Re: [Puppet Users] recovery from foreman
Hi On 27 Feb 2014, at 00:15, mjack...@broadsoft.com wrote: I am new to puppet. running puppet 2.7.19 didn't know that you couldn't install foreman and dashboard on the same system/puppet master. I've uninstalled both of them. puppet nodes are complaining about not being able to get their catalogs. Forman makes use of an ENC: /etc/puppet/node.rb You can verify whether this command (with a certname as parameter) will deliver desired results. (It should show yaml code). hth, Martin puppet.conf has: snippet: [main] # The Puppet var directory. vardir = /var/lib/puppet # The Puppet log directory. # The default value is '$vardir/log'. logdir = /var/log/puppet # Where Puppet PID files are kept. # The default value is '$vardir/run'. rundir = /var/run/puppet # Where SSL certificates are kept. # The default value is '$confdir/ssl'. ssldir = $vardir/ssl # Allow services in the 'puppet' group to access key (Foreman + proxy) privatekeydir = $ssldir/private_keys { group = service } hostprivkey = $privatekeydir/$certname.pem { mode = 640 } # Puppet 3.0.x requires this in both [main] and [master] - harmless on agents autosign = $confdir/autosign.conf { mode = 664 } [master] autosign = $confdir/autosign.conf { mode = 664 } reports= store, http external_nodes = /etc/puppet/node.rb node_terminus = exec ca = true [development] modulepath = /etc/puppet/modules/development:/etc/puppet/modules/common:/usr/share/puppet/modules [production] modulepath = /etc/puppet/modules/production:/etc/puppet/modules/common:/usr/share/puppet/modules /etc/puppet/manifests/site.pp includes: import classes/* import roles/*.pp import nodes/*.pp import users/*.pp ---end snippet- and yes /etc/puppet/manifests/nodes does contain node_$agent(fqdn).pp ls /var/lib/puppet/yaml/facts shows: $agent_hosts.yaml in /var/log/messages, I find the following types of errors: puppet puppet-master[16517]: Could not find node '$agent_hosts(fqdn)'; cannot compile # note: $agent_hosts(fqdn) = a list of hosts that should be managed by puppet. they all look like an fqdn. my question: where would the configuration be to tell where these machines are for compiling catalogs? This email is intended solely for the person or entity to which it is addressed and may contain confidential and/or privileged information. If you are not the intended recipient and have received this email in error, please notify BroadSoft, Inc. immediately by replying to this message, and destroy all copies of this message, along with any attachment, prior to reading, distributing or copying it. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/f07723f1-f06f-4861-b87f-e368ea275e32%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/051D0F19-6068-44EB-B249-0DD3C11EA0A2%40gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: puppet module generate skeleton not working on PE?
Hi, IMO, I think it is a good thing not to develop your modules under root account. So for me this is more a feature than a problem. Grts Johan On 02/26/2014 07:58 AM, Stephen Wallace wrote: Peter, When I ran the puppet module generate as non-rootit worked like a charm! Maybe some of the other talented people on this forum may have a clue as to why. Thanks again. Stephen On Wednesday, 26 February 2014 07:25:43 UTC+11, Peter wrote: Hi, I am not sure on the underlying reasons but this doesnt work under the root account. I ran into the same issue when I was playing with it on a dev box. Peter -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/237baac5-aa62-4388-bb84-f6b98798b300%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out. -- Johan De Wit Open Source Consultant Red Hat Certified Engineer (805008667232363) Puppet Certified Professional 2013 (PCP006) _ Open-Future Phone +32 (0)2/255 70 70 Zavelstraat 72 Fax +32 (0)2/255 70 71 3071 KORTENBERG Mobile+32 (0)474/42 40 73 BELGIUM http://www.open-future.be _ Next Events: Zabbix Certified Training | http://www.open-future.be/zabbix-certified-training-10-till-12th-march Zabbix for Large Environments Training | http://www.open-future.be/zabbix-large-environments-training-13-till-14th-march Puppet Intruction Course | http://www.open-future.be/puppet-introduction-course-14th-april Puppet Advanced Training | http://www.open-future.be/puppet-advanced-training-15-till-17th-april Subscribe to our newsletter | http://eepurl.com/BUG8H -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/530F0549.4010906%40open-future.be. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Condition on class existence on agent
On Thursday, February 27, 2014 8:52:04 AM UTC+1, nikolavp wrote: A specific example I think will be of much help. Some ideas: 1) Is role B just a more specific role A or they aren't so much related. You can use inheritance if they are and change the file/define Yes, B is some sort of more specific A. Not easy to explain because they use custom apps, services, and files (and I don't even fully know how they work), but maybe this example will fit: - role A is web server - role B is secure web server - the same set of resources (packages, users, files, configuration edits...) is applied for both roles, but role A sets some permissions in httpd.conf while role B needs more strict permissions for the same web paths, so they need to use different parameters for the same line in the same file. Maybe inheritance is the way to go? I can put my resource (and related ones) in a separate class with a parameter for the value to be inserted in the conf file, and then create two different classes for roles A and B which inherit the class and override the resource attribute through the parameter. Is that right? Other ways to do this would be to just propagate the parameter for the change to both role A and role B with default values. What do you mean? I am not sure if understood the idea. I am not saying that you have to create a dependant fact but just to set a fact with the value you want to change. So let's say you want to have a database connection URI. Role A sets it to something by default and Role B sets it to something else. You can specify the wanted connection URI on the host with custom fact. Ok, but how can I create this custom fact on the hosts? I'm provisioning the hosts through Foreman, I need the installation and configuration of the hosts to be automated, based on the classes/roles selected in the Foreman GUI. I do not want to create the custom fact by hand on each host. That's why I was thinking about checking the classes applied to the host, as a way to automatically detect the value to be assigned to the fact. N.B. Can you also tell us how do you assign the roles for each host because that might help us be more specific with a solution. I assign puppet classes to the hosts using the Foreman web GUI; either specific classes during tests, or by associating the classes to different host groups and then assigning hosts to groups. Thank you very much. Marco -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/a006b9a1-50e7-4b9f-a772-be9c93c157ab%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Puppet Dashboard Radiator view thru iframe
