[Puppet Users] Puppet-dashboard(open source)
Hi , I am working with puppet open source.I have setup puppet dashboard. But its is not showing any agent node there.Anyone guide me for the same? -- Thanks and Regards, Mamta Garg -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Name or service not known issue
Wow, this is like a voice from the past coming to haunt me ;-) Way to find this thread years later. On 02/15/2013 05:42 PM, Adam Turner wrote: Felix - d) add a server= entry to your puppet.conf This needs to be a fully qualified domain name (FQDN) - correct? Technically it doesn't have to, but in most cases it is. That's because the agent expects the master's certificate to match its name (as they do where SSL is concerned), and your master likely does not use puppet (or another hostname) as its CN. Long story short, check what the master considers its name to be, use that as 'server' for the agent and make sure the agent machine can resolve that name to the master's IP address. HTH, Felix -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Specifying multple nodes with mcollective-puppet-agent Host Filters
If I want to run Puppet agent only on two nodes out of ten, how can I specify this with the Host Filters? I tried mco puppet runall 10 -I node1,node2 and different other variations, but this does not work. Is this at all possible? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Installation from the scratch
ok, I have configured a ntp client pointing to the same ntp server and both systems are sync, if I’m not wrong. Puppetmaster. root@puppetmaster:~# ntpq -p remote refid st t when poll reach delay offset jitter == +ntp01.srv.cat 158.227.98.152 u 45 64 377 39.7924.200 57.956 +ns2.telecom.lt 212.59.3.3 2 u 33 64 377 98.790 -5.831 58.675 *95.130.12.88193.67.79.2022 u 48 64 377 51.1010.739 32.604 root@puppetmaster:~# date mar feb 19 10:48:30 CET 2013 root@puppetmaster:~# hwclock mar 19 feb 2013 10:48:32 CET -0.235392 segundos On the client. puppetclient01:~ # ntpq -p remote refid st t when poll reach delay offset jitter == LOCAL(0).LOCL. 10 l 49 64 3770.0000.000 0.001 *dnscache-madrid 140.203.204.77 2 u 53 64 377 28.582 1010.30 702.384 +ntp2.tdc.fi .PPS.1 u 53 64 377 84.603 1009.71 698.465 +iris.wf-hosting 128.138.140.44 2 u 52 64 377 66.561 1003.46 682.697 puppetclient01:~ # date Tue Feb 19 10:49:23 CET 2013 puppetclient01:~ # hwclock Tue 19 Feb 2013 10:49:25 AM CET -0.911659 seconds Well, I’m getting the same result as before in both hosts: puppet agent --test err: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed warning: Not using cache on failed catalog err: Could not retrieve catalog; skipping run root@puppetmaster:~# puppet agent --test Warning: Unable to fetch my node definition, but the agent run will continue: Warning: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate signature failure for /CN=puppetmaster.domain.name] Info: Retrieving plugin Error: /File[/var/lib/puppet/lib]: Failed to generate additional resources using 'eval_generate: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate signature failure for /CN=puppetmaster.domain.name] Error: /File[/var/lib/puppet/lib]: Could not evaluate: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate signature failure for /CN=puppetmaster.domain.name] Could not retrieve file metadata for puppet://puppet/plugins: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate signature failure for /CN=puppetmaster.domain.name] Error: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate signature failure for /CN=puppetmaster.domain.name] Warning: Not using cache on failed catalog Error: Could not retrieve catalog; skipping run Error: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate signature failure for /CN=puppetmaster.domain.name] El viernes, 15 de febrero de 2013 19:22:35 UTC+1, Matt escribió: Is both servers clock in sync? On Fri, Feb 15, 2013 at 4:20 AM, Calero francisc...@ngahr.comjavascript: wrote: Hi all, I'm trying to understand how puppet works, and my idea is to learn installing a new environment from the scratch. I have the following: Master: cat /etc/debian_version 6.0.6 puppet --version 3.1.0 cat /etc/hosts 127.0.1.1 puppetmaster.domain.namepuppetmaster puppet Client: cat /etc/SuSE-release SUSE Linux Enterprise Server 11 (x86_64) VERSION = 11 PATCHLEVEL = 2 puppet --version 2.6.12 cat /etc/hosts 127.0.0.1 puppetclient01.domain.name puppetclient01 192.168.203.128 puppet puppetmaster.domain.name puppet agent --test info: Creating a new SSL key for puppetclient01.domain.name warning: peer certificate won't be verified in this SSL session warning: peer certificate won't be verified in this SSL session info: Creating a new SSL certificate request for puppetclient01.domain.name info: Certificate Request fingerprint (md5): 88:B5:17:BF:DD:39:90:ED:0D:1A:9D:3C:A7:51:8C:D3 warning: peer certificate won't be verified in this SSL session warning: peer certificate won't be verified in this SSL session warning: peer certificate won't be verified in this SSL session Exiting; no certificate found and waitforcert is disabled Once I sign it in the server…. puppetclient01:~ # puppet agent --test warning: peer certificate won't be
Re: [Puppet Users] Specifying multple nodes with mcollective-puppet-agent Host Filters
- Original Message - From: Andriy Yurchuk ayurch...@gmail.com To: puppet-users@googlegroups.com Sent: Tuesday, February 19, 2013 9:43:43 AM Subject: [Puppet Users] Specifying multple nodes with mcollective-puppet-agent Host Filters If I want to run Puppet agent only on two nodes out of ten, how can I specify this with the Host Filters? I tried mco puppet runall 10 -I node1,node2 and different other variations, but this does not work. Is this at all possible? -I node1 -I node2 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Issue when istalling puppet-server in RHEL 6.
