Re: [Puppet Users] Puppet Open Source with own Certificates
Hi! After a few hours of trial and error my problem is solved. Here is the Solution: /etc/apache2/sites-enabled/02-foreman.conf: SSLEngine on SSLCertificateFile #Here you have to use SSLCertificateKeyFile #your own signed certificate + key /etc/puppet/foreman.yaml: ... :ssl_ca: # Here you have to use the cert of your CA (which created your Certificate for your Webserver) ... The other certificates are self-signed certs from puppet. So my Browser-SSL-Failure is fixed and the nodes (puppet agents) get the certs signed from puppetmaster. Thank You! Hoize -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/e7b84bf1-b5ba-4b70-a071-a030e054d933%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] how to install multiple packages from the list
On 3/13/15 10:45 AM, Alex Miroshnik wrote: Hi Guys, I need to install multiple packages on the Ubuntu 14.0.4 using puppet. All packages are listed in the file (about 100 packages) one package name on the row. Is this possible? If it is possible, could you please give me a hint how to do this. I know I can specify the array of the packages: $pkg_list = [ pkg1, pkg2, pkg3 ] package { $pkg_list: ensure = installed } but this is not my case as I have quite a few packages in the list. Thank you in advance! Hi Alex, You could do this with my types module[1]. You would list all of the packages in Hiera and then simply 'include types' on your node and all of the packages you have listed would be installed. Here's a quick shell script to format your list of packages into YAML[2]. [1] - https://github.com/ghoneycutt/puppet-module-types#package [2] - https://gist.github.com/ghoneycutt/03102b7f95f09bf45af9 Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/55097B05.8090704%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Re: hiera and variable hash array
The ruby call you're looking for is each_pair used like this: % scope.lookupvar('hash').each_pair do |key,value| -% %= key % = %= value % % end -% On Sunday, March 15, 2015 at 9:16:08 PM UTC+11, Luca Gervasi wrote: Hello, i'm trying to achieve aconfiguration where i can applt a non predetermined list of hashes. Specifically, i'm willing to add to php.ini (or fpm...) specific flags. This is my hiera data: fpm::pools::web::adminvalues: - error_log: /var/log/fpm/$pool/php.log - memory_limit: 32M fpm::pools::web::adminflags: - display_errors: off - log_errors: on fpm::pools::web::adminvalues and fpm::pools::web::adminflags's hashes is variable, so I have 2 entries in this example, but i should be able to iterate and apply whichever settings is configured. (this means that i cannot refer to them like $adminvalues['error_log']). This is a snippet of the ruby code I used to extract the codes (which is ineffective): [this is a local manifest variable, $name is web (so the hiera lookup is not the problem here)] $pooladminflags = hiera_array(fpm::pools::${name}::adminflags, ) $pooladminvals = hiera_array(fpm::pools::${name}::adminvalues, ) [this is in the template i use] % scope.lookupvar('pooladminflags').each do |key| -% php_admin_flag[%=key[0]%] = %=key[1]% % end-% Needless to say, it is empty. What am I missing? Thanks a lot. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/74295ad9-49c1-40cb-9d3a-29907e0976d4%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Re: how to install multiple packages from the list
I would consider using something like hiera and loading the packages from a YAML file. It is trivial to convert your existing file to YAML. On Friday, March 13, 2015 at 10:15:07 PM UTC+11, Alex Miroshnik wrote: Hi Guys, I need to install multiple packages on the Ubuntu 14.0.4 using puppet. All packages are listed in the file (about 100 packages) one package name on the row. Is this possible? If it is possible, could you please give me a hint how to do this. I know I can specify the array of the packages: $pkg_list = [ pkg1, pkg2, pkg3 ] package { $pkg_list: ensure = installed } but this is not my case as I have quite a few packages in the list. Thank you in advance! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/819a599f-9543-4524-aee9-195651780e38%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Re: Facts which depend on (not-yet-installed) packages
On Tuesday, March 17, 2015 at 10:46:05 PM UTC-5, Alex Harvey wrote: Can't you avoid this problem altogether by determining the PHP version in your custom provider code? Then you wouldn't need a custom fact at all, and in your manifest, have the custom type require the PHP package. Great insight! I didn't think to question whether the fact was required at all. If indeed it is used to determine *how* to apply the resource in question, as opposed to determining *what* to apply, then having the provider perform the version check is definitely the way to go. If it's in a gray area between how and what, then choosing the how side with a possibility to override via resource parameter is probably best. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/2f29eb22-edee-4300-bcfa-81d100c26f6d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Re: Facts which depend on (not-yet-installed) packages
Have a look at how the build in RPM provider works, for instance: https://github.com/puppetlabs/puppet/blob/master/lib/puppet/provider/package/rpm.rb#L37 On Wednesday, March 18, 2015 at 2:46:05 PM UTC+11, Alex Harvey wrote: Can't you avoid this problem altogether by determining the PHP version in your custom provider code? Then you wouldn't need a custom fact at all, and in your manifest, have the custom type require the PHP package. On Monday, March 16, 2015 at 6:04:53 AM UTC+11, Jan S. wrote: Hello, I have the following use case: For a custom class/type I need to know which php_version is installed on the machine. So I wrote a custom fact like this: Facter.add('php_version') do setcode do Facter::Util::Resolution.exec('/usr/bin/php -i | /bin/egrep -e ^PHP Version | /usr/bin/head -n 1 | /usr/bin/cut -d -f 4 | /usr/bin/cut -d - -f 1') end end It works great. Except: When php is not yet installed (there is a Package['php'] definition, too). Then it will return an empty string. Thus I have to run puppet two times to get the expected result. I am sure that this is expected behavior of puppet. How do I handle such case? Regards Jan -- http://dracoblue.net -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/814e2160-849a-455f-8af2-b372d24938e1%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Re: Question about directory environment setting.