Try http://puppet-dashboard-url.tld/radiator El lunes, 14 de octubre de 2013 20:20:26 UTC+2, Matt Shields escribió: Is it possible to create an iframe in an html page and display the Radiator view in the Puppet Dashboard? For some reason all my other NOC iframe's are displaying with the exception of the Radiator view Matt -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/974b8b41-4af3-4ced-9547-c51c333e2e5d%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] varying files for puppet agents
HI, How to manage files which are not static but dynamic. Different services can have files which needs different values based on their characteristics! Like in ssh configuration file the listening interface should be the IP of the machine (agent), in the same way how can I use hostname for some files ? and if I have keepalived, how will I provide different priority numbers for the two different agent machines with the same file ??? Regards -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/6faa8133-311e-4305-beaf-3b0a1512203c%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] How to install rpm and push file to set of servers
Hi there, I would like to install rpms from Puppet master to puppet clients and also push some files to list of servers, already I do mentioned different classification of servers under manifest of nodes, but I would like to do it for specific list of server only. Please suggest your views and how to do it by following best practice, thanks in advance. Regards, Vivek -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/6a0bb1ba-fff8-432f-8e32-248b7de7a1fd%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: varying files for puppet agents
On Thursday, February 27, 2014 2:43:34 PM UTC+1, AAB !! wrote: How to manage files which are not static but dynamic. Different services can have files which needs different values based on their characteristics! Like in ssh configuration file the listening interface should be the IP of the machine (agent), in the same way how can I use hostname for some files ? You can use facts, which are sort of built-in variables, IP address and hostname among them: http://docs.puppetlabs.com/puppet/latest/reference/lang_variables.html#facts and if I have keepalived, how will I provide different priority numbers for the two different agent machines with the same file ??? I see some keepalived modules in Puppet Forge, maybe you can look at them. Marco -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/cc95c320-89b1-470c-9664-2e5576fd456f%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: ensure user and group created
On Wednesday, February 26, 2014 4:17:05 PM UTC-6, bluethundr wrote: Hey all, I've created a puppet module to control LDAP in my environment. The ldap packages on both the centos and ubuntu hosts seem to require a user and group called 'ldap' (respectively). in my ldap::install class I have the following defined: user { ldap: ensure = present, } group { ldap: ensure = present, } You may be overthinking this. Certainly on CentOS and probably on Ubuntu, the standard OpenLDAP packages take care of ensuring the needed user and group configuration is setup up. It is not entirely superfluous to manage them in Puppet as well if you're worried about them being removed later, but do note that the user and group may have standard UID and GID numbers, respectively, in each distribution, and that assigning them different ones may cause you grief. Also note that these are generally a 'system' user and group, and as such they should take UID and GID numbers in a different (lower) range than than standard users and groups do. Note also that your User declaration is probably underspecified. In addition to declaring it a 'system' user, you should also declare that it must belong to group 'ldap'. I suspect that doing so will resolve your problem, though if *not* doing so causes a problem then that constitutes a minor bug. Feel free to file a ticket. But on each puppet run after the user and group is created the following error occurs: err: /Stage[main]/Ldap::Install/User[ldap]/ensure: change from absent to present failed: Could not create user ldap: Execution of '/usr/sbin/usera dd -M ldap' returned 9: useradd: group ldap exists - if you want to add this user to that group, use -g. Is there any way to achieve being able to create this user and group and avoid the error on each run thereafter? I'm confident that there is. Try adding system = true to both the User and the Group declaration, and adding gid = 'ldap' to the group declaration. Let us know how it works out. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/7786ab6f-aeb7-4e6d-98dd-1e577883421e%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: debugging puppet/hiera-eyaml decryption problems?
