[Puppet Users] Re: what is private method `split' called for nil:NilClass error??
Hi Daniel, Thanks for the explanation. It's always good to know the underlaying cause. Cheers!! On Dec 8, 12:13 am, Daniel Pittman dan...@puppetlabs.com wrote: ...and to close that loop: in Ruby, '$c_repo' is a global variable. Because nothing will ever have assigned it, you called the `split` method on the default value, `nil`, which raised that error. Puppet then reported it. :) Daniel -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] deploying puppet on win32
Hello Does anybody have complete solution to massive deploy puppet on win32 systems using gpo? I think it should be something like .msi file containing ruby, puppet and all necesary gems... -- С уважением, Васильев Алексей -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: explicit class dependencies
On 12/07/2011 06:01 PM, Christian G. Warden wrote: On Wed, Dec 07, 2011 at 01:36:13PM -0800, jcbollinger wrote: On Dec 6, 4:12 pm, Christian G. Wardencwar...@xerus.org wrote: On Tue, Dec 06, 2011 at 01:38:38PM -0800, Nan Liu wrote: On Tue, Dec 6, 2011 at 12:27 PM, Christian G. Wardencwar...@xerus.org wrote: Do explicit class dependencies work? [...] Here's the problem I was actually trying to troubleshoot: class config { $x = 'abc' } class uses_config { Class['config'] - Class['uses_config'] $x = $config::x } include uses_config include config This results in: warning: Scope(Class[Uses_config]): Could not look up qualified variable 'config::x'; class config has not been evaluated I think it's similar to the problem I asked about with tags in another thread. If I include config before uses_config, I don't get an error. Indeed, it is at least partially a parse order issue, and it looks like you may be confusing that with application order. Thanks, John. This explanation is very helpful. Indeed, I've been having trouble understanding what happens during the parsing/compiling stage. See https://projects.puppetlabs.com/issues/10972. What's even cooler is if you try (at least on my 2.6.2 installation) to evaluate that with puppet agent rather than puppet apply, you get no error at all. $config::x will evaluate to undef, which will happily interpolate into a string as . So if you have this: file { $config::x/somefile.conf: ... } now all your files are created in /. Hooray! You are not alone in being frustrated in this behavior. The documentation is self-conflicting and the language semantics aren't actually what they say they are. When the docs say the language is declarative (which doesn't really have much meaning), they usually also say something about order not mattering. Order not mattering is a property of purely functional languages, and many clearly declarative languages are purely (or mostly so) functional. The problem is that puppet can't actually be purely functional, because it isn't a single assignment language. Sure, the obvious case of reassigning to the same variable in the same scope isn't allowed, but what about the non-obvious cases, like: - class inheritance - collection overrides (Foo | | { ... }) - parameterized classes vs. include As it turns out, these are the places where single assignment really helps one reading the code reason about it. It's quite easy to see the order of assignments and interactions between multiple lines in the same file. It's much more difficult to absorb the ordering and interactions between components that live in different files, or even different modules. Yet, it's these far-reaching reassignments that are allowed, while the short-range, easily understood ones (simple $foo=bar) are the ones that are forbidden. Go figure. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: puppet agent daemon does not load custom facts
Is the custom fact perhaps based on a environment variable? I had something similar a while ago, check this post; https://groups.google.com/d/msg/puppet-users/2gjjaWFJm4Q/uANKwM-xWQ4J Stefan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/9UXBvl1Xy7YJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] MCollective discovery - we did not discover any nodes
Hi everyone, thank R.I.P. for the pointers. I already planed to add more monitoring to ActiveMQ, so I'll take this as a chance. I dont think Amazon network settings are the root cause in my case, as I have registration agent enabled on all machines. This should keep the connection busy. I filed a bug regarding the exit-code. Is there any chance the fix will make it in 1.2.2? Thanks, Jens -- Jens Bräuer Senior Systems Engineer Dipl. Inf. NumberFour AG Schönhauser Allee 8 10119 Berlin Germany Mobile: +49 175 221 88 34 Phone: +49 30 40505411 Fax: +49 30 40505410 j...@numberfour.eu numberfour.eu facebook.com/NumberFour twitter.com/numberfourag -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] MCollective discovery - we did not discover any nodes
