Re: [Puppet Users] Foreman 1.19 > Puppet (5.5.6) > Centos 7: "certificate has expired for /CN=Puppet CA".
Also, the "puppetserver ca list" returns errors. Excerpt: /opt/puppetlabs/puppet/lib/ruby/2.4.0/net/protocol.rb:44:in `connect_nonblock': SSL_connect returned=1 errno=0 state=error: certificate verify failed (OpenSSL::SSL::SSLError) from /opt/puppetlabs/puppet/lib/ruby/2.4.0/net/protocol.rb:44:in `ssl_socket_connect' from /opt/puppetlabs/puppet/lib/ruby/2.4.0/net/http.rb:948:in `connect' from /opt/puppetlabs/puppet/lib/ruby/2.4.0/net/http.rb:887:in `do_start' from /opt/puppetlabs/puppet/lib/ruby/2.4.0/net/http.rb:876:in `start' from /opt/puppetlabs/puppet/lib/ruby/2.4.0/net/http.rb:608:in `start' On Thu, Sep 29, 2022 at 7:05 PM JB SysAdmin wrote: > Thanks so much for answering! I certainly restarted puppet and puppetdb > services (using systemctl). Restarted the node, as well. The issue is that > something is still missing/conflicting on the master. Running puppet agent > on the master itself fails. Indeed, today, as this was linked with Foreman > 1.19, I re-traced using this reference: > https://alexshepherd.me/posts/changing-foremans-ssl-certificate/ > > * "server_ssl_cert" > (/etc/foreman-installer/scenarios.d/foreman-answers.yaml) does already > match SSLCertificateFile (/etc/httpd/conf.d/05-foreman-ssl.conf) > * "server_ssl_chain" from above is one of the files generated from the > recent puppet action (puppetserver ca generate --config) It does match > "SSLCertificateChainFile" on the latter SSL conf. > * "server_ssl_key" > (/etc/foreman-installer/scenarios.d/foreman-answers.yaml) already matches > SSLCertificateKeyFile (/etc/httpd/conf.d/05-foreman-ssl.conf) > * "puppet_ssl_ca" /etc/puppetlabs/puppet/ssl/certs/ca.pem; that matches > "server_ssl_chain" /etc/puppetlabs/puppet/ssl/certs/ca.pem > But it does NOT match "server_ssl_chain_filepath" > (/etc/puppetlabs/puppet/ssl/ca/ca_crt.pem) I don't know if that matters; It > is present in the foreman-answers.yaml. > > There are newly generated items in all those places, but I can't figure > out what remains broken... > > On Wednesday, September 28, 2022 at 8:03:52 PM UTC-4 daf...@gmail.com > wrote: > >> On 28.09.22 23:52, JB SysAdmin wrote: >> > I followed a combination of what I saw: >> > >> > On puppet master: >> > >> > rm -rf /etc/puppetlabs/puppetdb/ssl >> > puppetserver ca generate --config /etc/puppetlabs/puppet/puppet.conf >> > puppet master --no-daemonize --verbose >> > puppet resource service puppetserver ensure=running >> > puppet resource service puppet ensure=running >> >> From your descriptions it doesn't look like you actually restarted >> Puppetserver after regenerating the CA, so maybe try that first: >> "systemctl restart puppetserver" (as root). >> >> > /opt/puppetlabs/server/apps/puppetdb/bin/puppetdb ssl-setup -f >> > puppet resource service puppetdb ensure=running >> >> Similarly restart PuppetDB, "systemctl restart puppetdb". >> >> The "puppet resource ... ensure=running" commands don't restart any >> service. They would just start a service if it wasn't running. >> >> > But on the master itself, and certainly a separate client/agent, there >> > are any number or errors. >> >> Not sure if you did that already, but when regenerating the CA, as you >> have done, you'll need to issue new certificates to all Puppet agent >> nodes. >> >> On a Puppet agent node: >> >> rm -rf /etc/puppetlabs/puppet/ssl >> puppet agent -t --waitforcert 30 >> >> On the Puppetmaster (= Puppet CA server): >> >> puppetserver ca list >> puppetserver ca sign --certname >> >> Do that for all Puppet agent nodes. >> >> HTH, >> >> Andreas >> > -- > You received this message because you are subscribed to a topic in the > Google Groups "Puppet Users" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/puppet-users/LNbSFcwUq3g/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > puppet-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/e00f30b4-bb97-42df-ada6-f852361e303dn%40googlegroups.com > <https://groups.google.com/d/msgid/puppet-users/e00f30b4-bb97-42df-ada6-f852361e303dn%40googlegroups.com?utm_medium=email_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAPKpH7QmENmevuvz9Zg%3Dh%3Di34r_dGv3iSJ9ofQX0rhNaM8FmMA%40mail.gmail.com.
