Re: [Puppet Users] Re: allow_duplicate_certs = true not working?
On Apr 14, 2011, at 11:57 AM, Jake - USPS wrote: Thanks Matt. Just for clarification on why I'm trying to do this. We often rebuild systems in our environment. Things are 'decommissioned', hostname 'released' and new system built with previously used hostname for new purposes. This means currently (as I understand it) part of our decom process would need to include revoking a cert for a system. I'm trying to avoid this step as less work is always better, we have a lot of systems we manage so this isn't something that would be done infrequently and I'm also afraid of admins as part of a decom process would by accident revoke a cert for the wrong system. So I was hoping with this that I would be able to decom a system, rebuild it and with the allow_duplicate_certs just automatically use a new cert for that hostname. By removing the ssl dir on an agent system I'm assuming this would be a valid test to simulate a decom/ rebuild/reregister puppet without all that hassle. Thanks for opening the additional bugs on this. One thing I'm wondering is if I'm missing something that maybe people already do to deal with my type of situation. This is a problem for us too. To fix it, we don't use the normal puppet key signing process. Instead, keys are created on the puppetmaster and sent to the clients when the clients finish installing. Workstation keys for computers that aren't sensitive are sent automatically. The keys for sensitive computers (servers) are copied by hand my a system admin. The second happens so little, that it's fine for us. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet client 'certificate verify failed'
On 04/13/2011 05:11 AM, Martin Orda wrote: Hi, I've looked in the archives and elsewhere but couldn't find a solution to the issue I'm having. I'm running puppet with an external CA that I manage myself (ca=false for puppetmasterd) puppetmasterd is behind nginx reverse proxy. On the client I'm getting: root@web01:~# puppet agent --verbose --no-daemonize --onetime err: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed notice: Using cached catalog err: Could not retrieve catalog; skipping run The puppetmaster's fqdn is excel.example.com and the SSL settings on the master shouldn't really matter since nginx is the SSL endpoint in this scenario. Could you have a look at the below (also available as http://pastie.org/1789339) and let me know if my config is sensible or if you can spot anything incorrect? Hi, as a matter of fact, I don't see where you're telling the client to talk to excel.example.com (puppet agent's server parameter). As is, the agent probably just talks to puppet. If your master cert is for excel and not puppet, you're bound to get errors. If setting this doesn't help, you should use openssl s_client to query your master's certificate and find out why a client would fail its verification. HTH, Felix -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Evaluating Puppet for Tomcat Deployment
Hi, coordinating distributed actions is not puppet's strong suit (you may want to look at MCollective). On 04/14/2011 03:35 PM, bradford wrote: I just recently learned about Puppet and was wondering if someone could tell me if this would be a good fit for our environment. We have 3 web servers (and will soon have 4). Here's the steps I currently use to deploy: # log on to production web server 1 service httpd stop service tomcat5 stop # log on to QA server scp ROOT.war u...@server1.example.com:/usr/share/tomcat5/webapps/ You don't want puppet to perform lots of actions, puppet is more about *state*. Puppet would be most comfortable if you rolled your application into a package with suitable per-/post-inst hooks, I think. Sometimes it is more complex, though, and I may need to copy any of the following: /etc/httpd/conf.d/mod_jk.conf /etc/tomcat5/context.xml Deploying single configuration files works quite well within the puppet paradigm. But I can't just copy over context.xml from QA, since the connection strings are different in QA and production. Have a look at ERB templates for puppet. This works well. # restart everything (after ROOT.war has transferred) service tomcat5 start service httpd start Again, this should be scripted, either in a package or a custom script (which puppet can deploy and run for you). Usually, I deploy to server1, test, and then deploy to server2 and server3. I like to wait until server 2 is completed ready before I start deploying to server 3 -- can Puppet do this (check for the HTTP status of /)? So, can I have Puppet deploy server1 and then have it do the deploy and wait to server2, server3, and soon to be server4? I call MCollective, but maybe someone has more ideas on this one. Cheers, Felix -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: copying file with source parameter
Thanks Robb, for the tips. Changed all my module/class names according to the recommendation. Cheers!! On Apr 14, 11:39 pm, Robb robb.wago...@gmail.com wrote: Also, watch out for casing of your module name. It appears that 'mySudo' works, but it is not recommended. Recommended naming for Modules (and Classes): [a-z][a-z0-9]* http://docs.puppetlabs.com/guides/modules.html#naming I was caught by this issue when I named a module in a camel-cased fashion: AbbCddd Robb -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] What to do if something is not required on the clients?
