Jira (PUP-4045) Failed to generate additional resources using 'eval_generate': Cannot manage files of type socket
Title: Message Title redmine.exporter created an issue Puppet / PUP-4045 Failed to generate additional resources using 'eval_generate': Cannot manage files of type socket Issue Type: Bug Assignee: Unassigned Created: 2015/02/26 1:58 AM Labels: redmine Priority: Normal Reporter: redmine.exporter Using a slightly modified version of the code from Pro Puppet I am getting the following error: Jun 13 01:36:33 media puppet-agent[18196]: (/Stage[main]/Mysql::Config/File[mysql_data_dir]) Failed to generate additional resources using 'eval_generate': Cannot manage files of type socket The file resource in mysql/manifests/config.pp is as follows: file { mysql_data_dir : path = $mysql::params::data_directory, group = mysql, owner = mysql, recurse = true, require = File[my.cnf], } And for this particular $operatingsystem (Fedora) the value for $data_directory in mysql/manifests/params.pp is : $data_directory = /var/lib/mysql By default mysql on a Fedora system places its mysql.sock file in the data directory but it appears when a you try and change the permissions recursively, puppet doesn't know what to do with the socket file. I can place the socket file elsewhere as a work around but I believe that puppet needs to ignore socket files when changing permissions. [root@media modules]# puppet --version 2.6.8
Jira (PUP-3990) The Service Startup Type for the Puppet Enterprise for Windows Agent
Title: Message Title redmine.exporter created an issue Puppet / PUP-3990 The Service Startup Type for the Puppet Enterprise for Windows Agent Issue Type: New Feature Assignee: Unassigned Created: 2015/02/10 5:50 AM Labels: redmine Priority: Normal Reporter: redmine.exporter The service startup type of the Windows Puppet agent is set to Automatic, with no service dependencies. While it is an uncommon occurrence, it is possible for the Puppet Agent to start before the network components are available e.g. It would be possible for the Puppet Agent to start before the DHCP Client has finished configuring the network adapters. As I have only started using Puppet recently I have not seen this specific issue with Puppet in the wild but I have seen similar timing issues with other windows programs in the past, particularly with 802.1x authenticated networks. I see two ways that this issue could be avoided: 1 . Change the Startup Type As of Server 2008 (I think?) and Vista an additional Startup type was added; Automatic (Delayed) From http://en.wikipedia.org/wiki/Windows_service Automatic: The service starts at system logon. Automatic (Delayed): The service starts a short while after the system has finished starting up. This option was introduced in Windows Vista in an attempt to reduce the boot-to-desktop time. However, not all services support delayed start It seems that ...a short while after... is roughly 120 seconds after the last Automatic Service is started. This would ensure that the
Jira (PUP-3973) puppet-mode.el indentation problems with if/else blocks
Title: Message Title redmine.exporter created an issue Puppet / PUP-3973 puppet-mode.el indentation problems with if/else blocks Issue Type: Bug Assignee: Unassigned Created: 2015/02/06 9:56 AM Labels: redmine Priority: Normal Reporter: redmine.exporter The emacs puppet-mode.el works really well, however as the language has developed more functionality, the mode has not caught up with it. One issue that I've noticed is as follows, if we have the following code: pre if $puppetmaster_checklastrun { include puppet::puppetmaster::checklastrun } else { include puppet::puppetmaster::checklastrun::disable } /pre The puppet-mode wants to indent this into the following: pre if $puppetmaster_checklastrun { include puppet::puppetmaster::checklastrun } else { include puppet::puppetmaster::checklastrun::disable } /pre and then any following code will be similarly be affected in a cascading way. Note: I've assigned the Category to be 'ext' as this is where the puppet-mode.el used to reside, however this may not be the correct category (or perhaps a new category for these issues would be warranted), if so, please feel free to change it.
Jira (PUP-3922) Pluginsync collisions
Title: Message Title redmine.exporter created an issue Puppet / PUP-3922 Pluginsync collisions Issue Type: Bug Assignee: Unassigned Created: 2015/01/28 3:21 PM Labels: redmine Priority: Normal Reporter: redmine.exporter I had a problem come up in training last week involving synced facts that brought out a larger problem in pluginsync. So if I create a module 'one' and define a fact in it called 'myfact', then create a module 'two' and also define a fact there called 'myfact' they will collide. The fact in 'two' will win because it comes later in the directory globbing. But worse is that they will be continuously fighting. On an agent run you can see this fact being overwritten to 'one/myfact' and then 'two/myfact' every single time. This is horrible for usability because it's not clear which fact will be called, and it's a terrible waste of bandwidth, etc. Add Comment
Jira (PUP-3918) There should be a Node Terminus that uses a local YAML file like an External Node Classifier.
Title: Message Title redmine.exporter created an issue Puppet / PUP-3918 There should be a Node Terminus that uses a local YAML file like an External Node Classifier. Issue Type: New Feature Assignee: Unassigned Created: 2015/01/28 9:06 AM Labels: redmine Priority: Normal Reporter: redmine.exporter I wrote a node terminus that pulls the node data from a local file (/etc/puppet/node.yaml) in the same format as the external node classifier. I use this in order to do experiments on a single node by running stand-alone puppet, in an environment that usually uses an external node classifier. With a local copy of the node classifier output, and a local copy of the manifests, my development cycle is: edit the node.yaml, edit the manifests, run puppet, repeat; then merge working changes up. I also use this for entirely stand-alone hosts, such as Amazon EC2 instances launched with an external node classifier Yaml file passed as User Data. Local Yaml node terminus: https://github.com/brothers/puppet/commit/251e46cadc8d366404c74d1195b874f55a2a0b66 I also wrote an mcollective client/agent pair to execute the classifier and copy the output to a local file on the node. Local Yaml client/agent: https://github.com/brothers/mcollective-plugins/commit/59ecd42fa8c9051f5f0abc83ee10d7ba445b5f57 I would like to receive feedback on this, before I clean it up and write tests for it.
Jira (PUP-3893) refresh events logged for resources that don't match tags
Title: Message Title redmine.exporter created an issue Puppet / PUP-3893 refresh events logged for resources that don't match tags Issue Type: Bug Assignee: Unassigned Created: 2015/01/21 6:19 PM Labels: redmine Priority: Normal Reporter: redmine.exporter When using tags to restrict resources that notify other resources, the refresh event appears in the logs. See the example below where a File notifies a Service: pre file { '/tmp/foo': ensure = present, tag = [ 'woof', 'cow' ], } service { 'foo': ensure = running, tag = [ 'woof', 'cow' ], } file { '/tmp/bar': ensure = present, notify = Service['foo'], } $ puppet apply test.pp --tags file --noop Notice: /Stage[main]//File[/tmp/foo]/ensure: current_value absent, should be present (noop) Notice: /Stage[main]//File[/tmp/bar]/ensure: current_value absent, should be present (noop) Notice: /Stage[main]//Service[foo]: Would have triggered 'refresh' from 1 events Notice: Class[Main]: Would have triggered 'refresh' from 3 events Notice: Stage[main]: Would have triggered 'refresh' from 1 events /pre Service[foo] is not actioned upon because it does not have a matching tag, however we still get a log message about it. This could be misinterpreted in to thinking that Service[foo] would be restarted. The log message probably comes from the File resource that sends the refresh event, up to you whether you think it's worth squashing or not as it would be a
Jira (PUP-3830) Automatic quoting of install_options breaks NullSoft installation directory parameter
Title: Message Title redmine.exporter created an issue Puppet / PUP-3830 Automatic quoting of install_options breaks NullSoft installation directory parameter Issue Type: Bug Assignee: Unassigned Created: 2015/01/11 9:43 AM Labels: redmine Priority: Normal Reporter: redmine.exporter From http://nsis.sourceforge.net/Which_command_line_parameters_can_be_used_to_configure_installers: pre *Options* /D=C:\Bla or /D=C:\Path with spaces Set installation folder ($INSTDIR) Must be the last parameter on the command line and must not contain quotes even if the path contains blank spaces. Related to: $INSTDIR /pre From: http://docs.puppetlabs.com/references/latest/type.html blockquote
Jira (PUP-3825) virtual resources should be tagged as virtual
Title: Message Title redmine.exporter created an issue Puppet / PUP-3825 virtual resources should be tagged as virtual Issue Type: New Feature Assignee: Unassigned Created: 2015/01/09 6:33 AM Labels: redmine Priority: Normal Reporter: redmine.exporter The doc at http://docs.puppetlabs.com/puppet/2.7/reference/lang_relationships.html#chaining-arrows suggests we can write: Yumrepo | | - Package | | This is typically something one would have as a global default in his `site.pp`. As a side effect, it will `realize()` every `@yumrepo` and `@package` virtual resource, as mentioned in http://docs.puppetlabs.com/puppet/2.7/reference/lang_virtual.html This makes chaining arrows and virtual resources a bit of a nuisance to use together. It would be great if we could write something like instead: Yumrepo | virtual == false | - Package | virtual == false | or: Yumrepo | tag != virtual | - Package | tag != virtual | The current workaround is to explicitly tag every virtual resource, which is not very nice. Another solution would be to not realize virtual resources when `| |` is part of a chained arrow, but I guess it's done that way for a purpose ?
Jira (FACT-771) capturing ec2 userdata as a fact may be a security risk
Title: Message Title redmine.exporter created an issue Facter / FACT-771 capturing ec2 userdata as a fact may be a security risk Issue Type: Bug Assignee: Eric Sorenson Created: 2014/12/29 12:43 PM Labels: redmine Priority: Normal Reporter: redmine.exporter When cloud-init is used for bootstrapping nodes, a script contained in the userdata is often passed to the node to perform bootstrapping. In the case of cloud formation, this script often contains IAM credentials (access code/secret code) that are used to call cfn-init. In my integration of PE with cloudformation, I can see the AWS credentials in the inventory service when running b/c they are captured as a part of the ec2 metadata. This is not that big of a deal for my use case b/c the credentials only refer to a temporary account that only has the permissions to read metadata from cloudformation instances. In general, I have concerns over rather capturing userdata with facter may potentially (and unexpectedly) expose a user's credentials in some cases.
Jira (PUP-3745) Group membership should be a type of its own.
Title: Message Title redmine.exporter created an issue Puppet / PUP-3745 Group membership should be a type of its own. Issue Type: New Feature Assignee: Unassigned Created: 2014/12/05 6:16 AM Labels: redmine Priority: Normal Reporter: redmine.exporter It's very difficult right now to express declarative statements like: Ensure this user is not in this group, leave it alone otherwise Ensure this user is in this group without defining the user, leave it alone otherwise. I propose that we move group membership to a type of its own. That would also allow us to abstract away the differences between different platforms, some of which consider membership to be an attribute of the group, some of which consider it to be an attribute of the user. It would allow us to remove all the authoritative settings for user/group membership, as they would move to this type instead.
Jira (PUP-3730) Changing a variable in a custom fact, after the fact changes the earlier set fact
Title: Message Title redmine.exporter created an issue Puppet / PUP-3730 Changing a variable in a custom fact, after the fact changes the earlier set fact Issue Type: Bug Assignee: Unassigned Created: 2014/12/03 12:11 PM Labels: redmine Priority: Normal Reporter: redmine.exporter Okay, I think I've totally earned my keep on this one. I was hitting an unbelievable condition while hacking on https://github.com/purpleidea/puppet-gluster cough, plug, and after a lot of head scratching I narrowed it down. I've come up with a demonstration test case/example. Look at the following fact: pre XXX: demonstrate a surprising bug in puppet/facter require 'facter' value = 'hello' Facter.add('foo') do setcode { value } end thing = {} thing['a'] = 'puppet' thing['b'] = 'works' thing.keys.each do |x| value = thing[x] Facter.add('foo_'+x) do setcode { value # bork # Facter::Util::Resolution.exec(/bin/echo -n '+value+') # bork! # thing[x] # works as expected } end end value = 'BROKEN' # shouldn't matter /pre The issue is that if you use a
Jira (PUP-3731) Accessing arguments in exported resource collection override for override.