Re: [Puppet Users] Foreman 1.19 > Puppet (5.5.6) > Centos 7: "certificate has expired for /CN=Puppet CA".
Thanks so much for answering! I certainly restarted puppet and puppetdb services (using systemctl). Restarted the node, as well. The issue is that something is still missing/conflicting on the master. Running puppet agent on the master itself fails. Indeed, today, as this was linked with Foreman 1.19, I re-traced using this reference: https://alexshepherd.me/posts/changing-foremans-ssl-certificate/ * "server_ssl_cert" (/etc/foreman-installer/scenarios.d/foreman-answers.yaml) does already match SSLCertificateFile (/etc/httpd/conf.d/05-foreman-ssl.conf) * "server_ssl_chain" from above is one of the files generated from the recent puppet action (puppetserver ca generate --config) It does match "SSLCertificateChainFile" on the latter SSL conf. * "server_ssl_key" (/etc/foreman-installer/scenarios.d/foreman-answers.yaml) already matches SSLCertificateKeyFile (/etc/httpd/conf.d/05-foreman-ssl.conf) * "puppet_ssl_ca" /etc/puppetlabs/puppet/ssl/certs/ca.pem; that matches "server_ssl_chain" /etc/puppetlabs/puppet/ssl/certs/ca.pem But it does NOT match "server_ssl_chain_filepath" (/etc/puppetlabs/puppet/ssl/ca/ca_crt.pem) I don't know if that matters; It is present in the foreman-answers.yaml. There are newly generated items in all those places, but I can't figure out what remains broken... On Wednesday, September 28, 2022 at 8:03:52 PM UTC-4 daf...@gmail.com wrote: > On 28.09.22 23:52, JB SysAdmin wrote: > > I followed a combination of what I saw: > > > > On puppet master: > > > > rm -rf /etc/puppetlabs/puppetdb/ssl > > puppetserver ca generate --config /etc/puppetlabs/puppet/puppet.conf > > puppet master --no-daemonize --verbose > > puppet resource service puppetserver ensure=running > > puppet resource service puppet ensure=running > > From your descriptions it doesn't look like you actually restarted > Puppetserver after regenerating the CA, so maybe try that first: > "systemctl restart puppetserver" (as root). > > > /opt/puppetlabs/server/apps/puppetdb/bin/puppetdb ssl-setup -f > > puppet resource service puppetdb ensure=running > > Similarly restart PuppetDB, "systemctl restart puppetdb". > > The "puppet resource ... ensure=running" commands don't restart any > service. They would just start a service if it wasn't running. > > > But on the master itself, and certainly a separate client/agent, there > > are any number or errors. > > Not sure if you did that already, but when regenerating the CA, as you > have done, you'll need to issue new certificates to all Puppet agent nodes. > > On a Puppet agent node: > > rm -rf /etc/puppetlabs/puppet/ssl > puppet agent -t --waitforcert 30 > > On the Puppetmaster (= Puppet CA server): > > puppetserver ca list > puppetserver ca sign --certname > > Do that for all Puppet agent nodes. > > HTH, > > Andreas > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/e00f30b4-bb97-42df-ada6-f852361e303dn%40googlegroups.com.