Hi , Following is the issue: puppet.repo: [puppetlabs] name=Puppet Labs Packages baseurl=http://yum.puppetlabs.com/el/$releasever/products/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://yum.puppetlabs.com/RPM-GPG-KEY-puppetlabs uname -a Linux rniyer-linux 2.6.32-220.el6.x86_64 #1 SMP Wed Nov 9 08:03:13 EST 2011 x86_64 x86_64 x86_64 GNU/Linux $ yum install puppet-server Loaded plugins: product-id, refresh-packagekit, rhnplugin, security, subscription-manager Updating certificate-based repositories. puppetlabs | 1.9 kB 00:00 Not using downloaded repomd.xml because it is older than what we have: Current : Thu Feb 14 12:17:53 2013 Downloaded: Thu Feb 14 12:17:10 2013 Setting up Install Process Resolving Dependencies -- Running transaction check --- Package puppet-server.noarch 0:3.1.0-1.el5 will be installed -- Processing Dependency: puppet = 3.1.0-1.el5 for package: puppet- server-3.1.0-1.el5.noarch -- Running transaction check --- Package puppet.noarch 0:3.1.0-1.el5 will be installed -- Processing Dependency: ruby-augeas for package: puppet-3.1.0-1.el5.noarch -- Processing Dependency: ruby-shadow for package: puppet-3.1.0-1.el5.noarch -- Running transaction check --- Package ruby-augeas.x86_64 0:0.4.1-1.el6 will be installed --- Package ruby-shadow.x86_64 0:1.4.1-13.el6 will be installed -- Finished Dependency Resolution Dependencies Resolved = Package Arch Version RepositorySize = Installing: puppet-server noarch 3.1.0-1.el5 puppetlabs23 k Installing for dependencies: puppet noarch 3.1.0-1.el5 puppetlabs 957 k ruby-augeas x86_64 0.4.1-1.el6 aegisco 21 k ruby-shadow x86_64 1.4.1-13.el6 aegisco 11 k Transaction Summary = Install 4 Package(s) Total size: 1.0 M Total download size: 980 k Installed size: 2.8 M Is this ok [y/N]: If you notice, it is picking the version 3.1.0-1.el5 when it should be picking 3.1.0-1.el6 How can I install using rpm instead of yum? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Installation from the scratch
On 2/19/2013 3:39 PM, Calero wrote: [snip] Warning: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate signature failure for /CN=puppetmaster.domain.name] Are you using passenger? If so, check whether the SSL cert+key files in the webserver host config are the same as the ones expected by puppet. I had a similar problem when I bootstrapped a puppet master without running the puppetmaster directly (without passenger) first to generate the correct certificates. Just something to check. -Taj. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Installation from the scratch
No, i'm not using passenger, i have only puppetmaster installed. On 19 February 2013 13:27, Sirtaj Singh Kang sirtaj.k...@gmail.com wrote: On 2/19/2013 3:39 PM, Calero wrote: [snip] Warning: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate signature failure for /CN=puppetmaster.domain.name] Are you using passenger? If so, check whether the SSL cert+key files in the webserver host config are the same as the ones expected by puppet. I had a similar problem when I bootstrapped a puppet master without running the puppetmaster directly (without passenger) first to generate the correct certificates. Just something to check. -Taj. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@**googlegroups.compuppet-users%2bunsubscr...@googlegroups.com . To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/**group/puppet-users?hl=enhttp://groups.google.com/group/puppet-users?hl=en . For more options, visit https://groups.google.com/**groups/opt_outhttps://groups.google.com/groups/opt_out . -- Best regards * * *Francisco Calero* System Engineer - Linux Storage *Global IT(GITO) powering Northgate Information Solutions* NorthgateArinso C/ Arabial, 19 Planta 4ª Spain 18004 Granada Country VoIP: (2343 6992) Mobile: +34 (0)673588503 Email: francisco.cal...@northgatearinso.com Web: www.northgate-is.com -- -- This email is sent on behalf of Northgate Information Solutions Limited and its associated companies (Northgate) and is strictly confidential and intended solely for the addressee(s). If you are not the intended recipient of this email you must: (i) not disclose, copy or distribute its contents to any other person nor use its contents in any way or you may be acting unlawfully; (ii) contact Northgate immediately on +44 (0)1442 232424 quoting the name of the sender and the addressee then delete it from your system. Northgate has taken reasonable precautions to ensure that no viruses are contained in this email, but does not accept any responsibility once this email has been transmitted. You should scan attachments (if any) for viruses. -- -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Puppet-dashboard(open source)
It resolved.don't reply :) On Tue, Feb 19, 2013 at 4:15 AM, Mamta Garg itsmamta.b...@gmail.com wrote: Hi , I am working with puppet open source.I have setup puppet dashboard. But its is not showing any agent node there.Anyone guide me for the same? -- Thanks and Regards, Mamta Garg -- Thanks and Regards, Mamta Garg -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Specifying multple nodes with mcollective-puppet-agent Host Filters
Obviously... Thanks! On Tuesday, February 19, 2013 12:33:49 PM UTC+2, R.I. Pienaar wrote: - Original Message - From: Andriy Yurchuk ayur...@gmail.com javascript: To: puppet...@googlegroups.com javascript: Sent: Tuesday, February 19, 2013 9:43:43 AM Subject: [Puppet Users] Specifying multple nodes with mcollective-puppet-agent Host Filters If I want to run Puppet agent only on two nodes out of ten, how can I specify this with the Host Filters? I tried mco puppet runall 10 -I node1,node2 and different other variations, but this does not work. Is this at all possible? -I node1 -I node2 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Error with service: invalid byte sequence in US-ASCII
On Monday, February 18, 2013 11:02:05 PM UTC-6, Patrick wrote: No, but it's not related to the manifest. The manifest this resource is in actually hasn't changed in months. Also I can reboot the box and it goes away. Other boxes that aren't doing it will sometimes start doing it when they reboot. (at least that's the behaviour I've been observing, but I have only rebooted a few boxes since this started occurring). So it seems like it's environmental, but I have no clue what. I concur. The diagnostic messages appear to indicate that one of the system tools Puppet is using to manage the service (probably /sbin/initctl) fails with the given error message. That could well mean that the underlying init script (if any) or the daemon binary itself is failing, and initctl is just passing on the result. You said that the error occurs whenever you run Puppet, but you also said it goes away if you reboot. I'm not sure how to reconcile those. It may matter, because one of the potential problem areas involves whether the system tools return the correct response to the service's 'status' command. If they don't, then Puppet could try to start it when it is already running, to which the service might object. You could try to troubleshoot by running the service status, start, stop, and restart commands manually, and seeing what happens. Make sure to use a shell with the minimum possible environment -- maybe just a minimal PATH -- because that's what the agent will do. Capture not just the behavior and any messages, but also the status code returned by each command. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Question Windows manifests
Hi,
I am creating a file resouce which is bat file, and I am running the file
to perform some operation.
I need to know how do I delete the file after the operation is performed...
the code I tried is as follows
class rk{
file { c:\install.bat:
ensure = present,
content = template(rk/inst.txt),
notify = Exec['install']
}
exec {'install':
command = c:\install.bat,
timeout = 0,
require = File['c:\install.bat'],
}
file { c:\install.bat:
ensure = absent,
}
}
Now it gives me a duplicate declaration error for resource file I
understand its very logical to get this error but can someone please give
some pointers to resolve this issue.
Thanks a lot.
Rakesh K.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Controlling access to filebucket
On Monday, February 18, 2013 11:56:01 AM UTC-6, Brian Warsing wrote: Hi, Is there a way to control access to the filebucket? Specifically, I wish to allow agents to backup to the filebucket but never restore. Is this possible to do? Yes and no. You cannot create access controls that allow the agent write access to the filebucket but not read access, but that doesn't matter because the agent never restores files from the filebucket anyway(*). That's a manual operation if ever you need to do it. The agent will only apply whatever content and other properties are in the catalog given to it. That could bring a file to a state matching one that previously was filebucketed, but not by restoring from the bucket. (*) It is possible, of course, to write an Exec that explicitly runs a 'filebucket restore' operation, and the agent will attempt to run it. Needless to say, if you don't want files restored from the bucket then it is counterproductive to write such an Exec. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Class Order: Cant add user without group
Hello,
I am trying to establish an Puppet infrastructure starting with user and
group management.
