[Puppet Users] Re: keeping some code out of the repo
Dan Bode wrote: Hi, It seems like one of the barriers to the puppet production rollout that I am working towards will be user adoption. For this purpose, I want to manage all common tasks with UIs that autogenerate the puppet code, so that the admins only have to go through the full build process for custom code changes and not routine processes. manifests/managed-server.pp (node group definitions will be an autogenerated file) users uses scripts (maybe a GUI later) to add hosts to a group, remove hosts, move hosts, also used by the kickstart scripts to add hosts after installation Use http://reductivelabs.com/trac/puppet/wiki/ExternalNodes for that. That way you can add/remove classes and set variables for nodes by letting puppet call out to a script. To do this correctly, I need to use some of the Puppet core API for parsing files, maybe a verfiy function or create fucntion. Can someone point me to a good starting place for these fucntions? Also what is the expectation for backwards compatibility when using the API internals (very low, I assume??) Most of the functionality will just be config files in the files dir for a module that are loaded at run time. While I haven't actually implemented something like this, I've made two designs how I think this could be implemented: 1) storeconfigs based This is pretty straight forward. First you need to define what resource you want to manage externally: | define external::something($param1, $param2) { | # ... | } Then activate storedconfigs and work with the created database: Create a fake host, and add the resources to the resources table, adding parameters into the resourcekeep the items with exported='t' and put the params into param_names/param_values. The database schema is quite straight-forward. Finally, you can just collect all the resources from the database where you need them: | External::something | | See http://reductivelabs.com/trac/puppet/wiki/ExportedResources for more details on the query syntax. 2) function based This way is more involved but would provide you with more flexibility. The point here is to create puppet functions to query your custom database while compiling the configuration for a client: | define external::something::from_db() { | $real_name = name_from_db($name) | $param1 = param1_from_db($name) | $param2 = param2_from_db($name) | external::something { | $real_name: | param1 = $param1, | param2 = $param2; | } | } And use it like that: | external::something::from_db { list_from_db(): } Where list_from_db() returns an array of primary keys, and name_from_db() and param?_from_db() return the name and the values respectivly for a certain primary key. 3) Conclusion Both of the methods avoid touching internal APIs of puppet and thus should be quite stable across releases. Regards, DavidS --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Multiple version of the same package
Aurelien Degremont wrote: Hello I would like to install different versions of the same package with Puppet. The packaging of those package is totally compatible and authorize to have both installed in the meantime. # rpm -i foo-1.1 foo-2.3 works very well. How declare this with Puppet? I only found this workaround for the moment: package { foo-1: name = foo-1.1, ensure = 1.1-25; foo-2: name = foo-2.3, ensure = 2.3-1; } Is there a better way http://projects.reductivelabs.com/issues/1720 -- Trevor Hemsley Infrastructure Engineer . * C A L Y P S O * Brighton, UK OFFICE +44 (0) 1273 666 350 FAX +44 (0) 1273 666 351 . www.calypso.com This electronic-mail might contain confidential information intended only for the use by the entity named. If the reader of this message is not the intended recipient, the reader is hereby notified that any dissemination, distribution or copying is strictly prohibited. * P * /*/ Please consider the environment before printing this e-mail /*/ --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Any way to stop has_variable? throwing errors?