Dear all, It's probably a newbie question again: What to do to ensure something is not running or not installed and things like that as oppose to ensure = installed, ensure = running, etc. ? e.g. if I want to make sure that http is not running on certain clients - any way of doing that? Thanks in advance. Cheers!! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] What to do if something is not required on the clients?
On Apr 15, 2011, at 1:02 AM, Sans wrote: Dear all, It's probably a newbie question again: What to do to ensure something is not running or not installed and things like that as oppose to ensure = installed, ensure = running, etc. ? e.g. if I want to make sure that http is not running on certain clients - any way of doing that? For the package example, I'd try ensure = absent. I think I remember that works. For the httpd example, I'd try just ensuring that the httpd package isn't installed. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: What to do if something is not required on the clients?
Thanks Patrick! Where can I get the list of attributes and their predefined values? Cheers!! On Apr 15, 9:12 am, Patrick kc7...@gmail.com wrote: For the package example, I'd try ensure = absent. I think I remember that works. For the httpd example, I'd try just ensuring that the httpd package isn't installed. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: What to do if something is not required on the clients?
On 15-04-11 10:20, Sans wrote: Thanks Patrick! Where can I get the list of attributes and their predefined values? Cheers!! The type reference: http://docs.puppetlabs.com/references/latest/type.html On Apr 15, 9:12 am, Patrick kc7...@gmail.com wrote: For the package example, I'd try ensure = absent. I think I remember that works. For the httpd example, I'd try just ensuring that the httpd package isn't installed. Regards, Martijn. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Templating question
On 04/13/2011 04:24 AM, Ben Hughes wrote: On Tue, Apr 12, 2011 at 07:20:24PM -0700, Brian Gallew wrote: I ended up doing something even uglier (and probably stupider). I created two sub-classes of jumpstart: jumpstart::mirrorroot and jumpstart::zfsroot, and each one just sets a variable ($target) and the uses the template. It's incredibly stupid, but it works. That is neater than trying to pick your way through the objects. Really. Indeed, but my preferred canonical approach is to wrap templates in defines. No need for subclassing here, just pass different parameters to your wrapping define. Cheers, Felix -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Root Password and Stages
Hi, I've the following class to manage the root password in our servers. class root_user_private_servers { user { root: ensure=present, uid=0, gid=0, comment=root, shell=/bin/bash, home=/root, managehome=false, allowdupe=false, password = $operatingsystem ? { debian = $lsbdistcodename ? { default = 'hashXX', lenny = 'hashXX', etch= 'hashXX', sarge = 'hashXX', }, default = 'hashXX', }; } } When I run the class in this way without stages and the package lsb- release it's installed it works correctly. class testA { include root_user_private_servers } node 'debian-lenny.X.' { include testA } The problem it's that when I run the class with stages it fails with a dependency cicle. The class apt_official it set the Debian repos and doesn't require or include any other class, it doesn't have dependencies. The class lsb-release install the packages lsb_release, this it's because I use the facter variable $lsbdistcodename to distinguish between Debian versions only in the class root_user_private_servers. The idea it's to setup the Debian repositories first, then install the lsb_release package and the run all the others manifests. stage {first: before=Stage[second]} stage {second: before=Stage[main]} class { compulsory_main1: stage= first} class compulsory_main1 { include apt_official } class { compulsory_main2: stage= second} class compulsory_main2 { include lsb_release } class testA { include root_user_private_servers } I've also tried this one: class testA inherits compulsory_main2 {} this one class testA { include compulsory_main1 include compulsory_main2 include root_user_private_servers } and this one class testA { require compulsory_main1 require compulsory_main2 include root_user_private_servers } with no luck, Can you help me to solve this problem? Thanks in advance. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] How to manage a big cluster of 100s of node?
