/ext/openssl b. ruby extconf.rb c. make d. make install a. Gem install puppet puppet.conf is the same on working and non-working agent I’m afraid this problem is related to openssl… rpm -qa | grep openssl: On Centos (master and working nodes) openssl-devel-1.0.0-25.el6_3.1.i686 openssl-1.0.0-25.el6_3.1.i686 on Red Hat 4 agent: openssl-0.9.7a-43.17.el4_6.1 openssl-devel-0.9.7-1 Hope someone could help.. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out. -- Jo Rhett Net Consonance : net philanthropy to improve open source and internet projects. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this
[Puppet Users] Re: Getting dangerous with hiera
I don't see your spaceship, but that aside, I believe that your create resources call will try to instantiate two main_class_foo classes, named subclass_one and subclass_two, with the listed parameters. I don't think you can use create_resources to instantiate different kinds of classes. On Monday, February 11, 2013 11:41:33 AM UTC-8, Ygor wrote: OK, I have a collection of related classes -- main_class_foo::subclass_one main_class_foo::subclass_two ... etc And each subclass has parameters, class main_class_foo::subclass_one ( $parameter_one_a, $parameter_one_b ) { ... } class main_class_foo::subclass_two ( $parameter_two_a, $parameter_two_b ) { ... } so can I make a hiera file like this: main_class_foo: subclass_one: parameter_one_a: this parameter_one_b: that subclass_two: parameter_two_a: other parameter_two_b: whatever ...and then load it with create_resources and instantiate it with an empty spaceship operator like this: $main_class_stuff = hiera_hash ( 'main_class_foo' ) create resources (main_class_foo, $main_class_stuff ) Is that correct ? “Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us.” Bill Waterson (Calvin Hobbes) -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Alternatives to a dynamic scope lookup
On Mon, Feb 11, 2013 at 1:49 PM, Jo Rhett jrh...@netconsonance.com wrote: From the snippet you posted, I don't see why you can't pass $var1 into the define. No magic, just straightforward variable passing, right? Sure thing. The trouble is that as I said -- there's *quite* a rich state that these classes create. So it is not a single var we're talking about but a dozen or so. Now, one could argue that it makes things more explicit if I actually have to tediously pass them explicitly. Personally, I fear it may increase the chance of typos. As I said -- what I'm asking here is literally a #define as it is known in C. There's a bunch of code that I need to be 'pasted' in a couple of different places and I'm wondering whether there's a language construct that could help me. And when I say 'pasted' -- I do mean it. 'Pasted' as in 'dumb preprocessor pasted kind of way' ;-) Thanks, Roman. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Certificate verify fails without indications
Jo, I hope that you are right, because probably time or naming problems are solvable, unlike problems with ssl lib... Let's assume it is a timing problem: I syncronized date and hwclock on agent manually, obtaining an offset of 2 seconds with master. Is it too much? Shall I set up an NTP service on master? Otherwise, if the problem is related with naming, what kind of checks should I perform? thanks a lot in advance Il giorno lunedì 11 febbraio 2013 22:51:34 UTC+1, Jo ha scritto: Sounds like your puppet master isn't signing the cert with the name that the agent is connecting with? All cert problems are either time sync or certificate name issues. So it's one of those two. On Feb 11, 2013, at 9:35 AM, Luigi Martin Petrella wrote: I have a puppet master on Centos 6.3 connected and working properly with other Centos 6.3 agent. I installed puppet agent via gems on a RED HAT 4 node. This is what happens when I try to sign certificate for the new node: AGENT [root@FP2 ~]$ puppet agent -t Info: Creating a new SSL key for fp2 Info: Caching certificate for ca Info: Creating a new SSL certificate request for fp2 Info: Certificate Request fingerprint (SHA1): 35:51:A0:12:CF:2E:F7:73:22:C3:5E:51:DC:03:AF:4C:FC:54:5C:10 Exiting; no certificate found and waitforcert is disabled MASTER [root@puppet centos]# puppet cert list fp2 (SHA1) 35:51:A0:12:CF:2E:F7:73:22:C3:5E:51:DC:03:AF:4C:FC:54:5C:10 [root@puppet centos]# puppet cert sign fp2 Notice: Signed certificate request for fp2 Notice: Removing file Puppet::SSL::CertificateRequest fp2 at '/var/lib/puppet/ssl/ca/requests/fp2.pem' AGENT [root@FP2 ~]$ puppet agent -t Info: Caching certificate for fp2 Warning: Unable to fetch my node definition, but the agent run will continue: Warning: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate signature failure for /CN=Puppet CA: master] Info: Retrieving plugin Error: /File[/var/lib/puppet/lib]: Failed to generate additional resources using 'eval_generate: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate signature failure for /CN=Puppet CA: master] Error: /File[/var/lib/puppet/lib]: Could not evaluate: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate signature failure for /CN=Puppet CA: master] Could not retrieve file metadata for puppet://puppet/plugins: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate signature failure for /CN=Puppet CA: master] Error: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate signature failure for /CN=Puppet CA: master] Warning: Not using cache on failed catalog Error: Could not retrieve catalog; skipping run Error: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate signature failure for /CN=Puppet CA: master] I tryied several times to clear certificare on master and agent but I have always the same result. To help to understand and debug the issue, here are some other informations: – clocks are syncronized on server and agent -I installed puppet agent on Red Hat 4 node using the following procedure: Install ruby a. wget ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.7-p72.tar.gz b. tar -xzvf ruby-1.8.7.tar.gz c. cd ruby-1.8.7 d. ./configure e. make f. make install Install rubygems a. wget http://rubyforge.org/frs/download.php/70696/rubygems-1.3.7.tgz b. tar xvzf rubygem*.tgz * *c. cd rubygem* d. ruby setup.rb Install library openssl-devel (needed to instal openssl support for ruby, otherwise nothing works) a. wget ftp://ftp.pbone.net/mirror/ftp.wesmo.com/pub/redhat/i386/openssl-devel-0.9.7-1.i386.rpm b. rpm –i openssl-devel-0.9.7-1.i386.rpm (Note: 0.9.7 is the most updated version of openssl library that can be installed on red hat 4) Install openssl support for ruby a. cd /${ruby_src}/ext/openssl b. ruby extconf.rb c. make d. make install a. Gem install puppet - puppet.conf is the same on working and non-working agent I’m afraid this problem is related to openssl… rpm -qa | grep openssl: On Centos (master and working nodes) openssl-devel-1.0.0-25.el6_3.1.i686 openssl-1.0.0-25.el6_3.1.i686 on Red Hat 4 agent: openssl-0.9.7a-43.17.el4_6.1 openssl-devel-0.9.7-1 Hope someone could help.. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com javascript:. To post to this group, send email to puppet...@googlegroups.comjavascript: .
[Puppet Users] Re: Installing puppet master and puppetdb on the same host.
I have puppetDB on my puppetmaster (CentOS 6.3), so I know you can do it. I am using Puppet3.0. You can also use dns_alt_names in your /etc/puppet/puppet.conf file. Here's what I have: [master] certname = puppet.domain.com dns_alt_names = puppet.domain.com,puppetdb.domain.com,puppet On Friday, February 8, 2013 6:42:43 AM UTC-8, Wikram Patankar wrote: Hi Guys, I am new to the world of puppet. I have successfully configured puppet on centos 6 and am now trying to install puppetb on the same host. After the configuration when I try to run puppetd --test command on the client I get : [root@puppettest ~]# puppetd --test notice: Ignoring --listen on onetime run err: Could not retrieve catalog from remote server: Error 400 on SERVER: Failed to submit 'replace facts' command for puppettest.example.com to PuppetDB at puppetdb.example.com:8081: Server hostname ' puppetdb.example.com' did not match server certificate; expected one of puppet.example.com, DNS:puppet, DNS:puppet.example.com warning: Not using cache on failed catalog err: Could not retrieve catalog; skipping run [root@puppettest ~]# openssl s_client -connect puppetdb.example.com:8081 CONNECTED(0003) depth=0 /CN=puppet.example.com verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 /CN=puppet.example.com verify error:num=27:certificate not trusted verify return:1 depth=0 /CN=puppet.example.com verify error:num=21:unable to verify the first certificate verify return:1 30704:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:188: I know that I am screwing up on the certificate part. But just don't know where exactly. Plz help. Thnx in advance Wikram -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] how to implement cascading defaults based on puppet classes
