[Puppet Users] Changes on master applied only on second run on nodes
Hi! If I change manifest on master and then immediately run puppet agent --no-daemonize --report --pluginsync --onetime then it still uses old version of manifest. When I run it second time it sees changes and applies them. Why is it like that? Is it intended to be so? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: New Puppet report processors...
This is the output from master.log during the failed puppet run. [2011-06-07 02:24:16] DEBUG accept: 10.1.0.1:39742 [2011-06-07 02:24:16] DEBUG Puppet::Network::HTTP::WEBrickREST is invoked. [2011-06-07 02:24:16] puppetmaster.domain - - [07/Jun/2011:02:24:16 CDT] GET /production/file_metadatas/plugins?ignore=---+%0A++-+.svn%0A+ +-+CVS%0A++-+.gitrecurse=truelinks=managechecksum_type=md5 HTTP/ 1.1 200 6336 [2011-06-07 02:24:16] - - /production/file_metadatas/plugins? ignore=---+%0A++-+.svn%0A++-+CVS%0A++- +.gitrecurse=truelinks=managechecksum_type=md5 [2011-06-07 02:24:16] DEBUG close: 10.1.0.1:39742 [2011-06-07 02:24:18] DEBUG accept: 10.1.0.1:39743 [2011-06-07 02:24:18] DEBUG Puppet::Network::HTTP::WEBrickREST is invoked. [2011-06-07 02:24:19] puppetmaster.domain - - [07/Jun/2011:02:24:18 CDT] GET /production/catalog/puppetmaster.domain?facts=eNp9VdmSqkoWfe %252BvyK6n7vCogMwRN6JxHkDBAYeXihRSRUYzQcCvv4lYdari %250AVF9HSDL3tNZeu9lsgn %252Fj7Fi24%252BMVOalqZkmCUlWdxy5S1SF0UvIvAFCReBim %250AXhypgGNYtsmITUYCDKcKvMrKLYVjWUkATUZQGYbuj2CIVOClxIFR6qUXdEpb %250AKQyzFnIz%252BvgOgwwRFdBLABIcO4iQGDtxFqUqeGPfnus %252BwhEKVKB7UVY8Vzzy %250AfvdwmkG6%252BpbiDNUbCcIeDKIsPCKsAtvIIUZNQQS8CzocYCEQWcDzQGYB02ke %250AFSC4gOWBKwDpCDgF8DKQpKehT%252BP3sLLxXIsTVCUenUlJUhRiFCBIaG5vQkus %250A3WeRd8uQ56rA4WRG7DjiczlCaR5j%252Fx2lF0YFLCe3WIWnX7kl8vW5JPVC9E6Q %250AE0cuLcYbx7EM33llX2FCvBS5Hs2pnRHcDrxj%252B4lUtfz %252BvGJb8nPzBWK3ijik %250AoNHwC1l8fzlxAg9F6R1hUmPXEl9HaHghJD5dEoTWx5dVuBqSC %252FXtwOAPaJg6%250AuJB6wnTLgxaCpxkJMjC6X82%252Bsv7JNslhcsKInmRbIgdG9Tkvga6Lqa %252FvpVKU %250A59PTzY3%252BgU6%252F3QZx7ZSp3nUq1GJCQBOd6shLcgveUeGRlHwjUYXFI45oWL3%252B %250A%252Bgv%252FPgGvSsfKzSoyFAjfyu4R%252BK3obhxCjwb8LcS0TKiVBQ0efzH %252FDRm2hqai%250AEo7jtA4YRtmJdmGGK3K%252F1ez %252BBSaR03phAZ1X6V5FZxiV6amcUn14WX1x%252B8W2%250AS5zhKnGR5b9C %252BQKkw7YY5QNKgoKq8%252BjmEwzIq0wvMy4sn4wVfoqB%252FSMGma0t %250Akgsm0EelCjT66nbmD9hjS4cbPG8nOf21Blo5ny%252BQvFPc %252FY3IOhtvT9m6tHQ5%250AcDeJdWbW%252FN3JudVksZqPH3mjXLYZh %252BQLKd800rHS4Rt4nen2cWDYjaFdrg4T%250AgsTJYGkPDyifFmd %252FZzRM5POZNszFef%252B0XKYY3x%252BHEnLlAOmn4rbJtKMcaooS %250Ac7thlI2Lobidi65ly718uTIW7RAiU0FLRXRZbYih1XY1jgvv%252BDrYnJS2oXfF %250AI9coup0ikJnZ7BY%252FJoouju8X1%252BNng5nDjnU %252F7zHecrk5bxvEO96JFWVS3uVG %250ApdXzhgIcMqXPKZPOoXAUzxdjrYHujt3xoTR2873PGnvLs7ultDqa%252Fb45XUSl %250AmYQz %252BwiPcteY5atFhuDU0lYbY9KLpdgZKQvrr7%252BeGKCIqlwchajqZ9rfbuZU %250Asv5FLByE039stnpekDIE7xUZCH2YqGCdITDNIlCPBa4aC9U8YJjnwPjUtE%252FC %250AU%252B1qCV84VTUuqHj1fShQQk%252BiFAX%252FWf4X7FAcVf89cwN %252Bv3SBZxkA%252FkdbqNMZ %250AjR8f56vM6jlUNw2wa3kHZgDTU4zDeuNz3v0gkB71imnnVXPqreqsXxW1fwXx %250AL6q%252FLx2E2LlQMX525zcFuMQk %252FWEG1mJGuxnhL3UQWspPo4YqEUVjsarDhOmF%250AzoEjlZU2ef5WI %252BHzolr6oiohvH7af%252BM%252BBtXHRKpEkuWkLyJZaXKt5mxLkT40%250A %252BXdX%252Fz9R%252BVTtH6bcS7p%252Fb%252Fnq9lMP3D %252F1wHc6Br3rdTXDeuCztiX9%252FtxaH6Tw%250AshP6hm0HQ32T9e5Tc9tXdtO7I %252BfBNCHrxkOKokeA5cP%252BrC3jvrk%252BaWhzRgfM %250A6numHR2ZwDf1mcnY3KHnN5h %252BxIx2Xd5kr4tp5zobyl2YzGMOrYceF44aUb47%250AQykNikOxyw %252FCWRtMCvsyE4qZVVLRGq8kpW3dLX%252B2FMuOUsU %252FtPojf2d2%252BTl7%250A2pXr %252FsMOLP52RSMpYVaVtk20kdW4ygiWQzwupe6JK9G4XaxLqAyvRNJ7qCiu%250AYr %252FtbPSpYKz2rO1cpJ3FXZyekY%252BHWDqT0VyJ7MlIEc2k0btfTHgTvMU %252BFMb6%250AIdns3dHkEJBcmKbl48iJWec0vuq6gW5Haz %252Fjb9aRa9uasM1M05r6k6RrMUwy %250AXzQaJukSg5sV0Ml1z2ynRy2oEpoMND84zfcMlzxmgWCnhj9v77dizoo2KaKd %250A5k7jK78s8djTFpf5YTUNokUv1S6DIDkd522l0d9aS4aFo51BDuZwnT36Mo70%250Aadze6pNwhKc7MxaWEXtOznrg4%252Bstv4xGflzcZGcQnZLHtEPkxaqUtpO47UTD %250Asz%252FenVDOG8O%252B620H2x7U0NSl%252FC%252BHcGz89Tdq1Ul%252B %250Afacts_format=b64_zlib_yaml HTTP/1.1 400 104 [2011-06-07 02:24:19] - - /production/catalog/puppetmaster.domain? facts=eNp9VdmSqkoWfe%252BvyK6n7vCogMwRN6JxHkDBAYeXihRSRUYzQcCvv4lYdari %250AVF9HSDL3tNZeu9lsgn %252Fj7Fi24%252BMVOalqZkmCUlWdxy5S1SF0UvIvAFCReBim %250AXhypgGNYtsmITUYCDKcKvMrKLYVjWUkATUZQGYbuj2CIVOClxIFR6qUXdEpb %250AKQyzFnIz%252BvgOgwwRFdBLABIcO4iQGDtxFqUqeGPfnus %252BwhEKVKB7UVY8Vzzy %250AfvdwmkG6%252BpbiDNUbCcIeDKIsPCKsAtvIIUZNQQS8CzocYCEQWcDzQGYB02ke %250AFSC4gOWBKwDpCDgF8DKQpKehT%252BP3sLLxXIsTVCUenUlJUhRiFCBIaG5vQkus %250A3WeRd8uQ56rA4WRG7DjiczlCaR5j%252Fx2lF0YFLCe3WIWnX7kl8vW5JPVC9E6Q %250AE0cuLcYbx7EM33llX2FCvBS5Hs2pnRHcDrxj%252B4lUtfz %252BvGJb8nPzBWK3ijik %250AoNHwC1l8fzlxAg9F6R1hUmPXEl9HaHghJD5dEoTWx5dVuBqSC %252FXtwOAPaJg6%250AuJB6wnTLgxaCpxkJMjC6X82%252Bsv7JNslhcsKInmRbIgdG9Tkvga6Lqa %252FvpVKU %250A59PTzY3%252BgU6%252F3QZx7ZSp3nUq1GJCQBOd6shLcgveUeGRlHwjUYXFI45oWL3%252B %250A%252Bgv%252FPgGvSsfKzSoyFAjfyu4R%252BK3obhxCjwb8LcS0TKiVBQ0efzH %252FDRm2hqai%250AEo7jtA4YRtmJdmGGK3K%252F1ez %252BBSaR03phAZ1X6V5FZxiV6amcUn14WX1x%252B8W2%250AS5zhKnGR5b9C %252BQKkw7YY5QNKgoKq8%252BjmEwzIq0wvMy4sn4wVfoqB%252FSMGma0t %250Akgsm0EelCjT66nbmD9hjS4cbPG8nOf21Blo5ny%252BQvFPc %252FY3IOhtvT9m6tHQ5%250AcDeJdWbW%252FN3JudVksZqPH3mjXLYZh %252BQLKd800rHS4Rt4nen2cWDYjaFdrg4T%250AgsTJYGkPDyifFmd %252FZzRM5POZNszFef%252B0XKYY3x%252BHEnLlAOmn4rbJtKMcaooS
[Puppet Users] Foreman 0.3 released
I'm pleased to announce the release of Foreman 0.3 Download from: Source: http://theforeman.org/attachments/download/237/foreman-0.3.tar.bz2 RPM: http://yum.theforeman.org/stable/RPMS/foreman-0.3-1.noarch.rpm It is recommended to upgrade your foreman smart proxy to the latest version as well. Highlights of this release include: SearchingAn extensive rewrite of the search system was performed. - Foreman now has a searchbar that prompts for possible search fields and values. - Searches can consist of multiple clauses with complex logic operations. - Previous searches can be saved as a bookmark and made public for others to use. - Many more search conditions, among them: - Host can be found by their parameters - Host can be found by their classes (direct associations or though host groups). - Host can be found by all valid combinations (e.g. multiple facts, report status, time stamps etc) - Audits search target have been greatly enhanced - All Search conditions could be used via the API as well - Search can apply on pages such as the dashboard (e.g. show only hosts in environment != development) Authorization - A user is always granted access to their own