Here's a sample value. Apart from the length it looks much like yours. (But your encrypted value appears on a separate line, but possibly word wrap.) testing::cwood::param: ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoIIBejCCAXYCAQAxggEhMIIBHQIBADAFMAACAQAwDQYJKoZIhvcNAQEBBQAEggEARs4upyGGGEl1Q3HJdh1Rov+IkQO07isMqKWBQiEpC0bT0mreeYAvWtkFZLfYJXQDxeE/kKA5yNa+IiqocOE2fKJG0qFy7l1ShnQt7Z0iS2JUML9bjSayWFMkxiJWtCF4MbM258R/uJe4Km4QtC+iQEh3HMMCO6QSKOrBPvCkTQzr0070XavFrv7H4QgilB0eqG4/FVH+UGGuzYiJ5Rf7u2l1pURbmWrMdMUNS8VoBsRQGspyhE7i2YK2cCsdsFzbKbemLvVv1Df6Lw8LUIhLyRxNyNswhR3s8pxOTP/0CfQiA6pH8A97YfkTxwVUv1XHOIXysTz4LRCXepBWnVttSTBMBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBC7hz22XWHaPfVcljFewx4bgCC6jSuzWINAecGO7dw2tGZrBBEGjxhRA922MR9XbarprQ==] In the editor (eyaml edit) that looks like: testing::cwood::param: DEC(1)::PKCS7[value from hiera, encrypted]! (The keys are throwaway, proof of concept keys, available if anybody thinks they'll help.) My eyaml files are all suffixed .eyaml. I tried :extension: 'yaml' but oddly that didn't work for me, the puppet debug log showed the hiera routine looking for .eyaml files. On Wed, Feb 26, 2014 at 06:51:11PM -0800, William Leese wrote: What does the actual yaml containing the encrypted value look like? I've had some trouble simply copy pasting eyaml output into yaml files. I found using something like this works best: mysql::server::root_password: ENC[PKCS7,MxxZIhvcNAQcDoIIBejCCAXYCAQAxggEhMIIBHQIBADAFMAACAQAwDQYJKoZIhvcNAQEBBQAEgsnipsnipsnipsnipsnipsnipIZIAWUDBAEqBBALP97TUumMst8nV3mXwI7TgCBn9mVz/uaSgcJHo9xUuXmK1ynG80J0tqDyblahalbhalabhaOQHQ==] (just incase wordwrap kicks in, that's all on one line). Are your yaml files named *.eyaml? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit [1]https://groups.google.com/d/msgid/puppet-users/a8e752a7-b378-413e-b207-6c9b47aa6012%40googlegroups.com. For more options, visit [2]https://groups.google.com/groups/opt_out. References Visible links 1. https://groups.google.com/d/msgid/puppet-users/a8e752a7-b378-413e-b207-6c9b47aa6012%40googlegroups.com 2. https://groups.google.com/groups/opt_out -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/20140227144402.GA1051%40iniquitous.heresiarch.ca. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Hiera to define an array of packages that should be installed
On Wednesday, February 26, 2014 3:56:52 AM UTC-6, Richard Fussenegger wrote: Right now my init.pp contains the following code block: package { [ 'package-1', 'package-2', '...' ]: ensure = 'present', require = *Exec*['apt_update'], } This works great — no problem there — but I'd love to use a single init.ppfor production and development and control the behavior of everything via my Hiera files. This would also allow me to exchange some packages depending on the operating system without writing modules for simple package installations. I tried a few things and searched for answers; without luck. Maybe you guys have an idea on how to solve this. There is a variety of ways to work the details, but most boil down to this basic paradigm: data: my_module::packages: - 'package-1' - 'package-2' ... class: class my_module { $packages = hiera('my_module::packages') package { $packages: ensure = 'present', require = Exec['apt_update'] } } Notes: - The value associated in Hiera with key 'my_module::packages' is an array. - The value from Hiera is *not* interpolated into a string in the Package declaration (so it stays an array). - You use normal Hiera mechanisms (i.e. your data hierarchy) to assign the correct array of packages to each node. - You may find it useful to use the hiera_array() function (and flatten() the result) instead of the plain hiera() function. Either way gives you an array, but with hiera_array() you can collect package names from every level of your hierarchy instead of only from the highest-priority one that provides any. Note also that if you need different Package parameters for different package names, then you need a different approach. Your example does not exhibit a need for that, but if you should ever discover one then one way to address it would be with the create_resources() function (combined with appropriately-structured data). John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/05919e6c-998d-41c3-a4e7-9de9177e30cf%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Hiera isn't merging hashes
That explains a lot, thanks! On Wednesday, February 26, 2014 10:08:27 PM UTC-5, Charlie Sharpsteen wrote: On Wednesday, February 26, 2014 2:19:23 PM UTC-8, paul@complex.comwrote: I have been doing some experimenting with Puppet + Hiera with some of my hashes, but when it is going through my hierarchy it is returning whatever hash it hits first and skipping the others. For my node 'sandbox1' sandbox.pp: node /^sandbox\d+/ { class { 'php':} notify { 'PHP hash': message = hiera('php::augeas',{}) } $php_settings = hiera('php::augeas',{}) create_resources('php::augeas',$php_settings) } The `hiera` lookup function only returns the first key it finds --- which is the behavior you are observing. For hash merge lookup, you will need to use the `hiera_hash` function in your manifest instead of `hiera`. For full details, see the docs on Hiera lookup functions: http://docs.puppetlabs.com/hiera/1/puppet.html#hiera-lookup-functions Hope this helps! -Charlie -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/5a5d7c53-043f-4ab3-9f92-ee80d9e7ff1b%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: Puppet Dashboard Radiator view thru iframe
Well that's the obvious part .. which I tried from the start. Brett On Thu, Feb 27, 2014 at 5:40 AM, Félix Barbeira fbarbe...@gmail.com wrote: Try http://puppet-dashboard-url.tld/radiator El lunes, 14 de octubre de 2013 20:20:26 UTC+2, Matt Shields escribió: Is it possible to create an iframe in an html page and display the Radiator view in the Puppet Dashboard? For some reason all my other NOC iframe's are displaying with the exception of the Radiator view Matt -- You received this message because you are subscribed to a topic in the Google Groups Puppet Users group. To unsubscribe from this topic, visit https://groups.google.com/d/topic/puppet-users/Jw0-kwZD0WI/unsubscribe. To unsubscribe from this group and all its topics, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/974b8b41-4af3-4ced-9547-c51c333e2e5d%40googlegroups.com . For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CA%2BWrF%2Bj8frY%3D4NMt1%2BdbRX29xfGaW8ps2i7C1dame4y5pX%3DARA%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Condition on class existence on agent
