I was just about to move my first Puppet-built box into production, and
I'm getting a terribly troublesome error. I'm using an external node
classifier and am not using storedconfigs.
We have a more-or-less generic httpd config for all of our boxen -
except this one. I'm generating httpd.conf from a template, so in the
template I have something like:
<% if scope.compiler.classlist.include?("edu_rutgers_css_resnet") then -%>
# PUPPET: set due to presence of class 'edu_rutgers_css_resnet'
ServerAdmin f...@bar.com
# END PUPPET
<% else %>
# PUPPET: default value
ServerAdmin r...@localhost
# END PUPPET
<% end -%>
I also generate /etc/sysconfig/iptables from a template, which includes:
<% if scope.compiler.classlist.include?("httpd") then -%>
# accept port 80, added by Puppet template with "httpd" class
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j
ACCEPT
<% else -%>
# puppet doesn't see the class 'httpd' defined, NOT opening port 80...
<% end -%>
It seems that Puppet is "missing" the httpd class. When Puppet runs
every half hour, flaps between the if and else values for these two
statements, causing it to replace the config files and restart the
associated services. I originally thought that this was happening at
exactly each cycle, but it seems somewhat intermittent:
Jul 28 02:19:56 resnet2 puppetd[24046]:
(//iptables/File[/etc/sysconfig/iptables]/content) content changed
'{md5}654732a5f76e975e1fef1907ce6c5b46' to
'{md5}fffc88c34693d4ee67a22c4190d1e608'
Jul 28 02:19:57 resnet2 puppetd[24046]: (//iptables/Service[iptables])
Triggering 'refresh' from 2 dependencies
Jul 28 04:20:20 resnet2 puppetd[24046]:
(//iptables/File[/etc/sysconfig/iptables]/content) content changed
'{md5}fffc88c34693d4ee67a22c4190d1e608' to
'{md5}654732a5f76e975e1fef1907ce6c5b46'
Jul 28 04:20:20 resnet2 puppetd[24046]: (//iptables/Service[iptables])
Triggering 'refresh' from 2 dependencies
Jul 28 06:50:44 resnet2 puppetd[24046]:
(//iptables/File[/etc/sysconfig/iptables]/content) content changed
'{md5}654732a5f76e975e1fef1907ce6c5b46' to
'{md5}fffc88c34693d4ee67a22c4190d1e608'
Jul 28 06:50:44 resnet2 puppetd[24046]: (//iptables/Service[iptables])
Triggering 'refresh' from 2 dependencies
Jul 28 07:50:56 resnet2 puppetd[24046]:
(//iptables/File[/etc/sysconfig/iptables]/content) content changed
'{md5}fffc88c34693d4ee67a22c4190d1e608' to
'{md5}654732a5f76e975e1fef1907ce6c5b46'
Jul 28 07:50:56 resnet2 puppetd[24046]: (//iptables/Service[iptables])
Triggering 'refresh' from 2 dependencies
Jul 28 04:20:18 resnet2 puppetd[24046]:
(//httpd/File[/etc/httpd/conf/httpd.conf]/content) content changed
'{md5}e20ffe121bc385871c43c1c8d4c83376' to
'{md5}d42e551de04a44d8e9121de93795ad33'
Jul 28 04:20:19 resnet2 puppetd[24046]: (//httpd/Service[httpd])
Triggering 'refresh' from 1 dependencies
Jul 28 06:20:39 resnet2 puppetd[24046]:
(//httpd/File[/etc/httpd/conf/httpd.conf]/content) content changed
'{md5}d42e551de04a44d8e9121de93795ad33' to
'{md5}e20ffe121bc385871c43c1c8d4c83376'
Jul 28 06:20:40 resnet2 puppetd[24046]: (//httpd/Service[httpd])
Triggering 'refresh' from 1 dependencies
Jul 28 06:50:45 resnet2 puppetd[24046]:
(//httpd/File[/etc/httpd/conf/httpd.conf]/content) content changed
'{md5}e20ffe121bc385871c43c1c8d4c83376' to
'{md5}d42e551de04a44d8e9121de93795ad33'
Jul 28 06:50:46 resnet2 puppetd[24046]: (//httpd/Service[httpd])
Triggering 'refresh' from 1 dependencies
Jul 28 07:50:58 resnet2 puppetd[24046]:
(//httpd/File[/etc/httpd/conf/httpd.conf]/content) content changed
'{md5}d42e551de04a44d8e9121de93795ad33' to
'{md5}e20ffe121bc385871c43c1c8d4c83376'
Jul 28 07:50:58 resnet2 puppetd[24046]: (//httpd/Service[httpd])
Triggering 'refresh' from 1 dependencies
Any ideas on why this is happening? I've been running Puppet on a
non-critical network for a month now, with storedconfigs, and no major
problems. It seemed time to move it over to the production boxes (as the
new ones are built) but this seems like a serious issue...
Thanks for any advice,
Jason
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---