Dear all, Apparently I'll be installing Puppet on a cluster of 300+ nodes that divided into four different types. How do I apply a specific module/ class to a specific client-group? For example, if I want to apply my_module_1 to 50 or so odd machines and my_module_1 + my_module_2 to 80 machines, how do I do that? I don't think the only way is to add individual node one by one in the nodes.pp. How do you guys do it? You input/comment is already appreciated. Cheers!! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
RE: [Puppet Users] How to manage a big cluster of 100s of node?
-Original Message- From: puppet-users@googlegroups.com [mailto:puppet-users@googlegroups.com] On Behalf Of Sans Sent: 15 April 2011 11:57 To: Puppet Users Subject: [Puppet Users] How to manage a big cluster of 100s of node? to 80 machines, how do I do that? I don't think the only way is to add individual node one by one in the nodes.pp. How do you guys do it? You input/comment is already appreciated. Cheers!! You can pattern match on the hostname in the node definition... -- Russell Howe rh...@moonfruit.com -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: How to manage a big cluster of 100s of node?
On Apr 15, 12:09 pm, Russell Howe rh...@moonfruit.com wrote: You can pattern match on the hostname in the node definition... That could be a potential problem in future but for the time being, that should work for me. So, how do I pattern-match host-names like farm001 to farm110? Is there any wiki page for that? Cheers!! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] multimaster architecture with central report server
Hi, is there a way how to instruct the master to forward the obtained reports to another master server so we can have one central report server that would be receiving all reports from other masters in individual collocations? the report_server works fine for the master itself but not for the forwarded reports. I am looking for something similar to the central inventory server as it works greatly for facts but for reports as well. anyone? thanks, Antony -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: How to manage a big cluster of 100s of node?
On 04/15/2011 01:18 PM, Sans wrote: On Apr 15, 12:09 pm, Russell Howe rh...@moonfruit.com wrote: You can pattern match on the hostname in the node definition... That could be a potential problem in future but for the time being, that should work for me. So, how do I pattern-match host-names like farm001 to farm110? Is there any wiki page for that? Cheers!! So your node classes are determined by arbitrary ranges in their integer naming? Really? If you are forced to use insane naming schemes by your environment, you may want to try and introduce sanity by way of puppet certificate names (I believe those are used for matching nodes in the manifests, but I may be wrong). Otherwise, refresh your regex-fu, matching some integer ranges should be ugly but possible. E.g. for the above, you could use /farm(0..|10.|110)/. No, it's not especially readable. Hence my plea for sane naming schemes. HTH, Felix -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: How to manage a big cluster of 100s of node?
On Apr 15, 12:46 pm, Felix Frank felix.fr...@alumni.tu-berlin.de wrote: So your node classes are determined by arbitrary ranges in their integer naming? Really? I hope by node classes you mean type of nodes. It's a bit complicated: The cluster is shared for Grid and the local jobs. Grid jobs can run any worker nodes but local-jobs runs on specific nodes - all the WNs are named from farm001 to farm250. Local jobs need some special local-environment settings, whist Grid-jobs don't need them at all and that makes the difference. Its it possible to use something like this: seq 31 52 | gawk '{printf(farm%03i\n,$1);}' so that I can be specific about the hosts? Cheers!! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] How to manage a big cluster of 100s of node?
On Fri, 2011-04-15 at 03:56 -0700, Sans wrote: Dear all, Apparently I'll be installing Puppet on a cluster of 300+ nodes that divided into four different types. How do I apply a specific module/ class to a specific client-group? For example, if I want to apply my_module_1 to 50 or so odd machines and my_module_1 + my_module_2 to 80 machines, how do I do that? I don't think the only way is to add individual node one by one in the nodes.pp. How do you guys do it? You input/comment is already appreciated. Cheers!! I think the best practice is to use an ENC[1] (external node classifier) like the Foreman or Puppet Dashboard, or one of your own. This way you can program (more easily) the logic of attributions of modules to your specific nodes. [1]: http://docs.puppetlabs.com/guides/external_nodes.html -- Brice Figureau Follow the latest Puppet Community evolutions on www.planetpuppet.org! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: How to manage a big cluster of 100s of node?