On Monday, February 11, 2013 11:09:28 AM UTC-6, Roman Shaposhnik wrote: On Mon, Feb 11, 2013 at 6:39 AM, jcbollinger john.bo...@stjude.orgjavascript: wrote: I am inclined to suspect, however, that you are rejecting Hiera based on mis- or limited understanding of what it can do for you. If Hiera can in fact do the job adequately, then I think it makes the most sense to use it instead of building your own custom solution. Honestly, I started this thread to be educated on various options. If you have the patience to bear with me -- that'll be mostly appreciated. I may ask some silly questions, though -- so patience is the keyword here ;-) Now, before you read further let me state a few assumptions that I have as far as using Hiera with a very custom ENC is concerned and see if they hold true. Here's my ideal state of things as far as how I'd like to use Puppet: #1 I'd like to have a very flexible set of Puppet classes capable of deploying radically different topologies of Bigtop Hadoop clusters. ASSUMPTION: to me this means a set of module(s) full of highly parameterized classes False. Any parametrized class you write can be trivially rewritten without parameters, instead pulling data from an external source (with hiera being the canonical example of such a source). That changes only the protocol by which data is fed to your classes, not their expressive capability. #2 Given that there's nothing static about my environment (I'm not running a datacenter -- I'm running a utility that lets users deploy random configurations of Bigtop Hadoop clusters on VMs) I'd rather minimize the # of things I have to configure/interact with when describing how the next N VMs should look like. ASSUMPTION: to me this means relying exclusively on a very custom ENC that would instantiate classes with precisely the right set of parameters, instead of updating Hiera backend everytime a new deployment is asked for. Questionable. You posit a large and diverse collection of data characterizing the configuration that will be deployed. You will certainly need to record that data somewhere, somehow, for each configuration. You or your users will need to do this at least as part of the process of developing a configuration. You or your users will probably want to have it on an ongoing basis if they want to *maintain* their configuration via Puppet or deploy the same configuration on a new set of VMs. You or your users may also want to have it as a starting point for creating variant configurations, instead of starting from scratch each time. So, since you need to record your data, why not do so in a form that Puppet can use directly? As a bonus, your ENC can then be a lot simpler. #3 Even though I can make my ENC spew out a setting for every single parameter that each class needs I'd rather check with the collective Puppet intelligence first to figure out whether there's a DSL-level language construct that would allow a parameter in a 'base' class affect the defaults in the 'child' one. NOTE: I'm NOT talking about dragging data/settings into my classes, I'm purely asking whether there's a sane way for the following bit of my ENC output: classes: cluster::hdfs auth: kerberos to affect all the children such as cluster::hdfs::namenode so the ENC doesn't have to do it explicitly. ASSUMPTION: I do realize that Hiera is one option to make this happen, however, it seems that in my case the trade off is: I need to teach my ENC to manipulate the state of Hiera backend. If I decide to do that it seems that I might as well make my ENC output extremely verbose. Questionable. Although you could, in principle, make your ENC write or rewrite data for the hiera back end, that seems a strange way to go about it. One would normally maintain the data separately from, but in parallel with the ENC itself. Otherwise you're recomputing the data every time, or else you're reading it from somewhere else and transliterating it into the form that Puppet will consume, which seems like wasted effort to me. To answer your question more directly, Puppet parametrized classes can draw on *non-parametrized* classes' variables for their own parameter defaults, but the mechanism for doing so reliably uses class inheritance, so 1. Doing so prevents you using class inheritance for anything else (which may be tolerable), and 2. You cannot safely use
Re: [Puppet Users] Certificate nightmares
On Monday, February 11, 2013 4:24:34 AM UTC-8, Luke Bigum wrote: Nick that's a pretty awesome explanation of the handshake and corresponding REST calls. Is that written down anywhere official? Perhaps with corresponding Puppet Master / Agent log entries? Good call, especially since I already knew where I wanted to put something like this. I just expanded it a bit and posted it at http://docs.puppetlabs.com/puppet/3/reference/subsystem_agent_master_comm.html -- no log entries yet, maybe we can add those some other day. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Alternatives to attempting self-modifying puppet code....
