Re: [Puppet Users] Skipping Tags?
Use puppet apply file.pp Or don't deploy webapps with Puppet. That's probably a better idea. On Tue, Jul 19, 2011 at 10:32 PM, Douglas Garstang doug.garst...@gmail.comwrote: All, Is there a way to tell puppet to run, but to skip/ignore resources with a certain tag? The use case is tagging certain resources as, say, 'software deployment', and then having the resources tagged as that always ignored unless specifically told to do so? We'd like to put software deployment stuff into puppet, but only have it actually run when we tell it to. Doug -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Modules for Solaris
I'm considering the opportunity of adding (basic) Solaris support to my modules ( www.example42.com) but before starting I'd like to gather some info about best practices and standards. I've to admit that I've not a great working Solaris experience, so I actually don't know how people use it, what versions are more used and so on. So let's begin with few points: - What version? I'm tempted to begin only with Solaris 10, in order to avoid too many complications. Question is... does this makes sense? What versions of Solaris are currently most used? Since I believe that the best approach to puppettization is to replicate on new machines the current envrionments without installing Puppet on existing production servers, does make sense the assumption that people would generally upgrade their older boxes to brand new Solaris 10 setups? I know that mileage may vary, but whatever better informed opinion is welcomed. - What packages? This might become a nightmare... there are different packages repositories, blastwave, openCSW, Sunfreeware... , to make modules that manage the same software from different sources might be a troublesome and I would like to stick to one. Does this makes sense? What's the most used / updated /large package repository out there? Do you use any of these on production environments? - What package manager? Can I assume that (almost) everybody uses (in 2011) pkgutil to install software on Solaris? If not, what are the alternatives? - Existing modules for Solaris? Has anyone published Puppet modules for Solaris? Can you link them here, for reference and inspiration... There questions might appear particularly naive to a more experienced Solaris sysadmin but I have to start from some basic points and as usual, better ask to the experts... Thanks for any feedback you might want to leave on these questions and to whatever advice you might give about Puppet on Solaris. If someone if interested is collaborating on this effort, just contact me All the best Al -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/yi-nY02p06AJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Definition parameter defaulting to the definition's own $title?
Matthias Saou wrote : try $name, that should do it, came in somewhere mid 2.6.x series Yup, that was it! Section $name can now be used to set default values in defined resource types in the release notes : https://projects.puppetlabs.com/projects/puppet/wiki/Release_Notes Maybe I'm asking for too much, but is the same thing achievable when calling a definition? I've tried with $name but it takes the value of the parent element. Basically what I'd like to do is : node 'myvmhost' { createvm { [ 'vm01', 'vm02', 'vm03', 'vm04', 'vm05' ]: # VNC Port 59XY for vmXY vncport = regsubst($name, 'vm', '59'), } } For two reasons : * This prevents from iterating many identical calls to the definition * The definition is in a generic module for which it does not make sense to default the parameter to this calculated value. With $name I get the 'myvmhost' string using puppet 2.6.9, but I'd like to have access to the 'vmXY' string instead. Is that possible? Matthias -- Clean custom Red Hat Linux rpm packages : http://freshrpms.net/ Fedora release 14 (Laughlin) - Linux kernel 2.6.35.13-91.fc14.x86_64 Load : 0.21 0.22 0.27 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppetmaster setup with separate CA server configuration help
Kevin, I'm not sure I perfectly understand your setup but I reckon your problem is that ... Excerpts from linuxbsdfreak's message of Fri Jul 08 14:48:19 +0200 2011: [...] Following are the nginx/puppet.conf configs of loadbalancer01 -- [main] logdir = /var/log/puppet rundir = /var/run/puppet ssldir = $vardir/ssl [agent] classfile = $vardir/classes.txt localconfig = $vardir/localconfig server = loadbalancer01 listen = true [master] ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY ca = false ... SSL_CLIENT_S_DN and SSL_CLIENT_VERIFY don't exist because nginx and puppetmaster don't speak SSL anymore at this point, only plain HTTP. Referring to your nginx configuration below: --- puppetmasterlb.conf -- [...] proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_headerX-Client-Verify $ssl_client_verify; proxy_set_headerX-Client-DN $ssl_client_s_dn; proxy_set_headerX-SSL-Subject$ssl_client_s_dn; proxy_set_headerX-SSL-Issuer $ssl_client_i_dn; ... you are setting the values the puppetmaster needs in the X-Client-Verify and X-Client-DN HTTP headers. Therefore, you could try changing your puppetmaster settings to read: [master] ssl_client_header = HTTP_X_CLIENT_DN ssl_client_verify_header = HTTP_X_CLIENT_VERIFY However i get the following error while trying to receive the catalog: notice: Ignoring --listen on onetime run err: Could not retrieve catalog from remote server: Error 403 on SERVER: Forbidden request: pclient(192.168.122.12) access to / certificate_revocation_list/ca [find] at line 93 warning: Not using cache on failed catalog - I think this may be related to the auth.conf I would suspect that this error is only a side effect. Your client is not considered authenticated by the master and therefore gets denied access to whatever resource it is asking for. --- Auth.conf on loadbalancer01 [...] # allow all nodes to access the certificates services path /certificate_revocation_list/ca method find allow * No auth no found here, which would explain... Hope this helps ! Cheers, Marc -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: ssh_authorized_key runs every time
Hello, I have the same issue : ssh_authorized_key { user-rsa-key: ensure = 'present', key = '***== user@servername', type = 'rsa', user = 'user', require = File[/home/user/.ssh], } On my server it adds the same key every time puppet run : notice: /Stage[main]/Check_drbd/Ssh_authorized_key[user-rsa-key]/ensure: created info: FileBucket adding /home/user/.ssh/authorized_keys as {md5}c2f4b42*** I don't see the issue ? Thanks for the help ! Hugo On 7 March 2011 13:09, Felix Frank felix.fr...@alumni.tu-berlin.de wrote: On 02/25/2011 10:00 PM, Stefan Schulte wrote: On Thu, Feb 24, 2011 at 01:57:14PM -0800, mark risher wrote: Thanks, but I do have those parameters; I was trying to keep my quote short. Here's the full monty: # create an ssh key for this user ssh_authorized_key { $username.$ssh_public_key: ensure = present, key = $ssh_public_key, type= $ssh_key_type, user= $username, } Is there per chance any junk in your $ss_public_key? Puppet will get confused if there is e.g. the original key name in the key parameter (such as B3NzaC1y...rN3YQ== foo...@myhost.domain.org) HTH, Felix -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: ssh_authorized_key runs every time
Hi, On 07/20/2011 02:29 PM, Hugo Deprez wrote: key = '***== user@servername', well, the issue is that you're not specifying the key, but the key + keyname, which is not quite right. Try ssh_authorized_key { user@servername: key = ==, ... } HTH, Felix -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Skipping Tags?
Doug, We've been successful with software deployments and Puppet has done a great job. We deploy to Tomcat, JBoss, Coldfusion and Apache web sited. In some cases we've needed to tie in a shell script which were nearly impossible to get right in Puppet. One of the keys to your question was that we created a releases directory and touch a file with the software release number embedded in the name. The release number is defined in a puppet config and the process runs OnlyIf the file doesn't exist. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: How to use notify to invoke something prior to a change
Nan - that is an interesting approach to call Puppet from Puppet. I'll have to give that a try and experiment. Thanks! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: ssh_authorized_key runs every time
Hi Felix, I try the following : key = *BQfc62cpIMw==, And it works ! Thank you ! Hugo On 20 July 2011 14:37, Felix Frank felix.fr...@alumni.tu-berlin.de wrote: Hi, On 07/20/2011 02:29 PM, Hugo Deprez wrote: key = '***== user@servername', well, the issue is that you're not specifying the key, but the key + keyname, which is not quite right. Try ssh_authorized_key { user@servername: key = ==, ... } HTH, Felix -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Definition parameter defaulting to the definition's own $title?
On 07/20/2011 04:43 AM, Matthias Saou wrote: * The definition is in a generic module for which it does not make sense to default the parameter to this calculated value. Instead of passing in the port number you could pass a template for its creation node 'myvmhost' { createvm { [ 'vm01', 'vm02', 'vm03', 'vm04', 'vm05' ]: # VNC Port 59XY for vmXY vncport_template = %= name.sub('vm', '59') -%, } } and in createvm do $vncport = inline_template($vncport_template) -- vagn -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Definition parameter defaulting to the definition's own $title?