- Original Message - Hi everyone, thank R.I.P. for the pointers. I already planed to add more monitoring to ActiveMQ, so I'll take this as a chance. I dont think Amazon network settings are the root cause in my case, as I have registration agent enabled on all machines. This should keep the connection busy. I filed a bug regarding the exit-code. Is there any chance the fix will make it in 1.2.2? No, behavior changes can't go into the current prod branch so will go into 1.3.x which should become 2.0.0 very soon - like in January maybe -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: explicit class dependencies
On Dec 7, 5:01 pm, Christian G. Warden cwar...@xerus.org wrote: I hope this doesn't come off as too much of a rant. As a person who is frequently critical of some of the newer Puppet features -- especially parameterized classes -- I wouldn't have much standing to object to your criticisms. I would suggest, however, that you consider filing issue tickets against the documentation for some or all of your complaints. The sqeaky wheel gets the grease, and formal issue tickets squeak far louder than complaints in this forum. I'm a big fan of puppet (even more so in the past couple weeks as I've started using it with vagrant), but there's definitely room for improvement in the documentation. Perhaps the puppet glossary[5] should be featured on the documentation section of puppetlabs.com, and existing documentation should be reviewed for consistency with the glossary. Sounds good to me, but as a practical matter, it is likely that specific documentation issues will be fixed a lot sooner than a general documentation review such as you describe will be performed. On the other hand, the more documentation issues are open, the more likely I predict Puppetlabs will be to try to sweep many of them up at once with some kind of general review / rewrite. Oh, and since you mentioned PuppetLabs's style guide, I'll tell you that I don't care for it (the latest version) at all. It is focused on a style that caters to pervasive use of parameterized classes, and as far as I am concerned, parameterized classes should be considered harmful. If you're mostly or completely avoiding parameterized classes then the apparent reasons for many of the style recommendations, including some you touched on, just fall apart. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: error starting puppetmaster no such file to load - puppet/network/server
On Dec 7, 4:31 pm, Mark_SysAdm timetra...@gmail.com wrote: James, I haven't heard anything back from the list. The only workaround I found was to try installing puppet-server on exactly the same OS, but on a freshly-installed server. Puppet starts without a problem! So maybe we have some competing packages/RPMs added to the original system, which is of course the one Puppet really needs to run on. Thanks, Mark from: James M. Hello, I'm running into the same error as you described in a post to the puppet mailing list, though I'm running on RHEL 5.6. I was wondering if you had discovered a fix. Starting puppetmaster: /usr/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:31:in `gem_original_require': no such file to load -- puppet/network/server (LoadError) from /usr/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb: 31:in `require' from /usr/lib/ruby/site_ruby/1.8/puppet/application/master.rb: 191:in `main' from /usr/lib/ruby/site_ruby/1.8/puppet/application/master.rb: 144:in `run_command' from /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:307:in `run' from /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:411:in `hook' from /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:307:in `run' from /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:402:in `exit_on_fail' from /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:307:in `run' from /usr/sbin/puppetmasterd:4 [FAILED] Cheers, James On Nov 30, 9:35 am, Mark_SysAdm wrote: Hi, On RHEL6, no matter which version of puppet installed, I can not start the puppetmaster service: service puppetmaster restart Stopping puppetmaster: [FAILED] I strongly recommend avoiding using gem to manage modules in a ruby library itself managed by RPM. You will cause yourself grief. I'm not certain that is your present problem, but I do find it highly suspcious that the error is arising in /usr/lib/ruby/site_ruby/1.8/ rubygems/custom_require.rb. Is it possible that you once installed Puppet as a gem, then switched to an RPM version? If so, then perhaps the system is still trying to start the gem version. It could be looking for the supposedly missing file under your rubygems directory. In that case, I'm not sure offhand what you would need to do to fix the problem. I would think that a complete Ruby wipe / reinstall would do the trick, but surely there is a lower-impact solution. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: passing a parameter to define