On Thu, Feb 27, 2014 at 03:12:53AM -0800, zerozerouno...@gmail.com wrote: On Thursday, February 27, 2014 8:52:04 AM UTC+1, nikolavp wrote: A specific example I think will be of much help. Some ideas: 1) Is role B just a more specific role A or they aren't so much related. You can use inheritance if they are and change the file/define Yes, B is some sort of more specific A. Not easy to explain because they use custom apps, services, and files (and I don't even fully know how they work), but maybe this example will fit: - role A is web server - role B is secure web server - the same set of resources (packages, users, files, configuration edits...) is applied for both roles, but role A sets some permissions in httpd.conf while role B needs more strict permissions for the same web paths, so they need to use different parameters for the same line in the same file. Maybe inheritance is the way to go? I can put my resource (and related ones) in a separate class with a parameter for the value to be inserted in the conf file, and then create two different classes for roles A and B which inherit the class and override the resource attribute through the parameter. Is that right? With inheritance you get the following: class webA { ... file { '/etc/myapp/config.properties': content = template('my-default-template') } ... } class webB inherits webA { File['/etc/myapp/config.properties'] { # note the capital File and the same resource name as above content = template('my-custom-template'), } } More can be found in http://docs.puppetlabs.com/puppet/latest/reference/lang_classes.html#inheritance look at the Overriding Resource Attributes section. Although I don't like inheritance as you describe it if roleB is a secure web server and roleA is a web server I would go for it. Other ways to do this would be to just propagate the parameter for the change to both role A and role B with default values. What do you mean? Something like class webA ( port = '8080' # this is the default ) { ... } class webB ( port = '8081' # this is the default ) { ... } now at this point if you want to declare them both you just use another definition... class mynewrole { class { 'webA': port = '8081', } class { 'webB': port = '8081', } } sadly this way the augeas or the way you do the change will be fired two times :( I am not sure if understood the idea. I am not saying that you have to create a dependant fact but just to set a fact with the value you want to change. So let's say you want to have a database connection URI. Role A sets it to something by default and Role B sets it to something else. You can specify the wanted connection URI on the host with custom fact. Ok, but how can I create this custom fact on the hosts? I'm provisioning the hosts through Foreman, I need the installation and configuration of the hosts to be automated, based on the classes/roles selected in the Foreman GUI. I do not want to create the custom fact by hand on each host. That's why I was thinking about checking the classes applied to the host, as a way to automatically detect the value to be assigned to the fact. Ok so the fact is not an option ;) N.B. Can you also tell us how do you assign the roles for each host because that might help us be more specific with a solution. I assign puppet classes to the hosts using the Foreman web GUI; either specific classes during tests, or by associating the classes to different host groups and then assigning hosts to groups. Thank you very much. Marco -- Nikola -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/20140227161643.GB23232%40nikolavp-desktop. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: puppet agent on HP unix os
Hi has anyone done any more work on puppet for HP-UX 11.31? Or can someone point me to where I can download the opensource version of puppet agent code so I can try to compile myself? On Friday, December 27, 2013 5:20:09 AM UTC-5, Ankit Mittal wrote: Dear All, Please help me if puppet agent installation is possible on hp unix os or not. If it is possible please tell how to installed it Thanks and Regrads Ankit Mittal -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/d9f7c45a-1239-4b34-a82a-9dcbe7934b0b%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: debugging puppet/hiera-eyaml decryption problems?
Following up to my own post... Without changing my manifest data, I managed to get this to work by changing my rpm packages around, from this, which didn't work: hiera-eyaml 2.0 trollop 2.0 highline 1.6.19 To this, which did: hiera-eyaml 1.3.4 trollop 1.16 highline 1.6.20 This didn't work either: hiera-eyaml 2.0 trollop 2.0 highline 1.6.20 I don't have the ruby or packaging expertise to see why this worked, but now things function similarly with /usr/bin/hiera and inside the puppet master. On Thu, Feb 27, 2014 at 09:44:02AM -0500, Christopher Wood wrote: Here's a sample value. Apart from the length it looks much like yours. (But your encrypted value appears on a separate line, but possibly word wrap.) testing::cwood::param: ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoIIBejCCAXYCAQAxggEhMIIBHQIBADAFMAACAQAwDQYJKoZIhvcNAQEBBQAEggEARs4upyGGGEl1Q3HJdh1Rov+IkQO07isMqKWBQiEpC0bT0mreeYAvWtkFZLfYJXQDxeE/kKA5yNa+IiqocOE2fKJG0qFy7l1ShnQt7Z0iS2JUML9bjSayWFMkxiJWtCF4MbM258R/uJe4Km4QtC+iQEh3HMMCO6QSKOrBPvCkTQzr0070XavFrv7H4QgilB0eqG4/FVH+UGGuzYiJ5Rf7u2l1pURbmWrMdMUNS8VoBsRQGspyhE7i2YK2cCsdsFzbKbemLvVv1Df6Lw8LUIhLyRxNyNswhR3s8pxOTP/0CfQiA6pH8A97YfkTxwVUv1XHOIXysTz4LRCXepBWnVttSTBMBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBC7hz22XWHaPfVcljFewx4bgCC6jSuzWINAecGO7dw2tGZrBBEGjxhRA922MR9XbarprQ==] In the editor (eyaml edit) that looks like: testing::cwood::param: DEC(1)::PKCS7[value from hiera, encrypted]! (The keys are throwaway, proof of concept keys, available if anybody thinks they'll help.) My eyaml files are all suffixed .eyaml. I tried :extension: 'yaml' but oddly that didn't work for me, the puppet debug log showed the hiera routine looking for .eyaml files. On Wed, Feb 26, 2014 at 06:51:11PM -0800, William Leese wrote: What does the actual yaml containing the encrypted value look like? I've had some trouble simply copy pasting eyaml output into yaml files. I found using something like this works best: mysql::server::root_password: ENC[PKCS7,MxxZIhvcNAQcDoIIBejCCAXYCAQAxggEhMIIBHQIBADAFMAACAQAwDQYJKoZIhvcNAQEBBQAEgsnipsnipsnipsnipsnipsnipIZIAWUDBAEqBBALP97TUumMst8nV3mXwI7TgCBn9mVz/uaSgcJHo9xUuXmK1ynG80J0tqDyblahalbhalabhaOQHQ==] (just incase wordwrap kicks in, that's all on one line). Are your yaml files named *.eyaml? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit [1]https://groups.google.com/d/msgid/puppet-users/a8e752a7-b378-413e-b207-6c9b47aa6012%40googlegroups.com. For more options, visit [2]https://groups.google.com/groups/opt_out. References Visible links 1. https://groups.google.com/d/msgid/puppet-users/a8e752a7-b378-413e-b207-6c9b47aa6012%40googlegroups.com 2. https://groups.google.com/groups/opt_out -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/20140227144402.GA1051%40iniquitous.heresiarch.ca. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/20140227175041.GA2880%40iniquitous.heresiarch.ca. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: recovery from foreman