The title pretty much sums it up. I've got a situation where I need to have puppet enforce a given state most of the time, then when a certain flag is present it needs to use a different state - but only until a certain amount of time has passed, at which point it needs to go back to the normal state of things. I've got some ideas on how I can make this happen, but I am looking for some more sane alternatives. I have setup a question with details here: https://ask.puppetlabs.com/question/447/best-way-to-deal-with-temporary-state-changes/ But the short version is I don't want to get up at 0200 to stop services in prod for developers when they need to update database tables, and I don't want to have to remember to revoke their access (controlled via puppetized likewise config) the morning after the changes. Thanks. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Alternatives to a dynamic scope lookup
On Monday, February 11, 2013 4:03:24 PM UTC-6, Roman Shaposhnik wrote: On Mon, Feb 11, 2013 at 1:49 PM, Jo Rhett jrh...@netconsonance.comjavascript: wrote: From the snippet you posted, I don't see why you can't pass $var1 into the define. No magic, just straightforward variable passing, right? Sure thing. The trouble is that as I said -- there's *quite* a rich state that these classes create. So it is not a single var we're talking about but a dozen or so. Now, one could argue that it makes things more explicit if I actually have to tediously pass them explicitly. Personally, I fear it may increase the chance of typos. As I said -- what I'm asking here is literally a #define as it is known in C. There's a bunch of code that I need to be 'pasted' in a couple of different places and I'm wondering whether there's a language construct that could help me. Puppet DSL does not have such a feature. You have at least three alternatives: 1. As Jo said, give the definition all the formal parameters it needs to specify its data 2. Split it into multiple, similar defines that each pull some of their data from the appropriate (presumably different) class variables 3. Depending on how your classes are arranged, hiera may provide a reasonable way to address this problem. (Notwithstanding your distinct lack of enthusiasm about hiera in your other thread.) John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] apache 2.4 support in puppetlabs/apache
Hi everyone, I started testing out the puppetlabs/apache module from forge on a Fedora 18 server and noticed it doesn't have multiple version support for apache. Fedora 18 runs apache 2.4 and there are a few of modules that don't exist any more and a few config changes. I was pondering forking the module on github and adding attempting to add support for apache 2.4 but I thought I would check if anyone is working on this before I proceed. Good work on the module by the way. Pete. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Puppet broken in upgrade from 3.0.1 to 3.1.0
Well, this problem continues to harass me. I have to recreate an agent certificate on the puppet master after every reboot before puppet agents will update successfully. What am I doing wrong? On Wednesday, February 6, 2013 2:43:44 PM UTC-5, Johan De Wit wrote: On 02/06/2013 05:46 PM, thinkwell wrote: Hello everyone, Recently puppet was upgraded from 3.0.1 to 3.1.0 when I did a sudo apt-get update on my Kubuntu server. Now, I'm getting the following error http://thinkwelldesigns.com/puppet.htmlwhen running puppet. My config.ru file http://thinkwelldesigns.com/config.txtis the same as the source 3.1.0 config.ru filehttps://github.com/puppetlabs/puppet/blob/3.1.0/ext/rack/files/config.ru . So I'm scratching my head. My apache error log only shows: [code] [Wed Feb 06 11:37:08 2013] [warn] RSA server certificate CommonName (CN) `server' does NOT match server name!? [/code] But that apparently didn't prevent puppet from functioning for quite some time, since I found I was getting that error months ago. [code] [Sun Dec 09 07:57:49 2012] [warn] RSA server certificate CommonName (CN) `server' does NOT match server name!? [/code] Anybody have some help for me? Thanks! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com javascript:. To post to this group, send email to puppet...@googlegroups.comjavascript: . Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out. have you checked your /etc/puppet/puppet.conf, could be overwritten by the upgrade ? -- Johan De Wit Open Source Consultant Red Hat Certified Engineer(805008667232363) Puppet Certified Professional 2013 (PCP006) _ Open-Future Phone +32 (0)2/255 70 70 Zavelstraat 72Fax +32 (0)2/255 70 71 3071 KORTENBERG Mobile +32 (0)474/42 40 73 BELGIUM http://www.open-future.be _ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Filebucket: storage and retrieval of unique per node files