For that reason, i created 2 modules: userloader and group.
Userloader contains a 'function' as template to add users, the module group
all groups to add.
If the groups are on every system, adding my people within the site.pp
works well. But I don't want to have every group on every system, they
should be created dynamically.
So i tried to add an user with the group fubar. It failed, because
fubar is not a group on the system. my group module does contain fubar,
just without ensure = present. My config setup:
Thats my userloader (often described as user_add):
define userloader ($uid, $gid, $groups, $comment, $password, $sshkeytype,
$sshkey) {
$user_home = $operatingsystem ? {
Solaris = '/export/home',
SLES = '/home',
}
$sshkeytypeChecked = $sshkeytype ? {
'' = 'ssh-rsa',
default = $sshkeytype,
}
$sshkeyChecked = $sshkey ? {
'' = 'notDefined',
default = $sshkey,
}
user { $title:
uid = $uid,
gid = $gid,
groups = $groups,
comment = $comment,
password = $password,
home = ${user_home}/${title},
managehome = true,
shell = '/bin/bash',
ensure = present,
}
ssh_authorized_key { $title:
user = $title,
type = $sshkeytypeChecked,
key = $sshkeyChecked,
name = $comment,
ensure = present,
}
}
Thats my group module with all groups:
class group {
### primary groups
group { groupA:
gid = 1000,
ensure = present,
}
### secondary groups
group { secgroupX:
gid = 1200,
ensure = present,
}
group { secgroupY:
gid = 1205,
}
}
And finally my testuser:
userloader { 'testuser':
uid = 1234,
gid = 1000,
groups = [secgroupX,secgroupY],
comment = 'any name',
password = 'X',
sshkeytype = 'xxx',
sshkey = 'xxx',
}
Could anybody tell me how to add the secgroupY dynamically? (only if it's
needed)
Thank you,
Alex
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: Puppet Automatic Resource State changing...
On Monday, February 18, 2013 9:15:05 AM UTC-6, Gavin Williams wrote: I was expecting the full state transition to take several Puppet runs, as the initial data replication to get from start to an 'Initialized' state could take anything from a couple of minutes to a couple of days... So changing the required state of the resource in-between runs was an expected step - ideally it would be automated, but could be manual I guess... That was not my point. You can have multiple classes that manage the same state detail in different ways. You just can't include more than one of them in the same catalog. Since you were planning multiple runs anyway, that is probably not a major issue. At this point, however, I'm not sure what the question is. You asked is this something Puppet could manage? and the answer is probably, especially considering that you're open to doing it across several runs. If you're looking for specific advice on how to describe steps 8-11 to Puppet then you'll need to provide more information. How can any person or agent determine to what stage the process has progressed? What are the system properties to be managed, and by what tool and/or operation are they managed? John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Rack Configurations
Hello, Is puppet able to verify rack configurations ? Thank you -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Dependency Ordering Confusion
On Monday, February 18, 2013 8:41:53 AM UTC-6, Josh D wrote:
I have a module for windows nodes that is defined like:
class ast_win {
Class['ast_win::env'] ~ Class['ast_win::restart'] - Class['ast_win']
ast_win::env contains a bunch of scripts that modify the environment on
the host machine. Mostly the PATH variable, but also other variables (e.g.
http_proxy) that are required for downstream installations.
ast_win::restart is supposed to run any time there is an environment
change. It will restart the Puppet Agent service and prompt the user to
close a command prompt, if that's how they're running the agent. Here's
the class definition for that guy:
class ast_win::restart {
file {'RestartAgentBat' :
ensure = file,
source = 'puppet:///modules/ast_win/restart_agent.bat',
path = 'C:\programdata\puppet\restart_agent.bat',
recurse = true,
mode= 0777,
}
exec {'restart_agent':
cwd = 'C:\programdata\puppet',
command = 'C:\programdata\puppet\restart_agent.bat',
subscribe = File['RestartAgentBat'],
refreshonly = true,
creates = 'C:\programdata\puppet\restart_agent.txt',
onlyif = 'cmd /c if exist restart_agent.txt (exit 1) else
(exit)',
path = $::path,
}
}
This much works. What I'm trying to accomplish is when a restart is
required, the restart_agent exec will return a non-zero exit status and
Puppet will skip all of the resources defined in Class['ast_win']
(Class['ast_win::restart'] - Class['ast_win']). restart_agent.bat creats
a text file that wil be deteted on future runs via the onlyif check.
The problem I'm running into is that even though restart_agent fails,
Puppet still continues onto Class['ast_win']. Currently, I have everything
commented out in that class except for a dummy exec task that always fails.
Here is an example run, where a restart should be required, restart_agent
fails, and puppet continues onto Class['ast_win']:
Info: Class[Ast_win::Env]: Scheduling refresh of Class[Ast_win::Restart]
Info: Class[Ast_win::Restart]: Scheduling refresh of Exec[restart_agent]
Notice: /Stage[main]/Ast_win::Restart/File[RestartAgentBat]/ensure:
defined content as '{md5}84ef01a7640a75f2fe702e8991be9e91'
Info: /Stage[main]/Ast_win::Restart/File[RestartAgentBat]: Scheduling
refresh of Exec[restart_agent]
Notice: /Stage[main]/Ast_win::Restart/Exec[restart_agent]/returns: The
Puppet Agent service is stopping.
Notice: /Stage[main]/Ast_win::Restart/Exec[restart_agent]/returns: The
Puppet Agent service was stopped successfully.
Notice: /Stage[main]/Ast_win::Restart/Exec[restart_agent]/returns:
Notice: /Stage[main]/Ast_win::Restart/Exec[restart_agent]/returns:
*
*
Notice: /Stage[main]/Ast_win::Restart/Exec[restart_agent]/returns: Install
Stage Complete. Restarting the puppet service.
Notice: /Stage[main]/Ast_win::Restart/Exec[restart_agent]/returns: IF
USING A COMMAND PROMPT, YOU MUST NOW CLOSE IT AND OPEN A NEW ONE BEFORE
CONTINUING!