Hi, I uninstalled foreman. why would node.rb be utilized? Regards, On Wednesday, February 26, 2014 3:15:48 PM UTC-8, mjac...@broadsoft.com wrote: I am new to puppet. running puppet 2.7.19 didn't know that you couldn't install foreman and dashboard on the same system/puppet master. I've uninstalled both of them. puppet nodes are complaining about not being able to get their catalogs. puppet.conf has: snippet: [main] # The Puppet var directory. vardir = /var/lib/puppet # The Puppet log directory. # The default value is '$vardir/log'. logdir = /var/log/puppet # Where Puppet PID files are kept. # The default value is '$vardir/run'. rundir = /var/run/puppet # Where SSL certificates are kept. # The default value is '$confdir/ssl'. ssldir = $vardir/ssl # Allow services in the 'puppet' group to access key (Foreman + proxy) privatekeydir = $ssldir/private_keys { group = service } hostprivkey = $privatekeydir/$certname.pem { mode = 640 } # Puppet 3.0.x requires this in both [main] and [master] - harmless on agents autosign = $confdir/autosign.conf { mode = 664 } [master] autosign = $confdir/autosign.conf { mode = 664 } reports= store, http external_nodes = /etc/puppet/node.rb node_terminus = exec ca = true [development] modulepath = /etc/puppet/modules/development:/etc/puppet/modules/common:/usr/share/puppet/modules [production] modulepath = /etc/puppet/modules/production:/etc/puppet/modules/common:/usr/share/puppet/modules /etc/puppet/manifests/site.pp includes: import classes/* import roles/*.pp import nodes/*.pp import users/*.pp ---end snippet- and yes /etc/puppet/manifests/nodes does contain node_$agent(fqdn).pp ls /var/lib/puppet/yaml/facts shows: $agent_hosts.yaml in /var/log/messages, I find the following types of errors: puppet puppet-master[16517]: Could not find node '$agent_hosts(fqdn)'; cannot compile # note: $agent_hosts(fqdn) = a list of hosts that should be managed by puppet. they all look like an fqdn. my question: where would the configuration be to tell where these machines are for compiling catalogs? This email is intended solely for the person or entity to which it is addressed and may contain confidential and/or privileged information. If you are not the intended recipient and have received this email in error, please notify BroadSoft, Inc. immediately by replying to this message, and destroy all copies of this message, along with any attachment, prior to reading, distributing or copying it. -- This email is intended solely for the person or entity to which it is addressed and may contain confidential and/or privileged information. If you are not the intended recipient and have received this email in error, please notify BroadSoft, Inc. immediately by replying to this message, and destroy all copies of this message, along with any attachment, prior to reading, distributing or copying it. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/55378f05-cad2-4acd-9c5f-2b930503fdb8%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: recovery from foreman
Because it is in your puppet.conf : external_nodes = /etc/puppet/node.rb more info about ENC : http://docs.puppetlabs.com/guides/external_nodes.html On 02/27/2014 07:29 PM, mjack...@broadsoft.com wrote: Hi, I uninstalled foreman. why would node.rb be utilized? Regards, On Wednesday, February 26, 2014 3:15:48 PM UTC-8, mjac...@broadsoft.com wrote: I am new to puppet. running puppet 2.7.19 didn't know that you couldn't install foreman and dashboard on the same system/puppet master. I've uninstalled both of them. puppet nodes are complaining about not being able to get their catalogs. puppet.conf has: snippet: [main] # The Puppet var directory. vardir = /var/lib/puppet # The Puppet log directory. # The default value is '$vardir/log'. logdir = /var/log/puppet # Where Puppet PID files are kept. # The default value is '$vardir/run'. rundir = /var/run/puppet # Where SSL certificates are kept. # The default value is '$confdir/ssl'. ssldir = $vardir/ssl # Allow services in the 'puppet' group to access key (Foreman + proxy) privatekeydir = $ssldir/private_keys { group = service } hostprivkey = $privatekeydir/$certname.pem { mode = 640 } # Puppet 3.0.x requires this in both [main] and [master] - harmless on agents autosign = $confdir/autosign.conf { mode = 664 } [master] autosign = $confdir/autosign.conf { mode = 664 } reports= store, http external_nodes = /etc/puppet/node.rb node_terminus = exec ca = true [development] modulepath = /etc/puppet/modules/development:/etc/puppet/modules/common:/usr/share/puppet/modules [production] modulepath = /etc/puppet/modules/production:/etc/puppet/modules/common:/usr/share/puppet/modules /etc/puppet/manifests/site.pp includes: import classes/* import roles/*.pp import nodes/*.pp import users/*.pp ---end snippet- and yes /etc/puppet/manifests/nodes does contain node_$agent(fqdn).pp ls /var/lib/puppet/yaml/facts shows: $agent_hosts.yaml in /var/log/messages, I find the following types of errors: puppet puppet-master[16517]: Could not find node '$agent_hosts(fqdn)'; cannot compile # note: $agent_hosts(fqdn) = a list of hosts that should be managed by puppet. they all look like an fqdn. my question: where would the configuration be to tell where these machines are for compiling catalogs? This email is intended solely for the person or entity to which it is addressed and may contain confidential and/or privileged information. If you are not the intended recipient and have received this email in error, please notify BroadSoft, Inc. immediately by replying to this message, and destroy all copies of this message, along with any attachment, prior to reading, distributing or copying it. This email is intended solely for the person or entity to which it is addressed and may contain confidential and/or privileged information. If you are not the intended recipient and have received this email in error, please notify BroadSoft, Inc. immediately by replying to this message, and destroy all copies of this message, along with any attachment, prior to reading, distributing or copying it. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/55378f05-cad2-4acd-9c5f-2b930503fdb8%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out. -- Johan De Wit Open Source Consultant Red Hat Certified Engineer (805008667232363) Puppet Certified Professional 2013 (PCP006) _ Open-Future Phone +32 (0)2/255 70 70 Zavelstraat 72 Fax +32 (0)2/255 70 71 3071 KORTENBERG Mobile+32 (0)474/42 40 73 BELGIUM http://www.open-future.be _ Next Events: Zabbix Certified Training | http://www.open-future.be/zabbix-certified-training-10-till-12th-march Zabbix for Large Environments Training | http://www.open-future.be/zabbix-large-environments-training-13-till-14th-march Puppet Intruction Course | http://www.open-future.be/puppet-introduction-course-14th-april Puppet Advanced Training | http://www.open-future.be/puppet-advanced-training-15-till-17th-april Subscribe to our newsletter | http://eepurl.com/BUG8H -- You received this message because you are subscribed to the Google