Hi Trevor, thanks for the idea. On Thu, Jun 11, 2009 at 4:28 AM, Trevor Vaughanpeiriann...@gmail.com wrote: Someone might give you a better answer, but try: % if tags.index('httpd') has_variable?('httpd::open_firewall') % This *may not* work due to file parsing order, but I *think* that it will. I did too, but it doesn't :( The only reason I tried variables is because tags aren't visible (due to scoping?). It seems you can't see tags (autotags or tags set explicitly with tag('httpd') defined in classes your class includes. This is a real problem from where I'm sat; it does make me wonder what tags are actually useful for. I suppose I could define the tag in the node, but that seems pretty redundant since I'm also including the 'httpd' class. Trevor Dick Davies wrote: I'm using a primitive template to build my iptables rulesets. It's all in a branch on my github repo at http://github.com/rasputnik/babysteps-puppet/tree/templated-iptables template that looks like: % if has_variable?('httpd::open_firewall') % -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT % end -% (see http://github.com/rasputnik/babysteps-puppet/blob/templated-iptables/modules/iptables/templates/iptables.erb ) i then set a variable in the httpd module like this: class httpd { $open_firewall = 'on' # rest of httpd class def. } [ http://github.com/rasputnik/babysteps-puppet/blob/templated-iptables/modules/httpd/manifests/init.pp ] The idea being that if a node has 'include httpd', then when it runs 'include iptables' it'll open the right port. This works fine for classes that include httpd. The trouble is that i get this error on nodes that don't : [r...@node03 ~]# puppetd -tv info: Retrieving plugins err: Could not retrieve catalog: Failed to parse template iptables/iptables.erb: Class httpd has not been evaluated so its variables cannot be referenced at /etc/puppet/modules/iptables/manifests/init.pp:11 on node node03.pixie warning: Not using cache on failed catalog To my mind, that should be a warning, not an error. Is there any 'guard' I can put in my template to stop this blowing up? I did try: % if has_variable?('httpd') has_variable?('httpd::open_firewall') % but the first clause is always false, even on nodes that 'include httpd'. Sorry this has been a bit longwinded, but I'm a bit stumped here. Thanks in advance for any tips. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkowedoACgkQyjMdFR1108Dh0gCfWz7tn6/5+K2w9LZK2P+ajsab hy4An1ogD2dP3yj9wuGpn4v/Q1dKmoEa =7UvV -END PGP SIGNATURE- --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Any way to stop has_variable? throwing errors?
I've raised http://projects.reductivelabs.com/issues/2336 against this. To my mind, has_variable?('panda::blood') returning false makes more sense than throwing a parse error :) On Thu, Jun 11, 2009 at 10:42 AM, Dick Daviesrasput...@hellooperator.net wrote: Hi Trevor, thanks for the idea. On Thu, Jun 11, 2009 at 4:28 AM, Trevor Vaughanpeiriann...@gmail.com wrote: Someone might give you a better answer, but try: % if tags.index('httpd') has_variable?('httpd::open_firewall') % This *may not* work due to file parsing order, but I *think* that it will. I did too, but it doesn't :( The only reason I tried variables is because tags aren't visible (due to scoping?). It seems you can't see tags (autotags or tags set explicitly with tag('httpd') defined in classes your class includes. This is a real problem from where I'm sat; it does make me wonder what tags are actually useful for. I suppose I could define the tag in the node, but that seems pretty redundant since I'm also including the 'httpd' class. Trevor Dick Davies wrote: I'm using a primitive template to build my iptables rulesets. It's all in a branch on my github repo at http://github.com/rasputnik/babysteps-puppet/tree/templated-iptables template that looks like: % if has_variable?('httpd::open_firewall') % -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT % end -% (see http://github.com/rasputnik/babysteps-puppet/blob/templated-iptables/modules/iptables/templates/iptables.erb ) i then set a variable in the httpd module like this: class httpd { $open_firewall = 'on' # rest of httpd class def. } [ http://github.com/rasputnik/babysteps-puppet/blob/templated-iptables/modules/httpd/manifests/init.pp ] The idea being that if a node has 'include httpd', then when it runs 'include iptables' it'll open the right port. This works fine for classes that include httpd. The trouble is that i get this error on nodes that don't : [r...@node03 ~]# puppetd -tv info: Retrieving plugins err: Could not retrieve catalog: Failed to parse template iptables/iptables.erb: Class httpd has not been evaluated so its variables cannot be referenced at /etc/puppet/modules/iptables/manifests/init.pp:11 on node node03.pixie warning: Not using cache on failed catalog To my mind, that should be a warning, not an error. Is there any 'guard' I can put in my template to stop this blowing up? I did try: % if has_variable?('httpd') has_variable?('httpd::open_firewall') % but the first clause is always false, even on nodes that 'include httpd'. Sorry this has been a bit longwinded, but I'm a bit stumped here. Thanks in advance for any tips. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkowedoACgkQyjMdFR1108Dh0gCfWz7tn6/5+K2w9LZK2P+ajsab hy4An1ogD2dP3yj9wuGpn4v/Q1dKmoEa =7UvV -END PGP SIGNATURE- --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Any way to stop has_variable? throwing errors?