[Puppet Users] Foreman 1.19 > Puppet (5.5.6) > Centos 7: "certificate has expired for /CN=Puppet CA".
All: I bid you good fortune. On inherited a Foreman 1.19 / Puppet (5.5.6) presence, the original, 5-year cert (CA) expired. I found out while trying to run puppet agent on a new node. There was no complete documented series of steps for this combo of versions; the one who set up the presence departed a while back. I followed a combination of what I saw: On puppet master: rm -rf /etc/puppetlabs/puppetdb/ssl puppetserver ca generate --config /etc/puppetlabs/puppet/puppet.conf puppet master --no-daemonize --verbose puppet resource service puppetserver ensure=running puppet resource service puppet ensure=running /opt/puppetlabs/server/apps/puppetdb/bin/puppetdb ssl-setup -f puppet resource service puppetdb ensure=running But on the master itself, and certainly a separate client/agent, there are any number or errors. * If on puppet master, running "puppet agent -t", I get this this error, where should I be checking? Error: /File[/opt/puppetlabs/puppet/cache/facts.d]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=error: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet Root CA: ***] Error: /File[/opt/puppetlabs/puppet/cache/facts.d]: Could not evaluate: Could not retrieve file metadata for puppet:///pluginfacts: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet Root CA: ***] * On puppet master, "systemctl status -l puppet" concludes in "Unable to fetch my node definition, but the agent run will continue:" "Sep 28 16:58:42 puppet-agent[19623]: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet Root CA: ]" "Could not send report: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet Root CA: **]" * If I run the same on any client, with below result, where should I head? Warning: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get issuer certificate for /CN=Puppet CA: ] Info: Retrieving pluginfacts Error: /File[/opt/puppetlabs/puppet/cache/facts.d]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 s tate=error: certificate verify failed: [unable to get issuer certificate for /CN=Puppet CA: ] Error: /File[/opt/puppetlabs/puppet/cache/facts.d]: Could not evaluate: Could not retrieve file metadata for puppet:///pluginfacts: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get issuer certificate for /CN=Puppet CA: ] Any leads on next steps would be appreciated. (I do realize the software versions cited are rather old.) -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/d06491fe-8e3f-4d09-aff8-d5773a070f72n%40googlegroups.com.
[Puppet Users] Installing on SLES 11.2?
I've been unable to get puppet installed on SLES 11.2 by the recommended method. I've set up the repo at http://download.opensuse.org/repositories/systemsmanagement:/puppet/SLE_11_SP2/, but when I do zypper install puppet I get multiple dependency errors, e.g.: Problem: nothing provides rubygems needed by rubygem-hiera-1.1.2-8.1.x86_64 I had a prior install of puppet kind of working without that repo, but I need to have the ruby-shadow package. A good number of articles and bug reports online talk about this, and supposedly that repo is the solution. I don't find any docs at all on the official puppetlabs site, and the old wiki references a repo that doesn't seem to exist anymore; at any rate, it's for SLES 10.2. Any clues? I don't want to have to install from source--we have dozens of SLES servers. Thanks for any help you can provide. Ideally I'd like a step-by-step for SLES, but anything would be good. J B Bell Test Environment Professional Ericsson ITTE 4333 Still Creek Drive Burnaby, BC V5C 6S6, Canada Phone +1 778.373.7150 jb.b...@ericsson.com www.ericsson.com -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] show dependency tree?
Is there a way to view the resource relationship tree for a class (or all classes)? I'd like an easy way for our admins to see things like what classes refer to the same resource, which classes require another class, etc. thanks -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: ERB / Tagging...