account information. This also allows Internal users to change their password even if they do not have edit rights on User. - Additional permission groups have been added to control access to nearly all of Foreman's feature. Charting - The graphing libraries have been replaced with the Highchart system. - Internet access is no longer required to view charts. - They look way better :p Virtualization - The hypervisor pages now show more information about their guests. - Virtual clients can now be deleted/stopped/started etc. Smart-proxy extensions - Puppet certificates can now be displayed, signed and revoked from within Foreman. - Autosign entries can be managed from within Foreman. API Many more operations that are available from the Web interface have been exposed via the API. These are just a few:- - Classes per host - Host's last report - Statistics can be retrieved - Complex search queries could be performed via the API as well using the same search syntax as in the UI Information for developers - The Backend Prototype Javascript library has been replaced with jQuery, thus providing a much richer set of graphical browser components Misc. - All communication between smart-proxies and Foreman could be encrypted over HTTPS channels. - Support for Scientific Linux has been added. - Most operations now refer to the host by its name rather than its id in the URL. - Selected hosts tickbox works across multiple pages. - Foreman handles unreachable proxies gracefully. - Hosts which report skipped operations are no longer considered as being in error state. - When creating or editing a host the provisioning templates that will be used are displayed. The complete changes list can be found here: http://theforeman.org/versions/show/4 As Usual, many thanks to all contributors and users!!! Have fun, Ohad -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] cucumber-puppet -- storeconfigs -- Feature #4724
Hi all, Firstly kudos on the Pro Puppet book James and Jeff. Exactly what I needed right now. I am trying to implement the cucumber-puppet tests and have the issue raised in the above feature concerning storeconfigs. The page mentions the following: Maybe this helps: https://gist.github.com/714765 require 'puppet/util/run_mode' $puppet_application_mode = Puppet::Util::RunMode.new(:master) require 'puppet' require 'puppet/rails' Puppet.settings.unsafe_parse('/etc/puppet/puppet.conf') Puppet::Rails.connect Where would I add/replace see this code? What does it do? message: warning: You cannot collect without storeconfigs being set on line 54 in file /etc/puppet/modules/roles/manifests/devel_webserver.pp cucumber-puppet --version 0.3.0 puppet --version 2.6.7 Cheers, Den -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Issue with change from absent to present failed...no such file or directory
I'm working on a DHCP module, modeled after this https://github.com/camptocamp/puppet-dhcp . Mine is just a much simpler version as I don't manage multiple OSes in my environment. However I cannot get my subnet file to create, this is the error from debug I get err: /Stage[main]/Fog_server/Dhcp::Subnet[10.1.0.1]/File[/etc/subnets/10.1.0.1.conf]/ensure: change from absent to present failed: Could not set 'present on ensure: No such file or directory - /etc/subnets/10.1.0.1.conf.puppettmp_5637 at /etc/puppet/modules/dhcp/manifests/definitions/subnet.pp:18 See below for the full output and my modules. Been pulling my hair out for past day over this so any help is greatly appreciated. Thanks - Trey == modules/dhcp/manifests/init.pp == import classes/*.pp import definitions/*.pp class dhcp { $dhcp_config_dir = /etc/dhcp include dhcp::server } == modules/dhcp/manifests/classes/server.pp == class dhcp::server { package {dhcp: ensure = present, } service {dhcpd: ensure = running, enable = true, require = Package[dhcp], } file {$dhcp_config_dir: ensure = directory, source = 'puppet:///dhcp/empty', recurse = true, purge = true, owner = 'root', group = 'root', mode= '755', require = Package['dhcp'], } file {$dhcp_config_dir/subnets: ensure = directory, source = 'puppet:///dhcp/empty', recurse = true, purge = true, owner = 'root', group = 'root', mode= '755', notify = Service['dhcpd'], require = File[$dhcp_config_dir], } file {/etc/dhcpd.conf: content = template(dhcp/dhcpd_conf.erb), ensure = present, require = Package[dhcp], notify = Service[dhcpd], } } == modules/dhcp/manifests/definitions/subnets.pp == define dhcp::subnet ( $name=false, $netmask=false, $range_start=false, $range_end=false, $router=false, $domain_name=false, $dns_servers=false, $pxe_opts=false) { file {/etc/subnets/$name.conf: ensure = present, owner = 'root', group = 'root', content = template(dhcp/subnet_conf.erb), notify = Service[dhcpd], require = File['/etc/dhcp/subnets'], } } == manifests/roles.pp == class role_dhcp_server { $my_role = dhcp_server $dhcpd_domain_name = tamu.edu $dhcpd_dns_servers = 0.0.0.0, 0.0.0.0 $dhcpd_authoritative = true $dhcpd_ddns_update = interim $dhcpd_opts = [ 'allow booting', 'allow bootp', 'use-host-decl-names on', 'ignore client-updates' ] include dhcp dhcp::subnet { 10.1.0.1: name= '10.1.0.1', netmask = '255.255.255.0', range_start = '10.1.0.10', range_end = '10.1.0.254', router = '10.1.0.1', domain_name = 'tamu.edu', dns_servers = 0.0.0.0, 0.0.0.0, pxe_opts= [ 'filename pxelinux.0;' ], } } == The error == # puppetd --test --debug -vvv debug: Failed to load library 'ldap' for feature 'ldap' debug: Puppet::Type::User::ProviderLdap: feature ldap is missing debug: Puppet::Type::User::ProviderUser_role_add: file rolemod does not exist debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/dscl does not exist debug: Puppet::Type::User::ProviderPw: file pw does not exist debug: Failed to load library 'rubygems' for feature 'rubygems' debug: Failed to load library 'selinux' for feature 'selinux' debug: Puppet::Type::File::ProviderMicrosoft_windows: feature microsoft_windows is missing debug: /File[/var/lib/puppet/clientbucket]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/ssl/certs/ca.pem]: Autorequiring File[/var/lib/puppet/ssl/certs] debug: /File[/var/lib/puppet/ssl]: Autorequiring File[/var/lib/puppet] debug: /File[/etc/puppet/namespaceauth.conf]: Autorequiring File[/etc/puppet] debug: /File[/etc/puppet/puppet.conf]: Autorequiring File[/etc/puppet] debug: /File[/var/lib/puppet/state/last_run_summary.yaml]: Autorequiring File[/var/lib/puppet/state] debug: /File[/var/lib/puppet/state/last_run_report.yaml]: Autorequiring File[/var/lib/puppet/state] debug: /File[/var/log/puppet/http.log]: Autorequiring File[/var/log/puppet] debug: /File[/var/lib/puppet/client_yaml]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/ssl/certs]: Autorequiring File[/var/lib/puppet/ssl] debug: /File[/var/lib/puppet/ssl/crl.pem]: Autorequiring File[/var/lib/puppet/ssl] debug: /File[/var/lib/puppet/ssl/certificate_requests]: Autorequiring