One other try: % if classes.index('httpd') I forgot that tags weren't exposed in the ERB. Trevor On Thu, Jun 11, 2009 at 05:42, Dick Daviesrasput...@hellooperator.net wrote: Hi Trevor, thanks for the idea. On Thu, Jun 11, 2009 at 4:28 AM, Trevor Vaughanpeiriann...@gmail.com wrote: Someone might give you a better answer, but try: % if tags.index('httpd') has_variable?('httpd::open_firewall') % This *may not* work due to file parsing order, but I *think* that it will. I did too, but it doesn't :( The only reason I tried variables is because tags aren't visible (due to scoping?). It seems you can't see tags (autotags or tags set explicitly with tag('httpd') defined in classes your class includes. This is a real problem from where I'm sat; it does make me wonder what tags are actually useful for. I suppose I could define the tag in the node, but that seems pretty redundant since I'm also including the 'httpd' class. Trevor Dick Davies wrote: I'm using a primitive template to build my iptables rulesets. It's all in a branch on my github repo at http://github.com/rasputnik/babysteps-puppet/tree/templated-iptables template that looks like: % if has_variable?('httpd::open_firewall') % -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT % end -% (see http://github.com/rasputnik/babysteps-puppet/blob/templated-iptables/modules/iptables/templates/iptables.erb ) i then set a variable in the httpd module like this: class httpd { $open_firewall = 'on' # rest of httpd class def. } [ http://github.com/rasputnik/babysteps-puppet/blob/templated-iptables/modules/httpd/manifests/init.pp ] The idea being that if a node has 'include httpd', then when it runs 'include iptables' it'll open the right port. This works fine for classes that include httpd. The trouble is that i get this error on nodes that don't : [r...@node03 ~]# puppetd -tv info: Retrieving plugins err: Could not retrieve catalog: Failed to parse template iptables/iptables.erb: Class httpd has not been evaluated so its variables cannot be referenced at /etc/puppet/modules/iptables/manifests/init.pp:11 on node node03.pixie warning: Not using cache on failed catalog To my mind, that should be a warning, not an error. Is there any 'guard' I can put in my template to stop this blowing up? I did try: % if has_variable?('httpd') has_variable?('httpd::open_firewall') % but the first clause is always false, even on nodes that 'include httpd'. Sorry this has been a bit longwinded, but I'm a bit stumped here. Thanks in advance for any tips. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkowedoACgkQyjMdFR1108Dh0gCfWz7tn6/5+K2w9LZK2P+ajsab hy4An1ogD2dP3yj9wuGpn4v/Q1dKmoEa =7UvV -END PGP SIGNATURE- --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Exporting and collecting resources on the multiple hosts problem
Hi, I'm using puppet to generate nagios configs in what I guess is the 'usual' way; by having each host export config a files for each nagios check using @@file {...tag=nagios...}, which are then collected onto the nagios server with File |tag == 'nagios' | I have two nagios servers, and I want each of them to collect all of the config files. The nagios servers also define nagios checks of their own (having two means they can check each other, which is handy). Now, what's strange is that the nagios servers don't appear collect each others' checks. So each nagios server gets the checks for itself, and for all the other non-nagios servers, but not for the other nagios. Looking in the database, it seems that the nagios config file resources, on both servers, are marked as exported=0. So they appear on their own server by virtue of being 'real' resources, despite being defined with @@file... I guess this is something to do with the fact that the same node is exporting the resource and collecting it - could this somehow cause puppet to think that, since the resource is being collected locally, it doesn't need to be exported? Is there a way around this? Thanks Chris --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Exporting and collecting resources on the multiple hosts problem
Hi, On which version of puppet is running on your puppetmaster? Various versions had some issues with exported/collected resources (0.24.7 was one of them, if I remember correctly). On Thu, June 11, 2009 13:44, Chris wrote: I'm using puppet to generate nagios configs in what I guess is the 'usual' way; by having each host export config a files for each nagios check using @@file {...tag=nagios...}, which are then collected onto the nagios server with File |tag == 'nagios' | Yes, this looks like pretty standard. I have two nagios servers, and I want each of them to collect all of the config files. No issue, each one has to File ||. The nagios servers also define nagios checks of their own (having two means they can check each other, which is handy). Now, what's strange is that the nagios servers don't appear collect each others' checks. So each nagios server gets the checks for itself, and for all the other non-nagios servers, but not for the other nagios. Looking in the database, it seems that the nagios config file resources, on both servers, are marked as exported=0. So they appear on their own server by virtue of being 'real' resources, despite being defined with @@file... This really looks like one of the issue in 0.24.7. I guess this is something to do with the fact that the same node is exporting the resource and collecting it - could this somehow cause puppet to think that, since the resource is being collected locally, it doesn't need to be exported? Is there a way around this? If you're running a version affected, upgrade to the 0.24.8 version on your master. -- Brice Figureau Days of Wonder --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Exporting and collecting resources on the multiple hosts problem
If you're running a version affected, upgrade to the 0.24.8 version on your master. Ah, that would explain it. I'm running the version that comes with OpenCSW (the solaris package repo.), which is currently at 0.24.7. I'll see if there are any plans to upgrade that in the near future, and if not, I'll see about doing a re-install from source. Thanks! Chris --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: how do I submit a patch?