hi Alex, thanks for getting it works. But, what is the reasons having environment.conf? Under which type of circumstance that we need this configuration file? Thanks Again! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/fc2d5099-016b-4409-be0d-74370355d6e4%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Hiera testing
Hi all. I am testing hiera in our enviroment and I wonder if I can manage everything from hiera without using the main site.pp. Do you think is the right way? or I should use site.pp as well? Here is what I am testing and so far so good. - hiera.yaml --- :backends: - yaml :hierarchy: - environments/%{::environment} - nodes/%{::fqdn} - common :yaml: :datadir: /etc/puppet/hieradata/ - hiera.yaml - common.yaml --- classes: - ntp - resolver - yum - motd ntp::restrict: ntp::autoupdate: false ntp::service_enable: true ntp::service_ensure: running ntp::servers: - 10.4.123.3 - 10.4.123.4 - 10.5.123.3 - 10.5.123.4 resolver::search: - xxx.xxx.com resolver::dns_servers: - 10.4.17.18 - 10.4.17.20 - 10.5.17.18 - 10.5.17.20 yum::source_repo_dir: 'puppet:///REPO_FILES/' yum::clean_repos: true motd::content: '# TEST #' - common.yaml -- Alfredo -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAAWpFTG%2BvfgGPK5VxQevcr9V_NUOG90kRvk-RZUmoAHJQmp%2BRw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Getting the facter value of $mount from $partitions.
hi all, I am wondering if I would like to retrieve the mount points values from the facter. From the facter -p, I can see that I do have the information. e.g. partitions = { sda1={ mount=/boot, uuid=4e5014d1-080a-4182-aa89-bc83159b85fb, filesystem=ext4, size=614400}, sda2={ mount=/, uuid=edbab169-7983-4e38-9c71-24f0f88cccaa, filesystem=ext4, size=18257920}, sda3={ uuid=b9674244-6686-49b0-b778-91052d78767f, filesystem=swap, size=2097152} } And $mount is the one that I am looking for. Question: how can i loop through the $partitions data structure and harvest $mount and detect if there is a mount point call /data. thanks! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/6fcab309-c77f-4f3c-935b-e8bb82a5b292%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Re: Question about directory environment setting.
On Thursday, March 19, 2015 at 11:50:08 AM UTC+11, Hiu wrote: hi Alex, thanks for getting it works. But, what is the reasons having environment.conf? Under which type of circumstance that we need this configuration file? Thanks Again! As you can see from the documentation, environments may contain an environment.conf, which allows you to override any or all of these four config file settings: http://docs.puppetlabs.com/puppet/latest/reference/config_file_environment.html#allowed-settings If you don't already have a requirement to use this feature, you can presumably just not use the environment.conf file, and configure your directory environment by following this: http://docs.puppetlabs.com/puppet/latest/reference/environments_configuring.html I have only ever used the legacy config file environments, and I don't know what motivated the change to directory environments. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/27439c5d-a727-4efc-95fa-ed77aa5bad61%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Questions about PE
Thanks for the answers. I'll be having my support team build me another VM to evaluate PE on. Wish we had gone this way six months ago. On Tue, Mar 17, 2015 at 10:00 PM Rilindo Foster rili...@gmail.com wrote: 1) Does it work with Foreman? Yes, though if you are not using Foreman for anything other than Reporting and ENC, Puppet's console is pretty capable as a replacement. 2) Can it be installed from an internal RPM repository? Yes. There is a Foreman repo you'll need to sync for the base packages. In addition, you need the following repositories available for Foreman to resolve its dependencies: - EPEL - Red Hat SCL - Red Hat Optional channel/packages (I don't recall the exact name). 3) If it doesn't work with Foreman is there an equivalent ENC and front end for PE? Like I said, the Puppet console is pretty capable. I would suggest downloading an evaluation copy from PuppetLabs and get it deployed in your dev envionment (or even in your personal VM). They made it very easy to get it up and running. - Rilindo On 03/17/2015 11:49 AM, Peter Berghold wrote: HI folks, Six months into my project to bring Foreman/Puppet into my work environment someone has asked the question Hey! Can we get a licensed version of this with support? My answer, sure... where's the funding? That aside I have some questions about Puppet Enterprise: 1) Does it work with Foreman? 