This also vexes me, I also would love to use 'all_tags', but it's not consistent. The issues is best described in the following bug, I believe: http://projects.puppetlabs.com/issues/3049 On Jun 30, 10:59 am, Dan Carley dan.car...@gmail.com wrote: On 30 June 2010 18:40, CraftyTech hmmed...@gmail.com wrote: Hello All, Can someone point me in the right direction here. I'm trying to create an erb template for my /etc/hosts file, so that when executed, it populates the /etc/hosts file only with entries that are tag relevant. For instance, if a server is tagged apache, only the apache tagged entries would be populated into the /etc/hosts file. Thanks in advance for you help. This is possible with `if all_tags.include?(sometag)`. But, and a big but, it is highly dependent on the order which your modules are compiled[0]. It will prove unreliable if your Apache module happens to be `included` after the module which is creating the templated hosts file. For this reason it will introduce extra use complexity into your modules and most people will probably recommend that you use facts instead. It happens to be a bit of a bug bear of mine because it is otherwise quite a useful feature that precludes the mess of populating additional facts. The conundrum is similar to a recent thread[1] entitled do X if package Y is installed. [0] That is compiled by the puppetmaster. Not executed by the puppet client. [1]http://groups.google.com/group/puppet-users/browse_thread/thread/b037... -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Management of MySQL grant tables?
I've setup something where I put a grants file in the data directory of each database: remotefile {$db_datadir/grants: mode = 500, source = db/$db_name/data/grants, require = File[${db_datadir}], notify = Exec[refresh_${db_name}] } this file contains...grants, ala: -- delete from mysql.user where not(user='root' and host='localhost'); grant select on mydb.* to 'imyuser'@'%' identified by PASSWORD '*NOTREALNOTREAL727A331289600B9AA66EAE'; additional grants as needed flush privileges -- from there every time puppet is run it dumps all grants and does an md5 hash. if the hash is ever different from the previously computed hash (stored in a file), it reapplies the grants. Basically if anybody makes a manual change it will get reverted next puppet run. hopefully someone doesn't poke a hole in my logic here, but it seems to work fine for me. The only change I've been thinking I should put in is having the initial 'delete' and final 'flush' statements part of the actual puppet class instead of in each grants file. it'd be safer.. # generate a hash from the grants table. if it's different than the hash generated last time # notify so grants table gets refreshed. # this will backout changes made manually! $grants_sel = 'select user,host,password from mysql.user order by user,host;' exec {echo ${grants_sel} | ${mysql_bin}/mysql -S ${db_socket} | md5sum ${db_datadir}/grants.hash: onlyif = test -S ${db_socket}, unless = echo ${grants_sel} | ${mysql_bin}/mysql -S $ {db_socket} | md5sum | diff - ${db_datadir}/grants.hash, notify = Exec[refresh_${db_name}] } # refresh only on grants file change. gets notified by grants file being changed # NOTE --force means it will apply statements even if a previous one has a syntax error # without all lines are applied until the syntax error and lines after are not exec {${mysql_bin}/mysql --force -S ${db_socket} $db_datadir/ grants: alias = refresh_${db_name}, refreshonly = true, onlyif = test -S ${db_socket}, } On May 19, 7:56 am, dbs dbelfershev...@gmail.com wrote: We need to make sure all our MySQL servers have a specific user / password / grant setup available (this is because we use centralized monitoring via Zenoss, and Zenoss needs a login on all the servers). I found a github reference to a package that might do it (http://github.com/camptocamp/puppet-mysql) but I can't understand what it is, how it works, or even what to do with it. How would folks recommend implementing this functionality? (Talking about perhaps 40 database servers) -d -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group athttp://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: variable containing applied classes?