Hi, I need to backup a unique file from each of my nodes to a remote filebucket. I will also need to be able to retrieve/restore said file on-demand at a later date. I'm familiar with the basic config and operation for filebucket, but confused about how one restores a file for a given host without knowing the file's MD5 sum. Do I need the MD5 sum? Other than looking though reports, how does one find out what the MD5 sum of the backed up file is? Is there a strategy for dealing with this? Thanks, Brian -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] non-US-ASCII charapters in manifests (windows puppet 3.1)
On Mon, Feb 11, 2013 at 4:46 AM, Евгений Верещагин e.verescha...@gmail.comwrote: Puppet 3.1 is released, but problem not fixed. Puppet 3.0 and 2.x don't test manifest for non-ASCII and write uncorrect characters to system (like file names, folders, files and other) . But now Puppet 3.1 test manifest and stop.https://lh5.googleusercontent.com/-aRLPbc_OYbA/UQY4w9ivc6I/ACU/nqH8b5IRbgI/s1600/puppet%2B3.1b2.png -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out. I think you are running into https://projects.puppetlabs.com/issues/17010. The win32-dir gem we are using to return the COMMON_APPDATA directory returns a ruby string in UTF-16LE, which for some reason File.join does not allow. It assumes it is always passed UTF-8 strings, or at least ASCII compatible. To confirm this is the problem, try require 'win32-dir' File.join(Dir::COMMON_APPDATA, 'b') If you're on ruby 1.9, you could patch lib/puppet/util/run_mode.rb, line 78, to read: [Dir::COMMON_APPDATA.encode('UTF-8'), PuppetLabs, puppet] + extra Josh -- Josh Cooper Developer, Puppet Labs -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Getting dangerous with hiera
OK. Lets try it like this: whatever.pp - class main_class_foo::subclass_one ( $parameter_one_a, $parameter_one_b ) { ... } class main_class_foo::subclass_two ( $parameter_two_a, $parameter_two_b ) { ... } - whatever.yaml - main_class_foo: subclass_one: parameter_one_a: this parameter_one_b: that subclass_two: parameter_two_a: other parameter_two_b: whatever - another-whatever.pp - $main_class_stuff = hiera_hash ( 'main_class_foo' ) create resources (main_class_foo, $main_class_stuff ) Main_class_foo | | - Or do I need to do it like this: Same whatever.pp whatever.yaml - main_class_foo::subclass_one: parameter_one_a: this parameter_one_b: that main_class_foo::subclass_two: parameter_two_a: other parameter_two_b: whatever - another-whatever.pp - $main_class_one_stuff = hiera_hash ( 'main_class_foo::subclass_one’ ) create resources (main_class_foo::subclass_one, $main_class_one_stuff ) $main_class_two_stuff = hiera_hash ( 'main_class_foo::subclass_two' ) create resources (main_class_foo::subclass_two, $main_class_two_stuff ) Main_class_foo::Subclass_one | | Main_class_foo::Subclass_two | | - On Feb 11, 2013, at 5:00 PM, Ellison Marks wrote: I don't see your spaceship, but that aside, I believe that your create resources call will try to instantiate two main_class_foo classes, named subclass_one and subclass_two, with the listed parameters. I don't think you can use create_resources to instantiate different kinds of classes. On Monday, February 11, 2013 11:41:33 AM UTC-8, Ygor wrote: OK, I have a collection of related classes -- main_class_foo::subclass_one main_class_foo::subclass_two ... etc And each subclass has parameters, class main_class_foo::subclass_one ( $parameter_one_a, $parameter_one_b ) { ... } class main_class_foo::subclass_two ( $parameter_two_a, $parameter_two_b ) { ... } so can I make a hiera file like this: main_class_foo: subclass_one: parameter_one_a: this parameter_one_b: that subclass_two: parameter_two_a: other parameter_two_b: whatever ...and then load it with create_resources and instantiate it with an empty spaceship operator like this: $main_class_stuff = hiera_hash ( 'main_class_foo' ) create resources (main_class_foo, $main_class_stuff ) Is that correct ? “Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us.” Bill Waterson (Calvin Hobbes) -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Puppet Nagios/NRPE with Plugins...
