date:20111208

[Puppet Users] Re: what is private method `split' called for nil:NilClass error??

2011-12-08 Thread Sans

Hi Daniel,

Thanks for the explanation. It's always good to know the underlaying
cause. Cheers!!

On Dec 8, 12:13 am, Daniel Pittman dan...@puppetlabs.com wrote:
 ...and to close that loop: in Ruby, '$c_repo' is a global variable.
 Because nothing will ever have assigned it, you called the `split`
 method on the default value, `nil`, which raised that error.  Puppet
 then reported it. :)

 Daniel

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] deploying puppet on win32

2011-12-08 Thread Alexey Wasilyev


Hello

Does anybody have complete solution to massive deploy puppet on win32 
systems using gpo?
I think it should be something like .msi file containing ruby, puppet 
and all necesary gems...


--
С уважением,
Васильев Алексей

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: explicit class dependencies

2011-12-08 Thread Phil Frost


On 12/07/2011 06:01 PM, Christian G. Warden wrote:

On Wed, Dec 07, 2011 at 01:36:13PM -0800, jcbollinger wrote:

On Dec 6, 4:12 pm, Christian G. Wardencwar...@xerus.org  wrote:

On Tue, Dec 06, 2011 at 01:38:38PM -0800, Nan Liu wrote:

On Tue, Dec 6, 2011 at 12:27 PM, Christian G. Wardencwar...@xerus.org  wrote:

Do explicit class dependencies work?

[...]

Here's the problem I was actually trying to
troubleshoot:
class config {
   $x = 'abc'
}

class uses_config {
   Class['config'] -  Class['uses_config']
   $x = $config::x
}

include uses_config
include config

This results in:
warning: Scope(Class[Uses_config]): Could not look up qualified variable 
'config::x'; class config has not been evaluated

I think it's similar to the problem I asked about with tags in another thread.
If I include config before uses_config, I don't get an error.

Indeed, it is at least partially a parse order issue, and it looks
like you may be confusing that with application order.

Thanks, John.  This explanation is very helpful.  Indeed, I've been
having trouble understanding what happens during the parsing/compiling
stage.


See https://projects.puppetlabs.com/issues/10972.

What's even cooler is if you try (at least on my 2.6.2 installation) to 
evaluate that with puppet agent rather than puppet apply, you get no 
error at all. $config::x will evaluate to undef, which will happily 
interpolate into a string as . So if you have this:


file { $config::x/somefile.conf: ... }

now all your files are created in /. Hooray!

You are not alone in being frustrated in this behavior. The 
documentation is self-conflicting and the language semantics aren't 
actually what they say they are. When the docs say the language is 
declarative (which doesn't really have much meaning), they usually 
also say something about order not mattering. Order not mattering is a 
property of purely functional languages, and many clearly declarative 
languages are purely (or mostly so) functional. The problem is that 
puppet can't actually be purely functional, because it isn't a single 
assignment language. Sure, the obvious case of reassigning to the same 
variable in the same scope isn't allowed, but what about the non-obvious 
cases, like:


- class inheritance
- collection overrides (Foo | | { ... })
- parameterized classes vs. include

As it turns out, these are the places where single assignment really 
helps one reading the code reason about it. It's quite easy to see the 
order of assignments and interactions between multiple lines in the same 
file. It's much more difficult to absorb the ordering and interactions 
between components that live in different files, or even different 
modules. Yet, it's these far-reaching reassignments that are allowed, 
while the short-range, easily understood ones (simple $foo=bar) are the 
ones that are forbidden. Go figure.


--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: puppet agent daemon does not load custom facts

2011-12-08 Thread Stefan Heijmans

Is the custom fact perhaps based on a environment variable?
 
I had something similar a while ago, check this post;
https://groups.google.com/d/msg/puppet-users/2gjjaWFJm4Q/uANKwM-xWQ4J
 
Stefan

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/9UXBvl1Xy7YJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] MCollective discovery - we did not discover any nodes

2011-12-08 Thread Jens Braeuer

Hi everyone,

thank R.I.P. for the pointers. I already planed to add more monitoring to 
ActiveMQ, so I'll take this as a chance. I
dont think Amazon network settings are the root cause in my case, as I have 
registration agent enabled on all machines.
This should keep the connection busy.

I filed a bug regarding the exit-code. Is there any chance the fix will make it 
in 1.2.2?

Thanks,
Jens

-- 
Jens Bräuer
Senior Systems Engineer
Dipl. Inf.
NumberFour AG
Schönhauser Allee 8
10119 Berlin
Germany
Mobile: +49 175 221 88 34
Phone: +49 30 40505411
Fax: +49 30 40505410
j...@numberfour.eu
 
numberfour.eu
facebook.com/NumberFour
twitter.com/numberfourag

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] MCollective discovery - we did not discover any nodes

2011-12-08 Thread R.I.Pienaar



- Original Message -
 Hi everyone,
 
 thank R.I.P. for the pointers. I already planed to add more
 monitoring to ActiveMQ, so I'll take this as a chance. I
 dont think Amazon network settings are the root cause in my case, as
 I have registration agent enabled on all machines.
 This should keep the connection busy.
 
 I filed a bug regarding the exit-code. Is there any chance the fix
 will make it in 1.2.2?

No, behavior changes can't go into the current prod branch so will go
into 1.3.x which should become 2.0.0 very soon - like in January maybe

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: explicit class dependencies

2011-12-08 Thread jcbollinger



On Dec 7, 5:01 pm, Christian G. Warden cwar...@xerus.org wrote:

 I hope this doesn't come off as too much of a rant.


As a person who is frequently critical of some of the newer Puppet
features -- especially parameterized classes -- I wouldn't have much
standing to object to your criticisms.  I would suggest, however, that
you consider filing issue tickets against the documentation for some
or all of your complaints.  The sqeaky wheel gets the grease, and
formal issue tickets squeak far louder than complaints in this forum.


  I'm a big fan of puppet
 (even more so in the past couple weeks as I've started using it with vagrant),
 but there's definitely room for improvement in the documentation.  Perhaps the
 puppet glossary[5] should be featured on the documentation section of
 puppetlabs.com, and existing documentation should be reviewed for consistency
 with the glossary.


Sounds good to me, but as a practical matter, it is likely that
specific documentation issues will be fixed a lot sooner than a
general documentation review such as you describe will be performed.
On the other hand, the more documentation issues are open, the more
likely I predict Puppetlabs will be to try to sweep many of them up at
once with some kind of general review / rewrite.

Oh, and since you mentioned PuppetLabs's style guide, I'll tell you
that I don't care for it (the latest version) at all.  It is focused
on a style that caters to pervasive use of parameterized classes, and
as far as I am concerned, parameterized classes should be considered
harmful.  If you're mostly or completely avoiding parameterized
classes then the apparent reasons for many of the style
recommendations, including some you touched on, just fall apart.


John

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: error starting puppetmaster no such file to load - puppet/network/server

2011-12-08 Thread jcbollinger

On Dec 7, 4:31 pm, Mark_SysAdm timetra...@gmail.com wrote:
James,
I haven't heard anything back from the list. The only workaround I
found was to try installing puppet-server on exactly the same OS, but
on a freshly-installed server. Puppet starts without a problem! So
maybe we have some competing packages/RPMs added to the original
system, which is of course the one Puppet really needs to run on.

Thanks,
Mark

from: James M.

Hello,

I'm running into the same error as you described in a post to the
puppet mailing list, though I'm running on RHEL 5.6. I was wondering
if you had discovered a fix.

Starting puppetmaster:
/usr/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:31:in
`gem_original_require': no such file to load -- puppet/network/server
(LoadError)
from /usr/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:
31:in `require'
from /usr/lib/ruby/site_ruby/1.8/puppet/application/master.rb:
191:in `main'
from /usr/lib/ruby/site_ruby/1.8/puppet/application/master.rb:
144:in
`run_command'
from /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:307:in
`run'
from /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:411:in
`hook'
from /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:307:in
`run'
from /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:402:in
`exit_on_fail'
from /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:307:in
`run'
from /usr/sbin/puppetmasterd:4
[FAILED]

Cheers,

James

On Nov 30, 9:35 am, Mark_SysAdm wrote:

Hi,
On RHEL6, no matter which version of puppet installed, I can not start
the puppetmaster service:

service puppetmaster restart
Stopping puppetmaster: [FAILED]

I strongly recommend avoiding using gem to manage modules in a ruby
library itself managed by RPM. You will cause yourself grief. I'm
not certain that is your present problem, but I do find it highly
suspcious that the error is arising in /usr/lib/ruby/site_ruby/1.8/
rubygems/custom_require.rb.

Is it possible that you once installed Puppet as a gem, then switched
to an RPM version? If so, then perhaps the system is still trying to
start the gem version. It could be looking for the supposedly missing
file under your rubygems directory. In that case, I'm not sure
offhand what you would need to do to fix the problem. I would think
that a complete Ruby wipe / reinstall would do the trick, but surely
there is a lower-impact solution.

John

--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: passing a parameter to define

2011-12-08 Thread jcbollinger



On Dec 7, 7:55 am, Alexander Swen alex.s...@gmail.com wrote:
 hi,

 I'm a bit confused while passing a parameter to a definition i've
 made.
 My aim is to create a htpasswd file on my icinga server, using the
 hashed passwords from my userlist. I only want to execute this on a
 icinga server, not all my servers.

 this is what i've got:

 1st my node definition:
 node default {
  class['users::userlist']:
    stage = main;}

 node nl14s0008-vm7 inherits default {
  include monitor}

 it includes this class:
 class monitor($marktgroep='healthcare',$functie='Monitor en grapher')
 {
   class {
     ['linuxlogo','motd']:
       stage = main;
     ['users::beheerserver']:
       functie = $functie,         this is where I expect to pass
 my param
       stage   = main;
     icinga::server:
       stage = main;
     iptables:
       internal_if = 'eth0',
       stage = main;
   }

 }

 here my definition, notice the functie='' at the end:

 define users::account($realname, $password, $uid, $othergroups=[],
 $gid, $key='', $keytype='ssh-rsa', $name, $ensure=present, shell='/bin/
 bash', managehome='true', allowdupe='false', homeprefix='/home',
 $functie='' ) {

 SNAP (this contains a lot of (for this matter) irrelevant text)

       if $functie == 'Monitor en grapher' {
         icinga::htpasswd {
           $name:
             name     = $name,
             password = $password,
             ensure   = $ensure;
         }

 In the icinga class I define a file

 class users::beheerserver($functie='') {
   Users::Account | (othergroups == 'pep' or othergroups ==
 'healthcare') |

 }

 oh, and I include this:
 class users::userlist {
   include users::groups
   @users::account {
     root:
       uid      = 0,
       gid      = 0,
       realname = root,
       othergroups = ['healthcare','beheerders'],
       password = 'Here I've got a hashed passwd that should work in
 my htpasswd as well as my shadow file';

 }

 however: the icinga::htpasswd thing never get's executed. why?