On 04/15/2011 02:33 PM, Sans wrote: On Apr 15, 12:46 pm, Felix Frank felix.fr...@alumni.tu-berlin.de wrote: So your node classes are determined by arbitrary ranges in their integer naming? Really? I hope by node classes you mean type of nodes. It's a bit I do. Sorry for being ambiguous. complicated: The cluster is shared for Grid and the local jobs. Grid jobs can run any worker nodes but local-jobs runs on specific nodes - all the WNs are named from farm001 to farm250. Local jobs need some special local-environment settings, whist Grid-jobs don't need them at all and that makes the difference. Its it possible to use something like this: seq 31 52 | gawk '{printf(farm%03i\n,$1);}' so that I can be specific about the hosts? Cheers!! You mean for generating a manifest? That would work then. But then, you may want to consider deploying some custom facts and write a manifest like node my_base_node { include worker_node if $local_wn { include local_worker_node } } HTH, Felix -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] dashboard: 500 error trying to view files
Hello, When viewing the details of a report, files that changed have two hyper-links, one for each version of the file. Clicking either of such links give me a 500 error (We're sorry, but something went wrong.) How do I debug this issue? am running dashboard behind apache, and see no errors in the apache logs. In the access log I see: GET /files/show?file=7e8cf290bd3d88732e9ad446521b331f HTTP/1.1 500 Thanks, Mohamed. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Root Password and Stages
On Apr 15, 2:32 am, ikkaro isaak.gonza...@gmail.com wrote: The problem it's that when I run the class with stages it fails with a dependency cicle. Which is? The --debug output showing the cycle and all the autorequires would be helpful here. The class apt_official it set the Debian repos and doesn't require or include any other class, it doesn't have dependencies. The class lsb-release install the packages lsb_release, this it's because I use the facter variable $lsbdistcodename to distinguish between Debian versions only in the class root_user_private_servers. That's not going to do what you want, dependency issues notwithstanding. Nodes posts all their facts to the server before their manifest is compiled, so causing the lsb_release package to be installed early in a Puppet run will not make the $lsbdistcodename fact available later in the same run. Run stages partition a run into stages, not into separate runs; there is no re-posting of facts between stages. The idea it's to setup the Debian repositories first, then install the lsb_release package and the run all the others manifests. Run stages can, in principle, give you that ordering. For what it's worth, I personally would use only one preliminary stage, with ordinary resource dependencies establishing the application order of the resources in that stage. That wouldn't make any difference in your dependency cycle, though. stage {first: before=Stage[second]} stage {second: before=Stage[main]} class { compulsory_main1: stage= first} class compulsory_main1 { include apt_official } class { compulsory_main2: stage= second} class compulsory_main2 { include lsb_release } That's a strange way to do it. Why are you not doing this: class { apt-official: stage = first } class { lsb_release: stage = second } ? I suspect that the way you showed above puts only the wrapper classes into the specified stages, not the wrapped ones. That could impact your dependencies. Why do you need wrapper classes? class testA { include root_user_private_servers } I've also tried this one: class testA inherits compulsory_main2 {} Class inheritance is not the answer to this problem. Use it ONLY to override resource properties, and override resource properties only when you have no better alternative. this one class testA { include compulsory_main1 include compulsory_main2 include root_user_private_servers } and this one class testA { require compulsory_main1 require compulsory_main2 include root_user_private_servers } The relative order of include and/or require statements is not a reliable method to influence ordering, and it certainly does not affect explicit dependencies, so this is also the wrong direction. We can probably help you work out the dependency problem if you give us more information. Again, however, this approach is not going to get you where you want to be. As an alternative, you could use conditional logic to get what you want across two Puppet runs, and even to get the second one to commence soon after the first finishes. Good luck, John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] ERB advice