On 07/20/2011 04:43 AM, Matthias Saou wrote: node 'myvmhost' { createvm { [ 'vm01', 'vm02', 'vm03', 'vm04', 'vm05' ]: # VNC Port 59XY for vmXY vncport = regsubst($name, 'vm', '59'), } } that looks like an interesting module. are you planning to publish it? Or, could I get a copy to study, whether fully working or not? Thanks, -- vagn -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Modules for Solaris
On Jul 20, 12:06 am, Al @ Lab42 lab42...@gmail.com wrote: I'm considering the opportunity of adding (basic) Solaris support to my Cool. Certainly that will make it easier on Solaris admins new to puppet. So let's begin with few points: - What version? I'm tempted to begin only with Solaris 10, I think initial Solaris 10 support would be the most valuable. Keep in mind Solaris 11 is going to ship in a few months and I personally think 10 and 11 will co-exist for years to come. Additionally what ever you put together for Solaris 10 support would mostly work on Solaris 9 as well. - What packages? This might become a nightmare... Solaris admins are used to this nightmare:) We build and version our own packages with the occasional dip into Steve's Sunfreeware package repo. - What package manager? We use vanilla Solaris package which is wrapped in a define to give us package version control. Solaris 11 will come with the new IPS packaging system so that will be another alternative. I could imagine using IPS and the traditional pkgadd/pkgrm toolset on the same host to even complicate things more. If someone if interested is collaborating on this effort, just contact me We'd be happy to give you what we have but they are not in publishable format because of the lacking documentation. Good luck! Derek. All the best Al -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] parameters in a string for ENC
I am hoping that someone could post a working example of how they use a 'define' has in a parameter string because I have been working on this for days to no avail (and googling checking documentation on puppet foreman sites. What I am trying to accomplish is to define things within foreman ENC and duplicate the functionality I can get from just using node definitions from a flat file - for example... If in some node, I put... memcached::configure { 'memcached': total_memory= '128', addresses = 127.0.0.1 10.1.1.24, } and I have memcached/manifests/configure.pp define memcached::configure( $addresses=127.0.0.1, $port=11211, $total_memory='64' ) { include memcached file {/etc/memcached.conf: content = template('memcached/memcached.conf.erb'), owner = root, group = root, mode= 644, require = Class[memcached::install], notify = Class[memcached::service], } } This works. But in foreman, I can only have a string, not a true hash. So I obviously need to coerce the string to a hash or more likely yaml which I can do within irb but I can't seem to make it happen so that it calls the 'define' like the example above and if I attempt to use 'to_yaml' within a class it's always a syntax error. So if someone actually has a working method that would allow me to do this, would they be willing to share an example? -- Craig White ~~ craig.wh...@ttiltd.com 1.800.869.6908 ~~~ www.ttiassessments.com Need help communicating between generations at work to achieve your desired success? Let us help! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Not getting errors/warnings/etc in reports
On Tue, Jul 19, 2011 at 11:03 AM, Rich Rauenzahn rraue...@gmail.com wrote: I assumed this would have been fixed by 2.7.1, but it appears that when we call the functions err(), warning(), etc., that they don't get added to the report object, which we are using to generate nagios alerts. I'm guessing I'll have to write my own to do that -- does anyone have any examples of logging the error message and also adding it to the report object? (... and I don't really want to use the exec { /bin/false: } workaround) Digging through the code it looks like puppet adds messages internally using Puppet.warning(), Puppet.error(), so I made a custom function to call these directly. I'm still not getting my error() messages in the report yaml ... why? And is there any workaround? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Modules for Solaris