2009/6/10 Dick Davies rasput...@hellooperator.net: Thanks James. Actually it's the same fundamental issue as http://projects.reductivelabs.com/issues/2067 so i've amended that ticket. I won't send a patch just yet, but at least I can pick through the code now when I get a spare hour :) Thanks for the pointers. I'm in the middle of completely rewriting the fact. On your virtual box guest can you give me the output of running lscpu: wget http://people.redhat.com/kzak/lscpu.c gcc -o lscpu lscpu.c ./lscpu Cheers Paul --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: how do I submit a patch?
Am 11.06.2009 um 17:23 schrieb Paul Nasrat: That all should be part of libc. Try apt-get install build-essential. Actually, libc6-dev was enough. Architecture: x86_64 CPU(s):2 Thread(s) per core:1 Core(s) per socket:1 CPU socket(s): 2 NUMA node(s): 1 Vendor ID: GenuineIntel CPU family:6 Model: 2 Stepping: 3 CPU MHz: 2659.996 Hypervisor vendor ID: KVMKVMKVM Virtualization type: full Ubuntu guest in KVM. Regards, Felix --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Puppet Certification?
On Jun 3, 2009, at 6:03 AM, paul matthews wrote: I realise this could be a long way off as Puppet is rapidly evolving, with development still at the forefront but are there plans in the furture to offer a Puppet Certification exam. I know the subject of certification is not to everyone's taste, but I find studying for these is a good way for me to focus on learning all the subject areas and to demonstrate some level of competence to any would be employers. I think there would be benefits to Reductive too, I guess mostly in the area of getting people to attend training courses I'll get my flame proof suit on in anticipation for any replies We've actually had quite a few people ask for certification, for various reasons, and we plan on offering it. We hope to have a first pass available something like the end of 2009. Obviously, the more people ask for it, the faster it will get done. -- You can't wait for inspiration. You have to go after it with a club. -- Jack London - Luke Kanies | http://reductivelabs.com | http://madstop.com --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Puppetrun timeout
On Jun 8, 2009, at 4:39 PM, Pete Emerson wrote: I'm using puppet 0.24.7-4. I have a situation where I have some very long running puppet runs in order to do upgrades (removing applications from load balancers gracefully, et cetera). My puppet runs triggered via puppetrun are finishing successfully: Jun 8 20:31:29 puppetd[10178]: Finished catalog run in 345.18 seconds Puppetrun itself is timing out: err: Connection timeout calling puppetrunner.run: execution expired Host myhost failed: Connection Timeout myhost finished with exit code 2 I'm calling puppetrun with --foreground: puppetrun --host=myhost -- host=myhost2 --host=myhost3 --foreground --parallel However, I don't see anything in the puppetrun doco that hints at setting the execution exiry time. Any suggestions? I'd run with --no-foreground. Or, modify puppetrun to have a timeout? -- It's impossible to foresee the consequences of being clever. -- Christopher Strachey - Luke Kanies | http://reductivelabs.com | http://madstop.com --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: puppet client looking for server puppet
On Jun 10, 2009, at 12:50 PM, Asif Iqbal wrote: In my puppet client I have puppet.conf defined puppet server as mypuppet server = mypuppet.example.net Not sure why the puppet client puppet-test is still sending these noises to the syslog Jun 10 13:36:23 puppet-test puppetd[10863]: [ID 702911 daemon.error] Could not find server : getaddrinfo: node name or service name not known Jun 10 13:36:23 puppet-test puppetd[10863]: [ID 702911 daemon.error] Could not request certificate: Certificate retrieval failed: Could not find server puppet Jun 10 13:36:44 puppet-test puppetd[13502]: [ID 702911 daemon.notice] Starting catalog run Jun 10 13:36:44 puppet-test puppetd[13502]: [ID 702911 daemon.notice] Finished catalog run in 0.03 seconds Am I hitting a but? Almost every time I've seen this it's a problem with a filebucket -- do you have a server-side filebucket specified to use 'puppet'? -- Never esteem anything as of advantage to you that will make you break your word or lose your self-respect. -- Marcus Aurelius Antoninus - Luke Kanies | http://reductivelabs.com | http://madstop.com --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: puppetd not running on intervals
We are just putting our RHEL 4 systems in crontab On Wed, Jun 10, 2009 at 2:31 PM, Christopher christopher.sule...@gmail.comwrote: Turns out this is a bug in facter which is fixed in 1.5.5. The rpm is available in epel-testing. On Jun 10, 11:18 am, Christopher christopher.sule...@gmail.com wrote: I'm having the same exact problem here on quite a few el4 machines. Those that don't work are running puppet 0.24.8 whereas I do have one el4 that works and it's running 0.23.0. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: puppet client looking for server puppet