Notice: /Stage[main]/Ast_win::Restart/Exec[restart_agent]/returns:
*
*
Error: /Stage[main]/Ast_win::Restart/Exec[restart_agent]: Failed to call
refresh: C:\programdata\puppet\restart_agent.bat returned 1 instead of one
of [0]
Error: /Stage[main]/Ast_win::Restart/Exec[restart_agent]:
C:\programdata\puppet\restart_agent.bat returned 1 instead of one of [0]
Notice: /Stage[main]/Ast_win/Exec[exit_init]/returns: INIT PATH snip /
Error: cmd /c echo INIT PATH %PATH% exit 1 returned 1 instead of one of
[0]
Error: /Stage[main]/Ast_win/Exec[exit_init]/returns: change from notrun to
0 failed: cmd /c echo INIT PATH %PATH% exit 1 returned 1 instead of one
of [0]
Notice: Finished catalog run in 237.10 seconds
Basically, what I'm looking for is a way to say: Always run ast_win::env
before ast_win::restart. Always run ast_win::restart before ast_win and
don't run ast_win if ast_win::restart fails. The following chain seems to
fail that very last bit:
Class['ast_win::env'] ~ Class['ast_win::restart'] - Class['ast_win']
Is there any way to accomplish what I'm trying to do?
Maybe. It becomes very tricky when you throw signaling relationships and
refreshes into the middle of a dependency chain (as opposed to at the
end). See http://projects.puppetlabs.com/issues/5876 for a discussion of
some of the issues, and vote for it if you're so inclined. That issue has
got to rank among the top vote getters, especially for open issues of its
age.
It can also be tricky to model processes in Puppet, because Puppet focuses
on state. Puppet is not a script engine, but in this regard you are trying
to use it as one.
I suspect that what is happening is that class ast_win::restart *
synchronizes* successfully, and then, as a separate matter, the Exec
Re: [Puppet Users] Require with Templates
On 02/16/2013 01:21 AM, Nan Liu wrote: Two different manifests (in two different environments) need to exist, one to install the facter dependency, the second for the template. Putting them in the same deployment will always result in a catalog compilation error since the master doesn't have the required fact, and the client will not receive a catalog to install the package to fulfill the fact. Of course, if at all possible, do design your template in such a fashion that it will not fail the whole catalog if the fact is missing, but imply a sensible default instead (that may mean not generating parts of the file at all e.g.) Cheers, Felix -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Querying system to generate resources
On Tuesday, February 19, 2013 10:00:39 AM UTC-6, Robert Citek wrote: What commands are there to collect system information and convert it into puppet resources? We have a lot of systems that were not initially configured with puppet and we would like to gather information about those systems as puppet resources. I have been generating resource information using 'pupppet resource ...' and that has been working reasonably well. For example, 'puppet resource user' generates resources for all users on the system. If I want just one user, I can specify that user's name, e.g. 'puppet resource user foo'. Same goes for types group, mount, package, and a few other types. But that pattern doesn't work for all resource types or options. For example, 'puppet resource ssh_authorized_key' doesn't output anything. The 'cron' type asks for a Title. 'interface' errors that it could not find a type 'interface'. And although 'package' lists all packages using the default package manager, it's not immediately apparent how to generate resources for all gems, e.g. 'puppet resource package provider=gem' does not list gems. Is 'puppet resource ...' the best practice way to generate resource information or are there other tools more suited? Or are there options or environment variables that are not immediately apparent? Still reading through the docs, but any pointers in the right direction gladly accepted. I've not used it personally, but there is a project (I think) called Blueprint might be worth looking into. I seem to recall that it can scan a system and generate modules for it. Regards, - Robert -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: .erb templates are not properly parsed.
On Monday, February 18, 2013 7:17:51 AM UTC-6, Marc Bolós wrote:
Dear John,
I tryed as you suggested, and didn't work.
Well no, evidently you didn't do what I suggested.
I Found where is the problem that produces the failure in both cases. The
problem basically is that on all the nodes I'm using inherits definition
like:
node basenode {
include shorewall
include othermodules
}
node examplenode1 inherits basenode {
include apache
include bind
include ssh
}
The most essential part of my suggestion was that the include firewall be
parsed *after* include $service_modules. The example code achieves that
by putting the former after the latter in the same node block. Putting the
two in different node blocks, with the latter's inheriting from the
former's, on the other hand, ensures the opposite (i.e. wrong) parse order.
So I tryed debugging and on the template I added following lines:
% classes.each do |k| -%
%= k %
% end -%
Then I find that it only prints classes inside basenode:
shorewall
other modules
If I declare host without inherits then, both procedures works, my first
and yours. And in this example , classes will print:
shorewall
other modules
apache
bind
ssh
It is pretty clear to me that this seems a puppet bug that does not parse
properly classes when you are using inherits in site.pp manifets.
No bug here. Puppet is behaving exactly as documented in the failing
cases. When Puppet processes your template, the 'apache', 'bind', and
'ssh' classes have not yet been declared, and therefore they do not appear
in the 'classes' array. See
http://docs.puppetlabs.com/guides/templating.html#access-to-tags-and-declared-classes,
which documents the variable you are trying to use.
Even when the classes are all declared in the same node block, I would
expect that the apache, bind, and ssh 'include's would need to appear
first. If you find that not to be the case then you have stumbled on a
convenience feature.
Now that you have had a taste of the pain, I repeat my initial advice:
avoid writing DSL code or templates that attempt to inquire whether
particular resources have been declared.
John
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Functions for PuppetDB
Is this the best option for accessing puppetdb data from modules? http://forge.puppetlabs.com/dalen/puppetdbquery Any other recommendations? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Functions for PuppetDB
On Tuesday, February 19, 2013 10:21:54 AM UTC-6, Schofield wrote: Is this the best option for accessing puppetdb data from modules? http://forge.puppetlabs.com/dalen/puppetdbquery Any other recommendations? As far as I know, that is currently the best option - though what you are trying to access may make something of a difference. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: .erb templates are not properly parsed.