Re: [Puppet Users] Get Fedora 19 client working with CentOS 6.4 master
On Tue, Feb 25, 2014 at 6:26 PM, xbglowx xbgl...@gmail.com wrote: I have a CentOS 6.4 puppet masters that has puppet-server-3.3.1-1.el6.noarch installed. I am trying to get a puppet client fedora19 working, which has puppet-3.3.1-1.fc19.noarch installed. If I run puppet agent: /usr/bin/puppet agent --onetime --no-daemonize --verbose --server=puppet_server --environment=development --tags tags --color=false I get a bunch of incorrect header check like the following during my puppet runs: Error: /File[/var/lib/puppet/lib/puppet/parser/functions/gsub.rb]/ensure: change from absent to file failed: Could not set 'file' on ensure: incorrect header check Error: Could not set 'file' on ensure: incorrect header check Error: Could not set 'file' on ensure: incorrect header check Wrapped exception: incorrect header check Error: /File[/var/lib/puppet/lib/puppet/provider/database_grant/mysql.rb]/ensure: change from absent to file failed: Could not set 'file' on ensure: incorrect header check Error: Could not set 'file' on ensure: incorrect header check Error: Could not set 'file' on ensure: incorrect header check Wrapped exception: incorrect header check Error: /File[/var/lib/puppet/lib/puppet/parser/functions/values_at.rb]/ensure: change from absent to file failed: Could not set 'file' on ensure: incorrect header check Error: Could not set 'file' on ensure: incorrect header check Error: Could not set 'file' on ensure: incorrect header check Wrapped exception: incorrect header check Error: /File[/var/lib/puppet/lib/puppet/parser/functions/getvar.rb]/ensure: change from absent to file failed: Could not set 'file' on ensure: incorrect header check Error: Could not set 'file' on ensure: incorrect header check Error: Could not set 'file' on ensure: incorrect header check The incorrect header check is not coming from puppet, but likely the zlib library when puppet tries to decompress the file during pluginsync. Or perhaps the master is claiming that the file is compressed, when it's actually not, or vice-versa? Do you have `http_compression` set on the agent? Try running with --trace on the agent. Not sure where to go from here. I see the respective files on the puppet master, but not sure what is going on under the cover. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/2a7637d3-ba56-4cb1-af4d-44645ff9516f%40googlegroups.com . For more options, visit https://groups.google.com/groups/opt_out. -- Josh Cooper Developer, Puppet Labs *Join us at PuppetConf 2014, September 23-24 in San Francisco* -* http://bit.ly/pupconf14 http://bit.ly/pupconf14* Register now and save $350! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CA%2Bu97umVASJV-4heek9YF6rdLqrkDvHFwgTfHGndStr_%2B_TAUA%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] vagrant and reusing certs after destroy box
Hi, The situation ; Whenever I bring up a vagrant box, I do a puppet run against my puppet master to configure some common things I need. And I want to avoid the remove/new request and sign cycle after a vagrant destroy. This can be done using following vagrant config : vm_config.vm.provision :puppet_server do |puppet_server| puppet_server.client_cert_path= box_certs/rspecfc20/cert_rspecfc20.koewacht.net.pem puppet_server.client_private_key_path = box_certs/rspecfc20/priv_rspecfc20.koewacht.net.pem puppet_server.puppet_node = rspecfc20.koewacht.net puppet_server.puppet_server = puppet.koewacht.net end but it does not work, I get a Error: Could not request certificate: stack level too deep so, i stumbled against https://projects.puppetlabs.com/issues/21869 This bug seemed to be solved in 3.4.x, but I'm running 3.4.3 But I think, when I want to reuse my certs on my clean vagrant box, CA public key of the server should also be provided with both the generated cert/private key of the node. Even if i stumbled against this bug, which did give the solution of my problem, I think puppetmasters CA public key should always be provided. I added in my fork of the vagrant code this extra config option, and now I my puppet run against my master, reusing my certs works : puppet_server.server_ca_public_key= box_certs/ca.pem But is this the way to do this, or a bug ? Grts Johan -- Johan De Wit Open Source Consultant Red Hat Certified Engineer (805008667232363) Puppet Certified Professional 2013 (PCP006) _ Open-Future Phone +32 (0)2/255 70 70 Zavelstraat 72 Fax +32 (0)2/255 70 71 3071 KORTENBERG Mobile+32 (0)474/42 40 73 BELGIUM http://www.open-future.be _ Next Events: Zabbix Certified Training | http://www.open-future.be/zabbix-certified-training-10-till-12th-march Zabbix for Large Environments Training | http://www.open-future.be/zabbix-large-environments-training-13-till-14th-march Puppet Intruction Course | http://www.open-future.be/puppet-introduction-course-14th-april Puppet Advanced Training | http://www.open-future.be/puppet-advanced-training-15-till-17th-april Subscribe to our newsletter | http://eepurl.com/BUG8H -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/530F9D6F.2090002%40open-future.be. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: recovery from foreman