so as far as I'm concerned Solaris 11 and IPS can't happen soon enough. Keep in mind you can do IPS in Solaris 10 now if you want. You'll need to install the software and migrate your packages from SYS V format to IPS which I believe the toolkit provides a script for. http://wikis.sun.com/display/IpsBestPractices/Downloads Future plans: We've been down the road of your future plans and would be happy to send you our work. No guarantee they are up to your standards but happy to share. I'm expecting to have to do Update Release detection since it sometimes brings significant functionality differences. I haven't gotten into some of the fancier things that are going to require this info yet but there's nothing built into facter (as of 1.5.8) so that'll be fun. Patching via Patch Check Advanced (http://www.par.univie.ac.at/solaris/pca/) ZFS management (should be pretty easy) Zone management (less easy) Network interface mangement (including standalone adapters, IPMP, and link aggregation) On Wed, Jul 20, 2011 at 12:06 AM, Al @ Lab42 lab42...@gmail.com wrote: I'm considering the opportunity of adding (basic) Solaris support to my modules (www.example42.com) but before starting I'd like to gather some info about best practices and standards. I've to admit that I've not a great working Solaris experience, so I actually don't know how people use it, what versions are more used and so on. So let's begin with few points: - What version? I'm tempted to begin only with Solaris 10, in order to avoid too many complications. Question is... does this makes sense? What versions of Solaris are currently most used? Since I believe that the best approach to puppettization is to replicate on new machines the current envrionments without installing Puppet on existing production servers, does make sense the assumption that people would generally upgrade their older boxes to brand new Solaris 10 setups? I know that mileage may vary, but whatever better informed opinion is welcomed. - What packages? This might become a nightmare... there are different packages repositories, blastwave, openCSW, Sunfreeware... , to make modules that manage the same software from different sources might be a troublesome and I would like to stick to one. Does this makes sense? What's the most used / updated /large package repository out there? Do you use any of these on production environments? - What package manager? Can I assume that (almost) everybody uses (in 2011) pkgutil to install software on Solaris? If not, what are the alternatives? - Existing modules for Solaris? Has anyone published Puppet modules for Solaris? Can you link them here, for reference and inspiration... There questions might appear particularly naive to a more experienced Solaris sysadmin but I have to start from some basic points and as usual, better ask to the experts... Thanks for any feedback you might want to leave on these questions and to whatever advice you might give about Puppet on Solaris. If someone if interested is collaborating on this effort, just contact me All the best Al -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/yi-nY02p06AJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] mysql exec returning 1 instead of 0
Hi guys I am running in to a strange problem, I have a bunch of puppet modules and one of them has an exec which changes the root password and there is another which runs mysql import command to import dump file in to the database, the problem is both these exec are returning the following error: err: //par/Exec[root password]/returns: change from notrun to 0 failed: /usr/bin/mysqladmin -u root PASSWORD papa returned 1 instead of one of [0] at /etc/puppet/environments/development/modules/par/ manifests/init.pp:39 err: //par/Exec[Get db]/returns: change from notrun to 0 failed: /usr/ bin/mysql -uroot -ppapa par download.sql returned 1 instead of one of [0] at /etc/puppet/environments/development/modules/par/manifests/ init.pp:35 but still once the catalog has finished I am able to access mysql through root password ring but there is no database par formed, i have checked the dump file its correct. I don't know how to go about this, please help. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Modules for Solaris
Interesting. I will definitely take a look at that IPS link, that could make life a lot easier. I'd love to see what you've done, I'm sure it would help me along as I work to smooth out our Solaris processes. On Wed, Jul 20, 2011 at 10:47 AM, deet somew...@gmail.com wrote: so as far as I'm concerned Solaris 11 and IPS can't happen soon enough. Keep in mind you can do IPS in Solaris 10 now if you want. You'll need to install the software and migrate your packages from SYS V format to IPS which I believe the toolkit provides a script for. http://wikis.sun.com/display/IpsBestPractices/Downloads Future plans: We've been down the road of your future plans and would be happy to send you our work. No guarantee they are up to your standards but happy to share. I'm expecting to have to do Update Release detection since it sometimes brings significant functionality differences. I haven't gotten into some of the fancier things that are going to require this info yet but there's nothing built into facter (as of 1.5.8) so that'll be fun. Patching via Patch Check Advanced ( http://www.par.univie.ac.at/solaris/pca/) ZFS management (should be pretty easy) Zone management (less easy) Network interface mangement (including standalone adapters, IPMP, and link aggregation) On Wed, Jul 20, 2011 at 12:06 AM, Al @ Lab42 lab42...