You make inclusion of the icinga::htpasswd resource conditional on the
$functie parameter passed to your users::account definition.  The only
place you show that definition being instantiated is in class
users::userlist, where no explicit value for that parameter is
specified.  Instances created there therefore take the definition's
default value for that parameter, ''.  The $functie parameter to class
users::beheerserver is irrelevant for this purpose.

You SHOULD redesign this so that users::account instances are
initially created with the correct parameters.  That is by far the
best solution.  It will save you pain and extra work later, I
guarantee.

Nevertheless, if it's more important just to make it work right now,
then class users::beheerserver can override the $functie property of
the users::account instances it collects, like so:

Users::Account | (othergroups == 'pep' or othergroups ==
'healthcare') | {
  functie = ${functie}
}

I reiterate that if you choose to do that -- other than as a temporary
stopgap -- then you will eventually regret it.


John

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Error 400 on SERVER: Could not write /var/lib/puppet/ssl/ca/requests/node13.pem

2011-12-08 Thread Utoplenick

If anybody knows? plese tell me what is a reason of this problem, i`m
novice with puppet and sorry for my english=)
have error on client:
[root@node13 ~]# [root@node13 ~]# puppet agent --server=head02 --test

warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
info: Creating a new SSL certificate request for node13
info: Certificate Request fingerprint (md5): 74:5D:F2:AA:
9C:DC:F5:E3:2D:FE:B7:6B:A0:35:67:11
warning: peer certificate won't be verified in this SSL session
err: Could not request certificate: Error 400 on SERVER: Could not
write /var/lib/puppet/ssl/ca/requests/node13.pem to csrdir: Could not
find a default provider for user
Exiting; failed to retrieve certificate and waitforcert is disabled

here is the outpupt for the same command with --debug option:

debug: Failed to load library 'rubygems' for feature 'rubygems'
debug: Puppet::Type::User::ProviderPw: file pw does not exist
debug: Puppet::Type::User::ProviderUser_role_add: file roleadd does
not exist
debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/
dscl does not exist
debug: Puppet::Type::User::ProviderLdap: true value when expecting
false
debug: Puppet::Type::File::ProviderMicrosoft_windows: feature
microsoft_windows is missing
debug: /File[/var/lib/puppet/client_data]/seluser: Found seluser
default 'system_u' for /var/lib/puppet/client_data
debug: /File[/var/lib/puppet/client_data]/selrole: Found selrole
default 'object_r' for /var/lib/puppet/client_data
debug: /File[/var/lib/puppet/client_data]/seltype: Found seltype
default 'puppet_var_lib_t' for /var/lib/puppet/client_data
debug: /File[/var/lib/puppet/client_data]/selrange: Found selrange
default 's0' for /var/lib/puppet/client_data
debug: /File[/var/lib/puppet/ssl/private_keys]/seluser: Found seluser
default 'system_u' for /var/lib/puppet/ssl/private_keys
debug: /File[/var/lib/puppet/ssl/private_keys]/selrole: Found selrole
default 'object_r' for /var/lib/puppet/ssl/private_keys
debug: /File[/var/lib/puppet/ssl/private_keys]/seltype: Found seltype
default 'puppet_var_lib_t' for /var/lib/puppet/ssl/private_keys
debug: /File[/var/lib/puppet/ssl/private_keys]/selrange: Found
selrange default 's0' for /var/lib/puppet/ssl/private_keys
debug: /File[/var/run/puppet]/seluser: Found seluser default
'system_u' for /var/run/puppet
debug: /File[/var/run/puppet]/selrole: Found selrole default
'object_r' for /var/run/puppet
debug: /File[/var/run/puppet]/seltype: Found seltype default
'puppet_var_run_t' for /var/run/puppet
debug: /File[/var/run/puppet]/selrange: Found selrange default 's0'
for /var/run/puppet
debug: /File[/var/run/puppet/agent.pid]/seluser: Found seluser default
'system_u' for /var/run/puppet/agent.pid
debug: /File[/var/run/puppet/agent.pid]/selrole: Found selrole default
'object_r' for /var/run/puppet/agent.pid
debug: /File[/var/run/puppet/agent.pid]/seltype: Found seltype default
'puppet_var_run_t' for /var/run/puppet/agent.pid
debug: /File[/var/run/puppet/agent.pid]/selrange: Found selrange
default 's0' for /var/run/puppet/agent.pid
debug: /File[/var/lib/puppet/ssl/public_keys/node13.pem]/seluser:
Found seluser default 'system_u' for /var/lib/puppet/ssl/public_keys/
node13.pem
debug: /File[/var/lib/puppet/ssl/public_keys/node13.pem]/selrole:
Found selrole default 'object_r' for /var/lib/puppet/ssl/public_keys/
node13.pem
debug: /File[/var/lib/puppet/ssl/public_keys/node13.pem]/seltype:
Found seltype default 'puppet_var_lib_t' for /var/lib/puppet/ssl/
public_keys/node13.pem
debug: /File[/var/lib/puppet/ssl/public_keys/node13.pem]/selrange:
Found selrange default 's0' for /var/lib/puppet/ssl/public_keys/
node13.pem
debug: /File[/var/lib/puppet/facts]/seluser: Found seluser default
'system_u' for /var/lib/puppet/facts
debug: /File[/var/lib/puppet/facts]/selrole: Found selrole default
'object_r' for /var/lib/puppet/facts
debug: /File[/var/lib/puppet/facts]/seltype: Found seltype default
'puppet_var_lib_t' for /var/lib/puppet/facts
debug: /File[/var/lib/puppet/facts]/selrange: Found selrange default
's0' for /var/lib/puppet/facts
debug: /File[/var/lib/puppet/state]/seluser: Found seluser default
'system_u' for /var/lib/puppet/state
debug: /File[/var/lib/puppet/state]/selrole: Found selrole default
'object_r' for /var/lib/puppet/state
debug: /File[/var/lib/puppet/state]/seltype: Found seltype default
'puppet_var_lib_t' for /var/lib/puppet/state
debug: /File[/var/lib/puppet/state]/selrange: Found selrange default
's0' for /var/lib/puppet/state
debug: /File[/var/lib/puppet/state/graphs]/seluser: Found seluser
default 'system_u' for /var/lib/puppet/state/graphs
debug: /File[/var/lib/puppet/state/graphs]/selrole: Found selrole
default 'object_r' for /var/lib/puppet/state/graphs
debug: /File[/var/lib/puppet/state/graphs]/seltype: Found seltype
default 'puppet_var_lib_t' for /var/lib/puppet/state/graphs
debug: /File[/var/lib/puppet/state/graphs]/selrange: Found selrange
default 's0' for

[Puppet Users] Puppet Dashboard or Forman on SLES?

2011-12-08 Thread Wiesel82

Hi all,
i planned for a startup to install one of this gui tools. But if i
look in the documentation, or google it, i find no results which
helps.

If i would like to install the rpm package i get the following
dependencies problems

rpm -i puppet-dashboard-1.2.3-1.el6.noarch.rpm
warning: puppet-dashboard-1.2.3-1.el6.noarch.rpm: Header V4 RSA/SHA1
signature: NOKEY, key ID 4bd6ec30
error: Failed dependencies:
chkconfig is needed by puppet-dashboard-1.2.3-1.el6.noarch
initscripts is needed by puppet-dashboard-1.2.3-1.el6.noarch
rpmlib(FileDigests) = 4.6.0-1 is needed by puppet-
dashboard-1.2.3-1.el6.noarch
ruby(abi) = 1.8 is needed by puppet-dashboard-1.2.3-1.el6.noarch
ruby-mysql is needed by puppet-dashboard-1.2.3-1.el6.noarch
rubygem(rake) is needed by puppet-dashboard-1.2.3-1.el6.noarch
rpmlib(PayloadIsXz) = 5.2-1 is needed by puppet-
dashboard-1.2.3-1.el6.noarch

and for foreman

rpm -i foreman-0.4-0.2.noarch.rpm
error: Failed dependencies:
chkconfig is needed by foreman-0.4-0.2.noarch
initscripts is needed by foreman-0.4-0.2.noarch
ruby(abi) = 1.8 is needed by foreman-0.4-0.2.noarch
rubygem(json) is needed by foreman-0.4-0.2.noarch
rubygem(rake) = 0.8.3 is needed by foreman-0.4-0.2.noarch
rubygem(rest-client) is needed by foreman-0.4-0.2.noarch
rubygem(sqlite3-ruby) is needed by foreman-0.4-0.2.noarch

I don't find some packages for Sles 11 SP1.

Did anybody installed one of this tools on Sles 11 SP1?

Best regards

Wiesel

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Grouping Servers

2011-12-08 Thread AB

I was hoping to get info on a best practise or potentially an aim for a 
best practise that puppet development is working towards.

I would like to group our servers so that I can use the files server to 
hand out files in a hierarchal order starting with hostname, groupname, 
default file. I would also like to set the groupname in node.pp.  So far I 
have tried this using custom facts but it does not seem to be consistent. 
 I have read some posts for people trying to use mcollective but at this 
point I am not using it.  What I want to try next is to build the 
puppetgroup.rb file under /usr/lib64/ruby/site_ruby/1.8/facter/ that sets 
the fact but my thinking is I will be setting the fact during the first run 
and hence the fact I need to control config files is not loaded and the 
default config will be loaded and I will have to wait till the second 
puppet run (in some cases this could break a server's function), for the 
new fact to be used.