Yes, it was in my puppet.conf file. That has been removed and now a compile is working. Thanks! On Wednesday, February 26, 2014 3:15:48 PM UTC-8, mjac...@broadsoft.com wrote: I am new to puppet. running puppet 2.7.19 didn't know that you couldn't install foreman and dashboard on the same system/puppet master. I've uninstalled both of them. puppet nodes are complaining about not being able to get their catalogs. puppet.conf has: snippet: [main] # The Puppet var directory. vardir = /var/lib/puppet # The Puppet log directory. # The default value is '$vardir/log'. logdir = /var/log/puppet # Where Puppet PID files are kept. # The default value is '$vardir/run'. rundir = /var/run/puppet # Where SSL certificates are kept. # The default value is '$confdir/ssl'. ssldir = $vardir/ssl # Allow services in the 'puppet' group to access key (Foreman + proxy) privatekeydir = $ssldir/private_keys { group = service } hostprivkey = $privatekeydir/$certname.pem { mode = 640 } # Puppet 3.0.x requires this in both [main] and [master] - harmless on agents autosign = $confdir/autosign.conf { mode = 664 } [master] autosign = $confdir/autosign.conf { mode = 664 } reports= store, http external_nodes = /etc/puppet/node.rb node_terminus = exec ca = true [development] modulepath = /etc/puppet/modules/development:/etc/puppet/modules/common:/usr/share/puppet/modules [production] modulepath = /etc/puppet/modules/production:/etc/puppet/modules/common:/usr/share/puppet/modules /etc/puppet/manifests/site.pp includes: import classes/* import roles/*.pp import nodes/*.pp import users/*.pp ---end snippet- and yes /etc/puppet/manifests/nodes does contain node_$agent(fqdn).pp ls /var/lib/puppet/yaml/facts shows: $agent_hosts.yaml in /var/log/messages, I find the following types of errors: puppet puppet-master[16517]: Could not find node '$agent_hosts(fqdn)'; cannot compile # note: $agent_hosts(fqdn) = a list of hosts that should be managed by puppet. they all look like an fqdn. my question: where would the configuration be to tell where these machines are for compiling catalogs? This email is intended solely for the person or entity to which it is addressed and may contain confidential and/or privileged information. If you are not the intended recipient and have received this email in error, please notify BroadSoft, Inc. immediately by replying to this message, and destroy all copies of this message, along with any attachment, prior to reading, distributing or copying it. -- This email is intended solely for the person or entity to which it is addressed and may contain confidential and/or privileged information. If you are not the intended recipient and have received this email in error, please notify BroadSoft, Inc. immediately by replying to this message, and destroy all copies of this message, along with any attachment, prior to reading, distributing or copying it. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/ec769f0b-b5a4-4321-9760-5bc9ca947a01%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] controlling argument passed to ENC script for AWS
I am trying to use one puppetmaster to support multiple AWS VPCs. In other words, I am trying to have one puppetmaster support multiple independent networks. The problem with this is that it is possible for machines on two different VPCs to have the same hostname/ipaddress. I use an ENC script on the puppetmaster to classify what types of classes to load to an agent machine based on the hostname that is passed to the ENC script. But the hostname isn't enough information because as I mentioned above, two different agents might have the same hostname but live in different VPCs. Is there any way to customize the identifier that is passed from the agent to the enc script on the puppetmaster? Ideally, I would like to pass the vpc-id and the hostname. That would guarantee uniqueness. I looked at the puppet inventory service a bit, but I don't think that would solve my problem either. -- John Pyeatt Singlewire Software, LLC www.singlewire.com -- 608.661.1184 john.pye...@singlewire.com -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAEisTLmNnN7AyfdxgAWvAHrgB3G9O4c_pk1eT%2BPkOh5b7%3Ddv9g%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] controlling argument passed to ENC script for AWS
(inline) On Thu, Feb 27, 2014 at 03:57:21PM -0600, John Pyeatt wrote: I am trying to use one puppetmaster to support multiple AWS VPCs. In other words, I am trying to have one puppetmaster support multiple independent networks. The problem with this is that it is possible for machines on two different VPCs to have the same hostname/ipaddress. If two machines have the same ip address, how does your puppetmaster route to them both? I use an ENC script on the puppetmaster to classify what types of classes to load to an agent machine based on the hostname that is passed to the ENC script. This sounds like you want to use a non-hostname certname, set in the puppet.conf on build. http://docs.puppetlabs.com/references/latest/configuration.html#certname But the hostname isn't enough information because as I mentioned above, two different agents might have the same hostname but live in different VPCs. Is there any way to customize the identifier that is passed from the agent to the enc script on the puppetmaster? Ideally, I would like to pass the vpc-id and the hostname. That would guarantee uniqueness. I looked at the puppet inventory service a bit, but I don't think that would solve my problem either. -- John Pyeatt Singlewire Software, LLC [1]www.singlewire.com -- 608.661.1184 [2]john.pye...@singlewire.com -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit [3]https://groups.google.com/d/msgid/puppet-users/CAEisTLmNnN7AyfdxgAWvAHrgB3G9O4c_pk1eT%2BPkOh5b7%3Ddv9g%40mail.gmail.com. For more options, visit [4]https://groups.google.com/groups/opt_out. References Visible links 1. http://www.singlewire.com/ 2. mailto:john.pye...@singlewire.com 3. https://groups.google.com/d/msgid/puppet-users/CAEisTLmNnN7AyfdxgAWvAHrgB3G9O4c_pk1eT%2BPkOh5b7%3Ddv9g%40mail.gmail.com 4. https://groups.google.com/groups/opt_out -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/20140227224529.GA4547%40iniquitous.heresiarch.ca. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] controlling argument passed to ENC script for AWS