Hi Gavin. Those are in my monitoring module which uses nrpe::plugin define to add resources to a node. It's on forge and github now if you want to take a look... I am trying to write more portable code that manages one service as opposed to how I had it before which was one module managing nagios,nrpe,nsca and assorted goodies. I also need to write some docs... On 12 February 2013 01:12, Gavin Williams fatmc...@gmail.com wrote: Pete Bit of a blast from the past, but this is next on my hit-list... Code looks like it fits quite well overall, however I'm struggling to see how you handle adding additional plugin scripts to the boxes... Can see plugin.pp adding the required nagios cfg additions, but it doesnt appear to be copying the actual plugin file(s)... Is that something you handle separately? Cheers Gavin On Thursday, 6 December 2012 02:32:33 UTC, Pete wrote: Cool. Let me know how it goes. I am making a start at splitting out my code for nagios into a module by itself and setting up one for icinga as well. Will likely post to the list when it's ready for consumption. Pete. On 5 December 2012 23:17, Gavin Williams fatm...@gmail.com wrote: Pete Cheers for that... Will have a read through the code and give it a spin :) Cheers Gavin On Wednesday, 5 December 2012 04:45:05 UTC, Pete wrote: Hi again, It seems github is a better option as they have an issue tracker. https://github.com/rendhalver/puppet-nrpehttps://github.com/rendhalver/puppet-nrpe On 5 December 2012 13:30, Peter Brown rendh...@gmail.com wrote: Hi Gav, I just put my nrpe module up on gitorious. https://gitorious.org/**rendhalv**er-puppet/nrpehttps://gitorious.org/rendhalver-puppet/nrpe I had to pull out my nrpe::firewall class for now because it uses my firewall module which I will be releasing at some point as well. I tagged the stable release as v1.0 so if you are going to clone it check out that tag if you prefer. The docs are non-existent as yet but the code is pretty self explanatory. it sets up nrpe on a node and you use the nrpe::plugin define to add new services. I use nrpe::params to set my variables so you need something in your node like this to set those. You can of course use hiera if you prefer. include nrpe class {'nrpe::params': nagios_extra_plugins = '/srv/scripts/nagios', nagios_ips = '192.168.0.1', } You can also set the port, user and group nrpe runs as as well as a few other vars. the nrpe::plugin works something like this. class monitoring::service::disk ( $ensure = $nagios_ensure, $host_name = $nagios_host_name, $service_type = 'standard_service', $notifications = $nagios_notifications ) { @@nagios_service { ${host_name}_disk: ensure = $ensure, use = $service_type, host_name = $host_name, service_description = 'DISK', servicegroups = $nagios_host_type ? { 'nonotify_server' = 'system', default = 'system,important_email' }, check_command = 'check_nrpe!check_disk', contact_groups = $nagios_sms_alerts ? { false = 'admins,linux_admins', true = 'admins,linux_admins,linux_**adm**in_sms' }, notifications_enabled = $notifications ? { default = undef, false = 0 }, register= 1, notify = Service[nagios], tag = nagios_${monitoring_server}, } nrpe::plugin { 'disk': ensure = $ensure, plugin = 'main', sudo = true, # you will need an sudo rule for that. check_command = 'check_disk -w 20% -c 10% --all', notify = Class['nrpe::service'], } } That is how I use that define in my monitoring class which will get released as well once I split out the nagios code into it's own module. if you find any bugs please let me know and I shall fix them as soon as I can. I will be putting it on puppet forge as well once I work out how that works. Hope that helps. If anyone else is keen to try it out let me know how it goes. Pete. On 5 December 2012 09:26, Peter Brown rendh...@gmail.com wrote: On 4 December 2012 17:05, fatmcgav fatm...@gmail.com wrote: Pete Sounds good to me... N be easier than me re-inventing the wheel... Would be happy to guinea pig... :) Awesome. I have an account on gitorious which I am going to use to put my code on. Gimme a bit to get my module cleaned up and make sure it works by itself. Will let you know when it's up there. Pete. Cheers Gav On 3 December 2012 23:56, Peter Brown rendh...@gmail.com wrote: Hi Gavin, I have a module i wrote that seems like it will do what you need. I also have a nagios module that uses it to setup nrpe services on each node and exports nagios checks to be imported into a nagios instance. I basically setup nrpe on each node to use a config directory and have a define that uses templates to generate each nrpe service that need to be setup. My nagios module needs some
Re: [Puppet Users] How to take a (VMWare) Virtual Machine's Snapshot using Puppet
but cannot find puppet samples, where a user can get permissions to create a VM SnapShot, and also revert it, without having root access, or admin rights. I would consider 2 possible approaches: 1. You have to get a restricted user created by a VMware administrator. 2. You consider creating a push service to have this done. push service: I can't think of a better name, but you basically create a service with admin/root access that scans maybe a particular directory. Your puppet scripts, for example, simply drop a file that special directory. Your service scans this directory regularly and takes the appropriate action(s). The file could contain a name and an action: vm_foo:create_snapshot. This would be enough information for the service to act accordingly. Marco -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] non-US-ASCII charapters in manifests (windows puppet 3.1)