On Tuesday, February 19, 2013 10:21:47 AM UTC-6, jcbollinger wrote: The most essential part of my suggestion was that the include firewall be parsed *after* include $service_modules. The example code achieves that by putting the former after the latter in the same node block. Putting the two in different node blocks, with the latter's inheriting from the former's, on the other hand, ensures the opposite (i.e. wrong) parse order. Hmm. My recollection of what was going on here was faulty, and in fact that was not the essential point at all. Indeed, the whole idea was that class declaration order could be made to not matter. As a corollary, how class declarations are split among node blocks in a node inheritance chain can be made not to matter either. If something like my suggestion worked when all the classes were declared in the same node block, but not when they were split up as described, then I would guess that you omitted the declaration of the $service_modules variable in your 'firewall' class. If you then declare that class in a node block where a variable of the same name has been declared (including in a base node), then the class will draw on the node variable. Otherwise, the value is empty. Note in particular that declaring a class in the base node and setting a variable in a child node does not make the variable visible to that class. Node inheritance does not inject the inheriting node's variables into the scope of the inherited node. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] AWS OpsWorks announcement using Chef
I wonder if PuppetLabs will work with Amazon to try to add Puppet as an option to OpsWorks as well ? I don't think people using Puppet with AWS in a stable fashion would try to move to OpsWorks and migrate everything to Chef, but new customers/startups would think twice in choosing Puppet if the service offered in AWS OpsWorks is based on Chef. I haven't tried OpsWorks yet, so I can't say much. Any thoughts ? Regards, Felipe -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Controlling access to filebucket
On Feb 19, 2013, at 6:26 AM, jcbollinger wrote: On Monday, February 18, 2013 11:56:01 AM UTC-6, Brian Warsing wrote: Hi, Is there a way to control access to the filebucket? Specifically, I wish to allow agents to backup to the filebucket but never restore. Is this possible to do? Yes and no. You cannot create access controls that allow the agent write access to the filebucket but not read access, but that doesn't matter because the agent never restores files from the filebucket anyway(*). That's a manual operation if ever you need to do it. The agent will only apply whatever content and other properties are in the catalog given to it. That could bring a file to a state matching one that previously was filebucketed, but not by restoring from the bucket. (*) It is possible, of course, to write an Exec that explicitly runs a 'filebucket restore' operation, and the agent will attempt to run it. Needless to say, if you don't want files restored from the bucket then it is counterproductive to write such an Exec. Regarding the manual operation, that was what I looking to prevent whether it be by hand, or exec. I was hoping that I could somehow use the master's auth.conf to control filebucket so that the agent could allow save, but not find, etc. Thanks for the info. -- Brian -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] migrating from cfengine to puppet, node wrangling question
This works, but I'm not sure it's the best way about going about it. I'm trying
to define host groups in my site.pp file in such a way that when puppet runs on
my nodes, they know their functional role and are configured accordingly. My
site.pp;
node base {
class { 'dirsvc': }
class { 'ntp': }
class { 'yum': }
}
# workstations
node 'inky.example.com', 'blinky.example.com' inherits base {
$hostclass = workstation
class { 'root': }
}
# server
node 'pinky.example.com' inherits base {
$hostclass = server
class { 'root': }
}
# server
node 'clyde.example.com' inherits base {
$hostclass = server
class { 'root': }
}
Example of a manifest using the $hostclass variable;
class root {
if $hostclass == server {
$rootpass = '$6$tTZjKZGj$undthG0kn5.5Fs/'
}
else {
$rootpass = '$6$6R8/bcDf$Ta5Uxl7eZlH.MP/'
}
user { root:
ensure = present,
password= $rootpass,
}
notify { my_hostclass:
message = Hostclass: $hostclass,
}
}
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Require with Templates
On 02/15/2013 07:42 PM, Tiago Cruz wrote:
I'm using lsbmajdistrelease to discover the verstion of CentOS, but
I've noticed that some hosts has broken, because the package
redhat-lsb is missing. If I install the package with yum, everything
works well, but I would like to solve this with puppet.
You can try and use $::operatingsystemrelease instead of
lsbmajdistrelease. That way you won't need to install redhat-lsb on your
machines... I really hate to install few dozen of packages just to get
that one fact going...
This is the way I use $::operatingsystemrelease instead of
$::lsbmajdistrelease :
case $::operatingsystemrelease {
default: {
some code
}
/^5.*/: {
some code for rhel 5
}
/^6.*/: {
some code for rhel 6
}
}
Hope it helps.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Issue when istalling puppet-server in RHEL 6.
On Tue, Feb 19, 2013 at 2:38 AM, DreamBig rajeev.n.i...@gmail.com wrote: Hi , Following is the issue: puppet.repo: [puppetlabs] name=Puppet Labs Packages baseurl=http://yum.puppetlabs.com/el/$releasever/products/$basearch/ enabled=1 gpgcheck=1 gpgkey=http://yum.puppetlabs.com/RPM-GPG-KEY-puppetlabs uname -a Linux rniyer-linux 2.6.32-220.el6.x86_64 #1 SMP Wed Nov 9 08:03:13 EST 2011 x86_64 x86_64 x86_64 GNU/Linux $ yum install puppet-server Loaded plugins: product-id, refresh-packagekit, rhnplugin, security, subscription-manager Updating certificate-based repositories. puppetlabs | 1.9 kB 00:00 Not using downloaded repomd.xml because it is older than what we have: Current : Thu Feb 14 12:17:53 2013 Downloaded: Thu Feb 14 12:17:10 2013 Setting up Install Process Resolving Dependencies -- Running transaction check --- Package puppet-server.noarch 0:3.1.0-1.el5 will be installed -- Processing Dependency: puppet = 3.1.0-1.el5 for package: puppet- server-3.1.0-1.el5.noarch -- Running transaction check --- Package puppet.noarch 0:3.1.0-1.el5 will be installed -- Processing Dependency: ruby-augeas for package: puppet-3.1.0-1.el5.noarch -- Processing Dependency: ruby-shadow for package: puppet-3.1.0-1.el5.noarch -- Running transaction check --- Package ruby-augeas.x86_64 0:0.4.1-1.el6 will be installed --- Package ruby-shadow.x86_64 0:1.4.1-13.el6 will be installed -- Finished Dependency Resolution Dependencies Resolved = Package Arch Version RepositorySize = Installing: puppet-server noarch 3.1.0-1.el5 puppetlabs23 k Installing for dependencies: puppet noarch 3.1.0-1.el5 puppetlabs 957 k ruby-augeas x86_64 0.4.1-1.el6 aegisco 21 k ruby-shadow x86_64 1.4.1-13.el6 aegisco 11 k Transaction Summary = Install 4 Package(s) Total size: 1.0 M Total download size: 980 k Installed size: 2.8 M Is this ok [y/N]: If you notice, it is picking the version 3.1.0-1.el5 when it should be picking 3.1.0-1.el6 How can I install using rpm instead of yum? Your issue is pointing to an oddity in your yum config. The puppet.repo file is using $releasever to determine the correct repo path. $releasever is determined by yum by checking the version of the package that provides `redhat-release`, unless you've overridden it in yum.conf. In your case, yum appears to think you're on an el 5 box. What distro/version are you running? What are the contents of /etc/redhat-release ? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] How to manually create Puppet CA and client certificates using openssl?