Some examples to show how I am implemented

node.pp
**snip**
node 'puppetclient2' inherits default {
$group=deb #set group for this server
include puppetgroup   #setup fact for this server
include nginx_conf #apply an nginx.conf file to server, 
I use this method for iptables, sysctl.conf and etc_hosts
}


class puppetgroup.pp   #the sourcing of the new environment variable is 
inconsistent...sometimes it works and sometimes it doesn't,
**
class puppetgroup {
   Exec { path = 
/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin
 
}
file {/etc/profile.d/puppetgroup.sh:
owner = root,
group = root,
mode  = 755,
content = export FACTER_puppetgroup=\$group\,

   }
   exec { source puppetgroup: 
subscribe   = File[/etc/profile.d/puppetgroup.sh], 
refreshonly = true, 
command = bash -c 'source /etc/profile', 
 } 
}


class nginx_conf  # Applying an nginx.conf depending on machine.
*class nginx_conf {
file { /opt/nginx/conf/nginx.conf:
source   = [
puppet:///files/classes/nginx/nginx_conf.$hostname,
puppet:///files/classes/nginx/nginx_conf.$puppetgroup,
puppet:///files/classes/nginx/nginx_conf
],
mode = 644,
checksum = md5,
replace = yes,
ensure  = present,

}
}
***

Any thoughts on how to make this approach consistently happen?  Or a new 
approach that can do the same?  Can a force a reload of the facts at the 
end of running the puppetgroup.pp class?

Many thanks for any help.

Andre









-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/YJbLelrW8RMJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Using a defined resource declared within a parameterized class?

2011-12-08 Thread Michael Cumings

I want to be able to build a parameterized class that represents each of
our major services, and then use a define within that class that will make
use of the parameters.  For example, have a class that represents a
complete application, which is a virtualenv python application.  Then use a
define within that application instance of the class to add pip installed
packages to the virtualenv created by the parameterized class.

Is this even possible?  What would be the syntax?

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Startup help puppet

2011-12-08 Thread Wiesel82

Hi all,
i started this week to install puppet. Everything runs fine in this
part.
The client is authenticated with the master and i find them if i start
the command

puppet cert --list --all

I created my first pp-files and my first module.
if test all with puppet apply it works.

I wrote a module which copy a file to a other place (/etc/puppet/
modules/test/files/test.txt to /test/test.txt).
If i test this with puppet apply the file will be copied to this
directory..

But now i would like to do this in a authenticated client.

I read that i need to create the fileserver.conf and change the url
to

source = 'puppet:///test/files/test.txt',

Firstly i test it with default node in a second test i created a
second node (fqdn) and copied the same content inside.

node default {
notice(Hallo OSMC)
include test
}
node test.vm {
notice(Hallo OSMC)
include test
}

What should i do, that the client get this file from the master?

Best regards

Wiesel

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Is puppet right for us?

2011-12-08 Thread Luke

Thanks guys.

I should have pointed out that the developers do have builds mostly
automated using ant we were just wondering we could have a solution
that we could all use to try to standardize things. So I take it that
we should probably just stick with that and perhaps look to puppet for
our server builds?

On Dec 7, 6:29 pm, Jon Davis j...@snowulf.com wrote:
On Wed, Dec 7, 2011 at 12:22, Luke lutay...@gmail.com wrote:

to automate our complex server builds

Well, that's Puppets core skill.

and web app deployments but will assist our devs with getting their builds
ready to deploy

Depends on how you deploy your webapps and your builds, it could, but it
might not be the best solution. I use puppet to run my web servers, but I
use it in more of an Apache, create websites X, Y Z fashion. Part of
that process does create all the requisite folders and setup an rsync from
the web master share to all the web servers. So, in effect puppet is
controlling it all, but really it is up to the devs to not screw up
deploying their code to the share.

. Monitoring, integration of
Tomcat, mysql etc would be nice as well since configuring nagios is a
pain.

Integrating Nagios has been done before, so you shouldn't have trouble
finding examples. But Puppet isn't going to monitor itself, of course.

Can puppet do all of these things? Does it sound right for us?

We are also considering CFengine and Chef. Would puppet be a better
fit over these two? If so why?

I think all 3 options are fairly similar (I just recently went digging for
automation tools myself, and settled on Puppet). Each one has their
strengths and weaknesses.

--
Jon
[[User:ShakataGaNai]] /
KJ6FNQhttp://snowulf.com/http://www.linkedin.com/in/shakataganaihttp://twitter.com/shakataganai

[Puppet Users] Re: Is puppet right for us?

2011-12-08 Thread Luke

Ok a better way to word this can puppet allow us to isolate down the
environment so that dev can make changes to their own environment but
not QA, Prod etc.

I am struggling with comparing these products because I don't think
any one of them really does a good job of explaining what they do or
how they go about doing it.

On Dec 8, 1:16 pm, Luke lutay...@gmail.com wrote:
Thanks guys.

On Dec 7, 6:29 pm, Jon Davis j...@snowulf.com wrote:

On Wed, Dec 7, 2011 at 12:22, Luke lutay...@gmail.com wrote:

to automate our complex server builds

Well, that's Puppets core skill.

and web app deployments but will assist our devs with getting their builds
ready to deploy

. Monitoring, integration of
Tomcat, mysql etc would be nice as well since configuring nagios is a
pain.

Integrating Nagios has been done before, so you shouldn't have trouble
finding examples. But Puppet isn't going to monitor itself, of course.

Can puppet do all of these things? Does it sound right for us?

We are also considering CFengine and Chef. Would puppet be a better
fit over these two? If so why?

I think all 3 options are fairly similar (I just recently went digging for
automation tools myself, and settled on Puppet). Each one has their
strengths and weaknesses.

--
Jon
[[User:ShakataGaNai]] /
KJ6FNQhttp://snowulf.com/http://www.linkedin.com/in/shakataganaihttp://twitter.com/shakataganai

Re: [Puppet Users] Re: Is puppet right for us?

2011-12-08 Thread Nigel Kersten

On Thu, Dec 8, 2011 at 9:29 AM, Luke lutay...@gmail.com wrote:

 Ok a better way to word this can puppet allow us to isolate down the
 environment so that dev can make changes to their own environment but
 not QA, Prod etc.


Yes. In Puppet these are called environments :)

http://docs.puppetlabs.com/guides/environment.html

The standard way of achieving your goal is to set up your master to
synchronize different branches in your version control system to different
environments, and then set up ACLs on your version control such that only
approved folks can commit to each branch.

A particularly common pattern is to have environments for dev, test and
prod, where developers can only commit to dev, and ops are responsible
for propagating changes into test and then into prod.





 I am struggling with comparing these products because I don't think
 any one of them really does a good job of explaining what they do or
 how they go about doing it.


 On Dec 8, 1:16 pm, Luke lutay...@gmail.com wrote:
  Thanks guys.
 
  I should have pointed out that the developers do have builds mostly
  automated using ant we were just wondering we could have a solution
  that we could all use to try to standardize things. So I take it that
  we should probably just stick with that and perhaps look to puppet for
  our server builds?
 
  On Dec 7, 6:29 pm, Jon Davis j...@snowulf.com wrote:
 
 
 
 
 
 
 
   On Wed, Dec 7, 2011 at 12:22, Luke lutay...@gmail.com wrote:
 
 to automate our complex server builds
 
   Well, that's Puppets core skill.
 
and web app deployments but will assist our devs with getting their
 builds
ready to deploy
 
   Depends on how you deploy your webapps and your builds, it could, but
 it
   might not be the best solution.  I use puppet to run my web servers,
 but I
   use it in more of an Apache, create websites X, Y  Z fashion. Part
 of
   that process does create all the requisite folders and setup an rsync
 from
   the web master share to all the web servers.  So, in effect puppet is
   controlling it all, but really it is up to the devs to not screw up
   deploying their code to the share.
 
. Monitoring, integration of
Tomcat, mysql etc would be nice as well since configuring nagios is a
pain.
 
   Integrating Nagios has been done before, so you shouldn't have trouble
   finding examples.  But Puppet isn't going to monitor itself, of
 course.
 
   Can puppet do all of these things? Does it sound right for us?
 
We are also considering CFengine and Chef. Would puppet be a better
fit over these two? If so why?
 
   I think all 3 options are fairly similar (I just recently went digging
 for
   automation tools myself, and settled on Puppet).  Each one has their
   strengths and weaknesses.
 
   --
   Jon
   [[User:ShakataGaNai]] / KJ6FNQhttp://
 snowulf.com/http://www.linkedin.com/in/shakataganai
 http://twitter.com/shakataganai

 --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at
 http://groups.google.com/group/puppet-users?hl=en.




-- 
Nigel Kersten
Product Manager, Puppet Labs

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Is puppet right for us?

2011-12-08 Thread Christopher Wood


On Thu, 8 Dec 2011 09:48:51 -0800, Nigel Kersten wrote:

On Thu, Dec 8, 2011 at 9:29 AM, Luke  wrote:


Ok a better way to word this can puppet allow us to isolate down

the

environment so that dev can make changes to their own environment
but
not QA, Prod etc.


Yes. In Puppet these are called environments :) 

http://docs.puppetlabs.com/guides/environment.html [10]

The standard way of achieving your goal is to set up your master to
synchronize different branches in your version control system to
different environments, and then set up ACLs on your version control
such that only approved folks can commit to each branch.

A particularly common pattern is to have environments for dev,
test and prod, where developers can only commit to dev, and ops
are responsible for propagating changes into test and then into
prod.


I'm going to wave a flag here for having different puppetmasters rather 
than different environments. This means that no matter what, we're not 
breaking the production puppetmaster if we fiddle with our puppetmaster 
module. Obviously this is cheaper for those of us blessed with large 
virtualization platforms.



I am struggling with comparing these products because I don't think
any one of them really does a good job of explaining what they do
or
how they go about doing it.

On Dec 8, 1:16 pm, Luke wrote:
 Thanks guys.

 I should have pointed out that the developers do have builds
mostly
 automated using ant we were just wondering we could have a
solution
 that we could all use to try to standardize things. So I take it
that
 we should probably just stick with that and perhaps look to
puppet for
 our server builds?