On Dec 7, 7:55 am, Alexander Swen alex.s...@gmail.com wrote: hi, I'm a bit confused while passing a parameter to a definition i've made. My aim is to create a htpasswd file on my icinga server, using the hashed passwords from my userlist. I only want to execute this on a icinga server, not all my servers. this is what i've got: 1st my node definition: node default { class['users::userlist']: stage = main;} node nl14s0008-vm7 inherits default { include monitor} it includes this class: class monitor($marktgroep='healthcare',$functie='Monitor en grapher') { class { ['linuxlogo','motd']: stage = main; ['users::beheerserver']: functie = $functie, this is where I expect to pass my param stage = main; icinga::server: stage = main; iptables: internal_if = 'eth0', stage = main; } } here my definition, notice the functie='' at the end: define users::account($realname, $password, $uid, $othergroups=[], $gid, $key='', $keytype='ssh-rsa', $name, $ensure=present, shell='/bin/ bash', managehome='true', allowdupe='false', homeprefix='/home', $functie='' ) { SNAP (this contains a lot of (for this matter) irrelevant text) if $functie == 'Monitor en grapher' { icinga::htpasswd { $name: name = $name, password = $password, ensure = $ensure; } In the icinga class I define a file class users::beheerserver($functie='') { Users::Account | (othergroups == 'pep' or othergroups == 'healthcare') | } oh, and I include this: class users::userlist { include users::groups @users::account { root: uid = 0, gid = 0, realname = root, othergroups = ['healthcare','beheerders'], password = 'Here I've got a hashed passwd that should work in my htpasswd as well as my shadow file'; } however: the icinga::htpasswd thing never get's executed. why? You make inclusion of the icinga::htpasswd resource conditional on the $functie parameter passed to your users::account definition. The only place you show that definition being instantiated is in class users::userlist, where no explicit value for that parameter is specified. Instances created there therefore take the definition's default value for that parameter, ''. The $functie parameter to class users::beheerserver is irrelevant for this purpose. You SHOULD redesign this so that users::account instances are initially created with the correct parameters. That is by far the best solution. It will save you pain and extra work later, I guarantee. Nevertheless, if it's more important just to make it work right now, then class users::beheerserver can override the $functie property of the users::account instances it collects, like so: Users::Account | (othergroups == 'pep' or othergroups == 'healthcare') | { functie = ${functie} } I reiterate that if you choose to do that -- other than as a temporary stopgap -- then you will eventually regret it. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Error 400 on SERVER: Could not write /var/lib/puppet/ssl/ca/requests/node13.pem
If anybody knows? plese tell me what is a reason of this problem, i`m novice with puppet and sorry for my english=) have error on client: [root@node13 ~]# [root@node13 ~]# puppet agent --server=head02 --test warning: peer certificate won't be verified in this SSL session warning: peer certificate won't be verified in this SSL session info: Creating a new SSL certificate request for node13 info: Certificate Request fingerprint (md5): 74:5D:F2:AA: 9C:DC:F5:E3:2D:FE:B7:6B:A0:35:67:11 warning: peer certificate won't be verified in this SSL session err: Could not request certificate: Error 400 on SERVER: Could not write /var/lib/puppet/ssl/ca/requests/node13.pem to csrdir: Could not find a default provider for user Exiting; failed to retrieve certificate and waitforcert is disabled here is the outpupt for the same command with --debug option: debug: Failed to load library 'rubygems' for feature 'rubygems' debug: Puppet::Type::User::ProviderPw: file pw does not exist debug: Puppet::Type::User::ProviderUser_role_add: file roleadd does not exist debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/ dscl does not exist debug: Puppet::Type::User::ProviderLdap: true value when expecting false debug: Puppet::Type::File::ProviderMicrosoft_windows: feature microsoft_windows is missing debug: /File[/var/lib/puppet/client_data]/seluser: Found seluser default 'system_u' for /var/lib/puppet/client_data debug: /File[/var/lib/puppet/client_data]/selrole: Found selrole default 'object_r' for /var/lib/puppet/client_data debug: /File[/var/lib/puppet/client_data]/seltype: Found seltype default 'puppet_var_lib_t' for /var/lib/puppet/client_data debug: /File[/var/lib/puppet/client_data]/selrange: Found selrange default 's0' for /var/lib/puppet/client_data debug: /File[/var/lib/puppet/ssl/private_keys]/seluser: Found seluser default 'system_u' for /var/lib/puppet/ssl/private_keys debug: /File[/var/lib/puppet/ssl/private_keys]/selrole: Found selrole default 'object_r' for /var/lib/puppet/ssl/private_keys debug: /File[/var/lib/puppet/ssl/private_keys]/seltype: Found seltype default 