I see your point...after looking at the classes.txt file it does have a lot more than what I want. I'm in particular looking for classes that affect app deployment/management for the engineers so they can easily see what is under puppet control...they don't need to need to see the myriad of OS level classes that are applied. As the classes are defined via a mysql database (external node lookup script), I think the best way will be to use that same database somehow via another script run from the local host. I already call such a script to update the database with 'last puppet run' so this shouldn't be too much of an issue. thanks - jeff On Mar 4, 11:24 pm, Peter Meier peter.me...@immerda.ch wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I'm looking for an easy way to include the list of applied classes on a host in something like /etc/motd. using an .erb template would do the trick if I an array exists that has all the classes in it? Hopefully it's available? you find a list of the applied class on each host in /var/lib/puppet/state/classes.txt . However I'm not sure if this is the right approach, as for example for my environment on a moderate host I apply around 180 classes. This will happen very fast if you structure your code properly into modules and use inheritance to deal with os-specific things. I assume what you like to do is to display to a user logging into the machine, what is managed on this host, right? So maybe you should get this informaton out of something else than classes, as classes might only represent a small part of a bigger thing that is managed. I don't know how you decide in your manifests what to manage on a host, however you might want to collect this information from there. cheers pete -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla -http://enigmail.mozdev.org iEYEARECAAYFAkuQsawACgkQbwltcAfKi38jOwCaA9Dl7K4d1QDw/fI1QM9qsBmo UtcAnRW+rS2dp8nv6e4HXi/zcDrDOMYT =82bO -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] variable containing applied classes?
I'm looking for an easy way to include the list of applied classes on a host in something like /etc/motd. using an .erb template would do the trick if I an array exists that has all the classes in it? Hopefully it's available? thanks -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] list of applied classes on client
I'm sure it's somewhere but I can't find it... I want to put the list of applied classes for a host in /etc/ motd...I'm hoping there's an array that has this? Some way to get the information in an .erb thanks! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] best way to make puppet temporarily ignore a file?
I'd like others to have the option to temporarily disable puppet from modify a file or directory...something along the lines of: ./something.conf.lock causes ./something.conf to NOT be modified by puppet for as long the lock file exists it'd also be nice to be able to disable an entire directory from being modified if the file: ./PUPPET-DISABLE is present. basically the 'unless' parameter as is present in the Exec type... -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: best way to make puppet temporarily ignore a file?
The scenario is this: developer needs, in an emergency situation, to edit a file that is normally under puppet control (it's a conf file for our java servlet engine). I'm not around to help out, he may not have root. I'd fully want/expect this to generate a puppet error, at least in my case, though this should be an option I'd imagine. Again, basically like 'unless' on the exec type...or 'onlyif' but with a negative check.. On Jan 19, 1:37 pm, Nigel Kersten nig...@google.com wrote: On Tue, Jan 19, 2010 at 1:21 PM, Scott Smith sc...@ohlol.net wrote: Trevor Vaughan wrote: Yes. But, in theory, this is a temporary measure. If it's not, then why are you managing that file in the first place? I monitor puppetd errors with splunk, so this could cause someone to get paged =( Good idea for those of us who don't, though :) (If I see a feature request for this, I'll definitely upvote it.) It would be reasonably trivial to subclass the File type to not apply changes if /path/to/file.notouch exists I think. I'm really torn about this though. Do you really want puppet thinking a resource has been applied when it hasn't been? This complicates dependencies an awful lot We've been considering it as a short-term band-aid for some situations, where the notouch file only works for a given period of time. -scott -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.compuppet-users%2bunsubscr...@google groups.com . For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- nigel -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: authentication issue with passenger (resolved)