Details below, but the essential problem is this: I need to take a list of hostnames and assign an integer for each one and ensure that the integer “is non-negative and is no more than three decimal digits in length”. I’d prefer that the each hostname lead to the same integer every time. I’ve never written anything in Ruby before yesterday, so anyone with more experience have any ideas? Boring details: I’m trying to set up replication between LDAP servers. Each one has to have a unique integer assigned. Details for all of our nodes are stored in LDAP, so when the template is applied to a node, I can have it get a list of servers that it should be syncing with by searching for something like “((classification=ldap)(environment=#{environment})(!(status=inactive*)))”. Things I’ve considered so far: 1. Just keep a counter as you loop through the list of servers and use that as the ID. The problem is, if I remove a server from the list (which I am planning to do soon), the numbers will be reassigned and depending on when each server checks in with the Puppetmaster, there’s a good chance that two servers could think they have the same ID. 2. Use regex replacements on the hostname. Our hostnames are all in the format x--ldap-01. I could just take the integer part of the name and then add something to it based on the value of environment, but then I’d have to assume the hostname format will never change. Political nonsense is common around here, so I don’t want to rely on that. What I really need is something like an MD5 sum of each hostname, but the resulting numbers are obviously way too big. Thanks. -- Rob McBroom http://www.skurfer.com/ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] ERB advice
On 04/15/2011 04:30 PM, Rob McBroom wrote: Details below, but the essential problem is this: I need to take a list of hostnames and assign an integer for each one and ensure that the integer “is non-negative and is no more than three decimal digits in length”. I’d prefer that the each hostname lead to the same integer every time. I’ve never written anything in Ruby before yesterday https://twitter.com/#!/RobMcBroom/status/58628000895336448, so anyone with more experience have any ideas? Reminds me of this function: http://docs.puppetlabs.com/references/stable/function.html#fqdnrand You may just want to look up its code in the puppet source. Shouldn't be too hard to whip something up from there. HTH, Felix -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Templating question
That would undoubtedly have been a neater solution. I may well switch to using that. Thanks! On Fri, Apr 15, 2011 at 1:48 AM, Felix Frank felix.fr...@alumni.tu-berlin.de wrote: On 04/13/2011 04:24 AM, Ben Hughes wrote: On Tue, Apr 12, 2011 at 07:20:24PM -0700, Brian Gallew wrote: I ended up doing something even uglier (and probably stupider). I created two sub-classes of jumpstart: jumpstart::mirrorroot and jumpstart::zfsroot, and each one just sets a variable ($target) and the uses the template. It's incredibly stupid, but it works. That is neater than trying to pick your way through the objects. Really. Indeed, but my preferred canonical approach is to wrap templates in defines. No need for subclassing here, just pass different parameters to your wrapping define. Cheers, Felix -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: allow_duplicate_certs = true not working?
Thank you Patrick and Russell for your inputs. Patrick, With your solution, do you generate the keys by hand then on the puppetmaster? Do you also manually send the generated cert to the client? I'm guessing its all actually automated, just trying to figure out how since I'm fairly new with puppet. What I'm doing currently is building a base OS with AutoYast (SLES), then in post install scripts of autoyast installing puppet and having it 'finish' the install by running the agent. So I'm hoping to find a solution that could integrate with this current build process. Russell, I understand your idea. I'm thinking of giving this a try. Thanks, Jake On Apr 15, 3:36 am, Russell Howe rh...@moonfruit.com wrote: -Original Message- From: puppet-users@googlegroups.com [mailto:puppet-users@googlegroups.com] On Behalf Of Jake - USPS Sent: 14 April 2011 19:58 To: Puppet Users Subject: [Puppet Users] Re: allow_duplicate_certs = true not working? Thanks Matt. Just for clarification on why I'm trying to do this. We often rebuild systems in our environment. Things are 'decommissioned', hostname 'released' and new system built with previously used hostname for new purposes. Apologies for sending an email from Outlook, but could you store up a stash of the certificate and private key from when a host is commissioned and then place it on the host next time it's built? -- Russell Howe rh...@moonfruit.com -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: How to manage a big cluster of 100s of node?