[Puppet Users] Re: How do you handle deleted nodes with exported resources in this situation?
On Jun 6, 6:40 pm, Larry Ludwig larry...@gmail.com wrote: I have an issue where for a file type of an exported resource I must define as such: force = false, replace = false, Meaning the file is created, but do not replace after it's added. I do this because of the app modifies the config file after (I know bad idea on their part). How can I ensure this file is removed when I remove the node from the storeconfig database? 1) [ugly] You can create a local resource for each such file, with ensure = absent 2) You can manage the files' directory and all files and subdirectories in it, and use recurse = true, purge = true on the directory Note that both of these cause the file to *remain* absent, though the latter will adapt dynamically if the file in question becomes managed again. In general, is there a way to trigger a event puppet when a instance is removed? No. Puppet has no concept of node removal, and the master operates on behalf of a particular node only when that node requests a catalog, which a removed node cannot do. More generally, Puppet has no concept of un-managing anything. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: New Puppet report processors...
treydock wrote: This is the output from master.log during the failed puppet run. Sorry I meant the output from the master daemon puppetmasterd or puppet master. Thanks James -- James Turnbull Puppet Labs 1-503-734-8571 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Pushing changes to nodes
On 6/5/11 7:48 PM, Pavel Shevaev wrote: [snip] #puppet push What do you think? You can try puppet kick from the puppet master so that the puppet agent will initiate a pull request. Each of the puppet agent would need to be listening though. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Unable to use types from modules
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Michael, Thanks for your response. On 06/06/2011 09:32 PM, Michael Knox wrote: David, Are you using environments? This setup is not using environments yet (though it is planned). If so, you're probably hitting bug #4409 ( https://projects.puppetlabs.com/issues/4409 ) If not, have you restarted your puppet master? Yes, it does not seem to have any effect on this. Cheers 2011/6/7 Davíð Steinn Geirsson da...@basis.is Hi all, I'm having some problems using modules which define their own types and providers. It seems the puppet client does not recognise them, even though they are set up according to the structure suggested in http://docs.puppetlabs.com/guides/plugins_in_modules.html I was initially trying to use the glassfish class from https://github.com/larstobi/puppet-glassfish. Since then I've tried some others, including this very simple VCS provider: https://github.com/jamtur01/puppet/commit/a1fcf677759858f22fccba0a383f2aa4e6a92e54 My module tree (/opt/puppet/etc/modules/subversiontest) is set up as follows: ./puppet/type/repo/repo.pp ./puppet/provider/repo/svn.pp ./puppet/provider/repo/git.pp ./manifests/init.pp My init.pp simply defines a basic resource from this: class subversiontest { repo { wp: source = http://core.svn.wordpress.org/trunk/;, path = /tmp/wp, ensure = present, } } I have set pluginsync = true under the [main] section of both the master and agent. Howver, when I try to apply this module, I always get an error regarding the type being unknown: err: Could not retrieve catalog from remote server: Error 400 on SERVER: Could not find resource type repo at /opt/puppet/etc/modules/subversiontest/manifests/init.pp:6 on node rhel6test.skyrr.median.local My versions are: root@pmonitor02 ~ # puppetmasterd --version 0.25.4 root@rhel6test puppet # puppetd --version 0.25.5 I'm sure my mistake is very basic, but I've been stuck on this for a while. Can anyone provide suggestions on what could be wrong in my setup? Best regards, David Best regards, David - -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk3t6iYACgkQKXQCZqH9wfxY3ACghqobImDI2r8ggU/a7SdJ7vfP w28AnRolkNtP3Hx8pCkYCJrjTMr9NtyN =IV9C -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: [foreman-users] Foreman 0.3 released
Horray! Sent from my iPhone On Jun 7, 2011, at 1:15 AM, Ohad Levy ohadl...@gmail.com wrote: I'm pleased to announce the release of Foreman 0.3 Download from: Source: http://theforeman.org/attachments/download/237/foreman-0.3.tar.bz2 RPM: http://yum.theforeman.org/stable/RPMS/foreman-0.3-1.noarch.rpm It is recommended to upgrade your foreman smart proxy to the latest version as well. Highlights of this release include: Searching An extensive rewrite of the search system was performed. Foreman now has a searchbar that prompts for possible search fields and values. Searches can consist of multiple clauses with complex logic operations. Previous searches can be saved as a bookmark and made public for others to use. Many more search conditions, among them: Host can be found by their parameters Host can be found by their classes (direct associations or though host groups). Host can be found by all valid combinations (e.g. multiple facts, report status, time stamps etc) Audits search target have been greatly enhanced All Search conditions could be used via the API as well Search can apply on pages such as the dashboard (e.g. show only hosts in environment != development) Authorization A user is always granted access to their own account information. This also allows Internal users to change their password even if they do not have edit rights on User. Additional permission groups have been added to control access to nearly all of Foreman's feature. Charting The graphing libraries have been replaced with the Highchart system. Internet access is no longer required to view charts. They look way better :p Virtualization The hypervisor pages now show more information about their guests. Virtual clients can now be deleted/stopped/started etc. Smart-proxy extensions Puppet certificates can now be displayed, signed and revoked from within Foreman. Autosign entries can be managed from within Foreman. API Many more operations that are available from the Web interface have been exposed via the API. These are just a few:- Classes per host Host's last report Statistics can