@gmail.com wrote: I'm considering the opportunity of adding (basic) Solaris support to my modules (www.example42.com) but before starting I'd like to gather some info about best practices and standards. I've to admit that I've not a great working Solaris experience, so I actually don't know how people use it, what versions are more used and so on. So let's begin with few points: - What version? I'm tempted to begin only with Solaris 10, in order to avoid too many complications. Question is... does this makes sense? What versions of Solaris are currently most used? Since I believe that the best approach to puppettization is to replicate on new machines the current envrionments without installing Puppet on existing production servers, does make sense the assumption that people would generally upgrade their older boxes to brand new Solaris 10 setups? I know that mileage may vary, but whatever better informed opinion is welcomed. - What packages? This might become a nightmare... there are different packages repositories, blastwave, openCSW, Sunfreeware... , to make modules that manage the same software from different sources might be a troublesome and I would like to stick to one. Does this makes sense? What's the most used / updated /large package repository out there? Do you use any of these on production environments? - What package manager? Can I assume that (almost) everybody uses (in 2011) pkgutil to install software on Solaris? If not, what are the alternatives? - Existing modules for Solaris? Has anyone published Puppet modules for Solaris? Can you link them here, for reference and inspiration... There questions might appear particularly naive to a more experienced Solaris sysadmin but I have to start from some basic points and as usual, better ask to the experts... Thanks for any feedback you might want to leave on these questions and to whatever advice you might give about Puppet on Solaris. If someone if interested is collaborating on this effort, just contact me All the best Al -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/yi-nY02p06AJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: mysql exec returning 1 instead of 0
Here are my Execs, sorry didnt pasted them in the first post: exec {Retrieve dump: cwd = /var/www/r, command = /usr/bin/wget http://xyz.com/asc.sql;, timeout = 360, require=Class[subversion], } exec {Get db: cwd = /var/www/r, command = /usr/bin/mysql -uroot -ppapa asc.sql, require =Class[mysql], } MYSQL CLASS: class mysql { package { mysql-server-5.1: ensure=present, require=Class[vim], } package {mysql-client: ensure=present, require=Class[vim], } exec {root password: command=/usr/bin/mysqladmin -u root PASSWORD papa, require=package[mysql-server-5.1], } } On Jul 20, 10:52 am, newguy aimanparv...@gmail.com wrote: Hi guys I am running in to a strange problem, I have a bunch of puppet modules and one of them has an exec which changes the root password and there is another which runs mysql import command to import dump file in to the database, the problem is both these exec are returning the following error: err: //par/Exec[root password]/returns: change from notrun to 0 failed: /usr/bin/mysqladmin -u root PASSWORD papa returned 1 instead of one of [0] at /etc/puppet/environments/development/modules/par/ manifests/init.pp:39 err: //par/Exec[Get db]/returns: change from notrun to 0 failed: /usr/ bin/mysql -uroot -ppapa par download.sql returned 1 instead of one of [0] at /etc/puppet/environments/development/modules/par/manifests/ init.pp:35 but still once the catalog has finished I am able to access mysql through root password ring but there is no database par formed, i have checked the dump file its correct. I don't know how to go about this, please help. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] AIX clients
On Jul 20, 2011, at 1:29 AM, Michael Stahnke wrote: Sorry for being late to the party I had to remember where I had stashed those items. I’ll take a look. Thanks. -- Rob McBroom http://www.skurfer.com/ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] puppet and LDAP
On Jul 19, 2011, at 7:58 PM, Eric Searcy wrote: You should get a redundant LDAP setup as well as monitor whether your authentication system is up. Absolutely. You can’t imagine the number of things that will break if LDAP goes away. -- Rob McBroom http://www.skurfer.com/ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: mysql exec returning 1 instead of 0