 On Dec 7, 6:29 pm, Jon Davis wrote:







  On Wed, Dec 7, 2011 at 12:22, Luke wrote:

    to automate our complex server builds

  Well, that's Puppets core skill.

   and web app deployments but will assist our devs with
getting their builds
   ready to deploy

  Depends on how you deploy your webapps and your builds, it
could, but it
  might not be the best solution.  I use puppet to run my web
servers, but I
  use it in more of an Apache, create websites X, Y  Z
fashion. Part of
  that process does create all the requisite folders and setup
an rsync from
  the web master share to all the web servers.  So, in effect
puppet is
  controlling it all, but really it is up to the devs to not
screw up
  deploying their code to the share.

   . Monitoring, integration of
   Tomcat, mysql etc would be nice as well since configuring
nagios is a
   pain.

  Integrating Nagios has been done before, so you shouldn't have
trouble
  finding examples.  But Puppet isn't going to monitor
itself, of course.

  Can puppet do all of these things? Does it sound right for us?

   We are also considering CFengine and Chef. Would puppet be a
better
   fit over these two? If so why?

  I think all 3 options are fairly similar (I just recently went
digging for
  automation tools myself, and settled on Puppet).  Each one
has their
  strengths and weaknesses.

  --
  Jon
  [[User:ShakataGaNai]] /
KJ6FNQhttp://snowulf.com/http://www.linkedin.com/in/shakataganai

[4]


--
You received this message because you are subscribed to the Google
Groups Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com
[6].
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com [7].
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en [8].


--
Nigel Kersten
Product Manager, Puppet Labs

 --
 You received this message because you are subscribed to the Google
Groups Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.


Links:
--
[1] mailto:lutay...@gmail.com
[2] mailto:j...@snowulf.com
[3] mailto:lutay...@gmail.com
[4] http://snowulf.com/http://www.linkedin.com/in/shakataganai
[5] http://twitter.com/shakataganai
[6] mailto:puppet-users@googlegroups.com
[7] mailto:puppet-users%2bunsubscr...@googlegroups.com
[8] http://groups.google.com/group/puppet-users?hl=en
[9] mailto:lutay...@gmail.com
[10] http://docs.puppetlabs.com/guides/environment.html


--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Startup help puppet

2011-12-08 Thread Mohamed Lrhazi

On the client, run puppet agent --test --trace --debug
That would show you what the puppet client is doing

If you still have problems:

in include test what is test? a module?  show the full content of it.

I personally use modules for everything and I always have the files
distributed at the module level, like:

source  = puppet:///modules/gu_auth/foo.ext,

where gu_auth is the name of a module.


Thanks,
Mohamed,

On Thu, Dec 8, 2011 at 5:45 AM, Wiesel82 wiese...@gmx.ch wrote:
 Hi all,
 i started this week to install puppet. Everything runs fine in this
 part.
 The client is authenticated with the master and i find them if i start
 the command

 puppet cert --list --all

 I created my first pp-files and my first module.
 if test all with puppet apply it works.

 I wrote a module which copy a file to a other place (/etc/puppet/
 modules/test/files/test.txt to /test/test.txt).
 If i test this with puppet apply the file will be copied to this
 directory..

 But now i would like to do this in a authenticated client.

 I read that i need to create the fileserver.conf and change the url
 to

 source = 'puppet:///test/files/test.txt',

 Firstly i test it with default node in a second test i created a
 second node (fqdn) and copied the same content inside.

 node default {
    notice(Hallo OSMC)
        include test
 }
 node test.vm {
    notice(Hallo OSMC)
        include test
 }

 What should i do, that the client get this file from the master?

 Best regards

 Wiesel

 --
 You received this message because you are subscribed to the Google Groups 
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to 
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at 
 http://groups.google.com/group/puppet-users?hl=en.


-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Is puppet right for us?

2011-12-08 Thread Luke

Thank you for the reply.

I am having difficulty choosing between CFengine, Chef and puppet.
Which one would suit us the best as a small web app startup with heavy
reliance on mysql/tomcat/nagios.We are entirely virtualized with ESX,
want to be scalable and want a product that would work well in the
cloud if we ended up making the transition.  I mean would we fit into
the typical user base of puppet as opposed to those of CFengine/Chef.
Can you tell me what features of Puppet out do those in CFengine/
Puppet?

On Dec 8, 1:48 pm, Nigel Kersten ni...@puppetlabs.com wrote:
 On Thu, Dec 8, 2011 at 9:29 AM, Luke lutay...@gmail.com wrote:
  Ok a better way to word this can puppet allow us to isolate down the
  environment so that dev can make changes to their own environment but
  not QA, Prod etc.

 Yes. In Puppet these are called environments :)

 http://docs.puppetlabs.com/guides/environment.html

 The standard way of achieving your goal is to set up your master to
 synchronize different branches in your version control system to different
 environments, and then set up ACLs on your version control such that only
 approved folks can commit to each branch.

 A particularly common pattern is to have environments for dev, test and
 prod, where developers can only commit to dev, and ops are responsible
 for propagating changes into test and then into prod.











  I am struggling with comparing these products because I don't think
  any one of them really does a good job of explaining what they do or
  how they go about doing it.

  On Dec 8, 1:16 pm, Luke lutay...@gmail.com wrote:
   Thanks guys.

   I should have pointed out that the developers do have builds mostly
   automated using ant we were just wondering we could have a solution
   that we could all use to try to standardize things. So I take it that
   we should probably just stick with that and perhaps look to puppet for
   our server builds?

   On Dec 7, 6:29 pm, Jon Davis j...@snowulf.com wrote:

On Wed, Dec 7, 2011 at 12:22, Luke lutay...@gmail.com wrote:

  to automate our complex server builds

Well, that's Puppets core skill.

 and web app deployments but will assist our devs with getting their
  builds
 ready to deploy

Depends on how you deploy your webapps and your builds, it could, but
  it
might not be the best solution.  I use puppet to run my web servers,
  but I
use it in more of an Apache, create websites X, Y  Z fashion. Part
  of
that process does create all the requisite folders and setup an rsync
  from
the web master share to all the web servers.  So, in effect puppet is
controlling it all, but really it is up to the devs to not screw up
deploying their code to the share.

 . Monitoring, integration of
 Tomcat, mysql etc would be nice as well since configuring nagios is a
 pain.

Integrating Nagios has been done before, so you shouldn't have trouble
finding examples.  But Puppet isn't going to monitor itself, of
  course.

Can puppet do all of these things? Does it sound right for us?

 We are also considering CFengine and Chef. Would puppet be a better
 fit over these two? If so why?

I think all 3 options are fairly similar (I just recently went digging
  for
automation tools myself, and settled on Puppet).  Each one has their
strengths and weaknesses.

--
Jon
[[User:ShakataGaNai]] / KJ6FNQhttp://
  snowulf.com/http://www.linkedin.com/in/shakataganai
 http://twitter.com/shakataganai

  --
  You received this message because you are subscribed to the Google Groups
  Puppet Users group.
  To post to this group, send email to puppet-users@googlegroups.com.
  To unsubscribe from this group, send email to
  puppet-users+unsubscr...@googlegroups.com.
  For more options, visit this group at
 http://groups.google.com/group/puppet-users?hl=en.

 --
 Nigel Kersten
 Product Manager, Puppet Labs

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Is puppet right for us?

2011-12-08 Thread Daniel Pittman

On Thu, Dec 8, 2011 at 10:36, Luke lutay...@gmail.com wrote:

 I am having difficulty choosing between CFengine, Chef and puppet.
 Which one would suit us the best as a small web app startup with heavy
 reliance on mysql/tomcat/nagios.We are entirely virtualized with ESX,
 want to be scalable and want a product that would work well in the
 cloud if we ended up making the transition.  I mean would we fit into
 the typical user base of puppet as opposed to those of CFengine/Chef.

Would you fit into the typical user base of Puppet, CFEngine, or Chef?
 Yes - for all of them.  None of those products are inappropriate at
your scale, or for the purposes you have named.

 Can you tell me what features of Puppet out do those in CFengine/Puppet?

If you are looking for the one killer feature you probably have the
wrong approach to the problem: what you are describing as your problem
space is a pretty simple deployment scenario, and any of the three
tools should do a fine job managing it.

Unless there is some unique point in your environment, or in your
needs, that you can articulate then you can't find a single feature
check-box to let you decide between the three.

Instead, I suggest you focus on your ability to learn the concrete use
of the tool, and on how effectively you can solve problems with them;
doing a small trial of each - solve the same mid-sized problem three
times, giving each a day or two - and see what you think works best
for your company and culture.

There is no silver bullet.

Daniel
-- 
⎋ Puppet Labs Developer – http://puppetlabs.com
♲ Made with 100 percent post-consumer electrons

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] how to link items together -- all happen together?

2011-12-08 Thread Jo Rhett

I've found some problems due to the extremely random ordering puppet does.  It 
is necessary for some of these items to all happen together, with no other 
random resources executed in between.  Is there some way to arrange this with 
puppet?

-- 
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source and other 
randomness

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Class name clashes

2011-12-08 Thread Gonzalo Servat

Hi All,

I have a module called openvpn which lives in
/etc/puppet/modules/openvpn/. It just sets up generic OpenVPN stuff. I then
set-up another class called s_jumpbox::openvpn, which lives in
/etc/puppet/services/s_jumpbox/manifests/openvpn.pp.

Inside this latter class, I did an include openvpn and for several
resources, I set it to:

require = Class[openvpn]

This confused Puppet, as it created a dependency on itself thinking I was
referring to s_jumpbox::openvpn, which is not the case.

Is this how it's supposed to work?

Regards
Gonzalo

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Class name clashes

2011-12-08 Thread Adam Gibbins

On 7 December 2011 23:09, Gonzalo Servat gser...@gmail.com wrote:

 Hi All,

 I have a module called openvpn which lives in
 /etc/puppet/modules/openvpn/. It just sets up generic OpenVPN stuff. I then
 set-up another class called s_jumpbox::openvpn, which lives in
 /etc/puppet/services/s_jumpbox/manifests/openvpn.pp.

 Inside this latter class, I did an include openvpn and for several
 resources, I set it to:

 require = Class[openvpn]

 This confused Puppet, as it created a dependency on itself thinking I was
 referring to s_jumpbox::openvpn, which is not the case.

 Is this how it's supposed to work?

 Regards
 Gonzalo

 Pretty sure I've done this before and haven't had it do that.
Could you try specifying the namespace?  e.g. ::openvpn

What puppet version are you running?