be retrieved Complex search queries could be performed via the API as well using the same search syntax as in the UI Information for developers The Backend Prototype Javascript library has been replaced with jQuery, thus providing a much richer set of graphical browser components Misc. All communication between smart-proxies and Foreman could be encrypted over HTTPS channels. Support for Scientific Linux has been added. Most operations now refer to the host by its name rather than its id in the URL. Selected hosts tickbox works across multiple pages. Foreman handles unreachable proxies gracefully. Hosts which report skipped operations are no longer considered as being in error state. When creating or editing a host the provisioning templates that will be used are displayed. The complete changes list can be found here: http://theforeman.org/versions/show/4 As Usual, many thanks to all contributors and users!!! Have fun, Ohad -- You received this message because you are subscribed to the Google Groups Foreman users group. To post to this group, send email to foreman-us...@googlegroups.com. To unsubscribe from this group, send email to foreman-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/foreman-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
RE: [Puppet Users] logging output at err level, success as just a notice?
Helwig: Unfortunately, the documentation is just plain wrong. loglevel is the only one that supports any legal log level. logoutput really does only support true, false, and on_failure. Is pwck exiting non-zero when there is output? That should be sufficient to trigger the behavior it seems like you're looking for if you have 'logoutput = on_failure' in the exec. pwck indeed behaves nicely with its exitcodes - the problem is I want the output to be an err, not a notice: notice: /Stage[main]/User::Valid/Exec[pwck]/returns: user 'foo': directory '/home/foo' does not exist notice: /Stage[main]/User::Valid/Exec[pwck]/returns: pwck: no changes err: /Stage[main]/User::Valid/Exec[pwck]/returns: change from notrun to 0 failed: /usr/sbin/pwck -r returned 2 instead of one of [0] at /etc/puppet/modules/user/manifests/valid.pp:11 If I set loglevel = err, that makes the output purple, but if pwck is happy, the loglevel setting also makes the ran successfully message an err. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: How do you handle deleted nodes with exported resources in this situation?
On Tue, Jun 07, 2011 at 07:10:22AM -0700, jcbollinger wrote: On Jun 6, 6:40 pm, Larry Ludwig larry...@gmail.com wrote: I have an issue where for a file type of an exported resource I must define as such: force = false, replace = false, Meaning the file is created, but do not replace after it's added. I do this because of the app modifies the config file after (I know bad idea on their part). How can I ensure this file is removed when I remove the node from the storeconfig database? You can download the puppet sources. In the ext Directory you'll find a script »puppetstoredconfigclean.rb NODE_TO_BE_REMOVED«. AFAIK the script will set the ensure property of all exported resources of the specified host to absent. -Stefan pgpgxqMYrkKKj.pgp Description: PGP signature
[Puppet Users] NGINX Puppet Module: Looking for Feedback/Use Cases
Hello everyone, I'm currently working on a module for NGINX that I'd love to get some input on. Code can be found here: http://github.com/puppetlabs/puppetlabs-nginx. This module is currently in development - it supports a few use cases: * Create a vhost * Create multiple location references for a vhost * Create Proxy Upstream references to be used by Nginx * Allow SSL configuration (auto-generation of the SSL Cert is not supported right now - not sure how useful this would be to folks) Things that would also be useful that I'm immediately aware of: * Adding of rewrite rules * Adding regex support of a location * Other OS Support: Only various Linux distros have been tested as of right now. My ask is this: I'm really interested in the various use cases of nginx that are used by the community today that we can roll into this module. Thanks! -jamison -- Jamison Fryman jami...@puppetlabs.com ph +1.615.669.2048 | twitter jfryman | gtalk: jami...@puppetlabs.com -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Issue with change from absent to present failed...no such file or directory
Trey, It looks like the module is attempting to create a file resource in /etc/subnets, versus your intended directory of $dhcp_config_dir/subnets. Puppet is creating an error because the directory /etc/subnets does not exist, and puppet will not automatically create the directory if it is not managed. I'm not sure if this is your intended behavior after looking at your code. Try this instead: In your custom resource block dhcp::subnet, change the file resource from /etc/subnets/$name.conf to ${dhcp_config_dir}/subnets/${name}.conf. This might be the behavior you're looking for. -jamison -- Jamison Fryman jami...@puppetlabs.com ph +1.615.669.2048 | twitter jfryman | gtalk: jami...@puppetlabs.com On Jun 7, 2011, at 8:40 AM, Trey Dockendorf wrote: I'm working on a DHCP module, modeled after this https://github.com/camptocamp/puppet-dhcp . Mine is just a much simpler version as I don't manage multiple OSes in my environment. However I cannot get my subnet file to create, this is the error from debug I get err: /Stage[main]/Fog_server/Dhcp::Subnet[10.1.0.1]/File[/etc/subnets/10.1.0.1.conf]/ensure: change from absent to present failed: Could not set 'present on ensure: No such file or directory - /etc/subnets/10.1.0.1.conf.puppettmp_5637 at /etc/puppet/modules/dhcp/manifests/definitions/subnet.pp:18 See below for the full output and my modules. Been pulling my hair out for past day over this so any help is greatly appreciated. Thanks - Trey == modules/dhcp/manifests/init.pp == import classes/*.pp import definitions/*.pp class dhcp { $dhcp_config_dir = /etc/dhcp include dhcp::server } == modules/dhcp/manifests/classes/server.pp == class dhcp::server { package {dhcp: ensure = present, } service {dhcpd: ensure = running, enable = true, require = Package[dhcp], } file {$dhcp_config_dir: ensure = directory, source = 'puppet:///dhcp/empty', recurse = true, purge = true, owner = 'root', group = 'root', mode= '755', require = Package['dhcp'], } file {$dhcp_config_dir/subnets: ensure = directory, source = 'puppet:///dhcp/empty', recurse = true, purge = true, owner = 'root', group = 'root', mode= '755', notify = Service['dhcpd'], require = File[$dhcp_config_dir], } file {/etc/dhcpd.conf: content = template(dhcp/dhcpd_conf.erb), ensure = present, require = Package[dhcp], notify = Service[dhcpd], } } == modules/dhcp/manifests/definitions/subnets.pp == define dhcp::subnet ( $name=false, $netmask=false, $range_start=false, $range_end=false, $router=false, $domain_name=false, $dns_servers=false, $pxe_opts=false) { file {/etc/subnets/$name.conf: ensure = present, owner = 'root', group = 'root', content = template(dhcp/subnet_conf.erb), notify = Service[dhcpd], require = File['/etc/dhcp/subnets'], } } == manifests/roles.pp == class role_dhcp_server { $my_role = dhcp_server $dhcpd_domain_name = tamu.edu $dhcpd_dns_servers = 0.0.0.0, 0.0.0.0 $dhcpd_authoritative = true $dhcpd_ddns_update = interim $dhcpd_opts = [ 'allow booting', 'allow bootp', 'use-host-decl-names on', 'ignore client-updates' ] include dhcp dhcp::subnet { 10.1.0.1: name= '10.1.0.1', netmask = '255.255.255.0', range_start = '10.1.0.10', range_end = '10.1.0.254', router = '10.1.0.1', domain_name = 'tamu.edu', dns_servers = 0.0.0.0, 0.0.0.0, pxe_opts= [ 'filename pxelinux.0;' ], } } == The error == # puppetd --test --debug -vvv debug: Failed to load library 'ldap' for feature 'ldap' debug: Puppet::Type::User::ProviderLdap: feature ldap is missing debug: Puppet::Type::User::ProviderUser_role_add: file rolemod does not exist debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/dscl does not exist debug: Puppet::Type::User::ProviderPw: file pw does not exist debug: Failed to load library 'rubygems' for feature 'rubygems' debug: Failed to load library 'selinux' for feature 'selinux' debug: Puppet::Type::File::ProviderMicrosoft_windows: feature microsoft_windows is missing debug: /File[/var/lib/puppet/clientbucket]: Autorequiring
Re: [Puppet Users] Changes on master applied only on second run on nodes
On Jun 7, 2011, at 12:19 AM, Maxim Ivanov wrote: Hi! If I change manifest on master and then immediately run puppet agent --no-daemonize --report --pluginsync --onetime then it still uses old version of manifest. When I run it second time it sees changes and applies them. Why is it like that? I'm assuming you're using Passenger. If so, that bug is on file. I'm hoping it'll be fixed soon. Is it intended to be so? No -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Changes on master applied only on second run on nodes
On Tue, 07 Jun 2011 00:19:07 -0700, Maxim Ivanov wrote: Hi! If I change manifest on master and then immediately run puppet agent --no-daemonize --report --pluginsync --onetime then it still uses old version of manifest. When I run it second time it sees changes and applies them. Why is it like that? Is it intended to be so? There is an adjustable quiet period where the master will not pick up changes to the manifest after having loaded a new manifest. This is controlled by the filetimeout setting, which defaults to 15 seconds. If immediately doesn't actually mean immediately, but after the file timeout, then you may be running into #5318[1], which should be fixed in the next version of 2.6, and in 2.7 when it comes out. http://projects.puppetlabs.com/issues/5318 -- Jacob Helwig signature.asc Description: Digital signature
Re: [Puppet Users] logging output at err level, success as just a notice?
On Tue, 07 Jun 2011 10:29:12 -0500, Jennings, Jared L CTR USAF AFMC 46 SK/CCI wrote: Helwig: Unfortunately, the documentation is just plain wrong. loglevel is the only one that supports any legal log level. logoutput really does only support true, false, and on_failure. Is pwck exiting non-zero when there is output? That should be sufficient to trigger the behavior it seems like you're looking for if you have 'logoutput = on_failure' in the exec. pwck indeed behaves nicely with its exitcodes - the problem is I want the output to be an err, not a notice: notice: /Stage[main]/User::Valid/Exec[pwck]/returns: user 'foo': directory '/home/foo' does not exist notice: /Stage[main]/User::Valid/Exec[pwck]/returns: pwck: no changes err: /Stage[main]/User::Valid/Exec[pwck]/returns: change from notrun to 0 failed: /usr/sbin/pwck -r returned 2 instead of one of [0] at /etc/puppet/modules/user/manifests/valid.pp:11 If I set loglevel = err, that makes the output purple, but if pwck is happy, the loglevel setting also makes the ran successfully message an err. Hm...yeah, sorry. I hadn't noticed that the actual output was notice, and not err when the command fails. I was just testing around with echo, and setting returns = 1 to get it to fail, but I guess I just wasn't looking closely enough. You can kind of hack Puppet to do this now, but only if the command you're running is purely checking things, and does not have any side-effects. exec { 'pwck -r': path = '/usr/bin:/bin:/usr/sbin:/sbin', logoutput = on_failure, loglevel = err, unless= 'pwck -r', } By doing the unless = 'pwck -r', the resource won't even show up as having been run if 'pwck -r' returns 0. Having to run the command twice is a hack, but it's the best I can think of at the moment. Seems reasonable that when logoutput = on_failure the actual output should be logged as an err, instead of a notice. Would you mind filing a feature request on the issue tracker[1]? [1] http://projects.puppetlabs.com -- Jacob Helwig signature.asc Description: Digital signature
[Puppet Users] ! $is_virtual
All, Running this on a bare metal server. Package doesn't get installed, therefore condition is false. Why? if ! ($is_virtual) { package { 'vlock': ensure = installed; } } [pax] app01 ~:# facter | grep is_virtual is_virtual = false Oh... don't tell me that 'false' isn't false? Doug. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] ! $is_virtual
On Tue, 07 Jun 2011 11:09:32 -0700, Douglas Garstang wrote: All, Running this on a bare metal server. Package doesn't get installed, therefore condition is false. Why? if ! ($is_virtual) { package { 'vlock': ensure = installed; } } [pax] app01 ~:# facter | grep is_virtual is_virtual = false Oh... don't tell me that 'false' isn't false? Doug. Nope, it's not. It's the string false. I've heard some talk about Facter supporting richer/structured data eventually[1], but we haven't had much time to move forward on that front. Hopefully as things ramp up with our recent Open Source Team, and as we increase community involvement in development of Puppet/Facter/Dashboard/etc some progress will be able to made towards that end. [1] http://groups.google.com/group/puppet-dev/browse_thread/thread/7c2139b05f96d218/e5a70336f43e6c7d -- Jacob Helwig signature.asc Description: Digital signature
[Puppet Users] Re: New Puppet report processors...