On Thu, Jun 11, 2009 at 11:58 AM, Luke Kaniesl...@madstop.com wrote: On Jun 10, 2009, at 12:50 PM, Asif Iqbal wrote: In my puppet client I have puppet.conf defined puppet server as mypuppet server = mypuppet.example.net Not sure why the puppet client puppet-test is still sending these noises to the syslog Jun 10 13:36:23 puppet-test puppetd[10863]: [ID 702911 daemon.error] Could not find server : getaddrinfo: node name or service name not known Jun 10 13:36:23 puppet-test puppetd[10863]: [ID 702911 daemon.error] Could not request certificate: Certificate retrieval failed: Could not find server puppet Jun 10 13:36:44 puppet-test puppetd[13502]: [ID 702911 daemon.notice] Starting catalog run Jun 10 13:36:44 puppet-test puppetd[13502]: [ID 702911 daemon.notice] Finished catalog run in 0.03 seconds Am I hitting a but? Almost every time I've seen this it's a problem with a filebucket -- do you have a server-side filebucket specified to use 'puppet'? my puppetmaster is a ubuntu server and I do not see anything in /var/lib/puppet/bucket dir. Is that what you are asking? sorry I am a puppet newbie -- Never esteem anything as of advantage to you that will make you break your word or lose your self-respect. -- Marcus Aurelius Antoninus - Luke Kanies | http://reductivelabs.com | http://madstop.com -- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Alternate file source
I was wondering if anyone out there has done any work on other URI types for File source ? I have a few machines that need some local scripts copied over, which are stored in CVS or Subversion. It would be really helpful if, instead of having to check out the scripts into the module's files/ directory when they change, I could just provide Puppet with a http:// or svn:// URI -Jason --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Controlling the order of execution of puppet code?
Does anybody know the status of that patch? On May 29, 10:01 am, Brice Figureau brice-pup...@daysofwonder.com wrote: On Fri, 2009-05-29 at 08:18 +1000, James Turnbull wrote: Brice Figureau wrote: On Thu, 2009-05-28 at 11:55 +0200, Peter Meier wrote: Hi Only way I know is to make individual objects depend on other objects. Can't do it at class level... I think there is a feature request somewhere in the system for this, because I'd like it as well... hmm did I only dream that in the upcoming release there will be a require (or something like that) keyword to include a class and require it. Unfortunately I'm not able to find the appropriate bug report. I implemented it for sure, but in the end I think it was rejected: http://projects.reductivelabs.com/issues/1907 Re-reading the thread I see why we rejected the bug, but not the patch. I think I'll have to resubmit it. Yes - had to go re-read myself. As long as we provide both functions - include and a stronger require - I think this is an easy +1. Yes, that's what my patch was doing. I'll resurrect the patch and post it to puppet-dev this week-end. -- Brice Figureau My Blog:http://www.masterzen.fr/ --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Variables in definitions
Hi, A quick Hello to every as this is my first post on the Puppet Users group. I had some training with Teyo in London recently and am busy evaluating Puppet to replace a config engine developed for internal use at my company. Question: Is it possible to refer to variables declared inside realised definitions? Here's a basic example of how to refer to variables defined inside the scope of a class that is not your own :- test.pp -- class foo { $bar = 'baz' } include foo notice($foo::bar) output :- -- notice: Scope(Class[main]): baz Is there any equivalent syntax for definitions along the lines of :- $foo['somename']::bar Is it possible to do something similar with definitions or is this just abuse of Puppet principles ;-) Basically what I'm trying to achieve is the set up of a bunch of scopes with variables in them. These are then combined in various ways to configure multiple instances of an application on a individual system (of which there may be many). It's proving to be tougher than I thought ;-) Any thoughts or suggestions on the direction I could take from here? Regards, David Moss --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Another Redundant Puppet Master Servers Thread
So it looks like at least the linux side of things is sorted at my site, which means i'm approaching go-live. With CFengine we've had two servers defined in the configuration, but puppet doesn't seem to do that and there are other issues with this setup (well our current setup of cfengine anyway). My plan was this: My dev host remains that - new modules and such get built on it, and when it's tested and working we check it in to svn. My prod hosts update from svn via cron every X minutes (thinking between 5 and 15) and serve their data. Which leads to my two questions: 1) how do i keep the certs on both prod hosts ? I assume they ID the host uniquely, so just copying them across is not the way forward, though i'm planning to use some sort of IP failover between the two prod hosts, and i'm thinking signing against the shared IP may be sufficient (have not tried). 2) has anyone used puppet with IP failover ? My Red Hat Cluster Suite nodes are currently intent on upsetting me so i'm inclined not to go that way, rather i'm considering ucarp. Regardless, has anyone tried puppet + IP failover? I guess there is a 3: is there a way of just specifying two hosts in the config (and what does that mean to certificates)? Cheers chakkerz --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Controlling the order of execution of puppet code?