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] how to link items together -- all happen together?

2011-12-08 Thread Jacob Helwig

On 2011-12-08 11:07 , Jo Rhett wrote:
 I've found some problems due to the extremely random ordering puppet
 does.  It is necessary for some of these items to all happen together,
 with no other random resources executed in between.  Is there some way
 to arrange this with puppet?
 
 -- 
 Jo Rhett
 Net Consonance : consonant endings by net philanthropy, open source and
 other randomness
 

Have you tried specifying the dependencies between your resources?

package { 'foo':
  ensure = installed,
}

file { '/etc/foo.conf':
  ensure = file,
  source = 'puppet:///module/foo/foo.conf',
  require = Package['foo'],
}

service { 'foo':
  ensure = running,
  subscribe = File['/etc/foo/foo.conf'], Package['foo'],
}

Both subscribe and require will setup ordering between resources.

-- 
Jacob Helwig
http://technosorcery.net/about/me



signature.asc
Description: OpenPGP digital signature

Re: [Puppet Users] Re: Is puppet right for us?

2011-12-08 Thread Jeffrey Watts

I should also add that a very important consideration is to take in mind
_who_ will be working with this.  Are they developers, sysadmins, QA?  Will
the people working on it be spending a lot of time with
Puppet/Chef/CFengine, or just a little?  Are you planning on writing a
bunch of custom modules, or relying on the community?  What languages does
your team work on primarily?  For example, folks that work with Ruby a lot
would probably do better with Puppet and Chef.

As a sysadmin, I often see developers get distracted by arguments about
what's best or the most technically advanced.  Often they forget that in
the end the real answer is often which tool gets the job done the quickest,
with the least amount of labor, and is the most supportable.

Jeffrey.

On Thu, Dec 8, 2011 at 12:44 PM, Daniel Pittman dan...@puppetlabs.comwrote:


 Instead, I suggest you focus on your ability to learn the concrete use
 of the tool, and on how effectively you can solve problems with them;
 doing a small trial of each - solve the same mid-sized problem three
 times, giving each a day or two - and see what you think works best
 for your company and culture.

 There is no silver bullet.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Using array's in Puppet (in combination with Augeas).

2011-12-08 Thread Felix Frank


On 12/02/11 13:29, Adrian van Dongen wrote:

So now I am kind of stuck. I could write a separate define for the up
rules but I would rather have this within the define for interfaces.


No, that's how you generally do it.

Make a defined type that does the required augeas to add an 'up' rule, 
then have your interfaces define make one of those 'up' resources per 
array element.


Sorry For The Inconvenience ;-)

Cheers,
Felix

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Is puppet right for us?

2011-12-08 Thread Luke

This tool will be used by primarily system admins to automate server
builds app installs, configurations etc. The devs will use it in their
own environment to help automate some of their tasks. I don't think we
have too much Ruby expertise since we are mostly a Java shop.

In terms of performance I have read that CFengine uses much less
memory and can be faster than puppet. Can anyone comment on the agent
and server memory usage? I have read that the puppet agent can use
85mb and the server upwards to 1GB after 20-30agents. Is that
accurate?

I guess which tool would you consider to be the quickest, easy to
implement etc? From what I am seeing the community here seems to be
much more active than the others. I have yet to get a response on the
other forums.

On Dec 8, 4:39 pm, Jeffrey Watts jeffrey.w.wa...@gmail.com wrote:
 I should also add that a very important consideration is to take in mind
 _who_ will be working with this.  Are they developers, sysadmins, QA?  Will
 the people working on it be spending a lot of time with
 Puppet/Chef/CFengine, or just a little?  Are you planning on writing a
 bunch of custom modules, or relying on the community?  What languages does
 your team work on primarily?  For example, folks that work with Ruby a lot
 would probably do better with Puppet and Chef.

 As a sysadmin, I often see developers get distracted by arguments about
 what's best or the most technically advanced.  Often they forget that in
 the end the real answer is often which tool gets the job done the quickest,
 with the least amount of labor, and is the most supportable.

 Jeffrey.

 On Thu, Dec 8, 2011 at 12:44 PM, Daniel Pittman dan...@puppetlabs.comwrote:









  Instead, I suggest you focus on your ability to learn the concrete use
  of the tool, and on how effectively you can solve problems with them;
  doing a small trial of each - solve the same mid-sized problem three
  times, giving each a day or two - and see what you think works best
  for your company and culture.

  There is no silver bullet.

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Is puppet right for us?

2011-12-08 Thread Daniel Pittman

On Thu, Dec 8, 2011 at 12:59, Luke lutay...@gmail.com wrote:

 This tool will be used by primarily system admins to automate server
 builds app installs, configurations etc. The devs will use it in their
 own environment to help automate some of their tasks. I don't think we
 have too much Ruby expertise since we are mostly a Java shop.

On that front, CFEngine or Puppet are probably nicer than Chef, since
they have a less demanding new language to learn.  OTOH, if you want
to pick up Ruby skills Chef will force you to deal with that more
directly.

 In terms of performance I have read that CFengine uses much less
 memory and can be faster than puppet. Can anyone comment on the agent
 and server memory usage? I have read that the puppet agent can use
 85mb and the server upwards to 1GB after 20-30agents. Is that
 accurate?

The server is between 80 and 100MB for each concurrent compiler
instance; you can work out the system load based on the degree of
concurrency you want.  (eg: 24 agents, each checking in once a day,
you need one concurrent instance, and ~ 100MB.  It scales from there
the obvious, and linear, way.)

 I guess which tool would you consider to be the quickest, easy to
 implement etc? From what I am seeing the community here seems to be
 much more active than the others. I have yet to get a response on the
 other forums.

That is a very, very hard question to answer, because it depends on your team.

Would you get started quicker with something that gave you very few
tools, or lots of them?  With a simple language, or a full blown
programming language?  With a declarative, procedural, or
dependency-driven input language?  With high or low levels of
abstraction?

I would certainly say that community, published books, and Internet
posts talking about the tool significantly influence the ease of
getting started.  Everyone gets stuck, and being able to get answers
makes a huge difference there.

If you have a local expert, whatever they know is totally the best
choice - you get much higher bandwidth on answers, and can learn from
the mistakes someone else made. ;)

Daniel
-- 
⎋ Puppet Labs Developer – http://puppetlabs.com
♲ Made with 100 percent post-consumer electrons

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Class name clashes

2011-12-08 Thread Gonzalo Servat

On Fri, Dec 9, 2011 at 6:50 AM, Adam Gibbins a...@adamgibbins.com wrote:

 On 7 December 2011 23:09, Gonzalo Servat gser...@gmail.com wrote:

 Is this how it's supposed to work?

 Pretty sure I've done this before and haven't had it do that.
 Could you try specifying the namespace?  e.g. ::openvpn


As in Class[::openvpn] ? Tried this but Puppet didn't like it. Everything
started working as soon as I renamed the second OpenVPN class to
s_jumpbox::ovpn, but I don't understand why they clash!


 What puppet version are you running?


2.7.6

- Gonzalo

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: how to link items together -- all happen together?

2011-12-08 Thread Marc DiBlasi

It sounds like he wants to not only assue that foo happens before bar,
but that nothing happens between foo and bar. I think the only way to
ensure that is to use stages, and have a separate stage for the two
items that need to be executed together.

On Dec 8, 1:58 pm, Jacob Helwig ja...@puppetlabs.com wrote:
 On 2011-12-08 11:07 , Jo Rhett wrote:

  I've found some problems due to the extremely random ordering puppet
  does.  It is necessary for some of these items to all happen together,
  with no other random resources executed in between.  Is there some way
  to arrange this with puppet?

  --
  Jo Rhett
  Net Consonance : consonant endings by net philanthropy, open source and
  other randomness

 Have you tried specifying the dependencies between your resources?

 package { 'foo':
   ensure = installed,

 }

 file { '/etc/foo.conf':
   ensure = file,
   source = 'puppet:///module/foo/foo.conf',
   require = Package['foo'],

 }

 service { 'foo':
   ensure = running,
   subscribe = File['/etc/foo/foo.conf'], Package['foo'],

 }

 Both subscribe and require will setup ordering between resources.

 --
 Jacob Helwighttp://technosorcery.net/about/me

  signature.asc
  1KViewDownload

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: how to link items together -- all happen together?

2011-12-08 Thread jcbollinger



On Dec 8, 1:07 pm, Jo Rhett jrh...@netconsonance.com wrote:
 I've found some problems due to the extremely random ordering puppet does.  
 It is necessary for some of these items to all happen together, with no other 
 random resources executed in between.


That's rather unusual.  I'll discuss in a minute how you might address
this requirement, but are you sure you really need to do so?  Would
you care to satisfy my curiosity as to why?  Are you also going to
have a problem if some other process (that is, not the Puppet agent)
does any work between?


  Is there some way to arrange this with puppet?


Puppet's resource model assumes that each resource is atomic.  If
multiple resources really must all be applied one after another, with
no others in between, then they oughtn't really to be modeled as
separate resources.  Rather, they are a single composite resource, and
the right way to handle the situation is therefore to write a custom
type (and provider) to handle the situation.

There is also a quick and dirty solution: use run stages.  Assign all
the resources that need to be applied consecutively to one run stage,
and make sure no others are assigned to it.  Or, if you cannot exclude
all other resources (since run stages work at class granularity) then
use explicit resource relationships to push other resources before or
behind the group as needed.  Be warned: doing this is likely to cause
you continuing grief with dependency cycles, even with classes not
unrelated to your resource group.  Also be aware that run stages are
an entry point to several of the problems attending use of
parameterized classes, even if the classes involved are not explicitly
parameterized.

In principle, you could also do this with ordinary resource
relationships.  That would keep you away from parameterized class
syntax, but it would be horendously messy.  I cannot possibly
recommend it except maybe if you have some kind of code generator
writing your manifests for you.


John

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] MCollective discovery - we did not discover any nodes

2011-12-08 Thread Yaakov Nemoy

If you're looking for monitoring tips, one thing we do is run an 'mco
find' on our entire network. A nagios page goes out if the count ('wc
-l') drops below a threshold.