Excuse the dumb question, but what file is the default location or what configuration variable defines that location? I've noticed the bulk of puppetmaster logs go either in /var/log/ puppet/masterhttp.log (previous message) or /var/log/message (syslog I'm assuming). Or is there a different place I should be looking? Thanks - Trey On Jun 7, 9:29 am, James Turnbull ja...@puppetlabs.com wrote: treydock wrote: This is the output from master.log during the failed puppet run. Sorry I meant the output from the master daemon puppetmasterd or puppet master. Thanks James -- James Turnbull Puppet Labs 1-503-734-8571 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Issue with change from absent to present failed...no such file or directory
Ah that did the trick...now a new error. I tried simplifying the module from camptocamp, https://github.com/camptocamp/puppet-dhcp, but a lot of it's usage I don't understand, and as such my simplification just broke it. I've got it much farther now...near the end of puppet run I get this error... err: Could not run Puppet configuration client: Parameter source failed: Could not understand source false: private method `gsub' called for false:FalseClass at /etc/puppet/modules/common/manifests/ definitions/concatfilepart.pp:51 This is the first time to use the puppet-common, https://github.com/camptocamp/puppet-common, module and that seems to be what's generating the error. Below is the updated config and debug output...The node I'm testing on has include fog_server === manifests/init.pp === import classes/*.pp import definitions/*.pp class dhcp { include dhcp::server } === manifests/classes/server.pp === class dhcp::server { include dhcp::params package {dhcp: ensure = present, } service {dhcpd: ensure = running, enable = true, require = Package[dhcp], } file {${dhcp::params::dhcp_config_dir}/subnets: ensure = directory, source = 'puppet:///dhcp/empty', recurse = true, purge = true, owner = 'root', group = 'root', mode= '755', notify = Service['dhcpd'], require = Package['dhcp'], } common::concatfilepart {00.dhcp.server.base: file= ${dhcp::params::dhcp_config_dir}/dhcpd.conf, ensure = present, require = Package[dhcp], notify = Service[dhcpd], } file {/etc/dhcpd.conf: content = template(dhcp/dhcpd_conf.erb), ensure = present, require = Package[dhcp], notify = Service[dhcpd], } } === manifests/classes/params.pp === /* = Class: dhcp::params Do NOT include this class - it won't do anything. Set variables for names and paths */ class dhcp::params { case $operatingsystem { CentOS: { $dhcp_config_dir = $operatingsystemrelease? { 5.6 = /etc/dhcp, } } } } === manifests/definitions/subnet.pp === define dhcp::subnet ( $name=false, $netmask=false, $range_start=false, $range_end=false, $router=false, $domain_name=false, $dns_servers=false, $pxe_opts=false) { include dhcp::params common::concatfilepart {dhcp.${name}: file = ${dhcp::params::dhcp_config_dir}/dhcpd.conf, ensure = $ensure, content = include \${dhcp::params::dhcp_config_dir}/subnets/ ${name}.conf\;\n, } file {${dhcp::params::dhcp_config_dir}/subnets/${name}.conf: ensure = present, owner = 'root', group = 'root', content = template(dhcp/subnet_conf.erb), notify = Service[dhcpd], } } === manifests/roles.pp === class role_dhcp_server { $my_role = dhcp_server $dhcpd_domain_name = tamu.edu $dhcpd_dns_servers = 0.0.0.0, 0.0.0.0 $dhcpd_authoritative = true $dhcpd_ddns_update = interim $dhcpd_opts = [ 'allow booting', 'allow bootp', 'use-host-decl- names on', 'ignore client-updates;' ] include dhcp } class fog_server { include role_dhcp_server dhcp::subnet { 10.1.0.1: name= '10.1.0.1', netmask = '255.255.255.0', range_start = '10.1.0.10', range_end = '10.1.0.254', router = '10.1.0.1', domain_name = 'tamu.edu', dns_servers = 0.0.0.0, 0.0.0.0, pxe_opts= [ 'filename pxelinux.0;' ], } } Thanks - Trey On Jun 7, 11:14 am, Jamison Fryman jami...@puppetlabs.com wrote: Trey, It looks like the module is attempting to create a file resource in /etc/subnets, versus your intended directory of $dhcp_config_dir/subnets. Puppet is creating an error because the directory /etc/subnets does not exist, and puppet will not automatically create the directory if it is not managed. I'm not sure if this is your intended behavior after looking at your code. Try this instead: In your custom resource block dhcp::subnet, change the file resource from /etc/subnets/$name.conf to ${dhcp_config_dir}/subnets/${name}.conf. This might be the behavior you're looking for. -jamison -- Jamison Fryman jami...@puppetlabs.com ph +1.615.669.2048 | twitter jfryman | gtalk: jami...@puppetlabs.com On Jun 7, 2011, at 8:40 AM, Trey Dockendorf wrote: I'm working on a DHCP module, modeled after thishttps://github.com/camptocamp/puppet-dhcp. Mine is just a much simpler
Re: [Puppet Users] Re: New Puppet report processors...