On Wed, Jul 20, 2011 at 2:00 PM, newguy aimanparv...@gmail.com wrote: Here are my Execs, sorry didnt pasted them in the first post: exec {Retrieve dump: cwd = /var/www/r, command = /usr/bin/wget http://xyz.com/asc.sql;, timeout = 360, require=Class[subversion], } exec {Get db: cwd = /var/www/r, command = /usr/bin/mysql -uroot -ppapa asc.sql, require =Class[mysql], } MYSQL CLASS: class mysql { package { mysql-server-5.1: ensure=present, require=Class[vim], } package {mysql-client: ensure=present, require=Class[vim], } exec {root password: command=/usr/bin/mysqladmin -u root PASSWORD papa, require=package[mysql-server-5.1], } } On Jul 20, 10:52 am, newguy aimanparv...@gmail.com wrote: Hi guys I am running in to a strange problem, I have a bunch of puppet modules and one of them has an exec which changes the root password and there is another which runs mysql import command to import dump file in to the database, the problem is both these exec are returning the following error: err: //par/Exec[root password]/returns: change from notrun to 0 failed: /usr/bin/mysqladmin -u root PASSWORD papa returned 1 instead of one of [0] at /etc/puppet/environments/development/modules/par/ manifests/init.pp:39 err: //par/Exec[Get db]/returns: change from notrun to 0 failed: /usr/ bin/mysql -uroot -ppapa par download.sql returned 1 instead of one of [0] at /etc/puppet/environments/development/modules/par/manifests/ init.pp:35 but still once the catalog has finished I am able to access mysql through root password ring but there is no database par formed, i have checked the dump file its correct. I don't know how to go about this, please help. Enable logoutput = on_failure. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: mysql exec returning 1 instead of 0
On Wed, Jul 20, 2011 at 11:00:51AM -0700, newguy wrote: Here are my Execs, sorry didnt pasted them in the first post: exec {Retrieve dump: cwd = /var/www/r, command = /usr/bin/wget http://xyz.com/asc.sql;, timeout = 360, require=Class[subversion], } exec {Get db: cwd = /var/www/r, command = /usr/bin/mysql -uroot -ppapa asc.sql, require =Class[mysql], } MYSQL CLASS: class mysql { package { mysql-server-5.1: ensure=present, require=Class[vim], } package {mysql-client: ensure=present, require=Class[vim], } exec {root password: command=/usr/bin/mysqladmin -u root PASSWORD papa, require=package[mysql-server-5.1], } } Try to run the command on the command line and check the error code # /usr/bin/mysqladmin -u root PASSWORD papa # echo $? What is the output of both commands? Then you should read the manual what the returncode of 1 actually means. Normally a returncode that is not zero indicates an error and that is why puppet complains. If a returncode of 1 is actually expected when running mysqladmin you can specify your resource with the returns parameter[1] exec { 'root password': command = '/usr/bin/mysqladmin -u root PASSWORD papa', returns = '1', # or even returns = ['0','1'] to allow both require = Package['mysql-server-5.1'], } [1] http://docs.puppetlabs.com/references/stable/type.html#returns-1 -Stefan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: mysql exec returning 1 instead of 0
Thanks Stefan, I tried executing the command from command line to realize that mysql dump contains bad data, thats why this problem is occurring, still have no clue about the mysqladmin command On Jul 20, 12:57 pm, Stefan Schulte stefan.schu...@taunusstein.net wrote: On Wed, Jul 20, 2011 at 11:00:51AM -0700, newguy wrote: Here are my Execs, sorry didnt pasted them in the first post: exec {Retrieve dump: cwd = /var/www/r, command = /usr/bin/wgethttp://xyz.com/asc.sql;, timeout = 360, require=Class[subversion], } exec {Get db: cwd = /var/www/r, command = /usr/bin/mysql -uroot -ppapa asc.sql, require =Class[mysql], } MYSQL CLASS: class mysql { package { mysql-server-5.1: ensure=present, require=Class[vim], } package {mysql-client: ensure=present, require=Class[vim], } exec {root password: command=/usr/bin/mysqladmin -u root PASSWORD papa, require=package[mysql-server-5.1], } } Try to run the command on the command line and check the error code # /usr/bin/mysqladmin -u root PASSWORD papa # echo $? What is the output of both commands? Then you should read the manual what the returncode of 1 actually means. Normally a returncode that is not zero indicates an error and that is why puppet complains. If a returncode of 1 is actually expected when running mysqladmin you can specify your resource with the returns parameter[1] exec { 'root password': command = '/usr/bin/mysqladmin -u root PASSWORD papa', returns = '1', # or even returns = ['0','1'] to allow both require = Package['mysql-server-5.1'], } [1]http://docs.puppetlabs.com/references/stable/type.html#returns-1 -Stefan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] package versioning by environment - best practice?