-Yaakov

On Thu, Dec 8, 2011 at 06:50, Jens Braeuer jens.brae...@numberfour.eu wrote:
 Hi everyone,

 thank R.I.P. for the pointers. I already planed to add more monitoring to 
 ActiveMQ, so I'll take this as a chance. I
 dont think Amazon network settings are the root cause in my case, as I have 
 registration agent enabled on all machines.
 This should keep the connection busy.

 I filed a bug regarding the exit-code. Is there any chance the fix will make 
 it in 1.2.2?

 Thanks,
 Jens

 --
 Jens Bräuer
 Senior Systems Engineer
 Dipl. Inf.
 NumberFour AG
 Schönhauser Allee 8
 10119 Berlin
 Germany
 Mobile: +49 175 221 88 34
 Phone: +49 30 40505411
 Fax: +49 30 40505410
 j...@numberfour.eu

 numberfour.eu
 facebook.com/NumberFour
 twitter.com/numberfourag

 --
 You received this message because you are subscribed to the Google Groups 
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to 
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at 
 http://groups.google.com/group/puppet-users?hl=en.


-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Class name clashes

2011-12-08 Thread jcbollinger



On Dec 8, 3:36 pm, Gonzalo Servat gser...@gmail.com wrote:
 On Fri, Dec 9, 2011 at 6:50 AM, Adam Gibbins a...@adamgibbins.com wrote:
  On 7 December 2011 23:09, Gonzalo Servat gser...@gmail.com wrote:

  Is this how it's supposed to work?

  Pretty sure I've done this before and haven't had it do that.
  Could you try specifying the namespace?  e.g. ::openvpn

 As in Class[::openvpn] ? Tried this but Puppet didn't like it.


I would file a bug report about that.  It was supposed to be valid,
last I knew, and it is anyway necessary for resolving ambiguities such
as yours.


 Everything
 started working as soon as I renamed the second OpenVPN class to
 s_jumpbox::ovpn, but I don't understand why they clash!


Puppet supports refering to classes by relative name, where (IIRC)
that name can be relative to any enclosing namespace.  My recollection
is more uncertain on this, but I think Puppet searches namespaces from
the innermost enclosing one to the outermost (certainly that's
consistent with your observation).  Supposing I've got that right,
then, here's how the name resolution went for you:

1) look for class openvpn in namespace ::s_jumpbox::openvpn
(i.e. ::s_jumpbox::openvpn::openvpn) [not found]
2) look for class openvpn in namespace ::s_jumpbox
(i.e. ::s_jumpbox::openvpn) [we have a winner]

Not reached:
3) look for class openvpn in namespace :: (i.e. ::openvpn)


John

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Error 400 on SERVER: Could not write /var/lib/puppet/ssl/ca/requests/node13.pem

2011-12-08 Thread Denmat

Hi,
I think the error is self explanatory. What are the perms on the directory?

The simplest thing here is to remove /var/lib/puppet/ssl and let it be 
recreated.

Cheers,
Den

On 09/12/2011, at 3:33, Utoplenick arifulovre...@gmail.com wrote:

 If anybody knows? plese tell me what is a reason of this problem, i`m
 novice with puppet and sorry for my english=)
 have error on client:
 [root@node13 ~]# [root@node13 ~]# puppet agent --server=head02 --test
 
 warning: peer certificate won't be verified in this SSL session
 warning: peer certificate won't be verified in this SSL session
 info: Creating a new SSL certificate request for node13
 info: Certificate Request fingerprint (md5): 74:5D:F2:AA:
 9C:DC:F5:E3:2D:FE:B7:6B:A0:35:67:11
 warning: peer certificate won't be verified in this SSL session
 err: Could not request certificate: Error 400 on SERVER: Could not
 write /var/lib/puppet/ssl/ca/requests/node13.pem to csrdir: Could not
 find a default provider for user
 Exiting; failed to retrieve certificate and waitforcert is disabled
 
 here is the outpupt for the same command with --debug option:
 
 debug: Failed to load library 'rubygems' for feature 'rubygems'
 debug: Puppet::Type::User::ProviderPw: file pw does not exist
 debug: Puppet::Type::User::ProviderUser_role_add: file roleadd does
 not exist
 debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/
 dscl does not exist
 debug: Puppet::Type::User::ProviderLdap: true value when expecting
 false
 debug: Puppet::Type::File::ProviderMicrosoft_windows: feature
 microsoft_windows is missing
 debug: /File[/var/lib/puppet/client_data]/seluser: Found seluser
 default 'system_u' for /var/lib/puppet/client_data
 debug: /File[/var/lib/puppet/client_data]/selrole: Found selrole
 default 'object_r' for /var/lib/puppet/client_data
 debug: /File[/var/lib/puppet/client_data]/seltype: Found seltype
 default 'puppet_var_lib_t' for /var/lib/puppet/client_data
 debug: /File[/var/lib/puppet/client_data]/selrange: Found selrange
 default 's0' for /var/lib/puppet/client_data
 debug: /File[/var/lib/puppet/ssl/private_keys]/seluser: Found seluser
 default 'system_u' for /var/lib/puppet/ssl/private_keys
 debug: /File[/var/lib/puppet/ssl/private_keys]/selrole: Found selrole
 default 'object_r' for /var/lib/puppet/ssl/private_keys
 debug: /File[/var/lib/puppet/ssl/private_keys]/seltype: Found seltype
 default 'puppet_var_lib_t' for /var/lib/puppet/ssl/private_keys
 debug: /File[/var/lib/puppet/ssl/private_keys]/selrange: Found
 selrange default 's0' for /var/lib/puppet/ssl/private_keys
 debug: /File[/var/run/puppet]/seluser: Found seluser default
 'system_u' for /var/run/puppet
 debug: /File[/var/run/puppet]/selrole: Found selrole default
 'object_r' for /var/run/puppet
 debug: /File[/var/run/puppet]/seltype: Found seltype default
 'puppet_var_run_t' for /var/run/puppet
 debug: /File[/var/run/puppet]/selrange: Found selrange default 's0'
 for /var/run/puppet
 debug: /File[/var/run/puppet/agent.pid]/seluser: Found seluser default
 'system_u' for /var/run/puppet/agent.pid
 debug: /File[/var/run/puppet/agent.pid]/selrole: Found selrole default
 'object_r' for /var/run/puppet/agent.pid
 debug: /File[/var/run/puppet/agent.pid]/seltype: Found seltype default
 'puppet_var_run_t' for /var/run/puppet/agent.pid
 debug: /File[/var/run/puppet/agent.pid]/selrange: Found selrange
 default 's0' for /var/run/puppet/agent.pid
 debug: /File[/var/lib/puppet/ssl/public_keys/node13.pem]/seluser:
 Found seluser default 'system_u' for /var/lib/puppet/ssl/public_keys/
 node13.pem
 debug: /File[/var/lib/puppet/ssl/public_keys/node13.pem]/selrole:
 Found selrole default 'object_r' for /var/lib/puppet/ssl/public_keys/
 node13.pem
 debug: /File[/var/lib/puppet/ssl/public_keys/node13.pem]/seltype:
 Found seltype default 'puppet_var_lib_t' for /var/lib/puppet/ssl/
 public_keys/node13.pem
 debug: /File[/var/lib/puppet/ssl/public_keys/node13.pem]/selrange:
 Found selrange default 's0' for /var/lib/puppet/ssl/public_keys/
 node13.pem
 debug: /File[/var/lib/puppet/facts]/seluser: Found seluser default
 'system_u' for /var/lib/puppet/facts
 debug: /File[/var/lib/puppet/facts]/selrole: Found selrole default
 'object_r' for /var/lib/puppet/facts
 debug: /File[/var/lib/puppet/facts]/seltype: Found seltype default
 'puppet_var_lib_t' for /var/lib/puppet/facts
 debug: /File[/var/lib/puppet/facts]/selrange: Found selrange default
 's0' for /var/lib/puppet/facts
 debug: /File[/var/lib/puppet/state]/seluser: Found seluser default
 'system_u' for /var/lib/puppet/state
 debug: /File[/var/lib/puppet/state]/selrole: Found selrole default
 'object_r' for /var/lib/puppet/state
 debug: /File[/var/lib/puppet/state]/seltype: Found seltype default
 'puppet_var_lib_t' for /var/lib/puppet/state
 debug: /File[/var/lib/puppet/state]/selrange: Found selrange default
 's0' for /var/lib/puppet/state
 debug: /File[/var/lib/puppet/state/graphs]/seluser: Found seluser
 default 'system_u' for /var/lib/puppet/state/graphs

[Puppet Users] Re: Using a defined resource declared within a parameterized class?

2011-12-08 Thread jcbollinger



On Dec 7, 3:17 pm, Michael Cumings mcumi...@narrativescience.com
wrote:
 I want to be able to build a parameterized class that represents each of
 our major services, and then use a define within that class that will make
 use of the parameters.  For example, have a class that represents a
 complete application, which is a virtualenv python application.  Then use a
 define within that application instance of the class to add pip installed
 packages to the virtualenv created by the parameterized class.

 Is this even possible?  What would be the syntax?


I'm not sure whether that's possible, but in any event it's not
necessary.  The class can always forward any of its own parameters to
a definition instance via its parameters, and the definition can
access the class's variables (including, I think, its parameters) by
their qualified names.  I recommend you separate the class and
definition, and use those tools to provide data to definition
instances.  It will be a lot clearer.

If you want to try what you described, however, then the syntax would
be something like this (might not work):

class example::foo ($p, $q) {

  # the definition:
  define bar ($r) {
# using a definition parameter:
notice { example-${r}:
  # using a class parameter:
  message = ${q}
}
# ...
  }

  # instantiate of the definition
  example::foo::bar {
'baz':  r = $p
  }
}


I have no idea whether you could successfully instantiate the
definition from outside the class (making it function as a closure),
but if so then you would need to be sure to declare the class first.
Afterward, if it's possible to do this at all then the same
instantiation syntax I show above will work outside the class.


John

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Any way to have exclusive classes?

2011-12-08 Thread Len Rugen

I have a group of classes (about 6 now) that I want to allow a host to use
none or at most one of them.  This just a guard rail for admins.  :-)

Basically like this:

base
base::opt1
base::opt2
...
base::opt6

base is default to all nodes.