'puppet_var_lib_t' for /var/lib/puppet/ssl/private_keys debug: /File[/var/lib/puppet/ssl/private_keys]/selrange: Found selrange default 's0' for /var/lib/puppet/ssl/private_keys debug: /File[/var/run/puppet]/seluser: Found seluser default 'system_u' for /var/run/puppet debug: /File[/var/run/puppet]/selrole: Found selrole default 'object_r' for /var/run/puppet debug: /File[/var/run/puppet]/seltype: Found seltype default 'puppet_var_run_t' for /var/run/puppet debug: /File[/var/run/puppet]/selrange: Found selrange default 's0' for /var/run/puppet debug: /File[/var/run/puppet/agent.pid]/seluser: Found seluser default 'system_u' for /var/run/puppet/agent.pid debug: /File[/var/run/puppet/agent.pid]/selrole: Found selrole default 'object_r' for /var/run/puppet/agent.pid debug: /File[/var/run/puppet/agent.pid]/seltype: Found seltype default 'puppet_var_run_t' for /var/run/puppet/agent.pid debug: /File[/var/run/puppet/agent.pid]/selrange: Found selrange default 's0' for /var/run/puppet/agent.pid debug: /File[/var/lib/puppet/ssl/public_keys/node13.pem]/seluser: Found seluser default 'system_u' for /var/lib/puppet/ssl/public_keys/ node13.pem debug: /File[/var/lib/puppet/ssl/public_keys/node13.pem]/selrole: Found selrole default 'object_r' for /var/lib/puppet/ssl/public_keys/ node13.pem debug: /File[/var/lib/puppet/ssl/public_keys/node13.pem]/seltype: Found seltype default 'puppet_var_lib_t' for /var/lib/puppet/ssl/ public_keys/node13.pem debug: /File[/var/lib/puppet/ssl/public_keys/node13.pem]/selrange: Found selrange default 's0' for /var/lib/puppet/ssl/public_keys/ node13.pem debug: /File[/var/lib/puppet/facts]/seluser: Found seluser default 'system_u' for /var/lib/puppet/facts debug: /File[/var/lib/puppet/facts]/selrole: Found selrole default 'object_r' for /var/lib/puppet/facts debug: /File[/var/lib/puppet/facts]/seltype: Found seltype default 'puppet_var_lib_t' for /var/lib/puppet/facts debug: /File[/var/lib/puppet/facts]/selrange: Found selrange default 's0' for /var/lib/puppet/facts debug: /File[/var/lib/puppet/state]/seluser: Found seluser default 'system_u' for /var/lib/puppet/state debug: /File[/var/lib/puppet/state]/selrole: Found selrole default 'object_r' for /var/lib/puppet/state debug: /File[/var/lib/puppet/state]/seltype: Found seltype default 'puppet_var_lib_t' for /var/lib/puppet/state debug: /File[/var/lib/puppet/state]/selrange: Found selrange default 's0' for /var/lib/puppet/state debug: /File[/var/lib/puppet/state/graphs]/seluser: Found seluser default 'system_u' for /var/lib/puppet/state/graphs debug: /File[/var/lib/puppet/state/graphs]/selrole: Found selrole default 'object_r' for /var/lib/puppet/state/graphs debug: /File[/var/lib/puppet/state/graphs]/seltype: Found seltype default 'puppet_var_lib_t' for /var/lib/puppet/state/graphs debug: /File[/var/lib/puppet/state/graphs]/selrange: Found selrange default 's0' for
[Puppet Users] Puppet Dashboard or Forman on SLES?
Hi all, i planned for a startup to install one of this gui tools. But if i look in the documentation, or google it, i find no results which helps. If i would like to install the rpm package i get the following dependencies problems rpm -i puppet-dashboard-1.2.3-1.el6.noarch.rpm warning: puppet-dashboard-1.2.3-1.el6.noarch.rpm: Header V4 RSA/SHA1 signature: NOKEY, key ID 4bd6ec30 error: Failed dependencies: chkconfig is needed by puppet-dashboard-1.2.3-1.el6.noarch initscripts is needed by puppet-dashboard-1.2.3-1.el6.noarch rpmlib(FileDigests) = 4.6.0-1 is needed by puppet- dashboard-1.2.3-1.el6.noarch ruby(abi) = 1.8 is needed by puppet-dashboard-1.2.3-1.el6.noarch ruby-mysql is needed by puppet-dashboard-1.2.3-1.el6.noarch rubygem(rake) is needed by puppet-dashboard-1.2.3-1.el6.noarch rpmlib(PayloadIsXz) = 5.2-1 is needed by puppet- dashboard-1.2.3-1.el6.noarch and for foreman rpm -i foreman-0.4-0.2.noarch.rpm error: Failed dependencies: chkconfig is needed by foreman-0.4-0.2.noarch initscripts is needed by foreman-0.4-0.2.noarch ruby(abi) = 1.8 is needed by foreman-0.4-0.2.noarch rubygem(json) is needed by foreman-0.4-0.2.noarch rubygem(rake) = 0.8.3 is needed by foreman-0.4-0.2.noarch rubygem(rest-client) is needed by foreman-0.4-0.2.noarch rubygem(sqlite3-ruby) is needed by foreman-0.4-0.2.noarch I don't find some packages for Sles 11 SP1. Did anybody installed one of this tools on Sles 11 SP1? Best regards Wiesel -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Grouping Servers