2) Can it be installed from an internal RPM repository? The platform this will happen on is RHEL 6 (possibly 7 in the future). 3) If it doesn't work with Foreman is there an equivalent ENC and front end for PE? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAArvnv1G6OKzvgcr%2BZtJL6WreMyYsDqvTSKWmv%3DCBt4iK01E%2Bw%40mail.gmail.com https://groups.google.com/d/msgid/puppet-users/CAArvnv1G6OKzvgcr%2BZtJL6WreMyYsDqvTSKWmv%3DCBt4iK01E%2Bw%40mail.gmail.com?utm_medium=emailutm_source=footer . For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/5508DC14.9030809%40gmail.com https://groups.google.com/d/msgid/puppet-users/5508DC14.9030809%40gmail.com?utm_medium=emailutm_source=footer . For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAArvnv20V_FW_B6yvG3EWAgP24DrgFbkRpUP25QOTpGXJhGw_A%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Re: hiera - multiple backends - failure to lookup value in only one backend.
and to add one more thing - I do see some values coming out of the second backend - out of the role level.. but not everything. I don't know how this could be getting some but not all.. Maybe I have my wires crossed on something, but I think everything is in place... On Wednesday, 18 March 2015 15:40:38 UTC-6, Brett Swift wrote: I've found the time to deliver a multiple hiera backend for our ops guys, and I'm seeing some weird behaviour. With a single backend, it works great - add host level configs in the host hierarchy, and common stuff in what we had a 'role' hierarchy. I have since split the backends, so there is one .git repo (we call it hostdata) holding the 'hosts' tier, and the main hieradata repo holding other tiers. (For us this made sense as our Ops guys almost never modify anything other than at the host level). *The Problem: *What I'm seeing, is sometimes hiera doesn't find what it should be finding, and I am trying to figure out some odd behaviour. I'll try to demonstrate this below: I use eyaml without a key, in order to get two yaml backends. Hacky, but it should work... --- :backends: - eyaml - yaml :hierarchy: - host/%{::hostname_lower} - cluster/%{::cluster}/%{role} - roles/%{role} - project/%{::project} - subnet/%{::subnet} - common - users :yaml: :datadir: /etc/puppetlabs/puppet/environments/%{::environment}/hieradata :eyaml: :datadir: /etc/puppetlabs/puppet/hostdata/master :extension: yaml hostdata as it's host specific doesn't use environments. It's just a single branch. You'll see the folders here: [bswift@devcorepptl900 puppet]$ ls -gG /etc/puppetlabs/puppet/environments/the900/hieradata drwxrwxr-x 4 4096 Mar 17 10:14 cluster -rw-rw-r-- 1 3286 Mar 18 07:31 common.yaml drwxrwxr-x 2 4096 Mar 17 10:14 project drwxrwxr-x 2 4096 Mar 18 07:31 roles drwxrwxr-x 2 4096 Mar 17 10:14 subnet -rw-rw-r-- 1 5238 Mar 17 10:14 users.yaml [bswift@devcorepptl900 puppet]$ ls -gG /etc/puppetlabs/puppet/hostdata/master drwxrwxr-x 2 12288 Mar 18 07:30 host puppet.conf snippet: environment = the900 The strange behaviour I've been noticing is that if a param is set in hiera in the first backend, it finds it. If it's in the second one, it doesn't... but only sometimes. One param it won't find if it's in the second backend. But if I put it in the host level backend it finds it..but then this causes other params to fail their lookups. I see this by running puppet master --compile and looking at the hiera lookups, as well by notify's in my module manifests. Specifically my module has a `puppet::puppet_type` which is master or agent. my environment is set to 'the900' and hiera.yaml eyaml datadir is directed to hostdata/the900 as well. (not master for this one - off test). [bswift@devcorepptl900 puppet]$ cat environments/the900/hieradata/roles/puppetmaster.yaml puppet::puppet_type: master puppet::puppet_type doesn't resolve. but if I move puppet::puppet_type: to hostdata, the other backend.. in the appropriate host file.. it does resolve. What is going on here? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/a5b11bfc-74b1-4d50-bde7-01955fffbaa3%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] testing and roles/profiles