We use Puppet and Foreman :-)

Thanks

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] problem with fund service

2011-12-08 Thread David Alden

Hi,
  I wrote a small func module that installs and configures func.  The problem 
I'm having is that the service type isn't properly starting the service.  I 
have the following:

class func::service {

  Service {
enable = true,
ensure = running,
hasrestart = true,
hasstatus = true,
require = Class[func::config]
  }

  service {
funcd: ;
  }
}


If funcd isn't running, puppet doesn't start it.  I checked the funcd service 
script and it looks correct (if you do service funcd status it returns funcd 
is not running and the exit status is 3).  Any ideas?

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Announce: Puppet 2.7.8 Available

2011-12-08 Thread Matthaus Litteken

Puppet 2.7.8 is available. 2.7.8 contains everything that was
being previewed in the 2.7.7rc series as well as some new content.

Key highlight in this release (beyond items from 2.7.7rc series) are:
  * Allow providers to be selected in the run they become suitable
  * Showdiff is now not auto-enabled when running in noop mode
  * Provide default subjectAltNames while bootstrapping master
(defaulting to puppet and puppet.domain)
  *  Allow optional trailing comma in argument lists.
  * Output 4-digit file modes in File type


Release Notes for 2.7.8 series --
https://projects.puppetlabs.com/projects/puppet/wiki/Release_Notes

This release is available for download at:
http://downloads.puppetlabs.com/puppet/

See the Verifying Puppet Download section at:
http://projects.puppetlabs.com/projects/puppet/wiki/Downloading_Puppet

Please report feedback via the Puppet Labs Redmine site, using an affected
version of 2.7.8
 http://projects.puppetlabs.com/projects/puppet

Documentation is available at: http://docs.puppetlabs.com/index.html




# 2.7.8
===

##10739 Provide default subjectAltNames while bootstrapping master

   Prior to #2848 (CVE-2011-3872), if Puppet[:certdnsnames] was not set,
   puppet would add default subjectAltNames to any non-CA cert it signed,
   including agent certs. The subjectAltNames were of the form:

 DNS:puppet, DNS:fqdn, DNS:puppet.domain

   The fix for #2848, prevented subjectAltNames from ever being
   implicitly added at signing time. But during this change, the default
   subjectAltNames behavior was accidentally removed.

   This commit restores the 'defaulting' behavior that existed
   previously, but only when bootstrapping the initial master.
   Additionally, default subjectAltNames are only ever added when
   generating the master's certificate signing request, not at signing
   time. This is important, because it ensures all subjectAltNames
   originate from the CSR and are subject to our internal signing policy.

   The code now requires that all of the following be true in order to
   add default subjectAltNames to the CSR:

1. We are a CA and master
2. We're signing the master's cert, not self-signing the CA
3. The CSR is for the current host
4. No subjectAltNames have been specified, e.g. Puppet[:dns_alt_names]
5. The master can resolve its fqdn

   These should only ever be true when bootstrapping the initial
   master. In particular, it should never be true for the CA's
   self-signed cert, for remote agents, or for servers that are either
   masters or CAs, but not both.

   The fqdn requirement existed previously, and so the same behavior has
   been restored.

   Note if Puppet[:dns_alt_names] are specified when bootstrapping the
   master, then we do not merge the default options -- it's either one of
   the other, but not both.


#2744 Don't automatically enable show_diff in noop mode

   As of 845825a, file diffs are now logged, rather than printed to
   console. Because log messages may be stored and more broadly readable,
   we no longer implicitly set show_diff in noop mode.



##6907 Allow providers to be selected in the run they become suitable

   Previously, if a resource did not specify its provider, it would be assigned
   the most appropriate suitable provider (typically the default).
If no provider
   was suitable, the run would fail before it even began.  This meant that a
   provider which was going to have its requirements delivered during the run
   could not be used in that run.

   In the case that an unsuitable provider was explicitly specified, this would
   only work in certain conditions. Suitability was lazily checked, which meant
   the resources installing the provider had to come before the resources using
   it. If this weren't true (because the dependencies weren't specified), those
   resources would still fail.

   Now, we will instead *wait* for the provider to become suitable.
Similarly, if
   no provider is specified, we wait for a suitable provider to
become available.

   We accomplish this by deferring unsuitable resources when they are
encountered.
   Once we are out of suitable resources, we re-enqueue our
previously-unsuitable
   resources and check them again. If some are now suitable, we
evaluate them as
   normally, deferring the rest. If all our deferred resources are
still deferred,
   they all fail, and we continue on with their dependents (which will all be
   marked as skipped due to failed dependencies).

   This allows providers to be used in the same run as resources using them,
   without needing to specify any dependencies between resources using the
   provider and resources installing the provider. Naturally, if the resources
   installing the provider depend on resources using the provider,
the run cannot
   succeed.

   Previously, if we chose to use an unsuitable provider, we would not
   prefetch it because it wasn't suitable at the beginning of the run. Now,
   we lazily

Re: [Puppet Users] Re: Is puppet right for us?

2011-12-08 Thread Jeffrey Watts

I've found Puppet to be unreliable running as a daemon - I suspect due to older 
versions of ruby floating around. So I switched to running it from cron, and it 
works a lot better. Memory usage doesn't seem to be an issue, and the agent 
only runs for a few seconds.  Use Puppet Dasboard (or something like it) and/or 
use Nagios to make sure those cron jobs run.   I use both. 

The main thing is to have Puppet managing itself and the cron job. I have ours 
set up to run the cron job twice an hour, using the concatenated IP address 
modulo 30 and modulo 30 + 30 as the times (to keep the clients from hammering 
the Puppetmaster all at once).  Let me know if you go with Puppet and I'll show 
you how I did it.

Part of the reason we chose Puppet was the quantity of documentation and 
working examples and the helpfulness of the community. I support (and 
implement) our Puppet environment here at my job. I would highly recommend Mr 
Turnbull's Pro Puppet book. It is VERY sysadmin focused and will save you a lot 
of time.  The sections on environments, modules, and Dashboard were really 
helpful.

Jeffrey
Sent from my iPad

On Dec 8, 2011, at 2:59 PM, Luke lutay...@gmail.com wrote:

 This tool will be used by primarily system admins to automate server
 builds app installs, configurations etc. The devs will use it in their
 own environment to help automate some of their tasks. I don't think we
 have too much Ruby expertise since we are mostly a Java shop.
 
 In terms of performance I have read that CFengine uses much less
 memory and can be faster than puppet. Can anyone comment on the agent
 and server memory usage? I have read that the puppet agent can use
 85mb and the server upwards to 1GB after 20-30agents. Is that
 accurate?
 
 I guess which tool would you consider to be the quickest, easy to
 implement etc? From what I am seeing the community here seems to be
 much more active than the others. I have yet to get a response on the
 other forums.
 
 On Dec 8, 4:39 pm, Jeffrey Watts jeffrey.w.wa...@gmail.com wrote:
 I should also add that a very important consideration is to take in mind
 _who_ will be working with this.  Are they developers, sysadmins, QA?  Will
 the people working on it be spending a lot of time with
 Puppet/Chef/CFengine, or just a little?  Are you planning on writing a
 bunch of custom modules, or relying on the community?  What languages does
 your team work on primarily?  For example, folks that work with Ruby a lot
 would probably do better with Puppet and Chef.
 
 As a sysadmin, I often see developers get distracted by arguments about
 what's best or the most technically advanced.  Often they forget that in
 the end the real answer is often which tool gets the job done the quickest,
 with the least amount of labor, and is the most supportable.
 
 Jeffrey.
 
 On Thu, Dec 8, 2011 at 12:44 PM, Daniel Pittman dan...@puppetlabs.comwrote:
 
 
 
 
 
 
 
 
 
 Instead, I suggest you focus on your ability to learn the concrete use
 of the tool, and on how effectively you can solve problems with them;
 doing a small trial of each - solve the same mid-sized problem three
 times, giving each a day or two - and see what you think works best
 for your company and culture.
 
 There is no silver bullet.
 
 -- 
 You received this message because you are subscribed to the Google Groups 
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to 
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at 
 http://groups.google.com/group/puppet-users?hl=en.
 

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Is puppet right for us?

2011-12-08 Thread Brian Gallew

Let me emphasize the beauty of running Puppet out of cron.  Not only do you
not end up with resource leaks (or just simple consumption when you don't
need it), but you also get much more reliable load on your puppet masters.
 Further, if you are wiling to make a trivial effort to write a
site-specific fqdn_rand() work-alike function, you can even arrange to be
sure that updates roll across related servers in a reliable way.

On Thu, Dec 8, 2011 at 6:08 PM, Jeffrey Watts jeffrey.w.wa...@gmail.comwrote:

 I've found Puppet to be unreliable running as a daemon - I suspect due to
 older versions of ruby floating around. So I switched to running it from
 cron, and it works a lot better. Memory usage doesn't seem to be an issue,
 and the agent only runs for a few seconds.  Use Puppet Dasboard (or
 something like it) and/or use Nagios to make sure those cron jobs run.   I
 use both.

 The main thing is to have Puppet managing itself and the cron job. I have
 ours set up to run the cron job twice an hour, using the concatenated IP
 address modulo 30 and modulo 30 + 30 as the times (to keep the clients from
 hammering the Puppetmaster all at once).  Let me know if you go with Puppet
 and I'll show you how I did it.

 Part of the reason we chose Puppet was the quantity of documentation and
 working examples and the helpfulness of the community. I support (and
 implement) our Puppet environment here at my job. I would highly recommend
 Mr Turnbull's Pro Puppet book. It is VERY sysadmin focused and will save
 you a lot of time.  The sections on environments, modules, and Dashboard
 were really helpful.

 Jeffrey
 Sent from my iPad

 On Dec 8, 2011, at 2:59 PM, Luke lutay...@gmail.com wrote:

  This tool will be used by primarily system admins to automate server
  builds app installs, configurations etc. The devs will use it in their
  own environment to help automate some of their tasks. I don't think we
  have too much Ruby expertise since we are mostly a Java shop.
 
  In terms of performance I have read that CFengine uses much less
  memory and can be faster than puppet. Can anyone comment on the agent
  and server memory usage? I have read that the puppet agent can use
  85mb and the server upwards to 1GB after 20-30agents. Is that
  accurate?
 