Rene wrote: Does anybody know the status of that patch? It's pushed and will be in 0.25.0. The next 0.25.0 release will be beta2 but I haven't got a date yet. Regards James Turnbull -- Author of: * Pro Linux Systems Administration (http://tinyurl.com/linuxadmin) * Pulling Strings with Puppet (http://tinyurl.com/pupbook) * Pro Nagios 2.0 (http://tinyurl.com/pronagios) * Hardening Linux (http://tinyurl.com/hardeninglinux) signature.asc Description: OpenPGP digital signature
[Puppet Users] Re: puppet client looking for server puppet
On Jun 11, 2009, at 11:36 AM, Asif Iqbal wrote: On Thu, Jun 11, 2009 at 11:58 AM, Luke Kaniesl...@madstop.com wrote: On Jun 10, 2009, at 12:50 PM, Asif Iqbal wrote: In my puppet client I have puppet.conf defined puppet server as mypuppet server = mypuppet.example.net Not sure why the puppet client puppet-test is still sending these noises to the syslog Jun 10 13:36:23 puppet-test puppetd[10863]: [ID 702911 daemon.error] Could not find server : getaddrinfo: node name or service name not known Jun 10 13:36:23 puppet-test puppetd[10863]: [ID 702911 daemon.error] Could not request certificate: Certificate retrieval failed: Could not find server puppet Jun 10 13:36:44 puppet-test puppetd[13502]: [ID 702911 daemon.notice] Starting catalog run Jun 10 13:36:44 puppet-test puppetd[13502]: [ID 702911 daemon.notice] Finished catalog run in 0.03 seconds Am I hitting a but? Almost every time I've seen this it's a problem with a filebucket -- do you have a server-side filebucket specified to use 'puppet'? my puppetmaster is a ubuntu server and I do not see anything in /var/lib/puppet/bucket dir. Is that what you are asking? sorry I am a puppet newbie Look for a 'filebucket' resource in your manifests. -- Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it. -- (attributed to) Brian W. Kernighan (unconfirmed) - Luke Kanies | http://reductivelabs.com | http://madstop.com --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Puppetrun timeout
Hrm, I'm running it with --foreground so that I know when it's complete, and I'm getting these execution expired messages, which I took to mean that puppetrun already has some sort of internal timeout mechanism. Is that not the case? I guess an alternative would be to run with --no-foreground. If I do that, is there a way to query host and see when it's last successful update was, in order to show that the changes have been completed? If that doesn't work, then I guess I'd have to ssh to each box and run puppetd there and wait for it to finish. Pete On Thu, Jun 11, 2009 at 8:55 AM, Luke Kanies l...@madstop.com wrote: On Jun 8, 2009, at 4:39 PM, Pete Emerson wrote: I'm using puppet 0.24.7-4. I have a situation where I have some very long running puppet runs in order to do upgrades (removing applications from load balancers gracefully, et cetera). My puppet runs triggered via puppetrun are finishing successfully: Jun 8 20:31:29 puppetd[10178]: Finished catalog run in 345.18 seconds Puppetrun itself is timing out: err: Connection timeout calling puppetrunner.run: execution expired Host myhost failed: Connection Timeout myhost finished with exit code 2 I'm calling puppetrun with --foreground: puppetrun --host=myhost -- host=myhost2 --host=myhost3 --foreground --parallel However, I don't see anything in the puppetrun doco that hints at setting the execution exiry time. Any suggestions? I'd run with --no-foreground. Or, modify puppetrun to have a timeout? -- It's impossible to foresee the consequences of being clever. -- Christopher Strachey - Luke Kanies | http://reductivelabs.com | http://madstop.com --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Puppetrun timeout
On Jun 11, 2009, at 5:52 PM, Pete Emerson wrote: Hrm, I'm running it with --foreground so that I know when it's complete, and I'm getting these execution expired messages, which I took to mean that puppetrun already has some sort of internal timeout mechanism. Is that not the case? I guess an alternative would be to run with --no-foreground. If I do that, is there a way to query host and see when it's last successful update was, in order to show that the changes have been completed? If that doesn't work, then I guess I'd have to ssh to each box and run puppetd there and wait for it to finish. I'd recommend using reports from the client to figure out when it's done. -- The truth is that there is nothing noble in being superior to somebody else. The only real nobility is in being superior to your former self. -- Whitney Young - Luke Kanies | http://reductivelabs.com | http://madstop.com --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: puppet client looking for server puppet