Thanks Brice, for the link. Just had a quick look and I yet to understand how that external_nodes think works. Cheers!! On Apr 15, 1:34 pm, Brice Figureau brice-pup...@daysofwonder.com wrote: I think the best practice is to use an ENC[1] (external node classifier) like the Foreman or Puppet Dashboard, or one of your own. This way you can program (more easily) the logic of attributions of modules to your specific nodes. [1]:http://docs.puppetlabs.com/guides/external_nodes.html -- Brice Figureau Follow the latest Puppet Community evolutions onwww.planetpuppet.org! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Recursive directory copy and exec
Hi all, Newbie question here... I'm trying to figure out how to execute a command for every file in a directory. For example, I recursively copy a bunch of tar files and then I want to run a command against them My understanding is that the file resource will execute first, copying all of the files. After that the exec resource will occur. Is that right? If so, how do I run an exec for every file? Ideally, I want to do something like this, but to have the exec occur for every individual file: file { /var/tmp/files: ensure = directory, recurse = true, purge = true, backup = false, mode = 755, source = puppet:///files, } exec { foo: command = tar xf FILENAME, cwd = /var/tmp/files, subscribe = File[/var/tmp/files], } -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] another template question
Dear all, I'm trying to create a module for autofs, and I need to create a file, say auto.mymounts, on the clients with these: alice - hard,intr,ro,nosuid,rsize=8192,wsize=8192,tcp,noatime,nfsvers=3 serv02:/experiment-software/EXP_SL5/alice atlas - hard,intr,ro,nosuid,rsize=8192,wsize=8192,tcp,noatime,nfsvers=3 serv02:/experiment-software/EXP_SL5/atlas biomed - hard,intr,ro,nosuid,rsize=8192,wsize=8192,tcp,noatime,nfsvers=3 serv02:/experiment-software/EXP_SL5/biomed . . There will be actually few more lines like these in the original version. How can I create a template for that other then putting those static lines in the file? Another catch is: The ro in the line must be changed to rw for a number of hosts. How can I do that dynamically? Or is it possible at all? Cheers!! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] multimaster architecture with central report server
https://github.com/puppetlabs/puppet-dashboard Check under the Reporting section, it shows you how to do it for 0.25* and 2.6.* -Jason On Fri, Apr 15, 2011 at 4:44 AM, Antony Mayi antonym...@yahoo.com wrote: Hi, is there a way how to instruct the master to forward the obtained reports to another master server so we can have one central report server that would be receiving all reports from other masters in individual collocations? the report_server works fine for the master itself but not for the forwarded reports. I am looking for something similar to the central inventory server as it works greatly for facts but for reports as well. anyone? thanks, Antony -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: copying file with source parameter
I think you were pretty much right in this regard. Just found this in the syslog: DEPRECATION NOTICE: Files found in modules without specifying 'modules' in file path will be deprecated in the next major release. Please fix module 'd_services' when no 0.24.x clients are present Cheers!! On Apr 14, 1:25 pm, Felix Frank felix.fr...@alumni.tu-berlin.de wrote: Hi, strange, this has been wrong for quite a while. You need to add modules to your URL: source = puppet:///modules/mySudo/sudoers HTH, Felix -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Recursive directory copy and exec
I would try something like: file { /var/tmp/files: ensure = directory, ... notify = Exec[ exec { foo: command = echo * | xargs tar xf , cwd = /var/tmp/files, refreshonly = true, } On Fri, Apr 15, 2011 at 12:29 PM, Prateep prat...@anicca.net wrote: Hi all, Newbie question here... I'm trying to figure out how to execute a command for every file in a directory. For example, I recursively copy a bunch of tar files and then I want to run a command against them My understanding is that the file resource will execute first, copying all of the files. After that the exec resource will occur. Is that right? If so, how do I run an exec for every file? Ideally, I want to do something like this, but to have the exec occur for every individual file: file { /var/tmp/files: ensure = directory, recurse = true, purge = true, backup = false, mode = 755, source = puppet:///files, } exec { foo: command = tar xf FILENAME, cwd = /var/tmp/files, subscribe = File[/var/tmp/files], } -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] multimaster architecture with central report server