Title: Message Title redmine.exporter created an issue Puppet / PUP-3731 Accessing arguments in exported resource collection override for override. Issue Type: New Feature Assignee: Unassigned Created: 2014/12/03 12:14 PM Labels: redmine Priority: Normal Reporter: redmine.exporter Sorry I don't know how to name the subject any better... I came up with something which would be particularly useful for advanced puppet users, which I don't think exists at the moment. If it does, please let me know, if not, then consider this a feature request! Given: pre @@foo::bar { 'some_name': value = 'hello', thing = 'world', tag = 'mytag', } /pre and (on a different machine): I'd like to be able to access the properties of the element being created, for use in it's override block... Here is a very contrived example, I've made up a fake syntax of round brackets: $(thing) to show where i am using a variable from the object. This could be sort of like regexp conditional capture variables, but named... pre Foo::Bar | tag == 'mytag' | { value = override, thing = $(value) ? { # $(value) should be one of the arguments 'world' = 'Earth', 'baz' = $(name), # here we're using the name this define has... 'yeah' = $(tag), # or maybe we want a property like tag default = $(thing)-whatever, # here's another example, but this time with $thing }
Jira (PUP-3688) Allow path environment to be specified on a per-resource basis
Title: Message Title redmine.exporter created an issue Puppet / PUP-3688 Allow path environment to be specified on a per-resource basis Issue Type: Bug Assignee: Unassigned Created: 2014/11/21 11:39 AM Labels: redmine Priority: Normal Reporter: redmine.exporter Currently, only the exec resource type permits the path to be specified for commands it executes. However, it would be generally useful for other resource types. For example, to specify the path to use when executing package commands (that are relative). The only workaround is to modify the provider source or to use the http://docs.puppetlabs.com/references/latest/configuration.html#path setting, though that is global, and won't work in cases where a module installs a package in a location that isn't already in the path, e.g. Java applications on windows. Original description: Hi, I just installed ruby1.9.3.exe package on a windows build server and also i was thinking on installing some gems. It seems that is installing the gems as part as as the 1.8.7 ruby version shipped with the Puppet Client windows installer. pre class ruby{ file {'ruby': name = 'C:\Temp\rubyinstaller-1.9.3-p194.exe', ensure = present, source = 'V:\shardata\Puppet\rubyinstaller-1.9.3-p194.exe' } exec { 'ruby': command = 'C:\Temp\rubyinstaller-1.9.3-p194.exe /verysilent /dir=C:\ruby /tasks=assocfiles,modpath', require =
Jira (PUP-3664) Invalid metadata.json in module root causes Error 400
Title: Message Title redmine.exporter created an issue Puppet / PUP-3664 Invalid metadata.json in module root causes Error 400 Issue Type: Bug Assignee: Unassigned Created: 2014/11/12 6:46 AM Labels: redmine Priority: Normal Reporter: redmine.exporter The other day I a href="" a a href="" from github/a that I had used a while back but had not been updated in some time. Within their module is a href="" file/a: precode { name: OSS-OSS, author: , license: , version: 1.0.0, types: [ ], checksums: , source: } /code/pre At some point, for reasons I could not now tell you, I moved that file out of the ganglia module and into the broot of my cdh3 module/b. Little did I know how much time it would waste later. I went about reformatting the module quite a bit, and then finally got to testing the code, and consistently came up against this error: precode Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Could not find class cdh3 for server01.123xyz.com on node server01.123xyz.com Warning: Not using cache on failed catalog Error: Could not retrieve catalog; skipping run /code/pre Various stages of madness set in as I tore things apart trying to find the problem. I stack traced, I debugged, I validated my code, I triple checked my naming. So I decided to remove all files but those essential to the
Jira (PUP-3666) 'configtimeout' setting is erroneously named
Title: Message Title redmine.exporter created an issue Puppet / PUP-3666 'configtimeout' setting is erroneously named Issue Type: Bug Assignee: Unassigned Created: 2014/11/12 1:27 PM Labels: redmine Priority: Normal Reporter: redmine.exporter There's an agent setting 'configtimeout' which purports to: :configtimeout = { :default = 120, :desc = How long the client should wait for the configuration to be retrieved before considering it a failure. This can help reduce flapping if too many clients contact the server at one time., }, This is not correct though, as it's actually used for all http connections. The option should be renamed to reflect reality (perhaps to `httptimeout`?) and docs updated accordingly. Add Comment
Jira (PUP-3657) Using create_resource or some other Ruby methodology for creating resources allows for invalid resource references
Title: Message Title redmine.exporter created an issue Puppet / PUP-3657 Using create_resource or some other Ruby methodology for creating resources allows for invalid resource references Issue Type: Bug Assignee: Unassigned Created: 2014/11/11 8:59 AM Labels: redmine Priority: Normal Reporter: redmine.exporter See #17842 for an example of this: http://projects.puppetlabs.com/issues/17842#note-5 The problem is that this is invalid in the parser: file { '/tmp/foo': ensure = present, require = [ Mymodule::foo['bar'] ], } But this works successfully: create_resources('file', { '/usr/local/homeaway/api-favorites-ustst1-jdk/java' = { ensure = present, require = Mymodule::foo[bar] }}) However, in PuppetDB we are more strict and the second case fails with an invalid relationship error - we can fix the error message on our end, but this still shouldn't be allowed I believe. The question is - should this be fixed in the internals so people tapping resource creation (like within create_resources) get an error or something else? Or perhaps fixed in create_resources? Its basically just an inconsistency between that methodology and what the parser enforces.
Jira (PUP-3662) Using the 'resources' resource to manage users on Windows fails
Title: Message Title redmine.exporter created an issue Puppet / PUP-3662 Using the 'resources' resource to manage users on Windows fails Issue Type: Bug Assignee: Unassigned Created: 2014/11/11 3:51 PM Labels: redmine Priority: Normal Reporter: redmine.exporter Add Comment This message was sent by Atlassian JIRA (v6.3.7#6337-sha1:2ed701e) -- You received this
Jira (PUP-3613) Add a parameter to the exec resource to support running commands in software collections without always using scl enable
Title: Message Title redmine.exporter created an issue Puppet / PUP-3613 Add a parameter to the exec resource to support running commands in software collections without always using scl enable Issue Type: New Feature Assignee: Unassigned Created: 2014/11/04 5:28 AM Labels: redmine Priority: Normal Reporter: redmine.exporter Software collections is an RPM integrated vendorization tool that's starting to get more and more widely used + supported. To run a command in the software collection (SCL), you need to run `scl enable collection name 'command'`. For example, if you want to install a gem into a SCL named ruby193, you'd run `scl enable ruby193 '/usr/bin/gem install sinatra'`. Here's what I'm proposing: pre exec { 'install sinatra': command = '/usr/bin/gem install sinatra', unless = 'gem list | grep sinatra', scl = 'ruby193' } /pre The presence of the SCL parameter means that all of the other parameters that involve system calls would get executed inside of a session in the SCL name that's provided.
Jira (PUP-3530) Pass array to custom define fails
Title: Message Title redmine.exporter created an issue Puppet / PUP-3530 Pass array to custom define fails Issue Type: Bug Assignee: Unassigned Created: 24/Oct/14 2:57 AM Labels: redmine Priority: Normal Reporter: redmine.exporter I'm trying to pass a simple array to a custom define and fails with error: `err: Could not retrieve catalog from remote server: Could not intern from pson: Could not convert from pson: Could not find relationship source Foo::Map[idbazip2.2.2.2] ` I think that code is very correct: `$foo = [ {id = bar, ip = 1.1.1.1} , {id = baz, ip = 2.2.2.2} ]` `foo::map {$foo:}` `define foo::map () { notify {$name['id']: } } ` Add Comment
Jira (PUP-3532) Need way to pass array to class to APPEND to defaults
Title: Message Title redmine.exporter created an issue Puppet / PUP-3532 Need way to pass array to class to APPEND to defaults Issue Type: Bug Assignee: Unassigned Created: 24/Oct/14 10:45 AM Labels: redmine Priority: Normal Reporter: redmine.exporter A way to pass an array to a class so that it would APPEND that array to the default array for that class would be excellent. Add Comment This message was sent by Atlassian JIRA (v6.1.4#6159-sha1:44eaede)
Jira (FACT-720) No eth0 causes error
Title: Message Title redmine.exporter created an issue Facter / FACT-720 No eth0 causes error Issue Type: Bug Assignee: Eric Sorenson Created: 21/Oct/14 2:59 PM Labels: redmine customer Priority: Normal Reporter: redmine.exporter When the mcollective-metadata cron runs, the lack of eth0 causes this error to appear arping: unknown iface eth0, which ends up spamming logs every run. The customer also got the error when manually running facter: facter -p | grep eth arping: unknown iface eth0 interfaces = eth3,lo ipaddress_eth3 = xx.xx.xx.xx macaddress_eth3 = 00:15:5D:AB:xx:xx netmask_eth3 = 255.255.252.0 network_eth3 = xx.xx.xx.0 Currently they are working around it with # Puppet Name: pe-mcollective-metadata 0,15,30,45 * * * * /opt/puppet/sbin/refresh-mcollective-metadata /dev/null 21 I'm looking into a workaround that's a little cleaner and only target the eth0 fact.
Jira (PUP-3393) Improve puppet's error handling and exit code correctness.
Title: Message Title redmine.exporter created an issue Puppet / PUP-3393 Improve puppet's error handling and exit code correctness. Issue Type: Bug Assignee: Unassigned Created: 21/Oct/14 3:01 PM Labels: redmine Priority: Normal Reporter: redmine.exporter This is an umbrella bug for a slew of issues around un-informative or misleading error reporting, incorrect exit codes, and unhelpful help. See the 'related bugs' field for a full list. Add Comment
Jira (PUP-3460) Improve puppet's error handling and exit code correctness.