On Thu, Jun 11, 2009 at 6:47 PM, Luke Kaniesl...@madstop.com wrote: On Jun 11, 2009, at 11:36 AM, Asif Iqbal wrote: On Thu, Jun 11, 2009 at 11:58 AM, Luke Kaniesl...@madstop.com wrote: On Jun 10, 2009, at 12:50 PM, Asif Iqbal wrote: In my puppet client I have puppet.conf defined puppet server as mypuppet server = mypuppet.example.net Not sure why the puppet client puppet-test is still sending these noises to the syslog Jun 10 13:36:23 puppet-test puppetd[10863]: [ID 702911 daemon.error] Could not find server : getaddrinfo: node name or service name not known Jun 10 13:36:23 puppet-test puppetd[10863]: [ID 702911 daemon.error] Could not request certificate: Certificate retrieval failed: Could not find server puppet Jun 10 13:36:44 puppet-test puppetd[13502]: [ID 702911 daemon.notice] Starting catalog run Jun 10 13:36:44 puppet-test puppetd[13502]: [ID 702911 daemon.notice] Finished catalog run in 0.03 seconds Am I hitting a but? Almost every time I've seen this it's a problem with a filebucket -- do you have a server-side filebucket specified to use 'puppet'? my puppetmaster is a ubuntu server and I do not see anything in /var/lib/puppet/bucket dir. Is that what you are asking? sorry I am a puppet newbie Look for a 'filebucket' resource in your manifests. nothing there in puppet master # /etc/puppet/manifests# ls classes site.pp site.pp.orig -- Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it. -- (attributed to) Brian W. Kernighan (unconfirmed) - Luke Kanies | http://reductivelabs.com | http://madstop.com -- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: puppet client looking for server puppet
On Jun 11, 2009, at 5:58 PM, Asif Iqbal wrote: On Thu, Jun 11, 2009 at 6:47 PM, Luke Kaniesl...@madstop.com wrote: On Jun 11, 2009, at 11:36 AM, Asif Iqbal wrote: On Thu, Jun 11, 2009 at 11:58 AM, Luke Kaniesl...@madstop.com wrote: On Jun 10, 2009, at 12:50 PM, Asif Iqbal wrote: In my puppet client I have puppet.conf defined puppet server as mypuppet server = mypuppet.example.net Not sure why the puppet client puppet-test is still sending these noises to the syslog Jun 10 13:36:23 puppet-test puppetd[10863]: [ID 702911 daemon.error] Could not find server : getaddrinfo: node name or service name not known Jun 10 13:36:23 puppet-test puppetd[10863]: [ID 702911 daemon.error] Could not request certificate: Certificate retrieval failed: Could not find server puppet Jun 10 13:36:44 puppet-test puppetd[13502]: [ID 702911 daemon.notice] Starting catalog run Jun 10 13:36:44 puppet-test puppetd[13502]: [ID 702911 daemon.notice] Finished catalog run in 0.03 seconds Am I hitting a but? Almost every time I've seen this it's a problem with a filebucket -- do you have a server-side filebucket specified to use 'puppet'? my puppetmaster is a ubuntu server and I do not see anything in /var/lib/puppet/bucket dir. Is that what you are asking? sorry I am a puppet newbie Look for a 'filebucket' resource in your manifests. nothing there in puppet master # /etc/puppet/manifests# ls classes site.pp site.pp.orig What's the output of 'grep -r filebucket *' in that directory? -- The people who are regarded as moral luminaries are those who forego ordinary pleasures themselves and find compensation in interfering with the pleasures of others. -- Bertrand Russell - Luke Kanies | http://reductivelabs.com | http://madstop.com --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Puppetrun timeout