I think you are running into https://projects.puppetlabs.com/issues/17010. The win32-dir gem we are using to return the COMMON_APPDATA directory returns a ruby string in UTF-16LE, which for some reason File.join does not allow. It assumes it is always passed UTF-8 strings, or at least ASCII compatible. Maybe, there are some issuses about non-ASCII. To confirm this is the problem, try require 'win32-dir' File.join(Dir::COMMON_APPDATA, 'b') Where I must write this strings? If you're on ruby 1.9, you could patch lib/puppet/util/run_mode.rb, line 78, to read: [Dir::COMMON_APPDATA.encode('UTF-8'), PuppetLabs, puppet] + extra How to migrate from ruby 1.8 to 1.9 if I use official MSI-package? I try unpack ruby ZIP into c:/program files/Puppet Labs/Puppet/sys/ruby/lib/ruby but it didn't work. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Hiera question -- accessing a hash from an erb template
Hi All, Simple question (hopefully). Say I have this: common.yaml: foo: bar: 10GB ... and in the manifest: $config = hiera('foo') file { '/etc/foo.conf': content = template('module/foo.erb') } ... and in foo.erb: file_size: %= @config['bar'] % For some reason, the output in /etc/foo.conf will be '10GB' on its own line, instead of 'file_size: 10GB'. Almost as if there is a funny character in there? Any ideas? Thanks. Gonzalo -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: apache 2.4 support in puppetlabs/apache
Just letting people know I have made a start on this. It seems the best way to achieve it is to write a custom fact or two and a couple of functions. Will setup a fork of the code soon and put my results in it. I will post a link to my fork if anyone wants to help test once I have it setup. On 12 February 2013 10:14, Peter Brown rendhal...@gmail.com wrote: Hi everyone, I started testing out the puppetlabs/apache module from forge on a Fedora 18 server and noticed it doesn't have multiple version support for apache. Fedora 18 runs apache 2.4 and there are a few of modules that don't exist any more and a few config changes. I was pondering forking the module on github and adding attempting to add support for apache 2.4 but I thought I would check if anyone is working on this before I proceed. Good work on the module by the way. Pete. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] puppet dashboard(open source)
I am setting up puppet opensource ,I am not able to lauch puppet dashboard. Can anyone please tell me if puppet opensource dashbord setting is same as in puppet dashboard or i need to do some different setting for this? -- Thanks and Regards, Mamta Garg -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Unable to resolve notrun to 0 error
*Hi all this is the manifest i have written for installing oracle:* $URL = http://192.168.24.171:8080/softwares/linux.x64_11gR2_database_1of2.zip; $Software = /db $Server = /db/oracle exec { download_url: command = /usr/bin/wget $URL, cwd = $Software, } exec {copy_unzip: command = /usr/bin/unzip -C /db/oracle unzip /db/linux.x64_11gR2_database_1of2.zip, cwd = $Server, } Exec['download_url'] - Exec['copy_unzip'] but when am applying it am getting the following error: *warning: Could not retrieve fact fqdn notice: /Stage[main]//Exec[download_url]/returns: executed successfully err: /Stage[main]//Exec[copy_unzip]/returns: change from notrun to 0 failed: /usr/bin/unzip -C /db/oracle unzip /db/linux.x64_11gR2_database_1of2.zip returned 9 instead of one of [0] at /root/learning-manifests/installzip1.pp:13 notice: Finished catalog run in 11.89 seconds* Please help me with this.. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Managing puppeteer modules with git
I´m thinking in create three different puppet environments: develop, testing and production. Each environment has its own dir /etc/puppet/environments/$environment/modules/. You can manage the modules using the flag --environment with every command, for instance: # puppet module install user-ssh --environment develop This command install the module user-ssh in the dir specified before and you don´t touch the production code. About the git configuration I´m thinking create a repo in the develop module dir with three branches develop, testing and production. Next step is clone the branch testing in the testing module repo and then cloning master branch in the production dir. What do you think? This page help me a lot: https://puppetlabs.com/blog/git-workflow-and-puppet-environments/ El lunes, 11 de febrero de 2013 21:53:34 UTC+1, Mason escribió: How do other people organize their puppet configs in Git? Right now we are using SVN, with about 100 modules and 4 environments. Each module and environment has their own trunk/tag trees, which makes it easy for each product team to manage their individual manifests. (We deploy by tag.) However, we are looking to move to Git, and I am wondering how other people have tackled this? I'd like to maintain the independent versioning of the modules, so individual git repos for each module seems the right way to go? It feels a little overweight, but am I over thinking it? We are running gitlab, so it's easy for us to spin up new repos. I've also been looking for some examples of how people have implemented continuous integration and deployment of their puppet manifests from git. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.