Title: Message Title redmine.exporter created an issue Puppet / PUP-3460 Improve puppet's error handling and exit code correctness. Issue Type: Bug Assignee: Unassigned Created: 14/Oct/14 10:23 AM Labels: redmine Priority: Normal Reporter: redmine.exporter This is an umbrella bug for a slew of issues around un-informative or misleading error reporting, incorrect exit codes, and unhelpful help. See the 'related bugs' field for a full list. Add Comment This message was sent
Jira (PUP-3430) Provide proxy support for pip latest (package)
Title: Message Title redmine.exporter created an issue Puppet / PUP-3430 Provide proxy support for pip latest (package) Issue Type: New Feature Assignee: Unassigned Created: 09/Oct/14 12:06 PM Labels: redmine Priority: Normal Reporter: redmine.exporter On a company network, usually we have proxy settings. Following code fail with error: package { 'virtualenv': ensure = latest, provider = $pip_provider, } Error: Timeout while contacting pypi.python.org Add Comment
Jira (PUP-3390) 2.8 to 3.0 upgrade leaves behind inspection related compilance issues
Title: Message Title redmine.exporter created an issue Puppet / PUP-3390 2.8 to 3.0 upgrade leaves behind inspection related compilance issues Issue Type: Bug Assignee: Unassigned Created: 06/Oct/14 8:33 AM Labels: redmine customer Priority: Normal Reporter: redmine.exporter When upgrading from PE 2.8.2 to 3.0.1 using the official upgrade path, the master does not remove the pe-compliance module from the default group, and apparently leaves the module behind on the master. We ended up in a situation where the inspect cron job on new 3.0.1 clients (which never had pre 3.0.1 puppet) got given a cron job to run the inspect job which then errored out. Add Comment
Jira (FACT-718) Allow for disabling certain facts within Facter
Title: Message Title redmine.exporter created an issue Facter / FACT-718 Allow for disabling certain facts within Facter Issue Type: New Feature Assignee: Eric Sorenson Created: 03/Oct/14 8:42 AM Labels: redmine Priority: Normal Reporter: redmine.exporter Discussed here: https://groups.google.com/forum/#!topic/puppet-users/SCfVE1kpTpk With version 1.7 facts were added for each mounted volume. When run on a server attached to a SAN with say 1,000 volumes mounted, end up with over 3,000 facts (and chocking our ENC). Would like the ability to disable these facts via a configuration file. Add Comment
Jira (PUP-3385) Allow ${var} with curlies everywhere
Title: Message Title redmine.exporter created an issue Puppet / PUP-3385 Allow ${var} with curlies everywhere Issue Type: New Feature Assignee: Unassigned Created: 03/Oct/14 10:36 AM Labels: redmine Priority: Normal Reporter: redmine.exporter Inside quoted strings, variables may be written as $var or $ {var}, but outside quoted strings, the $var form is required, and attempts to use ${var} result in confusing error messages: pre var = value notify { A: message = $var, } # works notify { B: message = $ {var}, } # works notify { C: message = $var, } # works notify { D: message = ${var} , } # fails, with Error 400 on SERVER: Could not match '$ {var},' at filename:line /pre It would be nice if ${var} could be used in this context. Add Comment
Jira (PUP-3380) OpenBSD package method function get_version does not work with source parameter
Title: Message Title redmine.exporter created an issue Puppet / PUP-3380 OpenBSD package method function get_version does not work with source parameter Issue Type: Bug Assignee: Unassigned Created: 02/Oct/14 1:16 AM Labels: redmine Priority: Normal Reporter: redmine.exporter If the package source URL is specified with a source parameter, the get_version method in the OpenBSD package provider does not work as the source URL is not propagated to the environment of the pkg_info -I call. This call should also be wrapped in Puppet::Util::Execution::withenv( { 'PKG_PATH' = @resource[:source] } ) {} like the call to pkg_add just above. Add Comment
Jira (PUP-3381) directoryservice provider creates users with low ids
Title: Message Title redmine.exporter created an issue Puppet / PUP-3381 directoryservice provider creates users with low ids Issue Type: Bug Assignee: Unassigned Created: 02/Oct/14 11:16 AM Labels: redmine Priority: Normal Reporter: redmine.exporter If a uid is not specified, the automatically selected uid is very low (100) and sometimes produces broken users. On a fresh 10.8.5 install it creates a new user with uid 28 and then createhomedir for the user fails. New users created in the OSX GUI have uids starting at 501, I think puppet should do the same when the uid is not specified. Add Comment
Jira (PUP-3362) Cisco device, interface type, ensure = absent won't work properly.... I think
Title: Message Title redmine.exporter created an issue Puppet / PUP-3362 Cisco device, interface type, ensure = absent won't work properly I think Issue Type: Bug Assignee: Unassigned Created: 29/Sep/14 4:28 PM Labels: redmine Priority: Normal Reporter: redmine.exporter Hi, I've been working on modifying the Cisco device code to work with Hp devices. I started out fairly simple with just being able to define a vlan and the basic parts of an interface. Some real simple testing suggested that defining an interface like so: interface { '1': ensure = absent } Although I detect (correctly) that the interface is disabled, every time puppet runs it always tries to set the interface as disabled. My code isn't too much different to the existing cisco code. I can't test this against a cisco device, but I think it would fail there too for the following reason: The parse_interface method in util/network_device/cisco/device.rb: def parse_interface(name) resource = {} ... if l =~ /# {name} is (.+), line protocol is / resource[:ensure] = ($1 == 'up' ? :present : :absent); end ... resource end So whatever happens it always returns something, even if that's an empty hash. If we look at self.prefetch(resources) in provider/network_device.rb def self.prefetch(resources) resources.each do |name, resource| device = Puppet::Util::NetworkDevice.current || device(resource[:device_url]) if result = lookup(device,
Jira (PUP-3347) YAML corruption in 2.6.7
Title: Message Title redmine.exporter created an issue Puppet / PUP-3347 YAML corruption in 2.6.7 Issue Type: Bug Assignee: Unassigned Created: 26/Sep/14 7:25 AM Labels: redmine Priority: Normal Reporter: redmine.exporter Hi guys, getting YAML corruption on 2.6.7 at $dayjob: err: Could not retrieve catalog from remote server: Error 400 on SERVER: Could not parse YAML data for node something.example.com: syntax error on line 78, col 19: `' I have no idea how to begin to troubleshoot as it is seemingly random and it doesn't happen at my other gig which is running 2.6.7, but on a different platform. Removing the yaml in question and running the agent again fixes it. While not fixing whatever the root cause is, what are the implications of wrapping the yaml parsing bit of code inside a begin-rescue to try and catch this exception, invalidate the data, and try once more before really failing? I haven't looked at the code so I don't even know if that's feasible, just throwing it out there. Add Comment
Jira (PUP-3344) support --index-url and --extra-index-url for python pip
Title: Message Title redmine.exporter created an issue Puppet / PUP-3344 support --index-url and --extra-index-url for python pip Issue Type: New Feature Assignee: Unassigned Created: 25/Sep/14 8:49 AM Labels: redmine Priority: Normal Reporter: redmine.exporter This pull request: https://github.com/puppetlabs/puppet/pull/521 raised a few questions / issues about the best way to handle provider-specific parameters for package providers. We'd prefer not to be forced to stuff them into existing (somewhat unrelated) parameters and regex them out (though this does happen in certain providers), but we also want to be careful about adding too many provider-specific parameters to the main package resource type, which would clutter up the model and make it confusing. The pip case is particularly interesting, because the two parameters that we need to add support for touch on a few conceptual things that we don't yet have parameters for: 1) The ability to specify multiple source destinations (we currently only have the source parameter, and the docs for it definitely read as though it is a single file/URL). 2) The ability to disable the default (implicit) source of a given package provider (this is what the --index-url option for pip does). We should give some consideration to a long-term / general way to handle those two concepts; I'll create and link in a second ticket for that. However, in the short term, we do have an existing parameter called
Jira (FACT-712) Add is_ec2 and is_euca facts
Title: Message Title redmine.exporter created an issue Facter / FACT-712 Add is_ec2 and is_euca facts Issue Type: New Feature Assignee: Eric Sorenson Created: 19/Sep/14 7:53 AM Labels: redmine Priority: Normal Reporter: redmine.exporter Sometimes you just want to know if a host is EC2 or Eucalyptus. This adds two facts in a similar vein to is_virtual. Add Comment This message was sent by Atlassian JIRA (v6.1.4#6159-sha1:44eaede)
Jira (PUP-3319) client should retry if connection to master fails
Title: Message Title redmine.exporter created an issue Puppet / PUP-3319 client should retry if connection to master fails Issue Type: New Feature Assignee: Unassigned Created: 19/Sep/14 12:20 PM Labels: redmine Priority: Normal Reporter: redmine.exporter It would be nice if the client retried several times over say a 30-second period when it can't connect to the master. Use case 1: Restart the puppetmaster while a client is busy processing a catalog. At present, the client will fail to fetch any files with puppet:/// source URLs, leading to many error messages on the client. Use case 2: Run puppetmasterd and a puppetd client on the same host. Have a manifest with notify = Service[puppetmasterd] after upgrading the package that contains puppet itself, or upgrading ruby, or some other dependency. The client will upgrade the puppet package, and restart puppetmasterd. Then the client will try to send a report to the master, and fail, like this: pre notice: Package[puppet]/ensure: ensure changed '0.25.5,REV=2010.06.17.13.13' to '0.25.5,REV=2010.08.03.09.06' info: Package[puppet]: Scheduling refresh of Service[puppetmasterd] notice: Service[puppetmasterd]: Triggering 'refresh' from 1 dependencies err: Reporting failed: Connection refused - connect(2) notice: Finished catalog run in 202.94 seconds /pre
Jira (PUP-3256) multiple fileserver configs don't work
Title: Message Title redmine.exporter created an issue Puppet / PUP-3256 multiple fileserver configs don't work Issue Type: Bug Assignee: Unassigned Created: 16/Sep/14 3:47 AM Labels: redmine Priority: Normal Reporter: redmine.exporter I have a multiple environment puppet server set up with the following structure: there are five environments. each one has a separate fileserverconfig variable pointing to a different fileserver.conf file. Each fileserver.conf file has a different path setting for [files]. However, it only seems to read the first one. No matter which environment I use, it points to the development environment. This isn't the behavior I was expecting. puppet.conf: pre [main] Where Puppet stores dynamic and growing data. The default value is '/var/puppet'. vardir = /var/lib/puppet The Puppet log directory. The default value is '$vardir/log'. logdir = /var/log/puppet
Jira (PUP-3204) Users and groups created mid-transaction are not found
Title: Message Title redmine.exporter created an issue Puppet / PUP-3204 Users and groups created mid-transaction are not found Issue Type: Bug Assignee: Unassigned Created: 09/Sep/14 7:37 AM Labels: redmine Priority: Normal Reporter: redmine.exporter I recently noticed the following: pre Aug 23 18:09:35 extdns03 puppetdr987: [ID 702911 daemon.error] (//extdns03/common_foglight/foglight_agents_setup/Exec[/opt/foglight/script/setup.sh]) Failed to call refresh on Exec[/opt/foglight/script/setup.sh]: Invalid user: foglight /pre While I'm reasonably sure that the user did exist at that point. So after long and painful debugging I did the following: pre extdns01# RUBYLIB=. irb irb(main):001:0 require 'puppet' = true irb(main):002:0 Puppet::Util.uid('boom') = nil [ Now, in a different window, ran adduser boom ] irb(main):003:0 Puppet::Util.uid('boom') = nil irb(main):004:0 /pre I guess puppet should flush the uid/gid cache on any user/group operation, or possibly even every time.
Jira (PUP-3180) Puppet should deprecate the use of CRLs and move towards OCSP
Title: Message Title redmine.exporter created an issue Puppet / PUP-3180 Puppet should deprecate the use of CRLs and move towards OCSP Issue Type: New Feature Assignee: Unassigned Created: 04/Sep/14 5:05 AM Labels: redmine Priority: Normal Reporter: redmine.exporter OCSP: http://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol OCSP scales significantly better and we should consider it in Puppet. We need to investigate whether Ruby/SSL allows us to use a nonce with the OCSP request, otherwise we may open ourselves up to replay attacks. Add Comment
Jira (PUP-3142) exec type should allow passing of arguments as an array rather than a string
Title: Message Title redmine.exporter created an issue Puppet / PUP-3142 exec type should allow passing of arguments as an array rather than a string Issue Type: New Feature Assignee: Unassigned Created: 25/Aug/14 7:38 PM Labels: redmine Priority: Normal Reporter: redmine.exporter The exec type takes commands and arguments as a string, (@echo foo@) which will then get passed to /bin/sh (@sh -c echo foo@) by Kernel#system. This can make things pretty awkward if the command you're trying to execute contains shell metacharacters or quotes of its own, and under appropriately pathological conditions could even be a security problem... (username 'rm -rf /' or something? shrug) It'd be grand if the exec type would support passing things around as arrays. eg: pre exec {example: command = /bin/echo, arguments = [*, yay, *], } /pre (Passing an array to Kernel#system bypasses the shell completely: http://www.ruby-doc.org/core/classes/Kernel.html#M005982) -sq Add Comment
Jira (PUP-3043) 100% CPU usage
Title: Message Title redmine.exporter created an issue Puppet / PUP-3043 100% CPU usage Issue Type: Bug Assignee: Unassigned Created: 11/Aug/14 11:11 AM Labels: redmine Priority: Normal Reporter: redmine.exporter Hi, I've been experimenting with Puppet for a few days now, and overall I'm pretty impressed on how easy Puppet makes it to manage configurations. However, one thing has been runing my enthusiasm thoroughly, and that is the massive CPU consumption of Puppet. At first I used puppet to source in and manage a few hundred megabytes of data, so I presumed Puppet just wasn't made to provide such large amounts of data. So I set up my own apt repository and created some custom packages to as an alternative way to transfer data. I also learned about the checksum file property, and that the default value of md5 can cause a lot of CPU consumption. So I turned checksumming of (checksum = undef) . But now puppet is still happily eating away 100% CPU for tens of minutes at a time, with no apparent things happening. (puppetd -tv --trace --debug, but nothing appearing in the console while Puppet is cooking the CPU.) I believe the following resource is to blame: file { /some/data/dir: owner = $username, group = $username, recurse = true, ensure = directory, checksum = undef } I just want this resource to make sure that all files in the directory are owned by user and group $username. /some/data/dir contains 300M in 6000+ files. This resource executes swiftly, but after the last file has been
Jira (PUP-3025) resource_type search can produce errors if storedconfigs is not configured.
Title: Message Title redmine.exporter created an issue Puppet / PUP-3025 resource_type search can produce errors if storedconfigs is not configured. Issue Type: Bug Assignee: Unassigned Created: 07/Aug/14 5:32 AM Labels: redmine Priority: Normal Reporter: redmine.exporter (NOTE: the following is run against 2.7 (currently next), I have also seen the same warnings in 2.6.x) If I have a manifest which tries to export resources, then I get the following warning when retrieving the resource_type: pre cat /tmp/foo.pp class foo ($bar) { @@notify { 'foo': } } [root@mypuppetmaster motd]# puppet resource_type search '*' --manifest /tmp/foo.pp warning: You cannot collect without storeconfigs being set on line 2 in file /tmp/foo.pp [ { name: foo, arguments: { bar: null } , line: 1, type: hostclass, file: /tmp/foo.pp } ] /pre This warning should not occur, since having stored configs configured is not a requirement for querying the type. configuring stored configs on the server makes the errors go away I also verified that the resource_type call is not exporting resources if storedconfigs is enabled.