Dear Felix, I think you're getting it wrong, let me clarify it a bit. The goal of this is to be able to write web interface for generating puppetmasters CA's and client certificates on demand. An example: install 3 puppetmasters with loadbalancer in front. Use web interface to generate CA and certificates for chosen clients (lets say, 10 machines). Deploy such generated CA's on puppetmasters, and relevant bits on puppet clients to authorize them against these puppetmasters. Whenever there's need for change, use that CA via web interface to add and delete client certificates, redeploy them on puppetmasters and so on. This, while doable via Subprocess functions (Python is the language of choice for me, but that doesnt really matters) and calls to relevant puppet system commands is extremely ugly and not flexible solution. I would love to do it via openssl library, but to do so, I'd need to have a workable way to build CA's and sign (and revoke) client certs via openssl command - so far I cant reach that goal. I hope this makes more sense now. Regards, S. On Tuesday, February 19, 2013 4:04:32 PM UTC, Felix.Frank wrote: On 02/16/2013 12:20 PM, spankt...@gmail.com javascript: wrote: after creating CA and client cert and applying them to puppetmaster, it complains with: Wait, what? You create a new CA, even after agents have already been certified, then create new agent certificates? If your CA changes, you will have to terminate all the (now deprecated) agent certificates and sign new certificates for all agents. Basically, I would expect the outcome you are observing, and you should just follow the instructions given in your log excerpt. Note that you are *not* supposed to remove the CA from the master, only the copy of the agent's certificate. HTH, Felix -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: AWS OpsWorks announcement using Chef
It makes sense for Amazon to go with something like Chef, because it is more cloud oriented and it's easier to hack something up just to get it up and running quicker. Chef is more like shell scripting on steroids I would say, at least, that's how many people use it. On Tuesday, 19 February 2013 17:07:26 UTC, Felipe Salum wrote: I wonder if PuppetLabs will work with Amazon to try to add Puppet as an option to OpsWorks as well ? I don't think people using Puppet with AWS in a stable fashion would try to move to OpsWorks and migrate everything to Chef, but new customers/startups would think twice in choosing Puppet if the service offered in AWS OpsWorks is based on Chef. I haven't tried OpsWorks yet, so I can't say much. Any thoughts ? Regards, Felipe -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Request for an architectural advice for Hadoop ecosystem deployment
On Tuesday, February 19, 2013 1:26:34 AM UTC-6, Roman Shaposhnik wrote: Hi! a few email exchanges on this ML coupled with John's remark that he'd be open for an architectural advice made realize that a discussion focused on a particular use case I'm trying to address might be much more fruitful than random questions here and there. It is a long email, but I hope it will be useful for the majority of folks subscribed to puppet-users@ I hope so, too. Comments in-line below. This use case originates from the Apache Bigtop project. Bigtop is to Hadoop what Debian is to Linux -- we're a project aiming at building a 100% community driven BigData management distribution based on Apache Hadoop and its ecosystem projects. We are concerned with integration, packaging, deployment and system testing of the resulting distro and we also happen to be the basis for a few commercial distributions -- most notably Cloudera's CDH. Now, it must be mentioned that when I say 'a distribution' I really mean it. Here's the list of components that we have to manage (it is definitely not just Hadoop): https://issues.apache.org/jira/browse/BIGTOP-816?focusedCommentId=13560059page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-13560059 Our current Puppet code is a pretty old code base (originated in pre 2.X puppet) that currently serves as the main engine for us to dynamically deploy Bigtop clusters on EC2 for testing purposes. However, given that the Bigtop distro is the foundation for the commercial distros, we would like our Puppet code to be the go-to place for all the puppet-driven Hadoop deployment needs. Thus at the highest level, our Puppet code needs to be: #0 useful for as many versions of Puppet as possible. Obviously, we shouldn't obsess too much over something like Puppet 0.24, but we should keep the goal in mind This could actually be a substantial issue. Much depends on whether you are looking for code (manifest) compatibility, or functional compatibility between various versions of the master and agent. The former is more tractable. The latter is subject to these constraints: the master must not be older than the agents it serves, and the agents must not be too many minor revisions behind the master. For example, v. 3.0.x agents should work with a v 3.1 master, and I think even a v 3.2 master when that eventually comes, but they are likely to not work with masters in the 3.3 series, when that arrives in a couple years. It is easier to maintain manifest compatibility, though maintaining compatibility for a wide selection of versions probably will require careful coding, and not relying on third-party modules (unless you fork them for yourselves). #1 useful in a classical puppet-master driven setup where one has access to modules, hiera/extlookup, etc all nicely setup and maitained under /etc/puppet #2 useful in a masterless mode so that things like Puppet/Whirr integration can be utilized: https://issues.apache.org/jira/browse/WHIRR-385 This is the case where the Puppet classes are guaranteed to be delivered to each node out of band and --modulepath will be given to puppet apply. Everything else (hiera/extlookup files, etc) is likely to require additional out-of-band communications that we would like to minimize. You have to communicate the needed data somehow. This can't fundamentally be about *additional* communication; it can only be about how the communication is organized. #3 useful in orchestration scenarios (like Apache Ambari) although this could be viewed as a subset of the previous one. It is important to understand that Puppet is not an orchestration tool, though it can be used *by* one. In an orchestrated cluster (re)configuration scenario, it is also important to avoid overloading a Puppet master. One way to do so is to push out manifests and data to the nodes so that they can puppet apply them instead of requiring catalog compilation by the master. That is the sense in which #3 might be viewed as a subset of #2. There are couple of puppet features that you cannot then use (exported resources springs to mind), but that may be tolerable, or even necessary. Now, given that a typical Hadoop cluster is a collection of nodes each of which is running a certain collection of services that belong to a particular subsystem (such as HDFS, YARN, HBase, etc.) My first instinct at modeling was to introduce a series of classes that would capture configuration of these subsystems. Plus, a top-level class that would correspond to settings common to the entire cluster. Perhaps this is just a terminology or mindset problem, or maybe I'm hearing you wrong, but it sounds like you're focusing on data, whereas I think you
[Puppet Users] Parameter issue
Hi,
I'm working on a module and run into an issue. I would like to install
multiple PHP versions from source. I know the preferred way is packages,
but I don't want to maintain a custom APT repository. I have two files:
install.pp which does the installation (download, extract, configure, make,
make install) and params.pp which provides parameters.
https://gist.github.com/gergoerdosi/4990967
https://gist.github.com/gergoerdosi/4991012
The first call to php::install::source { '5.3.21': } runs fine, however
when it reaches php::install::source { '5.4.11': }, it downloads 5.3.21
again instead 5.4.11. This is happening because the $url uses $version in
params.pp, which doesn't get updated on the second call. This an expected
behavior, but I don't know how else could I do it. What I want to do is to
provide parameters for the different PHP versions (different URL, configure
options etc). Any idea? My Puppet version is 2.7.19.