Aha! Excellent. Reference: http://reductivelabs.com/trac/puppet/wiki/ReportsAndReporting I haven't played with this piece of puppet yet, but will do so now. Thanks, Pete On Thu, Jun 11, 2009 at 3:55 PM, Luke Kanies l...@madstop.com wrote: On Jun 11, 2009, at 5:52 PM, Pete Emerson wrote: Hrm, I'm running it with --foreground so that I know when it's complete, and I'm getting these execution expired messages, which I took to mean that puppetrun already has some sort of internal timeout mechanism. Is that not the case? I guess an alternative would be to run with --no-foreground. If I do that, is there a way to query host and see when it's last successful update was, in order to show that the changes have been completed? If that doesn't work, then I guess I'd have to ssh to each box and run puppetd there and wait for it to finish. I'd recommend using reports from the client to figure out when it's done. -- The truth is that there is nothing noble in being superior to somebody else. The only real nobility is in being superior to your former self. -- Whitney Young - Luke Kanies | http://reductivelabs.com | http://madstop.com --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Another Redundant Puppet Master Servers Thread
2009/6/11 chakkerz chakk...@gmail.com: Which leads to my two questions: 1) how do i keep the certs on both prod hosts ? I assume they ID the host uniquely, so just copying them across is not the way forward, though i'm planning to use some sort of IP failover between the two prod hosts, and i'm thinking signing against the shared IP may be sufficient (have not tried). So, you don't need the client certs on any puppetmaster. All that is important is that the client trusts the master's cert, and that the master trusts the client's cert. Probably the easiest way of doing that is (1) just putting the same cert on both puppetmasters, or (2) including the contents of both ca.pem on all hosts, and lastly (3) creating a rootCA that all parties trust and just sign all the keys accordingly. And also fwiw, the host is only identified by its FQDN by default - its the CN in the cert. 2) has anyone used puppet with IP failover ? My Red Hat Cluster Suite nodes are currently intent on upsetting me so i'm inclined not to go that way, rather i'm considering ucarp. Regardless, has anyone tried puppet + IP failover? We did it in active-active with load balancers, which could have easily been active-passive. Its just a simple web service from the perspective of high availability. When the move to REST is complete it'll be even more simple. I guess there is a 3: is there a way of just specifying two hosts in the config (and what does that mean to certificates)? No, I assume the thought being high availability would be handled outside of the client. This has come up a few times now though... I think I'd rather see ordered A or SRV RRs. .r' --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Puppet Camp Oct 1-2 at SFSU
On Wed, 2009-06-10 at 16:59 +0100, Matt wrote: A few things from the top of my head: 1) What people have done in regard to node management, as well as dealing with nodes that do not have static DNS names such as when using Ec2. 2) Success/failures on scaling puppet out to n clients 3) How it's been incorporated in to development, operations, and infrastructure environments I'd be very interested in hearing anything about module reuse, both within organizations, and from the various repos out there. Both successes, and even more failures. In a similar vein, anything about attempts at using modules to provide simplified config building blocks to others. Maybe an in-person meeting would be a good opportunity to revive the 'grand unified puppet module repo' idea that has been out there for a while, but never really taken off. BTW, I will definitely attend if I am in town (there's a very small chance that I might not be) David --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Another Redundant Puppet Master Servers Thread
Sounds sensible and straight forward. Thanks for that! chakkerz --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Managing content of state.yaml
Hi all, I have a tidy block set up to clean up old Puppet reports (older than 1 month). One side effect of this is that every file that is removed gets added into the state.yaml file. On a small scale this is not a bad thing - it keeps track of what's been culled, etc... On a larger scale (ie. Tidy is cleaning a lot of files with different filenames) the state.yaml file will grow and grow. This whole state file is read in on a regular basis by the Puppet daemon. Its probably a small one for most people, but in theory it is a persistent memory leak. What is the general best practice for managing Puppet state/config databases? Greg --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---