Jira (PUP-2997) Logdest cannot be set in the puppet.conf
Title: Message Title redmine.exporter created an issue Puppet / PUP-2997 Logdest cannot be set in the puppet.conf Issue Type: New Feature Assignee: Unassigned Created: 31/Jul/14 8:17 AM Labels: redmine customer Priority: Normal Reporter: redmine.exporter This is potentially a duplicate issue of a few things floating around out there, but most focus on masterlog, so I'm opening this up separately. Currently you can use --logdest /var/log/somelogfile, but you cannot set it in the puppet.conf. This seems like an oversight, especially since there seems to be a good number of people who wish to keep all puppet logs out of /var/log/messages. There are ways around this (etc/init.d/pe-puppet), but they are purely workarounds. It looks like some of the reason for this is the old masterlog option, which it seems is no longer in use, used to be the preferred way of setting in the puppet.conf. Potentially related tickets: https://projects.puppetlabs.com/issues/5952 https://projects.puppetlabs.com/issues/4550 https://projects.puppetlabs.com/issues/12361 Add Comment
Jira (PUP-2998) Allow verbose and debug options to be specified in configuration file in addition to command line
Title: Message Title redmine.exporter created an issue Puppet / PUP-2998 Allow verbose and debug options to be specified in configuration file in addition to command line Issue Type: New Feature Assignee: Unassigned Created: 31/Jul/14 8:28 AM Labels: redmine Priority: Normal Reporter: redmine.exporter If the verbose or debug option is set in /etc/puppet/puppet.conf, the puppet agent doesn't seem to respect them. It seems that these two options can only be set on the command line. Being able to set them in the configuration file would be helpful when debugging puppet agents running into system on EC2. Add Comment
Jira (HI-282) hiera binary with `-i nodename.domain.com` fails under puppet 3
Title: Message Title redmine.exporter created an issue Hiera / HI-282 hiera binary with `-i nodename.domain.com` fails under puppet 3 Issue Type: Bug Assignee: Unassigned Created: 27/Jul/14 9:08 AM Labels: redmine Priority: Normal Reporter: redmine.exporter due to changes in the settings initialization system, using the `-i` flag (query inventory service) from the hiera binary causes an exception with puppet 3.0.0 and above: pre [eric@glitch.local ~/Sandbox]% /Users/eric/Sandbox/hiera/bin/hiera sysadmin --config /Users/eric/Sandbox/explosive-puppet/hiera.yaml -i glitch.local Puppet inventory service lookup failed: NoMethodError: undefined method `features' for Puppet:Module Could not load Puppet inventory service scope: SystemExit: exit /pre You can somewhat hack around this by moving to the new `Puppet.initialize_settings` method instead of `Puppet.Settings.parse_config`, as in the following patch, but that is hardcoded to load settings for the `:user` run_mode, so you lose the ability to get the `[master]` section's settings. pre diff --git a/bin/hiera b/bin/hiera index ddd4daa..1814351 100755 — a/bin/hiera +++ b/bin/hiera @@ -91,10 +91,8 @@ def load_scope(source, type=:yaml) is fine to have the inventory_server option set even if the config doesn't have the fact_terminus set to rest. begin
Jira (PUP-2970) warning: Found multiple default providers
Title: Message Title redmine.exporter created an issue Puppet / PUP-2970 warning: Found multiple default providers Issue Type: Bug Assignee: Unassigned Created: 24/Jul/14 4:42 AM Labels: redmine Priority: Normal Reporter: redmine.exporter Using a noop provider to work around suitability checks for commands from yet-to-be installed packages, causes a warning about multiple providers during runs when the package is actually installed. If the package is not installed before the run, there are no warnings and the package is later installed. pre lib/puppet/type/nova_admin.rb Puppet::Type.newtype(:nova_admin) do @doc = Manage createion/deletion of nova admin users. ensurable newparam(:name) do desc The name of the admins. end end /pre pre lib/puppet/provider/nova_admin/default.pp Puppet::Type.type(:nova_admin).provide(:default) do desc This is a default provider that does nothing. This allows us to install nova-manage on the same puppet run where we want to use it. def create return false end def destroy return false end def exists? fail('This is just the default provider for nova_admin, all it does is fail') end end /pre pre
Jira (PUP-2941) Autorequire does not properly support Class resources as first-class citizens
Title: Message Title redmine.exporter created an issue Puppet / PUP-2941 Autorequire does not properly support Class resources as first-class citizens Issue Type: New Feature Assignee: Unassigned Created: 16/Jul/14 6:46 AM Labels: redmine Priority: Normal Reporter: redmine.exporter Attempting to autorequire a class inside a custom type results in the autorequire being ignored. Since Classes are supposed to be treated as first-class resources, they should be autorequire-able like any other resource type. Add Comment
Jira (PUP-2944) yum provider should use osfamily instead of operatingsystem fact
Title: Message Title redmine.exporter created an issue Puppet / PUP-2944 yum provider should use osfamily instead of operatingsystem fact Issue Type: Bug Assignee: Unassigned Created: 16/Jul/14 4:59 PM Labels: redmine Priority: Normal Reporter: redmine.exporter The yum provider for the package type uses the operatingsystem fact to specify the defaultfor and should be using the osfamily fact so that we do not have to duplicate effort listing all the RedHat derivatives in both places. Add Comment This message was
Jira (PUP-2928) Puppet tries to update the group for user when he is listed as its member twice.
Title: Message Title redmine.exporter created an issue Puppet / PUP-2928 Puppet tries to update the group for user when he is listed as its member twice. Issue Type: Bug Assignee: Unassigned Created: 11/Jul/14 10:18 AM Labels: redmine customer Priority: Normal Reporter: redmine.exporter When a user is found in several nss group backends ralsh shows it as being included into a group more than once and puppet continually tries to remove the user from that group. To clarify: I have a following resource in my manifest: pre user { 'tomcat7': groups = 'ssl-user', } /pre Until recently everything was just fine but lately the following actions began to appear: pre notice: /Stage[main]/Tomcat/User[tomcat7]/groups: groups changed 'ssl-user,ssl-user' to 'ssl-user' /pre The reason for that behaviour turned out to be the following line in /etc/nsswitch.conf: pre root@susegrp1:~# cat /etc/nsswitch.conf | grep group group: files ldap compat /pre When I remove the line everything returns back to normal way. Here is the output of actual state of resource on the system and as seen by puppet: pre root@susegrp1:~# id tomcat7 uid=108(tomcat7) gid=114(tomcat7) groups=301(ssl-user),114(tomcat7) root@susegrp1:~# getent group | grep ssl-user ssl-user:x:301:tomcat7 ssl-user:x:301:tomcat7 root@susegrp1:~# ralsh user tomcat7 warning: User tomcat7 found in both useradd and useradd; skipping the useradd version user {
Jira (PUP-2905) When installing PIP packages from Git, the install and any notifies are triggered during every run.
Title: Message Title redmine.exporter created an issue Puppet / PUP-2905 When installing PIP packages from Git, the install and any notifies are triggered during every run. Issue Type: Bug Assignee: Unassigned Created: 08/Jul/14 6:00 AM Labels: redmine Priority: Normal Reporter: redmine.exporter I have a plugin for a Python application, Sentry, which I am installing via GitHub like so: package { 'sentry-hipchat': ensure = 'cfac72b33dc8468745669ea65998a5b911e9aae0', provider = 'pip', source = 'git+git://github.com/invisiblehand/sentry-hipchat.git' } When running the Puppet agent with --debug --trace --test, I can see Puppet checks the output of 'pip freeze', however the output from this command, for packages installed from GitHub seems to differ, and I don't believe it will match the regex used here: https://github.com/puppetlabs/puppet/blob/master/lib/puppet/provider/package/pip.rb#L16-L22 Here is some sample output from 'pip freeze' on my system: raven==3.5.1 redis==2.8.0 sentry==6.3.3 -e git://github.com/invisiblehand/sentry-hipchat.git@cfac72b33dc8468745669ea65998a5b911e9aae0#egg=sentry_hipchat-master setproctitle==1.1.8 simplejson==3.3.1 I'm using Puppet 2.7.13, installed via RubyGems, on Ubuntu 12.04 LTS 64-bit, running Ruby 1.9.3p448. The output from the Puppet agent run is as follows: debug: Puppet::Type::Package::ProviderPip: Executing '/usr/bin/pip freeze' debug:
Jira (PUP-2910) Need ability to remove all unmanaged resources
Title: Message Title redmine.exporter created an issue Puppet / PUP-2910 Need ability to remove all unmanaged resources Issue Type: New Feature Assignee: Unassigned Created: 08/Jul/14 1:49 PM Labels: redmine Priority: Normal Reporter: redmine.exporter This works, purging all unmanaged hosts entries: resources { 'host': purge = true, noop = true, } We should have a similar property for all (most?) types. – This ticket is a request for comment, coming out of a discussion at Puppet Camp EU, 2011. No promises whatever about implementation, but there were enough people interested to open a public discussion. Add Comment
Jira (PUP-2900) sshkey resource created /etc/ssh/ssh_known_hosts mode 0600
Title: Message Title redmine.exporter created an issue Puppet / PUP-2900 sshkey resource created /etc/ssh/ssh_known_hosts mode 0600 Issue Type: Bug Assignee: Unassigned Created: 07/Jul/14 7:40 AM Labels: redmine Priority: Normal Reporter: redmine.exporter I used an sshkey resource like this: pre sshkey { host.domain.example: ensure = present, type = ssh-rsa, key = AAAblahblahblah==, } /pre and puppet created the /etc/ssh/ssh_known_hosts file with sensible contents, but with mode 0600. This file is supposed to be world readable. Of course I can use a file resource to fix it, but I'd prefer it if puppet created it with a sensible mode. Add Comment
Jira (PUP-2844) puppetmasterd --compile sends extraneous messages to stdout
Title: Message Title redmine.exporter created an issue Puppet / PUP-2844 puppetmasterd --compile sends extraneous messages to stdout Issue Type: Bug Assignee: Unassigned Created: 26/Jun/14 12:48 AM Labels: redmine Priority: Normal Reporter: redmine.exporter When I run pre puppetmasterd --compile myclient.example.net myclient.yaml /pre then the output file contains pre ESC[0;36mnotice: Compiled catalog for myclient.example.net in 40.23 secondsESC[0m {data:{edges:[... (one very long line of data) ... /pre The notice: line should have been sent to stderr, not to stdout, so that it does not get mixed in with the YAML data. Add Comment
Jira (PUP-2837) alter parser to throw an error on use of an undefined, unquoted, variable.
Title: Message Title redmine.exporter created an issue Puppet / PUP-2837 alter parser to throw an error on use of an undefined, unquoted, variable. Issue Type: New Feature Assignee: Unassigned Created: 25/Jun/14 3:13 AM Labels: redmine customer Priority: Normal Reporter: redmine.exporter Currently, the parser treats the following cases as equivalent: pre file {/tmp/testfile: content = $content } file {/tmp/testfile: content = $content } /pre I think it would be beneficial to throw a compile error in the first case if $content is not defined, eg fail('Attempt to use unquoted, undefined variable $content'). This would sensibly catch many cases where I have: typo'd on variable names, misjudged scoping, forgotten to define a variable that I am using in a defined type, broken a facter fact. The second form
Jira (PUP-2801) 'puppetca' needs feature to remove (/revoke) a pending certificate signing request
Title: Message Title redmine.exporter created an issue Puppet / PUP-2801 'puppetca' needs feature to remove (/revoke) a pending certificate signing request Issue Type: Bug Assignee: Unassigned Created: 18/Jun/14 5:02 AM Labels: redmine customer Priority: Normal Reporter: redmine.exporter It is not possible to remove a pending certificate signing request with 'puppetca --revoke $fqdn': pre [root@X puppet]# puppetca --list rhel32bit.x.local [root@X puppet]# puppetca --revoke rhel32bit.x.local rhel32bit.x.local notice: Revoked certificate with serial # Inventory of signed certificates err: Could not call revoke: Cannot convert into OpenSSL::BN /pre You have to remove the certificate signing request manually. 'puppetca' should (IMO) do this. Add Comment
Jira (FACT-571) Error messages with IPv6-enabled interfaces.