New puppet user here looking for a yay or nay on whether the current design I've got is a good idea. The main thing I'm trying to accomplish is to have a class that gets applied to a production box and a testing box, where the only difference between the two is the version of packages that get installed. The way I've accomplished this is to have something like site.ini: node testwebbox1 { class { versions: env = test } include webbox } node prodwebbox1 { class { versions: env = prod } include webbox } Then that webbox class would have package types in it that have 'ensure = httpd-${versions::httpd}' The versions class would set $httpd based on that 'env' argument that gets passed to it. The only other way that springs to mind of doing this is to pass the 'env' arg to the 'webbox' class and have it include the versions class. This is probably the better way anyway since webbox depends on variables provided by the versions class. But this is still very similar to the first method, and not an entirely new approach. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Templates and self-knowledge
So, I'm into templating. I *like* templating. What I *don't* like, of course, is to have to use multiple, similar templates for different output files. So, let's work a concrete example. Suppose I have a template standard_profile.erb which looks like this: install_typeinitial_install system_type standalone partitioningexplicit % if zfs_root == undef -% fdisk all solaris all boot_device any preserve filesys rootdisk.s1 16384 swap filesys rootdisk.s0 40960 / filesys rootdisk.s7 free /export % elsif zfs_root == c3s % pool rootpool auto 16g 16g mirror c3t0d0s0 c3t4d0s0 fdisk c3t0d0 solaris all fdisk c3t4d0 solaris all % else % pool rootpool auto 16g 16g mirror %= zfs_root %t0d0s0 %= zfs_root %t1d0s0 fdisk %= zfs_root %t0d0 solaris all fdisk %= zfs_root %t1d0 solaris all % end -% cluster SUNWCprog cluster SUNWCgna11y delete cluster SUNWCgna11ydev delete From this I generate 2 different files, one which does ZFS root, and one which doesn't (actually, it generates more than that, as I pass in zfs_root=c1 or whatever is necessary. However, while this is very flexible, it's also very ... specific. As in, the define that I've created to use this file isn't really re-usable elsewhere: define profile_file($zfs_root = undef) { file{/jumpstart/Profiles/$name: require = File[/jumpstart/Profiles], content = template(jumpstart/solaris_profile.erb), mode = 0644 } } What I would much rather be able to do is introspection. This ERB is being evaluated in the context of a source file (.pp), modules, class, and file resource. If I could even look at the file resource, I'd be able to make decisions in the more general case. Otherwise, I end up with a bunch of defines sprinkled all over my manifests, all of which do the same thing: bring a value into the ERB scope as a named variable. Of course, it just now occurred to me that I can create a define like this: define smart_template($module, $mode = 0644, $args = undef) { $this_filename = $name $this_short_filename = inline_template(%= this_filename.split(/\//)[-1] %) $template_file = ${module}/${this_short_filename}.erb file{$name: content = template($template_file), mode = $mode } } I guess this will give me the flexibility I want, because now I have not just the filename in scope, but the module name and whatever random args I define, but it still feels somewhat ... unclean. Does someone have a better idea? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Modules for Solaris
Thank you for the valuable infos, I agree that differences are enough to require a dedicated solaris subclass, to keep changes isolated and don't fiddle with existing classes linux oriented. The approach: Custom packages using pkgadd, Solaris OS packages using pkgutil, OpenCSW using pkgutil. seems sane to me and flexible enough to manage exotic packages. Are your modules, Aareon, published somewhere? I've learnt a lot about Solaris (and its madness :-) just seeing Deet's ones... Ciao al -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/4hox7_nnfhUJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Modules for Solaris