  I guess which tool would you consider to be the quickest, easy to
  implement etc? From what I am seeing the community here seems to be
  much more active than the others. I have yet to get a response on the
  other forums.
 
  On Dec 8, 4:39 pm, Jeffrey Watts jeffrey.w.wa...@gmail.com wrote:
  I should also add that a very important consideration is to take in mind
  _who_ will be working with this.  Are they developers, sysadmins, QA?
  Will
  the people working on it be spending a lot of time with
  Puppet/Chef/CFengine, or just a little?  Are you planning on writing a
  bunch of custom modules, or relying on the community?  What languages
 does
  your team work on primarily?  For example, folks that work with Ruby a
 lot
  would probably do better with Puppet and Chef.
 
  As a sysadmin, I often see developers get distracted by arguments about
  what's best or the most technically advanced.  Often they forget that
 in
  the end the real answer is often which tool gets the job done the
 quickest,
  with the least amount of labor, and is the most supportable.
 
  Jeffrey.
 
  On Thu, Dec 8, 2011 at 12:44 PM, Daniel Pittman dan...@puppetlabs.com
 wrote:
 
 
 
 
 
 
 
 
 
  Instead, I suggest you focus on your ability to learn the concrete use
  of the tool, and on how effectively you can solve problems with them;
  doing a small trial of each - solve the same mid-sized problem three
  times, giving each a day or two - and see what you think works best
  for your company and culture.
 
  There is no silver bullet.
 
  --
  You received this message because you are subscribed to the Google
 Groups Puppet Users group.
  To post to this group, send email to puppet-users@googlegroups.com.
  To unsubscribe from this group, send email to
 puppet-users+unsubscr...@googlegroups.com.
  For more options, visit this group at
 http://groups.google.com/group/puppet-users?hl=en.
 

 --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at
 http://groups.google.com/group/puppet-users?hl=en.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Is puppet right for us?

2011-12-08 Thread Brian Gupta

I would consider the following a small list of pros and cons for the three
tools:

Pros:
Cfengine: Not written in Ruby, so currently is more efficient with system
resources.
Puppet: IMHO has the most approachable syntax of the three (for sysadmins),
and the strongest community. It also has the widest platform support, with
a lot of preexisting code and code examples out there.
Chef: Configs are written in Ruby, and somewhat modeled on Rails
development patterns, so it is relatively easy for Ruby/Rails devs to pick
up. Also, Chef was designed from the ground up for the cloud, so is focused
on things like dynamically spinning up cloud instances. (Check out knife
and databags) If you don't want to manage your own Chef server you can get
it as a preconfigured service.

Cons:
Cfengine: Can be a bit challenging to learn, especially the promise theory.
Puppet: Particularly with older versions of Ruby can have memory usage
issues. Variable scoping is not ideal. These issues are manageable though.
Chef: No true dependency graphing, (implicit execution order) Setting up a
chef server is a bit on the challenging side, since it has a number of
requirements that don't fall into very common use. (Erlang based CouchDB,
and Solr). Learning Ruby is mandatory.

None of these tools are perfect and each have their warts, but any one of
them would make your life a lot easier. I'd say though that I prefer Puppet
over cfengine in almost all cases (except maybe a case where I am managing
only machines that have very tight resource constraints). Chef vs Puppet it
depends. If I was working entirely in the cloud and I had a very dynamic
environment, or was a Ruby shop, Chef would probably be my choice. In
almost all other cases I would go with Puppet. That said, the Puppet
community is working to address the Cloud deployment differences, so if the
cloud is in the future but not a now thing, I wouldn't let that effect your
decision. (And puppet does work in the cloud today, just the support is
relatively new and not yet as robust as Chef's)

All in all, for the reason of community and ecosystem alone, I'd say go
with Puppet.

Here are some random syntax examples:
cfengine:
http://www.sysadmin.hep.ac.uk/wiki/Cfengine:_Installing_Xrootd_with_cfengine
puppet: http://people.redhat.com/dlutter/puppet-app.html
chef:
https://github.com/opscode/cookbooks/blob/master/apache2/recipes/default.rb

Cheers,
Brian

P.S. - Another tool to look at, that I have *heard* good things about is
bcfg2, but it isn't nearly as popular as the others.

-- 
http://aws.amazon.com/solutions/solution-providers/brandorr/

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] a tips , run puppet in client mode in big datacenter

2011-12-08 Thread huangming...@gmail.com

hi,all
 this is a tips, when you run puppet in a big data center. you
need run more than one puppet master. this is a trouble. and if the
puppet master hacked by hacker. all client will be in danger.

 but run puppet in client mode , can resolve this two problem.
the first . client just download the puppet manifest from a ftp or
http server with ssl connect. so ,just only one simple puppet manifest
distribute server. the second . use the gpg sign the puppet manifest.
so the client only run the manifest when the  puppet manifest's sign
is right. and the client will import the gpg public key.

if you have some problem ,please ask me.

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Any way to have exclusive classes?

2011-12-08 Thread Denmat

Hi,

The way we do as similar kind of thing is use a 'role' class which assigns 
various classes based on the fact of a node.

We created a custom fact that gives a fact that tells us the node's role. We 
then use:
if $role-fact =~ role  { include variousclasses }

Not as simple as that obviously but I hope that gives the point.

In your node declaration you can use similar syntax to include or exclude 
classes.

Hope that helps,
Den

On 09/12/2011, at 10:05, Len Rugen lenru...@gmail.com wrote:

 I have a group of classes (about 6 now) that I want to allow a host to use 
 none or at most one of them.  This just a guard rail for admins.  :-) 
 
 Basically like this:
 
 base
 base::opt1
 base::opt2
 ...
 base::opt6
 
 base is default to all nodes. 
 
 We use Puppet and Foreman :-)
 
 Thanks
 -- 
 You received this message because you are subscribed to the Google Groups 
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to 
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at 
 http://groups.google.com/group/puppet-users?hl=en.

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Is puppet right for us?

2011-12-08 Thread Daniel Pittman

I would totally recommend Puppet Commander in place of that, if you
have the time to get it running:

http://projects.puppetlabs.com/projects/mcollective-plugins/wiki/ToolPuppetcommander

It uses mcollective and is pretty much awesome.

Daniel

On Thu, Dec 8, 2011 at 21:22, Brian Gallew g...@gallew.org wrote:
 Let me emphasize the beauty of running Puppet out of cron.  Not only do you
 not end up with resource leaks (or just simple consumption when you don't
 need it), but you also get much more reliable load on your puppet masters.
  Further, if you are wiling to make a trivial effort to write a
 site-specific fqdn_rand() work-alike function, you can even arrange to be
 sure that updates roll across related servers in a reliable way.


 On Thu, Dec 8, 2011 at 6:08 PM, Jeffrey Watts jeffrey.w.wa...@gmail.com
 wrote:

 I've found Puppet to be unreliable running as a daemon - I suspect due to
 older versions of ruby floating around. So I switched to running it from
 cron, and it works a lot better. Memory usage doesn't seem to be an issue,
 and the agent only runs for a few seconds.  Use Puppet Dasboard (or
 something like it) and/or use Nagios to make sure those cron jobs run.   I
 use both.

 The main thing is to have Puppet managing itself and the cron job. I have
 ours set up to run the cron job twice an hour, using the concatenated IP
 address modulo 30 and modulo 30 + 30 as the times (to keep the clients from
 hammering the Puppetmaster all at once).  Let me know if you go with Puppet
 and I'll show you how I did it.

 Part of the reason we chose Puppet was the quantity of documentation and
 working examples and the helpfulness of the community. I support (and
 implement) our Puppet environment here at my job. I would highly recommend
 Mr Turnbull's Pro Puppet book. It is VERY sysadmin focused and will save you
 a lot of time.  The sections on environments, modules, and Dashboard were
 really helpful.

 Jeffrey
 Sent from my iPad

 On Dec 8, 2011, at 2:59 PM, Luke lutay...@gmail.com wrote:

  This tool will be used by primarily system admins to automate server
  builds app installs, configurations etc. The devs will use it in their
  own environment to help automate some of their tasks. I don't think we
  have too much Ruby expertise since we are mostly a Java shop.
 
  In terms of performance I have read that CFengine uses much less
  memory and can be faster than puppet. Can anyone comment on the agent
  and server memory usage? I have read that the puppet agent can use
  85mb and the server upwards to 1GB after 20-30agents. Is that
  accurate?
 
  I guess which tool would you consider to be the quickest, easy to
  implement etc? From what I am seeing the community here seems to be
  much more active than the others. I have yet to get a response on the
  other forums.
 
  On Dec 8, 4:39 pm, Jeffrey Watts jeffrey.w.wa...@gmail.com wrote:
  I should also add that a very important consideration is to take in
  mind
  _who_ will be working with this.  Are they developers, sysadmins, QA?
   Will
  the people working on it be spending a lot of time with
  Puppet/Chef/CFengine, or just a little?  Are you planning on writing a
  bunch of custom modules, or relying on the community?  What languages
  does
  your team work on primarily?  For example, folks that work with Ruby a
  lot
  would probably do better with Puppet and Chef.
 
  As a sysadmin, I often see developers get distracted by arguments about
  what's best or the most technically advanced.  Often they forget that
  in
  the end the real answer is often which tool gets the job done the
  quickest,
  with the least amount of labor, and is the most supportable.
 
  Jeffrey.
 
  On Thu, Dec 8, 2011 at 12:44 PM, Daniel Pittman
  dan...@puppetlabs.comwrote:
 
 
 
 
 
 
 
 
 
  Instead, I suggest you focus on your ability to learn the concrete use
  of the tool, and on how effectively you can solve problems with them;
  doing a small trial of each - solve the same mid-sized problem three
  times, giving each a day or two - and see what you think works best
  for your company and culture.
 
  There is no silver bullet.
 
  --
  You received this message because you are subscribed to the Google
  Groups Puppet Users group.
  To post to this group, send email to puppet-users@googlegroups.com.
  To unsubscribe from this group, send email to
  puppet-users+unsubscr...@googlegroups.com.
  For more options, visit this group at
  http://groups.google.com/group/puppet-users?hl=en.
 

 --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at
 http://groups.google.com/group/puppet-users?hl=en.


 --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To post to this group, send

45 matches

Mail list logo