Title: Message Title redmine.exporter created an issue Facter / FACT-571 Error messages with IPv6-enabled interfaces. Issue Type: Bug Assignee: Eric Sorenson Created: 17/Jun/14 4:35 AM Labels: redmine Priority: Normal Reporter: redmine.exporter pre cabbage ~ # facter --puppet no such file to load – ldap ifconfig: status: SIOCGLIFFLAGS: bge0:1: no such interface ifconfig: status: SIOCGLIFFLAGS: bge0:1: no such interface ifconfig: status: SIOCGLIFFLAGS: bge0:1: no such interface ifconfig: status: SIOCGLIFFLAGS: bge0:1: no such interface ifconfig: status: SIOCGLIFFLAGS: bge0:1: no such interface /pre A workaround would be to skip the IPv6 interface names: precode class=diff index 9fb7034..748bb1d 100644 — a/lib/facter/util/ip.rb +++ b/lib/facter/util/ip.rb @@ -59,7 +59,7 @@ module Facter::Util::IP when 'Linux', 'OpenBSD', 'NetBSD', 'FreeBSD', 'Darwin' output = %x {/sbin/ifconfig -a} when 'SunOS' output = %x {/usr/sbin/ifconfig -a} + output = %x {/usr/sbin/ifconfig -a4} end output end /code/pre
Jira (PUP-2754) Exit status is 0, even in the presence of errors, without --detailed-exitcodes
Title: Message Title redmine.exporter created an issue Puppet / PUP-2754 Exit status is 0, even in the presence of errors, without --detailed-exitcodes Issue Type: Bug Assignee: Unassigned Created: 11/Jun/14 8:56 AM Labels: redmine Priority: Normal Reporter: redmine.exporter When an error is encountered while running either `puppet apply` or `puppet agent`, the program exits with status 0. If `--detailed-exitcodes` is used with `puppet agent`, the status is nonzero as expected. I would expect that non-detailed exit codes would still include 1 for the case of a failure to apply the catalog. You can recreate this with the following manifest: pre exec { 'false': command = '/bin/false', } /pre Example run: pre marmida@monolith:~$ puppet apply fail_manifest.py warning: Could not retrieve fact fqdn err: /Stage[main]//Exec[false]/returns: change from notrun to 0 failed: /bin/false returned 1 instead of one of [0] at /home/marmida/fail_manifest.py:3 notice: Finished catalog run in 0.14 seconds marmida@monolith:~$ echo $? 0 marmida@monolith:~$ puppet apply fail_manifest.py --detailed-exitcodes warning: Could not retrieve fact fqdn err: /Stage[main]//Exec[false]/returns: change from notrun to 0 failed: /bin/false returned 1 instead of one of [0] at /home/marmida/fail_manifest.py:3 notice: Finished catalog run in 0.13 seconds marmida@monolith:~$ echo $? 4 /pre The same problems occur in `puppet agent`. I couldn't find another issue specific to the exit status, but I did notice it mentioned once here:
Jira (PUP-2729) reevaluate config_version whenever an agent checks in.
Title: Message Title redmine.exporter created an issue Puppet / PUP-2729 reevaluate config_version whenever an agent checks in. Issue Type: Bug Assignee: Unassigned Created: 04/Jun/14 1:00 PM Labels: redmine Priority: Normal Reporter: redmine.exporter When puppet manifests are edited, puppetmasterd usually notices, and computes a new configuration version by invoking the config_version script or by using the default (derived from the current time). However, when files are edited, the configuration version remains unchanged. pre .../modules/mymodule/manifests/init.pp class mymodule { file { /dir/filename: ensure = file, source = puppet:///mymodule/filename, } } /pre If I edit .../modules/mymodule/manifests/init.pp, then the configuration version gets updated next time a client connects. So far so good. However, if I edit .../modules/mymodule/files/filename, the configuration version remains unchanged. A message on the client say info: Applying configuration version 'old version number here'. From my point of view, I would like it to be seen as as a configuration change when I edit a file that gets deployed from a files subdirectory in a module. I use subversion revision numbers in the config_version, and I want to be able to tell people check that the configuration version is at least
Jira (PUP-2730) source attribute not honored for gem provider
Title: Message Title redmine.exporter created an issue Puppet / PUP-2730 source attribute not honored for gem provider Issue Type: Bug Assignee: Unassigned Created: 04/Jun/14 1:17 PM Labels: redmine customer Priority: Normal Reporter: redmine.exporter When attempting to provide another source for a package resource using the gem provider, the install fails. Error output from 'puppet agent -tv': pre Error: Execution of '/usr/bin/gem install --include-dependencies --source http://internal.gemrepo.com/ passenger' returned 1: ERROR: Could not find a valid gem 'passenger' (= 0) in any repository ERROR: While executing gem ... (Gem::RemoteFetcher::FetchError) Errno::ETIMEDOUT: Connection timed out - connect(2) (http://rubygems.org/latest_specs.4.8.gz) INFO: `gem install -y` is now default and will be removed INFO: use --ignore-dependencies to install only the gems you list Error: /Stage[main]/Puppet::Master/Package[passenger]/ensure: change from absent to present failed: Execution of '/usr/bin/gem install --include-dependencies --source http://internal.gemrepo.com/ passenger' returned 1: ERROR: Could not find a valid gem 'passenger' (= 0) in any repository ERROR: While executing gem ... (Gem::RemoteFetcher::FetchError) Errno::ETIMEDOUT: Connection timed out - connect(2) (http://rubygems.org/latest_specs.4.8.gz) INFO: `gem install -y` is now default and will be removed INFO: use --ignore-dependencies to install only the gems you list Finished catalog run in 106.88 seconds ghickey@slc4b01c-69c8:rack:6$ gem source
Jira (PUP-2719) Windows mount provider (smb/cifs)
Title: Message Title redmine.exporter created an issue Puppet / PUP-2719 Windows mount provider (smb/cifs) Issue Type: New Feature Assignee: Unassigned Created: 03/Jun/14 7:34 AM Labels: redmine Priority: Normal Reporter: redmine.exporter Since UNC paths are not supported and packages cannot be sourced from the puppet master directly (instead you have to create a file resource whose source is the puppet master and then install the package from the local file), it would be nice to have a mount provider on Windows that could mount network shares, e.g. net use z:. Add Comment
Jira (PUP-2708) No puppetdoc for subclass not preceded by resource or another subclass
Title: Message Title redmine.exporter created an issue Puppet / PUP-2708 No puppetdoc for subclass not preceded by resource or another subclass Issue Type: Bug Assignee: Unassigned Created: 02/Jun/14 8:00 AM Labels: redmine Priority: Normal Reporter: redmine.exporter Using 0.24.8 on Solaris 10. Consider this modules/test/manifests/init.pp: pre Test class class test { Test subclass class subclass { } } /pre puppetdoc (rdoc mode) includes both Test class and Test subclass comments in the appropriate places. However, this code: pre Test class class test { $foo = 1 Test subclass class subclass { } } /pre This time puppetdoc does not include Test subclass in the page for test::subclass. With some experimentation I found that the preceding comment for a subclass does get parsed if the code before it is a }
Jira (FACT-546) facter fails when on non standard nic
Title: Message Title redmine.exporter created an issue Facter / FACT-546 facter fails when on non standard nic Issue Type: Bug Assignee: Eric Sorenson Created: 30/May/14 5:33 AM Labels: redmine customer Priority: Normal Reporter: redmine.exporter I have a nic with a ; - ;vdsmdummy; when running facter multiple errors appear sh: -c: line 0: `/sbin/arp -en -i ;vdsmdummy; | sed -e 1d' when facter generates this arp command if there's ; in the nic name it should be escaped \;vdsmdummy\; thanks Add Comment This message
Jira (PUP-2687) File Names with ? cause failures with recursive copies
Title: Message Title redmine.exporter created an issue Puppet / PUP-2687 File Names with ? cause failures with recursive copies Issue Type: Bug Assignee: Unassigned Created: 28/May/14 5:07 AM Labels: redmine customer Priority: Normal Reporter: redmine.exporter File names that contain ? cause runs to fail and reports that it can't find a file name by section before the ?, and seemingly drops the ? and anything after. Example code: pre file { '/tmp/foo': ensure = directory, recurse = true, purge = true, force = true, owner = 'root', group = 'root', mode = '0644', source = puppet:///modules/foobar/foo, } /pre Example directory/file structure: pre ├── foobar │ └── files │ └── foo │ ├── a │ ├── b │ ├── c │ └── test?moretest /pre Error: pre Error: Could not set 'file' on ensure: Error 404 on SERVER: Not Found: Could not find file_content modules/foobar/foo/test Error: Could not set 'file' on ensure: Error 404 on SERVER: Not Found: Could not find file_content modules/foobar/foo/test Wrapped exception: Error 404 on SERVER: Not Found: Could not find file_content modules/foobar/foo/test Error: /File[/tmp/foo/test?moretest]/ensure: change from absent to file failed: Could not set 'file' on ensure: Error 404 on SERVER: Not Found: Could not find file_content modules/foobar/foo/test /pre
Jira (PUP-2664) Support start and stop priorities and runlevels for services
Title: Message Title redmine.exporter created an issue Puppet / PUP-2664 Support start and stop priorities and runlevels for services Issue Type: New Feature Assignee: Unassigned Created: 27/May/14 7:43 AM Labels: redmine customer Priority: Normal Reporter: redmine.exporter Support start and stop priorities and runlevels for services. 1. For RHEL it would involve managing the chkconfig line in the init script and using chkconfig reset. 2. For Debian/Ubuntu this would be update-rc.d 3. For Solaris/SMF this would be milestones and svcadm 4. For runit this would be runsvchdir and sv Add Comment
Jira (PUP-2634) source_permissions invalid option?
Title: Message Title redmine.exporter created an issue Puppet / PUP-2634 source_permissions invalid option? Issue Type: Bug Assignee: Unassigned Created: 22/May/14 3:48 AM Labels: redmine Priority: Normal Reporter: redmine.exporter I just tried to set source_permissions on my default File resource: File { owner = 'S-1-5-18', group = 'Administrators', source_permissions = ignore } But windows puppet agent v3.4.0-rc2 says: Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Invalid parameter source_permissions at /etc/puppet/modules/nscp/manifests/init.pp:19 Add Comment
Jira (PUP-2644) Code Formatter
Title: Message Title redmine.exporter created an issue Puppet / PUP-2644 Code Formatter Issue Type: New Feature Assignee: Unassigned Created: 22/May/14 3:02 PM Labels: redmine Priority: Normal Reporter: redmine.exporter Hi, I think it would be really nice if there was an automagic code formatter for `.pp` files. We did some go programming lately and one of the things that turned out to be the thing we liked the most was `gofmt`. We stopped mucking over styles and everybody could just (once and for all) configure his favorite editor to display the one correct way (which isn't necessarily the same as the output `gofmt` produces). It makes no difference what the preferences are (tabs vs. spaces, 2 vs. 4 vs. 8 – but who likes tabs anyway ). The authoritative answer is whatever the output from `gofmt` is. Please please, `puppet format somefile.pp` – outputs to stdout `puppet format -w somefile.pp` – rewrites the file thanks, Martin
Jira (PUP-2629) Puppet CA: Possible race condition when requesting multiple certificate at once and running under passenger
Title: Message Title redmine.exporter created an issue Puppet / PUP-2629 Puppet CA: Possible race condition when requesting multiple certificate at once and running under passenger Issue Type: Bug Assignee: Unassigned Created: 21/May/14 4:34 AM Labels: redmine Priority: Normal Reporter: redmine.exporter We use autosign feature for all hosts in internal network. When running multiple (e.g. 30) puppet agents for the first time at the same time, some of them fails to generate certificates with the following error: Info: Creating a new SSL key for ani10.domain.com Info: Creating a new SSL certificate request for ani10.domain.com Info: Certificate Request fingerprint (SHA256): F3:AB:26:30:70:19:4A:6E:E5:B1:7F:B6:E1:E7:D7:B0:8B:26:AA:30:97:34:24:C0:8B:51:4A:CB:08:CC:92:A7 Exiting; failed to retrieve certificate and waitforcert is disabled Error: Could not request certificate: Error 400 on SERVER: Could not find certificate request for ani12.domain.com Please note the different name in the request and in the response. Also note that this is not an DNS issue although it is worth noting that the reverse entry for IP address points to non-existing names. But since some clients succeed and some not pretty much randomly, I would rule out the DNS. On the server side, we see these errors which seems to point to some kind of a race condition when generating certificates: Oct 9 14:24:54 prg19 puppet-master[24018]: Signed certificate request for ani12.domain.com Oct 9 14:24:54 prg19 puppet-master[24043]: ani16.domain.com has a waiting certificate request Oct 9 14:24:54 prg19
Jira (PUP-2621) ssh_authorized_keys should not use the key 'comment' as a unique identifier (name)
Title: Message Title redmine.exporter created an issue Puppet / PUP-2621 ssh_authorized_keys should not use the key 'comment' as a unique identifier (name) Issue Type: Bug Assignee: Unassigned Created: 20/May/14 4:47 AM Labels: redmine Priority: Normal Reporter: redmine.exporter Currently the ssh authorized keys provider uses the 'comment' section from an SSH public key as the 'name'. However, this implies that these comment strings must be unique, while SSH itself imposes no such restriction: in fact, it often happens that users generate both an RSA and a DSA key, which by default will have the same comment. A better 'name' for a key would perhaps be its fingerprint. There is a very small chance of collisions, but using the comment as 'name' is certain to generate collisions (for me it already has). Otherwise, the key-string itself should perhaps be the 'name' as this is certainly unique. If a user just changes the 'name' of the key in the Puppet manifest, then the other problem is that Puppet (only looking at the 'name', not the contents of the key) fails to realize that a key is already in place so you end up with duplicates. The current implementation doesn't really manage authorized_keys, it only manages the comment section and has no knowledge of the actual key. Using the key fingerprint would require Puppet to be able to actually extract the fingerprint from the key and would be a non-trivial change.