Thank you Silviu - I just went through a 0.25.2 installation using passenger 2.2.8 just yesterday and had the same issues which started this thread: puppetmasterd[29797]: Puppet Server (Rack): Internal Server Error: Unhandled Exception: Host app3.chassis1 10.x.x.x) not authorized to call fileserver.list puppetmasterd[29797]: Denying unauthenticated client app3.chassis1 (10.x.x.x) access to fileserver.list Your suggestions commends below fixed the issue.. On Dec 17 2009, 8:37 am, Silviu Paragina sil...@paragina.ro wrote: What's your apache vhost config? Passenger 2.2.2 with 0.25.1 didn't work for me with the config from the example in 0.25.1 tree I think there is an error in the 0.25.1 example one. I had to add: RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e Silviu On 17.12.2009 15:22, lluis wrote: We are hitting same problem, how did you solved this? El dc 04 de 11 de 2009 a les 16:11 -0800, en/na Paul Lathrop va escriure: How did you resolve this? I'm having this problem now. On Mon, Sep 28, 2009 at 9:16 AM, Allan Marcusal...@lanl.gov wrote: I think I have it working now. --- Thanks, Allan Marcus 505-667-5666 On Sep 28, 2009, at 10:13 AM, Allan Marcus wrote: yes, I have all those settings. Attached are the relevant files. To sum up: Everything works fine with webrick Nothing I do can make server 0.25.1 w/passenger work with a 0.24.8 client Only way I can get server 0.25.1 w/passenger to work with a 0.25.1 client is to have a a wide open auth.conf file path / auth any allow * Thanks for your help. --- Thanks, Allan Marcus 505-667-5666 client_248.logclient_251.logpuppet.confserver.log On Sep 26, 2009, at 8:26 AM, Christian Hofstaedtler wrote: Also: please check that you have the required settings in the masters puppet.conf as mentioned inhttp://github.com/reductivelabs/puppet/blob/master/ext/rack/README If it still doesn't work, please post a full log from master + server for a single client run. Christian --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group athttp://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~--- --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group athttp://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~--- -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group athttp://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] --noop ignored: here's why..
In case anybody else has found their --noop flag (and probably others) ignored with 24.6 here's why, and while this may be a known issue I didn't find it in the discussion board after some searching so wanted to save others.. I can't remember why it was done, but at some point I made puppetd.conf a symlink to puppet.conf. For whatever reason, this causes the flag to get ignored. Removing the symlink and poof it works again. I think I had the symlink there as we have various (and some old) distributions lying around and some needed the older puppetd.conf (more than likely as they were using an older version of puppet). --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Source Arrays and Template Arrays
It doesn't seem to work from me, bombing out if the template specified first doesn't exist. you'd expect it to gracefully ignore and try the next...this a bug? running puppet-0.24.6-1.1 On Jul 23, 12:31 pm, Udo Waechter udo.waech...@uni-osnabrueck.de wrote: hmmm, right after sending the provious mail, I realised something: On 23.07.2009, at 21:27, Udo Waechter wrote: Hi, On 23.07.2009, at 19:58, TomTom wrote: Is it possible to do the same thing with templates? An example of what I want to do is: file { /etc/sysctl.conf: content = [ template(sysctl.conf.$hostname.erb), template(sysctl.conf.$tuningpolicy.erb), template(sysctl.conf.erb), ] } Unfortunately, the behaviour here is different. All templates outputs are concatenated... see:http://reductivelabs.com/trac/puppet/wiki/FunctionReference#template this is different call: file{/foo/bar: content = template(template1,template2) } yields concatenated templates. maybe this: file { /etc/sysctl.conf: content = [ template(sysctl.conf.$hostname.erb), template(sysctl.conf.$tuningpolicy.erb), template(sysctl.conf.erb), ] } works as expected, namely to select the one template that exists (or the first that exists). dunno, udo. -- :: udo waechter - r...@zoide.net :: N 52º16'30.5 E 8º3'10.1 :: genuine input for your ears:http://auriculabovinari.de :: your eyes:http://ezag.zoide.net :: your brain:http://zoide.net smime.p7s 2KViewDownload --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] adding lines to a config file
howdy, I assign specific applications to machines via a class. Each application has its own log files that need to be managed by our logging system (splunk, for those who are familiar with it). This basically entails adding a line to a config file. How do you do this? ie, manage the config file? If this were apache I could use the 'Include' directive and just drop in a file that is automatically included in the httpd.conf, but splunk doesn't offer this option: all config has to be in the file. i could just add each apps log config to a file and have an Exec call that concats all the files into the config, ie: app1.conf app2.conf exec{cat app*.conf loggingserver.config: ... } restart logging server where the exec is gets executed whenever a file is added/removed/ updated, but was wondering if this indeed is the best way to do it. thanks --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---