On Fri, Apr 15, 2011 at 2:44 PM, Antony Mayi antonym...@yahoo.com wrote: Hi, is there a way how to instruct the master to forward the obtained reports to another master server so we can have one central report server that would be receiving all reports from other masters in individual collocations? the report_server works fine for the master itself but not for the forwarded reports. If you use a tool such as foreman or dashboard, you can simply forward the reports to it. additionally, afair, you could simply define the report server on the clients and forward to any master. I am looking for something similar to the central inventory server as it works greatly for facts but for reports as well. that is built into foreman since almost two years now. Ohad anyone? thanks, Antony -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: ERB advice
I use the IP address to generate a 32bit integer for the server_id for my Mysql configs. server_id = %= ipaddress.split('.').inject(0) {|total,value| (total 8 ) + value.to_i} % Would something like that work in your case? Ramin On Apr 15, 7:30 am, Rob McBroom mailingli...@skurfer.com wrote: Details below, but the essential problem is this: I need to take a list of hostnames and assign an integer for each one and ensure that the integer “is non-negative and is no more than three decimal digits in length”. I’d prefer that the each hostname lead to the same integer every time. I’ve never written anything in Ruby before yesterday, so anyone with more experience have any ideas? Boring details: I’m trying to set up replication between LDAP servers. Each one has to have a unique integer assigned. Details for all of our nodes are stored in LDAP, so when the template is applied to a node, I can have it get a list of servers that it should be syncing with by searching for something like “((classification=ldap)(environment=#{environment})(!(status=inactive*)))”. Things I’ve considered so far: 1. Just keep a counter as you loop through the list of servers and use that as the ID. The problem is, if I remove a server from the list (which I am planning to do soon), the numbers will be reassigned and depending on when each server checks in with the Puppetmaster, there’s a good chance that two servers could think they have the same ID. 2. Use regex replacements on the hostname. Our hostnames are all in the format x--ldap-01. I could just take the integer part of the name and then add something to it based on the value of environment, but then I’d have to assume the hostname format will never change. Political nonsense is common around here, so I don’t want to rely on that. What I really need is something like an MD5 sum of each hostname, but the resulting numbers are obviously way too big. Thanks. -- Rob McBroom http://www.skurfer.com/ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: ERB advice
On Apr 15, 2011, at 2:58 PM, Ramin K wrote: I use the IP address to generate a 32bit integer for the server_id for my Mysql configs. server_id = %= ipaddress.split('.').inject(0) {|total,value| (total 8 ) + value.to_i} % Would something like that work in your case? Well, it has to be 999 or less, and the IPs differ enough between them that I couldn’t just assume the last one or two octets will make it unique. I’ll probably just use a combination of environment and the integer present in the hostname. Thanks. -- Rob McBroom http://www.skurfer.com/ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] ERB strangness, or ruby/puppet internals I don't understand
Let's say I have a very simple template template.erb: % if not has_variable?(foobar) then foobar = undefined end -% foobar: %= foobar % class: %= foobar.class % And a basic manifest: template.pp: $mytemp = template('template.erb') notice($mytemp) And then I apply the manifest, with an undefined foobar (no foobar fact): $ puppet apply ~/template.pp notice: Scope(Class[main]): foobar: undefined class: String notice: Finished catalog run in 0.01 seconds Looking good. So now I apply the manifest, but with a defined value for foobar (via the FACTER_FOOBAR environment variable): $ FACTER_FOOBAR='foo' puppet apply ~/template.pp notice: Scope(Class[main]): foobar: class: NilClass notice: Finished catalog run in 0.01 seconds Er, what? How on earth did foobar go from a String to NilClass? I can't fathom how this is expected, or correct... The reason I was doing this sort of thing is to give a possibly missing fact a default value. I ended up using a second variable, like this: % foo = has_variable?(foobar) ? foobar.to_s : false -% -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Recursive directory copy and exec