Jira (PUP-2625) PuppetLabs repo dependencies for Ubuntu Saucy are insufficient
Title: Message Title redmine.exporter created an issue Puppet / PUP-2625 PuppetLabs repo dependencies for Ubuntu Saucy are insufficient Issue Type: Bug Assignee: Unassigned Created: 20/May/14 2:14 PM Labels: redmine Priority: Normal Reporter: redmine.exporter The documentation provided on http://docs.puppetlabs.com/guides/puppetlabs_package_repositories.html no longer works for ubuntu saucy: pre root@sunstone:~# apt-get install puppet Reading package lists... Done Building dependency tree Reading state information... Done Some packages could not be installed. This may mean that you have requested an impossible situation or if you are using the unstable distribution that some required packages have not yet been created or been moved out of Incoming. The following information may help to resolve the situation: The following packages have unmet dependencies: puppet : Depends: puppet-common (= 3.3.2-1puppetlabs1) but it is not going to be installed E: Unable to correct problems, you have held broken packages. root@sunstone:~# apt-get install puppet puppet-common Reading package lists... Done Building dependency tree Reading state information... Done Some packages could not be installed. This may mean that you have requested an impossible situation or if you are using the unstable distribution that some required packages have not yet been created or been moved out of Incoming. The following information may help to resolve the situation: The following packages have unmet dependencies: puppet-common : Depends: hiera (= 1.0.0) but it is not installable Recommends:
Jira (PUP-2624) debian/control: vim-puppet and puppet-el erroneously declare conflicts with puppet
Title: Message Title redmine.exporter created an issue Puppet / PUP-2624 debian/control: vim-puppet and puppet-el erroneously declare conflicts with puppet Issue Type: Bug Assignee: Unassigned Created: 20/May/14 2:14 PM Labels: redmine Priority: Normal Reporter: redmine.exporter The vim-puppet and puppet-el packages have a ``Conflicts`` in them stating that the package conflicts with ``puppet ( $ {source:Version} )``: https://github.com/puppetlabs/puppet/blob/master/ext/debian/control#L125:L133 I don't see how installing a newer version of vim-puppet or puppet-el would causing issues that would be resolved by apt per the ``Conflicts`` directive. According to Debian packaging policy: Conflicts should be used when two packages provide the same file and will continue to do so, in conjunction with Provides when only one package providing a given virtual facility may be unpacked at a time (see Virtual packages - Provides, Section 7.5), in other cases where one must prevent simultaneous installation of two packages for reasons that are ongoing (not fixed in a later version of one of the packages) or that must prevent both packages from
Jira (PUP-2606) Support ECC keys
Title: Message Title redmine.exporter created an issue Puppet / PUP-2606 Support ECC keys Issue Type: New Feature Assignee: Unassigned Created: 16/May/14 12:34 PM Labels: redmine Priority: Normal Reporter: redmine.exporter Right now Puppet is hard coded to only use RSA keys when dealing with certificates. RSA is getting a little long in the tooth, and although it has not been compromised, there are newer algorithms that are not as susceptible to attacks that have been developed. OpenSSL supports ECC in addition to RSA. Puppet should become configurable to be able to use ECC for generating keys. This feature should be configurable since not all OpenSSL releases that puppet may be used on are going to have this available. Add Comment
Jira (PUP-2608) An error is logged during an agent run if the puppetmaster does not have at least one module/lib dir in its modules directory.
Title: Message Title redmine.exporter created an issue Puppet / PUP-2608 An error is logged during an agent run if the puppetmaster does not have at least one module/lib dir in its modules directory. Issue Type: Bug Assignee: Unassigned Created: 16/May/14 3:33 PM Labels: redmine Priority: Normal Reporter: redmine.exporter To reproduce: (Make sure you have a '127.0.0.1 localhost puppetmaster' entry in /etc/hosts for the below) In one terminal setup the master: jpartlow@percival:~/work/puppet$ rm -rf ~/test/master/bug-test jpartlow@percival:~/work/puppet$ mkdir -p ~/test/master/bug-test jpartlow@percival:/work/puppet$ bundle exec puppet master --no-daemonize --trace --autosign=true --debug --confdir=/test/master/bug-test --vardir=~/test/master/bug-test --certname puppetmaster In another terminal, run the agent: jpartlow@percival:~/work/puppet$ be puppet agent -t --server puppetmaster Info: Creating a new SSL key for percival.corp.puppetlabs.net Info: Caching certificate for ca Info: Creating a new SSL certificate request for percival.corp.puppetlabs.net Info: Certificate Request fingerprint (SHA256): 20:18:5A:F0:3B:A0:BE:76:6B:03:71:ED:BD:EF:47:04:F1:49:3F:BD:63:AC:42:3D:7E:0F:66:3F:08:F9:70:C9 Info: Caching certificate for percival.corp.puppetlabs.net Info: Caching certificate_revocation_list for ca Info: Retrieving plugin Error: /File[/home/jpartlow/.puppet/var/lib]: Could not evaluate: Could not retrieve information from environment production source(s) puppet://puppetmaster/plugins Info: Caching catalog for
Jira (PUP-2572) YAML network requests deprication warning is all but useless
Title: Message Title redmine.exporter created an issue Puppet / PUP-2572 YAML network requests deprication warning is all but useless Issue Type: Bug Assignee: Unassigned Created: 14/May/14 11:40 AM Labels: redmine Priority: Normal Reporter: redmine.exporter In all fairness, via the foreman DB I know which clients are running older versions of the agent but this warning in the puppet master's log file isn't very helpful. It might be nice to know which client is causing the warning. Tue Oct 15 14:49:55 -0700 2013 Puppet (warning): YAML in network requests is deprecated and will be removed in a future version. See http://links.puppetlabs.com/deprecate_yaml_on_network Tue Oct 15 14:49:59 -0700 2013 Puppet (warning): YAML in network requests is deprecated and will be removed in a future version. See http://links.puppetlabs.com/deprecate_yaml_on_network Tue Oct 15 14:50:02 -0700 2013 Puppet (warning): YAML in network requests is deprecated and will be removed in a future version. See http://links.puppetlabs.com/deprecate_yaml_on_network Tue Oct 15 14:50:19 -0700 2013 Puppet (warning): YAML in network requests is deprecated and will be removed in a future version. See http://links.puppetlabs.com/deprecate_yaml_on_network Tue Oct 15 14:50:38 -0700 2013 Puppet (warning): YAML in network requests is deprecated and will be removed in a future version. See http://links.puppetlabs.com/deprecate_yaml_on_network Tue Oct 15 14:52:51 -0700 2013 Puppet (warning): YAML in network requests is deprecated and will be removed in a future version. See http://links.puppetlabs.com/deprecate_yaml_on_network Tue Oct 15 14:53:12 -0700 2013 Puppet (warning): YAML in network requests is deprecated and will be removed in a future
Jira (PUP-2575) OS X group resource triggers spurious notice of a change
Title: Message Title redmine.exporter created an issue Puppet / PUP-2575 OS X group resource triggers spurious notice of a change Issue Type: Bug Assignee: Unassigned Created: 14/May/14 1:32 PM Labels: redmine Priority: Normal Reporter: redmine.exporter If I create a simple group resource on OS X: pre group { admin: members = [root, clay, localadmin] } /pre and apply it multiple times, each time it triggers a notice that the membership has changed, even though the group provider did not make any changes. pre puppet -d group { admin: members = [root, clay, localadmin] } info: Loading facts in antivirus info: Loading facts in cached_ldap_data info: Loading facts in certname info: Loading facts in corp_in_searchpath info: Loading facts in debconf info: Loading facts in en0_macaddress info: Loading facts in encryption info: Loading facts in environment info: Loading facts in fstab_uuid info: Loading facts in goobuntu_sshconfig_version info: Loading facts in google_distro info: Loading facts in hardware info: Loading facts in in_china info: Loading facts in installing info: Loading facts in lobby info: Loading facts in locale info: Loading facts in macadmin_hash_path info: Loading facts in machine_customizations info: Loading facts in machine_in_ldap info: Loading facts in machine_type info: Loading facts in macos_info info: Loading facts in oel_info info: Loading facts in ops_owner info: Loading facts in primary_user info:
Jira (PUP-2526) puppet agent retry failed http requests
Title: Message Title redmine.exporter created an issue Puppet / PUP-2526 puppet agent retry failed http requests Issue Type: New Feature Assignee: Unassigned Created: 09/May/14 12:31 PM Labels: redmine customer Priority: Normal Reporter: redmine.exporter It would be nice if puppet agent had the ability had the ability to retry failed http requests to the puppet master. I have multiple puppet masters sitting behind a load balancer in AWS (ELB). Whenever we update a puppet master, the node is removed from the load balancer while the update occurs. Unfortunately the AWS ELB does not allow quiescent removal of nodes (such that existing connections are allowed to close gracefully). Instead it just severs the connections immediately. This causes errors for agents which are in the middle of making requests to that master. Another related scenario is when you're updating multiple puppet masters. The masters might be in the middle of updating, and so some masters have newer code than the others. A puppet agent gets a catalog from one master, which says a certain file should exist, but then when the agent goes to fetch that file, it fails because the master it tried to fetch from hasn't updated. Retrying wouldn't be an ideal solution for this scenario as a retry could just hit that same out-of-date master again, but it could possibly work. Yes the ideal solution here is session persistence, but the AWS ELB does not support it. It might be useful to even allow a configurable backoff (failure; sleep 2; failure; sleep 5; failure; abort...), though a single retry would be sufficient for the first scenario indicated above. If a backoff is implemented, I think it should
Jira (PUP-2523) defining hash keys with variables does not worlk