Gergo Erdosi
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Mounting windows fileshare
I am looking for a way of mounting a windows fileshare without using 'exec net use ...' and haven't found a type that supplies this functionality. The windows documentation mentions that to use UNC paths you have to mount the drive first, but makes no mention of how to do this. Thank you for your time -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: Querying system to generate resources
Thanks. I'll try that out: https://github.com/devstructure/blueprint Regards, - Robert On Tue, Feb 19, 2013 at 11:20 AM, llowder llowde...@gmail.com wrote: On Tuesday, February 19, 2013 10:00:39 AM UTC-6, Robert Citek wrote: What commands are there to collect system information and convert it into puppet resources? We have a lot of systems that were not initially configured with puppet and we would like to gather information about those systems as puppet resources. I have been generating resource information using 'pupppet resource ...' and that has been working reasonably well. For example, 'puppet resource user' generates resources for all users on the system. If I want just one user, I can specify that user's name, e.g. 'puppet resource user foo'. Same goes for types group, mount, package, and a few other types. But that pattern doesn't work for all resource types or options. For example, 'puppet resource ssh_authorized_key' doesn't output anything. The 'cron' type asks for a Title. 'interface' errors that it could not find a type 'interface'. And although 'package' lists all packages using the default package manager, it's not immediately apparent how to generate resources for all gems, e.g. 'puppet resource package provider=gem' does not list gems. Is 'puppet resource ...' the best practice way to generate resource information or are there other tools more suited? Or are there options or environment variables that are not immediately apparent? Still reading through the docs, but any pointers in the right direction gladly accepted. I've not used it personally, but there is a project (I think) called Blueprint might be worth looking into. I seem to recall that it can scan a system and generate modules for it. Regards, - Robert -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] autometically create nagios_hostgroup only when a member of a group comes up
Is there any way to create the Nagios hostgroup only when the first (or at
least one) member of that hostgroup comes on line?
I tried with Puppet Storeconfigs: The client node exports the
nagios_hostgroup resource:
@@nagios_hostgroup { 'cloud-app':
alias = Application Servers,}
and the server node collects it:
Nagios_hostgroup | | { notify = Service['nagios'] }
It works for the first node but get duplicate definition error as soon as
the second node of that hostgroup comes online and try to export the very
same resource.
Specifying hostgroup in the Nagios server manifest (and exporting the
nagios_host instead) initially solve this issue but the biggest problem
with this approach is: in a multi hostgroup configuration, Nagios won't
start until atleast one member from the each hostgroup comes on-line. This
leaves us with a huge inconvenience. As all the hostgroups are created
during the Nagios server configuration, Nagios refuses to start until the
first member of the last hostgroup is configured. For us, it takes up to 30
mins. Is there any workaround/fix for this issue? Any pointer would be
greatly appreciated. Cheers!!
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] How to manually create Puppet CA and client certificates using openssl?
You might have better luck using something like FreeIPA and using it's ca cert and setting up certs for each node and using those as the puppet certs. This may help. http://jcape.name/2012/01/16/using-the-freeipa-pki-with-puppet/ I had a go at setting it up but I am using FreeIPA 3 and the steps need some changing for that so your mileage may vary. On 20 February 2013 06:15, spankthes...@gmail.com wrote: Dear Felix, I think you're getting it wrong, let me clarify it a bit. The goal of this is to be able to write web interface for generating puppetmasters CA's and client certificates on demand. An example: install 3 puppetmasters with loadbalancer in front. Use web interface to generate CA and certificates for chosen clients (lets say, 10 machines). Deploy such generated CA's on puppetmasters, and relevant bits on puppet clients to authorize them against these puppetmasters. Whenever there's need for change, use that CA via web interface to add and delete client certificates, redeploy them on puppetmasters and so on. This, while doable via Subprocess functions (Python is the language of choice for me, but that doesnt really matters) and calls to relevant puppet system commands is extremely ugly and not flexible solution. I would love to do it via openssl library, but to do so, I'd need to have a workable way to build CA's and sign (and revoke) client certs via openssl command - so far I cant reach that goal. I hope this makes more sense now. Regards, S. On Tuesday, February 19, 2013 4:04:32 PM UTC, Felix.Frank wrote: On 02/16/2013 12:20 PM, spankt...@gmail.com wrote: after creating CA and client cert and applying them to puppetmaster, it complains with: Wait, what? You create a new CA, even after agents have already been certified, then create new agent certificates? If your CA changes, you will have to terminate all the (now deprecated) agent certificates and sign new certificates for all agents. Basically, I would expect the outcome you are observing, and you should just follow the instructions given in your log excerpt. Note that you are *not* supposed to remove the CA from the master, only the copy of the agent's certificate. HTH, Felix -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Parameter issue
Hi Gerdo,
You are on the right track using a define but the problem is one of scope.
The version parameter for your define will only get set once in your
php::params class because classes are almost singletons in puppet (as in
they can exist only once for a node no matter how many times you call them).
You will have to set the configure parameters inside your define which will
be ugly I know but there isn't any other way around it.
I haven't used them but inline templates may help alleviate the ugliness.
I would also recommend splitting your define out into a separate file so
it's easier to maintain.
Hope that helps.
Pete.
On 20 February 2013 09:04, ge...@timble.net wrote:
Hi,
I'm working on a module and run into an issue. I would like to install
multiple PHP versions from source. I know the preferred way is packages,
but I don't want to maintain a custom APT repository. I have two files:
install.pp which does the installation (download, extract, configure, make,
make install) and params.pp which provides parameters.
https://gist.github.com/gergoerdosi/4990967
https://gist.github.com/gergoerdosi/4991012
The first call to php::install::source { '5.3.21': } runs fine, however
when it reaches php::install::source { '5.4.11': }, it downloads 5.3.21
again instead 5.4.11. This is happening because the $url uses $version in
params.pp, which doesn't get updated on the second call. This an expected
behavior, but I don't know how else could I do it. What I want to do is to
provide parameters for the different PHP versions (different URL, configure
options etc). Any idea? My Puppet version is 2.7.19.
Gergo Erdosi
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an
email to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] autometically create nagios_hostgroup only when a member of a group comes up
Hi,
You will get duplication if you declare a nagioshost_group with the same
name on more than one node...
I think you may be missing the point of nagios_hostgroup. It is for
declaring a hostgroup in nagios not setting the nagios hostgroup for a node.
I am guessing you are trying to add a node to a hostgroup?
You will need to add a hostgroups parameter to your nagios_host declaration
and set the hostgroup for the node there.
I am also reasonably sure you can have empty hostgroups in nagios...
if you want a kickstart there are a few monitoring modules on puppet forge.
(I wrote some that may help)
On 20 February 2013 11:27, Sans r.santanu@gmail.com wrote:
Is there any way to create the Nagios hostgroup only when the first (or
at least one) member of that hostgroup comes on line?
I tried with Puppet Storeconfigs: The client node exports the
nagios_hostgroup resource:
@@nagios_hostgroup { 'cloud-app':
alias = Application Servers,}
and the server node collects it:
Nagios_hostgroup | | { notify = Service['nagios'] }
It works for the first node but get duplicate definition error as soon
as the second node of that hostgroup comes online and try to export the
very same resource.
Specifying hostgroup in the Nagios server manifest (and exporting the
nagios_host instead) initially solve this issue but the biggest problem
with this approach is: in a multi hostgroup configuration, Nagios won't
start until atleast one member from the each hostgroup comes on-line. This
leaves us with a huge inconvenience. As all the hostgroups are created
during the Nagios server configuration, Nagios refuses to start until the
first member of the last hostgroup is configured. For us, it takes up to 30
mins. Is there any workaround/fix for this issue? Any pointer would be
greatly appreciated. Cheers!!