Yes, of course. That would work fine. :-) I was getting carried away trying to map this to puppet resources Thanks Prateep On 15 Apr 2011, at 19:16, Mohamed Lrhazi lrh...@gmail.com wrote: I would try something like: file { /var/tmp/files: ensure = directory, ... notify = Exec[ exec { foo: command = echo * | xargs tar xf , cwd = /var/tmp/files, refreshonly = true, } On Fri, Apr 15, 2011 at 12:29 PM, Prateep prat...@anicca.net wrote: Hi all, Newbie question here... I'm trying to figure out how to execute a command for every file in a directory. For example, I recursively copy a bunch of tar files and then I want to run a command against them My understanding is that the file resource will execute first, copying all of the files. After that the exec resource will occur. Is that right? If so, how do I run an exec for every file? Ideally, I want to do something like this, but to have the exec occur for every individual file: file { /var/tmp/files: ensure = directory, recurse = true, purge = true, backup = false, mode = 755, source = puppet:///files, } exec { foo: command = tar xf FILENAME, cwd = /var/tmp/files, subscribe = File[/var/tmp/files], } -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] puppet can not set password for a local user account. Plus puppet can not add members to a group
Hi, I try to create a user account for example test1 and set the password for it. Both puppet master and client are CentOS 5.5. My code on master: class localaccountmgmt { user { 'test1': allowdupe = 'true', ensure = 'present', gid= '60', home = '/opt/home/test1', shell = '/bin/bash', uid= '120', managehome = 'true', password = '$1$E/GiXjje$cd3/noPMwSCtyaD9QFG0s0' } group { 'group1': ensure = 'present', gid= '10', members = 'test1,test2,test3, test4' } } The password is a encrypted version of the real password that I copied from the /etc/shadow for the same user from another machine. I restarted puppet daemon from my puppet test client. the test1 user and its home directory and group group1 are created successfully. But the password is not working. And the group group1 does not have any members. Does anyone have the problem before? Is this some problem with puppet itself? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: puppet can not set password for a local user account. Plus puppet can not add members to a group
It should work (great i know). First think i notice is that your code is missing the comma on the last argument, though that isn't a show stopper and rather a style issue. Also, you should probably add a require = Group[group1], to your user. On my system it's unhappy about your group number 10 so i changed that to 101, and then it complains about group number 60 (for the user) so i made that 101. And of course i didn't have /opt/home ... but then: [root@sl6repo yum.repos.d]# egrep test1|group1 /etc/ {passwd,shadow,group} /etc/passwd:test1:x:120:101::/opt/home/test1:/bin/bash /etc/shadow:test1:$1$E/GiXjje$cd3/ noPMwSCtyaD9QFG0s0:15079:0:9:7::: /etc/group:group1:x:101: here is your modified code: user { 'test1': allowdupe = 'true', ensure = 'present', gid= '101', home = '/opt/home/test1', shell = '/bin/bash', uid= '120', managehome = 'true', password = '$1$E/GiXjje$cd3/noPMwSCtyaD9QFG0s0', require = Group[group1], } group { 'group1': ensure = 'present', gid= '101', members = 'test1,test2,test3, test4' } though I'm on puppet 2.6 and a Scientific Linux 6.0 system ... the same thing works fine on RHEL5.5 5.6 6.0 with puppet 25.* and 2.6.* . Cheers chakkerz -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: What to do if something is not required on the clients?
On Apr 15, 9:37 am, Martijn Grendelman mart...@iphion.nl wrote On Apr 15, 9:12 am, Patrick kc7...@gmail.com wrote: For the package example, I'd try ensure = absent. I think I remember that works. ensure = absent uses rpm -e' to remove a package, which is a problem for the packages with related dependencies. Is there any way to use yum remove to do that? Cheers!! For the httpd example, I'd try just ensuring that the httpd package isn't installed. Regards, Martijn. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: What to do if something is not required on the clients?
On Apr 15, 2011, at 6:04 PM, Sans wrote: On Apr 15, 9:37 am, Martijn Grendelman mart...@iphion.nl wrote On Apr 15, 9:12 am, Patrick kc7...@gmail.com wrote: For the package example, I'd try ensure = absent. I think I remember that works. ensure = absent uses rpm -e' to remove a package, which is a problem for the packages with related dependencies. Is there any way to use yum remove to do that? Cheers!! It's been too long since I use rpm. Are you saying it refuses to remove the package because something depends on apache, or that you want to remove stuff apache installed (like libapache or whatever)? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.