Title: Message Title redmine.exporter created an issue Puppet / PUP-2523 defining hash keys with variables does not worlk Issue Type: New Feature Assignee: Unassigned Created: 08/May/14 9:17 PM Labels: redmine Priority: Normal Reporter: redmine.exporter Given the following manifest: pre $key = 'bla' $value = 'bla' $test_hash = { $key = $value } notice $test_hash /pre This raises the following error: pre $ puppet apply test.pp --trace --debug Error: Could not parse for environment production: Syntax error at 'key'; expected '}' at /tmp/test.pp:7 on node foo /home/duritong/.rvm/gems/ruby-1.9.3-p374/gems/puppet-3.0.2/lib/puppet/parser/parser_support.rb:134:in `on_error' /home/duritong/.rvm/gems/ruby-1.9.3-p374/gems/puppet-3.0.2/lib/puppet/parser/lexer.rb:480:in `scan' (eval):3:in `_racc_yyparse_c' (eval):3:in `yyparse' /home/duritong/.rvm/gems/ruby-1.9.3-p374/gems/puppet-3.0.2/lib/puppet/parser/parser_support.rb:145:in `parse' /home/duritong/.rvm/gems/ruby-1.9.3-p374/gems/puppet-3.0.2/lib/puppet/node/environment.rb:216:in `perform_initial_import' /home/duritong/.rvm/gems/ruby-1.9.3-p374/gems/puppet-3.0.2/lib/puppet/node/environment.rb:85:in `block in known_resource_types' /home/duritong/.rvm/rubies/ruby-1.9.3-p374/lib/ruby/1.9.1/monitor.rb:211:in `mon_synchronize' /home/duritong/.rvm/gems/ruby-1.9.3-p374/gems/puppet-3.0.2/lib/puppet/node/environment.rb:82:in `known_resource_types' /home/duritong/.rvm/gems/ruby-1.9.3-p374/gems/puppet-3.0.2/lib/puppet/resource/type_collection_helper.rb:5:in `known_resource_types'
Jira (PUP-2480) Problem when ignored files change timestamp of (recursively) copied directory
Title: Message Title redmine.exporter created an issue Puppet / PUP-2480 Problem when ignored files change timestamp of (recursively) copied directory Issue Type: Bug Assignee: Unassigned Created: 06/May/14 2:15 AM Labels: redmine Priority: Normal Reporter: redmine.exporter Opening a bug as requested. Luke Kanies wrote: On Aug 12, 2009, at 5:28 AM, Sven Mueller wrote: Hi. I'm wondering wether the following is expected behaviour (and if so, wether it can be disabled): I have /etc/puppet/files/httpd/f.q.d.n/conf.d which contains a few conf.d files per host that need to be copied tothe server. The /etc/puppet/files (and all subdirectories of course) is managed with subversion and thus (now) contains a .svn subdirectory. Situation is that on the server, /etc/httpd/conf.d has been updatedand after that, the respective conf.d directory has been added/committedto subversion. Now the situation looks like this: On the server: ~ # ls -la /etc/httpd/conf.d total 96 drwxr-xr-x 2 root root 4096 Aug 5 14:06 . drwxr-xr-x 4 root root 4096 Jul 30 15:31 .. rw-r r - 1 root root 4090 Aug 5 11:58 risk.conf rw-r r
Jira (PUP-2455) Puppet running as Solaris SMF service needs to run child processes in separate contract
Title: Message Title redmine.exporter created an issue Puppet / PUP-2455 Puppet running as Solaris SMF service needs to run child processes in separate contract Issue Type: Bug Assignee: Unassigned Created: 05/May/14 12:48 AM Labels: redmine Priority: Normal Reporter: redmine.exporter If Puppet is running on a Solaris server as an SMF service, and starts a long-running process - e.g. it starts a daemon via an init script - that process is within the same contract as the Puppet agent process. If the Puppet agent is stopped/restarted, SMF waits for the *contract* to finish, not just the agent process. As the daemon doesn't terminate, the contract doesn't finish within the configured timeout, and so SMF puts the service into maintenance state and sends *kill -9* to all processes still left in the contract. It is possible to force a process to run in a new contract (e.g. using /usr/bin/ctrun) and it would be useful if Puppet could support this on Solaris, so that the agent can be stopped/restarted without affecting services that it manages. Steps to reproduce: 1. Configure and run a puppet agent as an SMF service (using the default contract model of service management). (For example, install configure the OpenCSW Puppet package) 2. Set puppet to manage a daemon that is started by an init script. 3. Try to stop the puppet agent. 4. Observe (from the service log files, server's messages file, and process listings) that the init-controlled daemon has been killed and the puppet agent service placed into maintenance state. In my test scenario, Puppet was starting an exim daemon
Jira (PUP-2451) Autorequire can create circular dependencies when ensure = absent
Title: Message Title redmine.exporter created an issue Puppet / PUP-2451 Autorequire can create circular dependencies when ensure = absent Issue Type: Bug Assignee: Unassigned Created: 02/May/14 9:37 PM Labels: redmine Priority: Normal Reporter: redmine.exporter The `registry_key` auto-require functionality doesn't appear to work with `-` style relationships when `ensure = absent`. This results in a circular dependency: pre Registry_key { ensure = absent } registry_key { '# {keypath}SubKey1': } - registry_key { '#{keypath} SubKeyToPurge': } - registry_key { '# {keypath}': } /pre But this does not: pre registry_key { '#{keypath} SubKey1': } registry_key { '# {keypath}SubKeyToPurge': } registry_key { '#{keypath} ': require = Registry_key['# {keypath}SubKeyToPurge', '#{keypath} SubKey1'], } /pre Add Comment
Jira (PUP-2359) Add a umask option to set the agent's umask predictably
Title: Message Title redmine.exporter created an issue Puppet / PUP-2359 Add a umask option to set the agent's umask predictably Issue Type: New Feature Assignee: Unassigned Created: 24/Apr/14 10:15 AM Labels: redmine Priority: Normal Reporter: redmine.exporter Right now, the Puppet agent inherits its umask from the process that launches it, and allows this umask to propagate through to commands run via exec and via providers and types. This can lead to surprising results if, for example, a git post-receive hook runs puppet agent with a different umask than the systemwide puppet agent service. This also interacts poorly with the lack of control over exec umasks (see #4424). Add Comment
Jira (PUP-2310) Puppet client does not update and does consult the crl during authentication
Title: Message Title redmine.exporter created an issue Puppet / PUP-2310 Puppet client does not update and does consult the crl during authentication Issue Type: Bug Assignee: Unassigned Created: 21/Apr/14 9:53 AM Labels: redmine Priority: Normal Reporter: redmine.exporter I my tests puppet client never updates it's /var/lib/puppet/ssl/ca/ca_crl.pem from the master even if I delete it - it is not fetched from master then client runs. Another issue is that puppet client does not consult the crl - after revoking cert of node dev2.internal on master - and manually copying /var/lib/puppet/ssl/ca/ {ca_crl.pem,inventory.txt} to client mon1a.internal and restarting the client to make sure it can pickup the crl changes - I was still able to trigger client puppet run on mon1a.internal from dev2.internal. It looks like puppet - client does not take the crl into consideration then authenticating. The relevant config on mon1a.internal is pre allow all authenticated nodes to trigger puppet run path /run method save auth yes allow * /pre this ACL comes first in the auth.conf file And this is the command I used to triger puppet run from dev2.internal pre curl --cert /var/lib/puppet/ssl/certs/dev2.internal.pem --key /var/lib/puppet/ssl/private_keys/dev2.internal.pem --cacert /var/lib/puppet/ssl/certH
Jira (PUP-2299) A command that times out will not re-execute if tries is set.
Title: Message Title redmine.exporter created an issue Puppet / PUP-2299 A command that times out will not re-execute if tries is set. Issue Type: Bug Assignee: Unassigned Created: 18/Apr/14 6:33 AM Labels: redmine Priority: Normal Reporter: redmine.exporter I was expecting something like this to retry execution if the command timed out: exec { '/path/to/mycommand': tries = 2, timeout = 10, } Unfortunately, the exception generated by a timeout resumes control outside of the retry loop: begin tries.times do |try| Only add debug messages for tries 1 to reduce log spam. debug(Exec try # {try+1} /# {tries} ) if tries 1 @output, @status = provider.run(self.resource[:command]) break if self.should.include?(@status.exitstatus.to_s) if try_sleep 0 and tries 1 debug(Sleeping for # {try_sleep} seconds between tries) sleep try_sleep end end rescue Timeout::Error self.fail Command exceeded timeout % value.inspect end I'm not sure how to deal with commands that may need to be retried due to timeouts. Would it be possible to move the retry loop outside of the try/catch?
Jira (PUP-2280) If a resource is triggered by a refresh, and it fails, puppet doesn't treat it as a failure
Title: Message Title redmine.exporter created an issue Puppet / PUP-2280 If a resource is triggered by a refresh, and it fails, puppet doesn't treat it as a failure Issue Type: Bug Assignee: Unassigned Created: 16/Apr/14 1:12 PM Labels: redmine customer Priority: Normal Reporter: redmine.exporter This may be a dupe of #9237. I have a module (puppetlabs/postgresql) that has some resources that are only triggered via a refresh notification. In my case the resource is a custom ruby type, but I stole some of its 'refreshonly' implementation from the Exec type, so this may be simply a problem with the exec type rather than a more general puppet problem. Here's an example that shows the problem using exec: cprice@localhost ~/work/scratch $ puppet --version 3.0.2-rc2 cprice@localhost ~/work/scratch $ cat foo.pp notify { hi: } ~ exec { /bin/this_command_does_not_exist: refreshonly = true, } cprice@localhost ~/work/scratch $ puppet apply ./foo.pp No LSB modules are available. No LSB modules are available. Notice: hi Notice: /Stage[main]//Notify[hi]/message: defined 'message' as 'hi' Error: /Stage[main]//Exec[/bin/this_command_does_not_exist]: Failed to call refresh: Could not find command '/bin/this_command_does_not_exist' Error: /Stage[main]//Exec[/bin/this_command_does_not_exist]: Could not find command '/bin/this_command_does_not_exist' Notice: Finished catalog run in 0.18 seconds cprice@localhost ~/work/scratch $ echo $? 0 cprice@localhost ~/work/scratch $ This has apparently been masking a legitimate bug in my module for
Jira (HI-234) Hiera should be able to include external files within the YAML/JSON hierarchy.
Title: Message Title redmine.exporter created an issue Hiera / HI-234 Hiera should be able to include external files within the YAML/JSON hierarchy. Issue Type: New Feature Assignee: Unassigned Created: 14/Apr/14 4:20 AM Labels: redmine Priority: Normal Reporter: redmine.exporter The crux of this issue is that I would like to be able to separate my files into more logical blocks when using the YAML or JSON configurations. For instance: hiera.yaml pre — :backends: yaml :hierarchy: defaults :yaml: :datadir: /var/lib/hiera /pre In /var/lib/hiera, I would like to be able to place a directory 'defaults' and have hiera load everything under that directory. Such as: defaults/thing1.yaml defaults/thing2.yaml The syntax change that I would like to see for this is to append a trailing '/' to the hierarchy statement to indicate that the directory should be parsed. Example: pre :hierarchy:
Jira (PUP-2188) Debian client looking for init script even when it shouldn't be there.