See comments below. On Thu, Feb 27, 2014 at 4:45 PM, Christopher Wood christopher_w...@pobox.com wrote: (inline) On Thu, Feb 27, 2014 at 03:57:21PM -0600, John Pyeatt wrote: I am trying to use one puppetmaster to support multiple AWS VPCs. In other words, I am trying to have one puppetmaster support multiple independent networks. The problem with this is that it is possible for machines on two different VPCs to have the same hostname/ipaddress. If two machines have the same ip address, how does your puppetmaster route to them both? (I thought it was the agent that was initiating the connection, not the puppetmaster, so in that context the ip address of the agent doesn't matter. In the ENC processing it does). I use an ENC script on the puppetmaster to classify what types of classes to load to an agent machine based on the hostname that is passed to the ENC script. This sounds like you want to use a non-hostname certname, set in the puppet.conf on build. http://docs.puppetlabs.com/references/latest/configuration.html#certname (That's different. That's the name of the certificate as it is stored in /etc/puppet/ssl/cert/signed.) What I need to control is the value for the first, and only argument that is passed to the ENC. But the hostname isn't enough information because as I mentioned above, two different agents might have the same hostname but live in different VPCs. Is there any way to customize the identifier that is passed from the agent to the enc script on the puppetmaster? Ideally, I would like to pass the vpc-id and the hostname. That would guarantee uniqueness. I looked at the puppet inventory service a bit, but I don't think that would solve my problem either. -- John Pyeatt Singlewire Software, LLC [1]www.singlewire.com -- 608.661.1184 [2]john.pye...@singlewire.com -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit [3] https://groups.google.com/d/msgid/puppet-users/CAEisTLmNnN7AyfdxgAWvAHrgB3G9O4c_pk1eT%2BPkOh5b7%3Ddv9g%40mail.gmail.com . For more options, visit [4]https://groups.google.com/groups/opt_out. References Visible links 1. http://www.singlewire.com/ 2. mailto:john.pye...@singlewire.com 3. https://groups.google.com/d/msgid/puppet-users/CAEisTLmNnN7AyfdxgAWvAHrgB3G9O4c_pk1eT%2BPkOh5b7%3Ddv9g%40mail.gmail.com 4. https://groups.google.com/groups/opt_out -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/20140227224529.GA4547%40iniquitous.heresiarch.ca . For more options, visit https://groups.google.com/groups/opt_out. -- John Pyeatt Singlewire Software, LLC www.singlewire.com -- 608.661.1184 john.pye...@singlewire.com -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAEisTLmTEoO-wtSQpkQND20Dw%3DtksedaZZyCngte-d8hr%3DQSZw%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: recovery from foreman
Hi Again, Out of curiosity ... How does PuppetEnterprise interface w/ VMware/Vsphere to set the host name in Linux? On Wednesday, February 26, 2014 3:15:48 PM UTC-8, mjac...@broadsoft.com wrote: I am new to puppet. running puppet 2.7.19 didn't know that you couldn't install foreman and dashboard on the same system/puppet master. I've uninstalled both of them. puppet nodes are complaining about not being able to get their catalogs. puppet.conf has: snippet: [main] # The Puppet var directory. vardir = /var/lib/puppet # The Puppet log directory. # The default value is '$vardir/log'. logdir = /var/log/puppet # Where Puppet PID files are kept. # The default value is '$vardir/run'. rundir = /var/run/puppet # Where SSL certificates are kept. # The default value is '$confdir/ssl'. ssldir = $vardir/ssl # Allow services in the 'puppet' group to access key (Foreman + proxy) privatekeydir = $ssldir/private_keys { group = service } hostprivkey = $privatekeydir/$certname.pem { mode = 640 } # Puppet 3.0.x requires this in both [main] and [master] - harmless on agents autosign = $confdir/autosign.conf { mode = 664 } [master] autosign = $confdir/autosign.conf { mode = 664 } reports= store, http external_nodes = /etc/puppet/node.rb node_terminus = exec ca = true [development] modulepath = /etc/puppet/modules/development:/etc/puppet/modules/common:/usr/share/puppet/modules [production] modulepath = /etc/puppet/modules/production:/etc/puppet/modules/common:/usr/share/puppet/modules /etc/puppet/manifests/site.pp includes: import classes/* import roles/*.pp import nodes/*.pp import users/*.pp ---end snippet- and yes /etc/puppet/manifests/nodes does contain node_$agent(fqdn).pp ls /var/lib/puppet/yaml/facts shows: $agent_hosts.yaml in /var/log/messages, I find the following types of errors: puppet puppet-master[16517]: Could not find node '$agent_hosts(fqdn)'; cannot compile # note: $agent_hosts(fqdn) = a list of hosts that should be managed by puppet. they all look like an fqdn. my question: where would the configuration be to tell where these machines are for compiling catalogs? This email is intended solely for the person or entity to which it is addressed and may contain confidential and/or privileged information. If you are not the intended recipient and have received this email in error, please notify BroadSoft, Inc. immediately by replying to this message, and destroy all copies of this message, along with any attachment, prior to reading, distributing or copying it. -- This email is intended solely for the person or entity to which it is addressed and may contain confidential and/or privileged information. If you are not the intended recipient and have received this email in error, please notify BroadSoft, Inc. immediately by replying to this message, and destroy all copies of this message, along with any attachment, prior to reading, distributing or copying it. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/9d358c48-cf1a-40e0-afa4-96807d03ac9e%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] controlling argument passed to ENC script for AWS
On Fri, Feb 28, 2014 at 8:57 AM, John Pyeatt john.pye...@singlewire.com wrote: I am trying to use one puppetmaster to support multiple AWS VPCs. In other words, I am trying to have one puppetmaster support multiple independent networks. The problem with this is that it is possible for machines on two different VPCs to have the same hostname/ipaddress. I use an ENC script on the puppetmaster to classify what types of classes to load to an agent machine based on the hostname that is passed to the ENC script. But the hostname isn't enough information because as I mentioned above, two different agents might have the same hostname but live in different VPCs. Is there any way to customize the identifier that is passed from the agent to the enc script on the puppetmaster? Ideally, I would like to pass the vpc-id and the hostname. That would guarantee uniqueness. I looked at the puppet inventory service a bit, but I don't think that would solve my problem either. John, Have you had a look at using the Amazon AMI metadata? Set a customer tag for the VPC env and use it with Puppet. This is what I've used to solve a similar issue. http://stackoverflow.com/a/19785580 Regards, Patrick Kelso -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CANf9H4YLNVvJ0iDVKVSMojPpUQGQ5cJoFXq87%3DJ%3DP3JnrvFNgQ%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.