On Wednesday, July 20, 2011 5:24:05 PM UTC+2, deet wrote: On Jul 20, 12:06 am, Al @ Lab42 lab4...@gmail.com wrote: I'm considering the opportunity of adding (basic) Solaris support to my Cool. Certainly that will make it easier on Solaris admins new to puppet. Hope so. My intention is at least to setup basic system configuration and adding applications management when needed. So let's begin with few points: - What version? I'm tempted to begin only with Solaris 10, I think initial Solaris 10 support would be the most valuable. Keep in mind Solaris 11 is going to ship in a few months and I personally think 10 and 11 will co-exist for years to come. Additionally what ever you put together for Solaris 10 support would mostly work on Solaris 9 as well. - What packages? This might become a nightmare... Solaris admins are used to this nightmare:) We build and version our own packages with the occasional dip into Steve's Sunfreeware package repo. - What package manager? We use vanilla Solaris package which is wrapped in a define to give us package version control. Solaris 11 will come with the new IPS packaging system so that will be another alternative. I could imagine using IPS and the traditional pkgadd/pkgrm toolset on the same host to even complicate things more. If someone if interested is collaborating on this effort, just contact me We'd be happy to give you what we have but they are not in publishable format because of the lacking documentation. Really thanks, for the notes and the modules. They have been and will be really useful (IMHO you should publish them anyway, whatever the documentation... :-) Good luck! Derek. All the best Al -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/f8F-qbjkCL0J. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] 'requires' dependency in file-fragments pattern was not honored
Hello, I was wondering if anyone can spot the mistake I am making in the file-fragments pattern below. I am assembling the sudo file using fragments, with a validate check file step that confirms if the assembled file is valid. The '/etc/sudoers' file should only be overwritten if the check file is valid. I accidentally created an invalid sudoers file, which failed the validation check. Puppet still copied this invalid file to /etc/ sudoers. The dependency Exec[Validate_Check_File] - File[Make_Sudo_File_Live] was not honored and I am trying to understand the reason. The class and puppet output are below. I am using puppet 2.6.9. Thank you, Jon = class s_sudo ( $wheel_req_password = true ) inherits s_sudo::params { ### Assemble the sudo check file from fragments file { Sudo_Fragment_Directory: path= ${s_sudo::params::sudo_fragment_directory}, ensure = directory, purge = true, recurse = true, } file {Sudo_Header: path= ${s_sudo::params::sudo_header_file}, content = template(s_sudo/00-sudobase.erb), notify = Exec[Assemble_Sudo_Fragments]; } exec { Assemble_Sudo_Fragments: command = /bin/cat $ {s_sudo::params::sudo_fragment_directory}/* $ {s_sudo::params::sudo_check_file}, refreshonly = true, subscribe = File[Sudo_Fragment_Directory], } file { Sudo_Check_File:# Secure the check file path= ${s_sudo::params::sudo_check_file}, mode= 644, require = Exec[Assemble_Sudo_Fragments]; } ### Validate sudo file before making live Exec[Assemble_Sudo_Fragments] ~ Exec[Validate_Check_File] - File[Make_Sudo_File_Live] exec {Validate_Check_File: command = visudo -cf $ {s_sudo::params::sudo_check_file}, refreshonly = true, } file {Make_Sudo_File_Live: path= /etc/sudoers, source = ${s_sudo::params::sudo_check_file}, mode= 440, owner = root, group = root, } } == notice: /Stage[main]/S_sudo/File[Sudo_Fragment_Directory]/ensure: created info: /Stage[main]/S_sudo/File[Sudo_Fragment_Directory]: Scheduling refresh of Exec[Assemble_Sudo_Fragments] notice: /Stage[main]/S_sudo/File[Sudo_Header]/ensure: defined content as '{md5}42b4c36c629f3a9c451d3dc783a851cb' info: /Stage[main]/S_sudo/File[Sudo_Header]: Scheduling refresh of Exec[Assemble_Sudo_Fragments] notice: /Stage[main]/S_sudo/Exec[Assemble_Sudo_Fragments]: Triggered 'refresh' from 2 events info: /Stage[main]/S_sudo/Exec[Assemble_Sudo_Fragments]: Scheduling refresh of Exec[Validate_Check_File] ERROR err: /Stage[main]/S_sudo/Exec[Validate_Check_File]: Failed to call refresh: visudo -cf /tmp/sudo.check returned 1 instead of one of [0] at /etc/puppet/modules/environments/dev/s_sudo/manifests/init.pp:52 info: FileBucket adding {md5}f298d1064df9009a1603d76ed90ed90f info: /Stage[main]/S_sudo/File[Make_Sudo_File_Live]: Filebucketed /etc/ sudoers to puppet with sum f298d1064df9009a1603d76ed90ed90f notice: /Stage[main]/S_sudo/File[Make_Sudo_File_Live]/content: content changed '{md5}f298d1064df9009a1603d76ed90ed90f' to '{md5} 42b4c36c629f3a9c451d3dc783a851cb' -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.