Title: Message Title redmine.exporter created an issue Puppet / PUP-2188 Debian client looking for init script even when it shouldn't be there. Issue Type: Bug Assignee: Unassigned Created: 09/Apr/14 5:34 AM Labels: redmine Priority: Normal Reporter: redmine.exporter I was working on our internal time module. I'm attaching a very generic version of it. Basically when the class is set 'ensure = absent' it ensures that the package is gone and the service is stopped and disabled. My service requires the package, so in theory it shouldn't run the service resource if the package is absent. But every run on a debian system it throws the following error: Error: /Stage[main]/Basictime/Service[ntp]: Could not evaluate: Could not find init script for 'ntp' Also attaching full output. Testing with 2.7.18 from debian's squeeze testing, 2.7.19 and 3.0.1 from apt.puppetlabs. This part works fine on CentOS (I have a different issue on that side) Add Comment
Jira (FACT-348) Facter should provide a convenient way to cache values
Title: Message Title redmine.exporter created an issue Facter / FACT-348 Facter should provide a convenient way to cache values Issue Type: New Feature Assignee: Eric Sorenson Created: 25/Feb/14 9:10 AM Labels: redmine Priority: Normal Reporter: redmine.exporter I think this have discussed already various times and it is even planned?!. But I couldn't find a logged ticket and as I stumpled over that problem once again I thought I might want to file a feature request: Facter should provide a way to: 1. cache facts with a certain timeout, so that the fact value gets cache for the defined time 1. provide a way to cache any kind of data for a certain amount of time Why? We might want to have facts that take some time to calculate, however that don't change much. Or there might be data required to calucate a certain fact which high resource intensive, but doesn't change often. So what I like to have is similar to the @confine@ a way to set @timeout@, so that if this is set to some seconds/minutes the fact isn't calculated again until the timeout expired. For the second point I'd like to have a simple key value store with timeout capability built into facter, so I can cache output of commands, which can then be used amongst different facts. Example: xen management tools are getting slower the more VMs you start. Hence @xm list@ can get slower and slower and if you have various facts that are depending on the output of that command and you take the naive approach and call @xm list@ a couple of times, you slowdown facter and hence
Jira (PUP-2187) Puppet Gem modifies behavior of Class.to_yaml method
Title: Message Title redmine.exporter created an issue Puppet / PUP-2187 Puppet Gem modifies behavior of Class.to_yaml method Issue Type: Bug Assignee: Unassigned Created: 08/Apr/14 8:44 PM Labels: redmine Priority: Normal Reporter: redmine.exporter Can someone please explain this behavior? I couldn't find any features in the Puppet documentation that would explain why something like this would be going on. Looks like a bug: pre irb(main):001:0 class Foo; end = nil irb(main):002:0 require 'yaml' = true irb(main):003:0 Foo.to_yaml = --- !ruby/class 'Foo'\n irb(main):004:0 require 'puppet' = true irb(main):005:0 Foo.to_yaml = --- !ruby/object:Class {} /pre The output of to_yaml changed because I added puppet? This breaks other gems that serialize ruby classes to and from YAML. Apologies if I didn't fill out this bug report correctly. This interface is a bit... unwieldy. Add Comment
Jira (HI-231) Hiera's recursion breaks if a backend returns nil
Title: Message Title redmine.exporter created an issue Hiera / HI-231 Hiera's recursion breaks if a backend returns nil Issue Type: Bug Assignee: Unassigned Created: 01/Apr/14 3:17 AM Labels: redmine Priority: Normal Reporter: redmine.exporter We have hiera using the result of a hiera call as a data source, like this: pre :backends: site yaml :hierarchy: % {hiera('site')} defaults /pre The site backend can return either nil (no data found), or a string representing the site code (i.e LAB), so that we can then have a specific YAML file per site. This all works well, unless the site backend returns nil, in which case hiera gets itself stuck in a loop until it fails with a SystemStackError. A snippet of the Hiera output is below. For ease of reproduction, site_backend always returns nil. pre
Jira (PUP-2087) Puppet does not implicitly convert string to integer
Title: Message Title redmine.exporter created an issue Puppet / PUP-2087 Puppet does not implicitly convert string to integer Issue Type: Bug Assignee: Unassigned Created: 27/Mar/14 4:31 PM Labels: redmine Priority: Normal Reporter: redmine.exporter I refer to my post on serverfault (http://serverfault.com/questions/388944/how-to-convert-a-string-to-integer-in-puppet). In short I have the following code: $foo = '123' $result = $foo % 2 Puppet give me an `Could not match %` error. If I am using multiplication with this code: $foo = '123' $result = $foo * 2 I get a `left operand of * is not a number` error. *Therefore it seems to be that there is an error with implicitly converting a string to integer.* Add Comment
Jira (PUP-2019) Expose catalog version
Title: Message Title redmine.exporter created an issue Puppet / PUP-2019 Expose catalog version Issue Type: New Feature Assignee: Unassigned Created: 23/Mar/14 5:18 AM Labels: redmine Priority: Normal Reporter: redmine.exporter Hi, Would it be possible to expose the catalog version so that something like the following in the puppet.conf would work? postrun_command=/usr/local/sbin/postrun.sh $environment $catalog.version I've tried parsing the last_run_summary.yaml file but that is only updated after postrun is executed. Add Comment
Jira (PUP-1985) Allow class define parameters to reference earlier parameters
Title: Message Title redmine.exporter created an issue Puppet / PUP-1985 Allow class define parameters to reference earlier parameters Issue Type: New Feature Assignee: Unassigned Created: 19/Mar/14 9:21 AM Labels: redmine Priority: Normal Reporter: redmine.exporter It would be good if code like this was possible: class postgresql ( $version = '9.0', $datadir = /var/lib/postgresql/$ {version} /main, ) { ... } or used in expressions: class foo ( $concurrent_reads = 20, $concurrent_writes = $concurrent_reads/2, ) { ... } Some of this can be possible to workaround using class inheritance, but for each reference you need another layer of inheritance and it also results in weird parameter naming for the data bindings. Like having to specify postgresql::params::version but then postgresql::datadir. Add Comment
Jira (PUP-1968) Duplicate resources can make re-usable Forge modules difficult
Title: Message Title redmine.exporter created an issue Puppet / PUP-1968 Duplicate resources can make re-usable Forge modules difficult Issue Type: New Feature Assignee: Unassigned Created: 18/Mar/14 5:38 AM Labels: redmine Priority: Normal Reporter: redmine.exporter [EDIT] Re-working this description based on feedback in comment #7. User installs module A to provide a web application. User installs module B to provide a database server. Both module A and module B declare a package resource for foo. User declares classes from both module A and B on the same node. User receives duplicate resource declaration error, Puppet run fails. I wish to prevent customers of Forge and Puppet from experiencing this frustration, when both classes really do need that package for their functionality but cannot be used together as-is. I'd love direct questions if you need to understand this better from my perspective. Add
Jira (PUP-1928) puppet's idea of /etc/hosts management does not match real world use
Title: Message Title redmine.exporter created an issue Puppet / PUP-1928 puppet's idea of /etc/hosts management does not match real world use Issue Type: Bug Assignee: Unassigned Created: 13/Mar/14 2:46 AM Labels: redmine Priority: Normal Reporter: redmine.exporter Here is a valid extract from an /etc/hosts files on a RHEL box: 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 Here is the code to make puppet add these entries: host { 'localhost': ip = '127.0.0.1', host_aliases = [ 'localhost.localdomain', 'localhost4', 'localhost4.localdomain4', ], } host { 'localhost': ip = '::1', host_aliases = [ 'localhost.localdomain', 'localhost6', 'localhost6.localdomain6', ], } Notice the localhost part is the same in both cases. This causes a problem: Could not retrieve catalog from remote server: Error 400 on SERVER: Duplicate definition: Host[localhost] is already defined in file /etc/puppet/modules/networking/manifests/init.pp puppet-2.7.6-2.el6.noarch
Jira (PUP-1929) catalog failures should cause an exit status other than 0
Title: Message Title redmine.exporter created an issue Puppet / PUP-1929 catalog failures should cause an exit status other than 0 Issue Type: New Feature Assignee: Unassigned Created: 13/Mar/14 5:57 AM Labels: redmine Priority: Normal Reporter: redmine.exporter When using the --detailed-exitcodes option, and preforming the following: pre bundle exec puppet apply --detailed-exitcodes -e 'notify { foo: require = Notify[foo] } ' /dev/mem: Permission denied Notice: Compiled catalog for blah in environment production in 0.04 seconds /dev/mem: Permission denied Error: Could not apply complete catalog: Found 1 dependency cycle: (Notify[foo] = Notify[foo]) Try the '--graph' option and opening the resulting '.dot' file in OmniGraffle or GraphViz Notice: Finished catalog run in 0.02 seconds lhanel@Blah:~/git/puppet$ echo $? 0 /pre puppet should exit with an exit code OTHER than 0 Add Comment
Jira (PUP-1935) puppetd ignores local ca.pem when connecting to master for the first time
Title: Message Title redmine.exporter created an issue Puppet / PUP-1935 puppetd ignores local ca.pem when connecting to master for the first time Issue Type: Bug Assignee: Unassigned Created: 13/Mar/14 1:37 PM Labels: redmine Priority: Normal Reporter: redmine.exporter Hi, I have a clean machine, with only puppet.conf configured (using --genconfig) and /etc/puppet/ssl/certs/ca.pem. I now run for the first time puppetd and connect to a server that has a different CA. I believe the expected behavior should be that puppetd will abort the connection because it connects to an unauthorized server. Instead, puppetd continues to communicate with the unauthorized master and generates a new certificate request. Unless I'm mistaken, this scenario could lead to a security breach: if an attacker gains control over the DNS, it can redirect new machines to its own malicious master. The master will make the node install a rootkit for example. Afterwards the attacker will redirect the DNS back to the original master. The node will then retrieve from the original (unsuspecting) master sensitive information, information that now the attacker can access. I'm running puppet version 2.6.2. Thanks, Tal
Jira (PUP-1924) source function library *before* client sysconfig overrides
Title: Message Title redmine.exporter created an issue Puppet / PUP-1924 source function library *before* client sysconfig overrides Issue Type: Bug Assignee: Unassigned Created: 12/Mar/14 3:56 PM Labels: redmine Priority: Normal Reporter: redmine.exporter My client's environment mandates strict umask settings: 027 for init scripts 077 for normal users This causes problems when using exec resources or any add-on functions that exec external scripts/programs. The fix is relatively simple - run umask in /etc/sysconfig/puppet and set a more lenient umask for puppet. However, the /etc/sysconfig/puppet is sourced before the init function library so any umask changes made in the former are overridden by any in the latter. Looking in other init scripts (including the puppetmaster init script), it is usual for the function library to be sourced at the start of the init script, ie. before the sysconfig override. This change simply moves the lines that source the init function library to the start of the init script. My client is using PE 3.0.1 but the same problem also exists in the OS product.
Jira (PUP-1908) incorrect parsing of range after DST change
Title: Message Title redmine.exporter created an issue Puppet / PUP-1908 incorrect parsing of range after DST change Issue Type: Bug Assignee: Unassigned Created: 10/Mar/14 7:38 AM Labels: redmine Priority: Normal Reporter: redmine.exporter After the Daylight Savings Time change this morning, range statements are not being parsed correctly. The code: pre schedule { 'daily2am': range = 02:00 - 02:59, period = daily, repeat = 1, } /pre Worked just fine for the last few months. After the DST change, this error is generated: pre err: Could not apply complete catalog: Incorrectly converted time: Sun Mar 09 03:00:23 -0700 2008: 3 vs 2 at /etc/puppet/manifests/schedules/daily2am.pp:6 /pre This happens with versions 0.23.2 and 0.24.2 Add Comment
Jira (PUP-1913) Puppet user resource should read only from local databases
Title: Message Title redmine.exporter created an issue Puppet / PUP-1913 Puppet user resource should read only from local databases Issue Type: New Feature Assignee: Unassigned Created: 10/Mar/14 1:38 PM Labels: redmine customer Priority: Normal Reporter: redmine.exporter Currently, the puppet user type uses `getent` to get information about user resources. The problem with this is that `getent` will also report information from LDAP and other remote user management services that are configured in nsswitch.conf, which are not actually managed by Puppet. This can cause Puppet to think a user is in a local group, or not in a local group, when the opposite is true. This is especially problematic since we user the useradd suite of commands to actually manage the settings, which of course affect local users/groups only. Puppet's user type should have some way of examining only local users and groups, to check if something is currently true/present/etc. Add Comment
Jira (PUP-1889) emacs mode doesn't match style guide when formatting fat comma arrows
Title: Message Title redmine.exporter created an issue Puppet / PUP-1889 emacs mode doesn't match style guide when formatting fat comma arrows Issue Type: Bug Assignee: Unassigned Created: 07/Mar/14 9:02 AM Labels: redmine Priority: Normal Reporter: redmine.exporter according to section 9.2 of the style-guide (http://docs.puppetlabs.com/guides/style_guide#arrow-alignment), All of the fat comma arrows (=) in a resource’s attribute/value list should be aligned. The arrows should be placed one space ahead of the longest attribute name. The emacs mode does not do this, for example: pre file { '/etc/rcS.d/S02cleanutmp': ensure = absent, content = '#!/bin/sh\n rm /var/run/utmp\n'; } /pre the above was formatted with the emacs mode, but will receive complaints from puppet-lint due to the = on the ensure parameter line not matching up with the content parameter. Add Comment
Jira (PUP-1875) warning for Could not look up qualified variable 'foo::bar' should report the fully-qualified class name being examined
Title: Message Title redmine.exporter created an issue Puppet / PUP-1875 warning for Could not look up qualified variable 'foo::bar' should report the fully-qualified class name being examined Issue Type: New Feature Assignee: Unassigned Created: 06/Mar/14 1:13 AM Labels: redmine Priority: Normal Reporter: redmine.exporter Consider the following manifest, assuming the classes and such were separated into the correct file structure prestage { 'init': } -Stage['main'] class config ($server_id = 1) { ... } class mysql ($server_id = config::$server_id) { ... } class mysql::config inherits mysql { ... } Class {'config': } -Class {'mysql': } -Class['mysql::config': }/pre During apply, puppet will report a warning similar to: warning: Scope(Class[Mysql]): Could not look up qualified variable 'config::server_id'; class *config* has not been evaluated at /etc/puppet/modules/mysql/manifests/init.pp:17 What actually is happening is config::$server_id is resolving to ::mysql::config::$server_id rather than the intended ::config::$server_id, and the warning is generated since mysql::config has not yet been evaluated. Furthermore, this only happens if there is a class named mysql::config – if it were named, say, 'mysql::files' instead, the code works as intended. That's not readily obvious from the warning message,
Jira (PUP-1882) defaultfor method for providers should be allowed to be specified multiple times
Title: Message Title redmine.exporter created an issue Puppet / PUP-1882 defaultfor method for providers should be allowed to be specified multiple times Issue Type: New Feature Assignee: Unassigned Created: 06/Mar/14 1:43 PM Labels: redmine Priority: Normal Reporter: redmine.exporter You should be able to specify multiple defaultfor statements in providers: pre defaultfor :operatingsystem = :redhat, :lsbdistrelease = [2.1, 3, 4] defaultfor :operatingsystem = :oel, :operatingsystemrelease = [4, 5] /pre Add Comment
Jira (PUP-1844) selboolean reports error if selinux is not enabled
Title: Message Title redmine.exporter created an issue Puppet / PUP-1844 selboolean reports error if selinux is not enabled Issue Type: Bug Assignee: Unassigned Created: 04/Mar/14 11:22 AM Labels: redmine Priority: Normal Reporter: redmine.exporter If an selboolean is defined for a class, but is executing on a host that does not have SELinux enabled, an error is reported. e.g.: Execution of '/usr/sbin/getsebool httpd_can_network_connect' returned 1: /usr/sbin/getsebool: SELinux is disabled It should not be considered a failure, but perhaps a warning if you try to set/get an SELinux boolean on a host that does not have selinux enabled. Before setting/getting the boolean, a quick call to getenforce could be made, and a warning issued if it returns Disabled. Add Comment