Hi all, Looking for some best practice, guideline, documentation puppet testing in all its aspect, sometimes I try to figure out the following : How does one tests roles and profiles ? Do we still write rspec-puppet for profiles ? Since we are using modules that have there own unit (rspec) testing, at first sight, this looks like overhead. what about the profiles we make using other profiles ? Do we unit-test our 'base' profiles only ? Or does one only do integration testing (aka beaker ...) for the roles/nodes level only, and doing no (unit ?) testing on the profiles ? I hope to just trigger a discussion on this topic that will bring me one step closer to my own Test Driven Infrastructure. Grts Johan -- Johan De Wit Open Source Consultant Red Hat Certified Engineer (805008667232363) Puppet Certified Professional 2013/2014 (PCP006) Puppet Certified Intstructor blog : http://johan.koewacht.net/ _ Open-Future Phone +32 (0)2/255 70 70 Zavelstraat 72 Fax +32 (0)2/255 70 71 3071 KORTENBERG Mobile+32 (0)474/42 40 73 BELGIUM http://www.open-future.be _ Next Events: Puppet Fundamentals | http://www.open-future.be/puppet-fundamentals-training-16th-till-18th-march Puppet Architect | http://www.open-future.be/puppet-architect-training-19th-till-20th-march Puppet Practitioner | http://www.open-future.be/puppet-practitioner-training-14th-till-16th-april Linux Training | http://www.open-future.be/linux-training-20th-till-24th-april Bacula Administrator 1 | http://www.open-future.be/bacula-administrator-i-training-28th-till-30th-april Zabbix Certified Specialist | http://www.open-future.be/zabbix-certified-specialist-training-4th-till-6th-may Zabbix Certified Professional | http://www.open-future.be/zabbix-certified-professional-training-7th-till-8th-may Subscribe to our newsletter | http://eepurl.com/BUG8H -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/5509E803.9050002%40open-future.be. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] hiera - multiple backends - failure to lookup value in only one backend.
I've found the time to deliver a multiple hiera backend for our ops guys, and I'm seeing some weird behaviour. With a single backend, it works great - add host level configs in the host hierarchy, and common stuff in what we had a 'role' hierarchy. I have since split the backends, so there is one .git repo (we call it hostdata) holding the 'hosts' tier, and the main hieradata repo holding other tiers. (For us this made sense as our Ops guys almost never modify anything other than at the host level). *The Problem: *What I'm seeing, is sometimes hiera doesn't find what it should be finding, and I am trying to figure out some odd behaviour. I'll try to demonstrate this below: I use eyaml without a key, in order to get two yaml backends. Hacky, but it should work... --- :backends: - eyaml - yaml :hierarchy: - host/%{::hostname_lower} - cluster/%{::cluster}/%{role} - roles/%{role} - project/%{::project} - subnet/%{::subnet} - common - users :yaml: :datadir: /etc/puppetlabs/puppet/environments/%{::environment}/hieradata :eyaml: :datadir: /etc/puppetlabs/puppet/hostdata/master :extension: yaml hostdata as it's host specific doesn't use environments. It's just a single branch. You'll see the folders here: [bswift@devcorepptl900 puppet]$ ls -gG /etc/puppetlabs/puppet/environments/the900/hieradata drwxrwxr-x 4 4096 Mar 17 10:14 cluster -rw-rw-r-- 1 3286 Mar 18 07:31 common.yaml drwxrwxr-x 2 4096 Mar 17 10:14 project drwxrwxr-x 2 4096 Mar 18 07:31 roles drwxrwxr-x 2 4096 Mar 17 10:14 subnet -rw-rw-r-- 1 5238 Mar 17 10:14 users.yaml [bswift@devcorepptl900 puppet]$ ls -gG /etc/puppetlabs/puppet/hostdata/master drwxrwxr-x 2 12288 Mar 18 07:30 host puppet.conf snippet: environment = the900 The strange behaviour I've been noticing is that if a param is set in hiera in the first backend, it finds it. If it's in the second one, it doesn't... but only sometimes. One param it won't find if it's in the second backend. But if I put it in the host level backend it finds it..but then this causes other params to fail their lookups. I see this by running puppet master --compile and looking at the hiera lookups, as well by notify's in my module manifests. Specifically my module has a `puppet::puppet_type` which is master or agent. my environment is set to 'the900' and hiera.yaml eyaml datadir is directed to hostdata/the900 as well. (not master for this one - off test). [bswift@devcorepptl900 puppet]$ cat environments/the900/hieradata/roles/puppetmaster.yaml puppet::puppet_type: master puppet::puppet_type doesn't resolve. but if I move puppet::puppet_type: to hostdata, the other backend.. in the appropriate host file.. it does resolve. What is going on here? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/1baf69b5-b296-4cfb-bb40-42f1f62d1798%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.