treydock wrote: Excuse the dumb question, but what file is the default location or what configuration variable defines that location? I've noticed the bulk of puppetmaster logs go either in /var/log/ puppet/masterhttp.log (previous message) or /var/log/message (syslog I'm assuming). Or is there a different place I should be looking? On the Puppet master it defaults to syslog - so it'll end up in /var/log/messages. Regards James -- James Turnbull Puppet Labs 1-503-734-8571 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: PC EU feedback: spaceship operator too magical, hard to read
On May 21, 8:52 am, Nan Liu n...@puppetlabs.com wrote: On Fri, May 20, 2011 at 8:20 PM, Randall Hansen rand...@puppetlabs.com wrote: http://projects.puppetlabs.com/issues/7606 The spaceship operator: User | group == sysadmin or title == luke | Is relatively easy to type but, if you don’t know it, very hard to read. We should consider a word-based syntax, e.g.: collect User { group == sysadmin or title == luke } User search { group == sysadmin or title == luke } Please comment on the ticket or reply here, whichever you prefer. I actually prefer the old syntax because we currently we support the usage of: User | title == puppet | { noop = true } Would the new syntax deprecate this feature? It seems rather confusing to read: collect User { group == sysadmin or title == luke } { noop = true } On this subject, should we support regular expression? User | title =~ /*adm/ | Should we allow referencing of resources using this syntax? require = User[ group == sysadmin ] My agreement is here with Nan. I think the ability to override at collection time is a required feature. I feel mixing two sets of {} in this situation to be a bad idea. I am fine with the word based collect and search syntax but the first set {} need to be different. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Puppet Reports: Configuration is (Almost) Utterly Ignored
I'm using puppet and puppet master (running with Apache and Passenger) and the only thing that is being done is that yaml reports are being saved to /var/lib/puppet/reports/#{host}/ I'm getting no log reports, and no email reports. No messages of any kind. /var/log/puppet/masterhttp.log is empty - as it has been since the puppet master was installed. /var/log/messages contain log entries from puppet-agent and puppet- master, but no log reports. Running puppet agent --test --reports=tagmail,store,log --debug -vvv shows no reports being generated or any debugging related to reports at all. The report generators are stored in /usr/lib/ruby/1.8/puppet/reports (including http.rb, log.rb, rrdgraph.rb, store.rb, and tagmail.rb). The installation is Ubuntu Server Lucid Lynx and the puppet binaries are from Mathiaz puppet backports for Lucid. Puppet is v2.6.3. Configuration (sanitized): [main] # For custom plugins pluginsync = true # Puppet server server = ourserver.example # Don't all run at once splay = true # Tags tagmap = $confdir/tagmail.conf logdir = /var/log/puppet vardir = /var/lib/puppet ssldir = /var/lib/puppet/ssl rundir = /var/run/puppet factpath = $vardir/lib/facter templatedir = $confdir/templates prerun_command = /etc/puppet/etckeeper-commit-pre postrun_command = /etc/puppet/etckeeper-commit-post [agent] # Reports report = true pluginsync = true reports = tagmail,store,log [master] # These are needed when the puppetmaster is run by passenger (and we do) ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY # BAD: change this to something more restrictive autosign = true # Reports reports = tagmail,store,log report = true -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Virtual resources and hashes
Hmmm, either I'm doing something wrong or virtual resources are incompatible with hashes. When I do this: $users = [{ username = bill, uid = 12345 }, { username = ted, uid = 12346 }] define usertest ($alias = $name[username]) { user {$name[username]: ensure = present, uid= $name[uid] } } @usertest { $users: } realize Usertest[bill] I get this: warning: alias is a metaparam; this value will inherit to all contained resources Failed to realize virtual resources Usertest[bill] on node Which seems unfortunate. Hash support is a really cool idea but I keep tripping over parts of Puppet that don't handle it well. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Puppet Reports: Configuration is (Almost) Utterly Ignored
Argh! I figured it out... Mail filter caught the messages and sent them off somewhere else. Thanks anyway! On Jun 7, 5:57 pm, David Douthitt ddouth...@acm.org wrote: I'm using puppet and puppet master (running with Apache and Passenger) and the only thing that is being done is that yaml reports are being saved to /var/lib/puppet/reports/#{host}/ I'm getting no log reports, and no email reports. No messages of any kind. /var/log/puppet/masterhttp.log is empty - as it has been since the puppet master was installed. /var/log/messages contain log entries from puppet-agent and puppet- master, but no log reports. Running puppet agent --test --reports=tagmail,store,log --debug -vvv shows no reports being generated or any debugging related to reports at all. The report generators are stored in /usr/lib/ruby/1.8/puppet/reports (including http.rb, log.rb, rrdgraph.rb, store.rb, and tagmail.rb). The installation is Ubuntu Server Lucid Lynx and the puppet binaries are from Mathiaz puppet backports for Lucid. Puppet is v2.6.3. Configuration (sanitized): [main] # For custom plugins pluginsync = true # Puppet server server = ourserver.example # Don't all run at once splay = true # Tags tagmap = $confdir/tagmail.conf logdir = /var/log/puppet vardir = /var/lib/puppet ssldir = /var/lib/puppet/ssl rundir = /var/run/puppet factpath = $vardir/lib/facter templatedir = $confdir/templates prerun_command = /etc/puppet/etckeeper-commit-pre postrun_command = /etc/puppet/etckeeper-commit-post [agent] # Reports report = true pluginsync = true reports = tagmail,store,log [master] # These are needed when the puppetmaster is run by passenger (and we do) ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY # BAD: change this to something more restrictive autosign = true # Reports reports = tagmail,store,log report = true -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: New Puppet report processors...
Ok I restarted puppetmaster daemon and then broke a module to create a failed puppet run on the same host as the master...and here's /var/log/ messages from that Jun 7 18:37:19 puppetmaster puppet-master[27426]: Reopening log files Jun 7 18:37:19 puppetmaster puppet-master[27426]: Starting Puppet master version 2.6.8 Jun 7 18:37:19 puppetmaster puppet-master[27426]: (mount[files]) allowing * access Jun 7 18:37:19 puppetmaster puppet-master[27426]: (mount[modules]) allowing * access Jun 7 18:37:19 puppetmaster puppet-master[27426]: (mount[plugins]) allowing * access Jun 7 18:37:32 puppetmaster puppet-agent[27636]: Ignoring --listen on onetime run Jun 7 18:37:32 puppetmaster puppet-agent[27636]: Retrieving plugin Jun 7 18:37:33 puppetmaster puppet-master[27426]: (access[^/catalog/ ([^/]+)$]) allowing 'method' find Jun 7 18:37:33 puppetmaster puppet-master[27426]: (access[^/catalog/ ([^/]+)$]) allowing $1 access Jun 7 18:37:33 puppetmaster puppet-master[27426]: (access[/ certificate_revocation_list/ca]) allowing 'method' find Jun 7 18:37:33 puppetmaster puppet-master[27426]: (access[/ certificate_revocation_list/ca]) allowing * access Jun 7 18:37:33 puppetmaster puppet-master[27426]: (access[/report]) allowing 'method' save Jun 7 18:37:33 puppetmaster puppet-master[27426]: (access[/report]) allowing * access Jun 7 18:37:33 puppetmaster puppet-master[27426]: (access[/file]) allowing * access Jun 7 18:37:33 puppetmaster puppet-master[27426]: (access[/ certificate/ca]) adding authentication no Jun 7 18:37:33 puppetmaster puppet-master[27426]: (access[/ certificate/ca]) allowing 'method' find Jun 7 18:37:33 puppetmaster puppet-master[27426]: (access[/ certificate/ca]) allowing * access Jun 7 18:37:33 puppetmaster puppet-master[27426]: (access[/ certificate/]) adding authentication no Jun 7 18:37:33 puppetmaster puppet-master[27426]: (access[/ certificate/]) allowing 'method' find Jun 7 18:37:33 puppetmaster puppet-master[27426]: (access[/ certificate/]) allowing * access Jun 7 18:37:33 puppetmaster puppet-master[27426]: (access[/ certificate_request]) adding authentication no Jun 7 18:37:33 puppetmaster puppet-master[27426]: (access[/ certificate_request]) allowing 'method' find Jun 7 18:37:33 puppetmaster puppet-master[27426]: (access[/ certificate_request]) allowing 'method' save Jun 7 18:37:33 puppetmaster puppet-master[27426]: (access[/ certificate_request]) allowing * access Jun 7 18:37:33 puppetmaster puppet-master[27426]: (access[/facts]) adding authentication yes Jun 7 18:37:33 puppetmaster puppet-master[27426]: (access[/facts]) allowing 'method' find Jun 7 18:37:33 puppetmaster puppet-master[27426]: (access[/facts]) allowing 'method' search Jun 7 18:37:33 puppetmaster puppet-master[27426]: (access[/facts]) allowing 'method' save Jun 7 18:37:33 puppetmaster puppet-master[27426]: (access[/facts]) allowing * access Jun 7 18:37:33 puppetmaster puppet-master[27426]: (access[/ inventory]) allowing 'method' search Jun 7 18:37:33 puppetmaster puppet-master[27426]: (access[/ inventory]) allowing * access Jun 7 18:37:33 puppetmaster puppet-master[27426]: Inserting default '/ status'(auth) ACL because none were found in '/etc/puppet/auth.conf' Jun 7 18:37:33 puppetmaster puppet-master[27426]: (mount[files]) allowing * access Jun 7 18:37:33 puppetmaster puppet-master[27426]: (mount[modules]) allowing * access Jun 7 18:37:33 puppetmaster puppet-master[27426]: (mount[plugins]) allowing * access Jun 7 18:37:33 puppetmaster puppet-agent[27636]: Loading facts in mysql Jun 7 18:37:33 puppetmaster puppet-agent[27636]: Loading facts in mysql Jun 7 18:37:33 puppetmaster puppet-agent[27636]: Loading facts in mysql Jun 7 18:37:33 puppetmaster puppet-agent[27636]: Loading facts in mysql Jun 7 18:37:36 puppetmaster puppet-master[27426]: Expiring the node cache of puppetmaster.tamu.edu Jun 7 18:37:36 puppetmaster puppet-master[27426]: Not using expired node for puppetmaster.tamu.edu from cache; expired at Tue Jun 07 18:36:36 -0500 2011 Jun 7 18:37:36 puppetmaster puppet-master[27426]: Caching node for puppetmaster.tamu.edu Jun 7 18:37:39 puppetmaster puppet-master[27426]: Could not find class backuppc::clien for puppetmaster.tamu.edu Jun 7 18:37:39 puppetmaster puppet-master[27426]: Could not find class backuppc::clien at /etc/puppet/manifests/nodes.pp:14 on node puppetmaster.tamu.edu Jun 7 18:37:39 puppetmaster puppet-master[27426]: Could not find class backuppc::clien at /etc/puppet/manifests/nodes.pp:14 on node puppetmaster.tamu.edu Jun 7 18:37:39 puppetmaster puppet-agent[27636]: Could not retrieve catalog from remote server: Error 400 on SERVER: Could not find class backuppc::clien at /etc/puppet/manifests/nodes.pp:14 on node puppetmaster.tamu.edu Jun 7 18:37:39 puppetmaster puppet-agent[27636]: Not using cache on failed catalog Jun 7 18:37:39 puppetmaster puppet-agent[27636]: Could not retrieve catalog; skipping run Also that doesn't seem like much debug output...incase
Re: [Puppet Users] Re: New Puppet report processors...
treydock wrote: Ok I restarted puppetmaster daemon and then broke a module to create a failed puppet run on the same host as the master...and here's /var/log/ messages from that Can I confirm you have: [master] report = true reports = xmpp [agent] report = true In your puppet.conf on the master and the [agent] block on the client? You mentioned an issue with the xmpp.yaml file? That should have you Jabber jid, password, target etc and be located in /etc/puppet on the master - not sync'ed with the module. Regards James Turnbull -- James Turnbull Puppet Labs 1-503-734-8571 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: New Puppet report processors...
My [master] has : report = true reports = http, store, xmpp pluginsync = true The [agent] includes: report = true listen = true pluginsync = true The second agent I tested with also has the same configuration as the above [agent] Correct, the xmpp.yaml has all that information. What I was asking about the remote client not having mail.yaml is I enabled pluginsync on the remove client to see if the results would differ and it failed stating the mail.yaml was missing (locally on the client). But if the repots = xmpp is only defined for [master] then should I not include pluginsync = true on the clients? Thanks - Trey On Jun 7, 7:32 pm, James Turnbull ja...@puppetlabs.com wrote: treydock wrote: Ok I restarted puppetmaster daemon and then broke a module to create a failed puppet run on the same host as the master...and here's /var/log/ messages from that Can I confirm you have: [master] report = true reports = xmpp [agent] report = true In your puppet.conf on the master and the [agent] block on the client? You mentioned an issue with the xmpp.yaml file? That should have you Jabber jid, password, target etc and be located in /etc/puppet on the master - not sync'ed with the module. Regards James Turnbull -- James Turnbull Puppet Labs 1-503-734-8571 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Dealing with samhain
(zombie thread rar!) Where this comes up for me is when I have packages set to latest. There's not really any way, I don't think, to integrate samhain into this process (that is, to say I just installed this package with apt, so update those files). which is pretty unfortunate, really; that seems like a fairly basic feature for something like samhain. Something like run this, and update every file it touches cuz I'm OK with that. -Robin On Fri, Jan 08, 2010 at 09:06:13PM -0500, Trevor Vaughan wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Vince, If you really want to do this, I would do the first scenario you describe with a few key points. 1) Let puppet run 2) Have an exec in puppet that runs a job in the background that does the following: - Waits until all puppet instances have finished running - Runs a samhain check against the system and e-mails/syslogs it to the admin - Re-initializes the database. This way, you're sure that puppet is done running and you get a copy of the last 'change' state of the system in case someone has planted something since the last run. Basically, you're effectively defeating a great deal of the purpose of samhain, which is to protect against unknown changes. If you automatically reinitialize the database, then you run the high risk of someone being able to plant something during the next initialization. You also are going to be putting a heavy load on your system on a fairly regular basis. What I would instead suggest is to only use samhain to monitor those items that Puppet is not already watching. Puppet will, of course, change any file to its proper state, so having samhain watch it as well is redundant effort on the part of your system. You may, however, have perfectly good reasons for doing it this way. If you're using a Linux or Solaris system, you may also want to look at the built in auditing subsystems and/or inotify for real-time notification functionality. Trevor On 01/08/2010 04:41 PM, Vince wrote: We just starting using samhain on our servers. Since updates to our puppet manifests tend to change files on the system that samhain monitors, I'm looking for a good way to reinitialize the samhain database whenever puppet changes something on the system to reduce notifications that samhain produces. I'm wondering if anyone has an elegant way of dealing with this. Ideally we do something like this: 1. let puppet run 2. if any files changed during the puppet run, then puppet will automatically reinitialize samhain or even if we can do something like this it would be fine: 1. have puppet disable samhain before it processes its manifests 2. apply manifest changes 3. reinitialize the samhain database 4. enable samhain Any suggestions would be very helpful. Thanks. - -- Trevor Vaughan Vice President, Onyx Point, Inc. email: tvaug...@onyxpoint.com phone: 410-541-ONYX (6699) - -- This account not approved for unencrypted sensitive information -- -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAktH5JEACgkQyWMIJmxwHpTUQQCgrGD90YQcMiUV7SbsrNNIrY7h 884An0f6XKVrqGKnXKVkWfoFwBPbtQfC =wp0h -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- http://singinst.org/ : Our last, best hope for a fantastic future. Lojban (http://www.lojban.org/): The language in which this parrot is dead is ti poi spitaki cu morsi, but this sentence is false is na nei. My personal page: http://www.digitalkingdom.org/rlp/ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.