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an
email to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: Error: Could not retrieve catalog from remote server: execution expired
Hi i also have this problem when working with nagios, always expire... is
that any solution for this, from puppet configuration byself? my nagios
production server can't working anymore. Even i already use puppetDB. I see
many people have same problem on the net.
Thanks,
~Heriyanto
On Thu, Jan 17, 2013 at 4:02 PM, Luke Bigum luke.bi...@lmax.com wrote:
I'm not sure if there's a way to increase the timeout for exported
resource reconstruction, however rather than doing a Puppet resource
collection you can query the raw data from PuppetDB:
https://github.com/dalen/puppet-puppetdbquery
Here is an example a colleague of mine used to vastly speed up the catalog
of our Nagios server. Here it queries exported 'hostgroup_member' resources
with a specific tag, then uses the returned hash of data in a template to
define all Nagios hostgroups:
$hostgroup_members = pdbresourcequery(
[ 'and',
[ '=', 'tag', $nagios::params::sites ],
[ '=', 'type', 'Nagios::Config::Hostgroup_member' ],
[ '=', 'exported', true ]
]
)
file { $nagios::params::hostgroups_yaml:
content = template('nagios/nagios_hostgroups.yaml.erb'),
notify = Class['nagios::service'],
}
This cut our catalog down from over 2 minutes in compile/collect time to
around 20-30 seconds.
Hope that helps,
-Luke
On Wednesday, January 16, 2013 11:35:23 PM UTC, Joshua Buss wrote:
Wow, I just found this by googling for the error message and I'm getting
the exact same problem.. unable to run puppet agent on the same machine
where I have the puppet master running.. times out on loading plugin. I'm
running on ubuntu server 11.10, version 2.7.1-1ubuntu3.7
On Monday, January 7, 2013 1:19:41 PM UTC-6, Rob Smith wrote:
Hi everyone,
I recently ran into an issue where my puppetmaster can't run puppet on
itself. It errors out with the following:
Error: Could not retrieve catalog from remote server: execution expired
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
I'm running Puppet 3 with passanger and puppetdb (hsql). I've tried
restarting puppetdb and apache to no effect. If I wipe out puppetdb, it'll
work again until all 17 servers are back into the catalog and it times out
from then on. The puppet master is also my nagios node so it does have a
huge amount of resources to assemble.
Can I configure puppet to wait longer for the catalog generation step?
I've search the docs without anything standing out to me.
Thanks,
~Rob
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/ffFFsG4HM0YJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Question Windows manifests
thanks a ton.. I will give it try and revert...
On Tue, Feb 19, 2013 at 7:58 PM, Bernd Adamowicz
bernd.adamow...@esailors.de wrote:
You could try:
** **
file { ‘delete-install-bat’:
ensure = absent,
path = ‘c:\install.bat’,
require = Exec[‘install’],
}
** **
Cheers,
Bernd
*From:* puppet-users@googlegroups.com [mailto:
puppet-users@googlegroups.com] *On Behalf Of *Rakesh Kathpal
*Sent:* Dienstag, 19. Februar 2013 15:22
*To:* puppet-users@googlegroups.com
*Subject:* [Puppet Users] Question Windows manifests
** **
Hi,
I am creating a file resouce which is bat file, and I am running the file
to perform some operation.
I need to know how do I delete the file after the operation is
performed... the code I tried is as follows
class rk{
file { c:\install.bat:
ensure = present,
content = template(rk/inst.txt),
notify = Exec['install']
}
exec {'install':
command = c:\install.bat,
timeout = 0,
require = File['c:\install.bat'],
}
file { c:\install.bat:
ensure = absent,
}
}
Now it gives me a duplicate declaration error for resource file I
understand its very logical to get this error but can someone please give
some pointers to resolve this issue.
Thanks a lot.
Rakesh K.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an
email to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an
email to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Question Windows manifests
unfortunately getting a different error now
err: Failed to apply catalog: Cannot alias File[install] to
[c:/install.bat] at /etc/puppet/modules/rk/manifests/init.pp:8; resource
[File, c:/install.bat] already declared at
/etc/puppet/modules/rk/manifests/init.pp:20
---
my manifests looks like follows
--
class rk {
file { 'install':
path = c:\install.bat,
ensure = present,
content = template(rk/inst.txt),
notify = Exec['install_sw']
}
exec {'install_sw':
command = c:\install.bat,
timeout = 0,
require = File['install'],
notify = File['remove']
}
file { 'remove':
ensure = absent,
path = c:\install.bat,
require = Exec['install_sw']
}
}
---
I am quite sure that there is something syntactically wrong my code but
donno what? Can someone please shed some light on this?
Thanks Regards,
Rakesh K.
On Wed, Feb 20, 2013 at 10:32 AM, Rakesh Kathpal rkath...@gmail.com wrote:
thanks a ton.. I will give it try and revert...
On Tue, Feb 19, 2013 at 7:58 PM, Bernd Adamowicz
bernd.adamow...@esailors.de wrote:
You could try:
** **
file { ‘delete-install-bat’:
ensure = absent,
path = ‘c:\install.bat’,
require = Exec[‘install’],
}
** **
Cheers,
Bernd
*From:* puppet-users@googlegroups.com [mailto:
puppet-users@googlegroups.com] *On Behalf Of *Rakesh Kathpal
*Sent:* Dienstag, 19. Februar 2013 15:22
*To:* puppet-users@googlegroups.com
*Subject:* [Puppet Users] Question Windows manifests
** **
Hi,
I am creating a file resouce which is bat file, and I am running the file
to perform some operation.
I need to know how do I delete the file after the operation is
performed... the code I tried is as follows
class rk{
file { c:\install.bat:
ensure = present,
content = template(rk/inst.txt),
notify = Exec['install']
}
exec {'install':
command = c:\install.bat,
timeout = 0,
require = File['c:\install.bat'],
}
file { c:\install.bat:
ensure = absent,
}
}
Now it gives me a duplicate declaration error for resource file I
understand its very logical to get this error but can someone please give
some pointers to resolve this issue.
Thanks a lot.
Rakesh K.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an
email to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an
email to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: AWS OpsWorks announcement using Chef
Vaidas Jablonskis wrote: It makes sense for Amazon to go with something like Chef, because it is more cloud oriented and it's easier to hack something up just to get it up and running quicker. Chef is more like shell scripting on steroids I would say, at least, that's how many people use it. We're going to be talking to AWS about adding Puppet support to OpsWorks soon. It is our understanding from them that this is based on an acquisition they made of a Chef-based solution rather than an endorsement of Chef. More news when we have it! Thanks James -- James Turnbull 1-503-734-8571 To schedule a meeting with me: http://doodle.com/jamtur01 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