I was hoping to get info on a best practise or potentially an aim for a best practise that puppet development is working towards. I would like to group our servers so that I can use the files server to hand out files in a hierarchal order starting with hostname, groupname, default file. I would also like to set the groupname in node.pp. So far I have tried this using custom facts but it does not seem to be consistent. I have read some posts for people trying to use mcollective but at this point I am not using it. What I want to try next is to build the puppetgroup.rb file under /usr/lib64/ruby/site_ruby/1.8/facter/ that sets the fact but my thinking is I will be setting the fact during the first run and hence the fact I need to control config files is not loaded and the default config will be loaded and I will have to wait till the second puppet run (in some cases this could break a server's function), for the new fact to be used. Some examples to show how I am implemented node.pp **snip** node 'puppetclient2' inherits default { $group=deb #set group for this server include puppetgroup #setup fact for this server include nginx_conf #apply an nginx.conf file to server, I use this method for iptables, sysctl.conf and etc_hosts } class puppetgroup.pp #the sourcing of the new environment variable is inconsistent...sometimes it works and sometimes it doesn't, ** class puppetgroup { Exec { path = /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin } file {/etc/profile.d/puppetgroup.sh: owner = root, group = root, mode = 755, content = export FACTER_puppetgroup=\$group\, } exec { source puppetgroup: subscribe = File[/etc/profile.d/puppetgroup.sh], refreshonly = true, command = bash -c 'source /etc/profile', } } class nginx_conf # Applying an nginx.conf depending on machine. *class nginx_conf { file { /opt/nginx/conf/nginx.conf: source = [ puppet:///files/classes/nginx/nginx_conf.$hostname, puppet:///files/classes/nginx/nginx_conf.$puppetgroup, puppet:///files/classes/nginx/nginx_conf ], mode = 644, checksum = md5, replace = yes, ensure = present, } } *** Any thoughts on how to make this approach consistently happen? Or a new approach that can do the same? Can a force a reload of the facts at the end of running the puppetgroup.pp class? Many thanks for any help. Andre -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/YJbLelrW8RMJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Using a defined resource declared within a parameterized class?
I want to be able to build a parameterized class that represents each of our major services, and then use a define within that class that will make use of the parameters. For example, have a class that represents a complete application, which is a virtualenv python application. Then use a define within that application instance of the class to add pip installed packages to the virtualenv created by the parameterized class. Is this even possible? What would be the syntax? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Startup help puppet
Hi all, i started this week to install puppet. Everything runs fine in this part. The client is authenticated with the master and i find them if i start the command puppet cert --list --all I created my first pp-files and my first module. if test all with puppet apply it works. I wrote a module which copy a file to a other place (/etc/puppet/ modules/test/files/test.txt to /test/test.txt). If i test this with puppet apply the file will be copied to this directory.. But now i would like to do this in a authenticated client. I read that i need to create the fileserver.conf and change the url to source = 'puppet:///test/files/test.txt', Firstly i test it with default node in a second test i created a second node (fqdn) and copied the same content inside. node default { notice(Hallo OSMC) include test } node test.vm { notice(Hallo OSMC) include test } What should i do, that the client get this file from the master? Best regards Wiesel -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Is puppet right for us?
Thanks guys. I should have pointed out that the developers do have builds mostly automated using ant we were just wondering we could have a solution that we could all use to try to standardize things. So I take it that we should probably just stick with that and perhaps look to puppet for our server builds? On Dec 7, 6:29 pm, Jon Davis j...@snowulf.com wrote: On Wed, Dec 7, 2011 at 12:22, Luke lutay...@gmail.com wrote: to automate our complex server builds Well, that's Puppets core skill. and web app deployments but will assist our devs with getting their builds ready to deploy Depends on how you deploy your webapps and your builds, it could, but it might not be the best solution. I use puppet to run my web servers, but I use it in more of an Apache, create websites X, Y Z fashion. Part of that process does create all the requisite folders and setup an rsync from the web master share to all the web servers. So, in effect puppet is controlling it all, but really it is up to the devs to not screw up deploying their code to the share. . Monitoring, integration of Tomcat, mysql etc would be nice as well since configuring nagios is a pain. Integrating Nagios has been done before, so you shouldn't have trouble finding examples. But Puppet isn't going to monitor itself, of course. Can puppet do all of these things? Does it sound right for us? We are also considering CFengine and Chef. Would puppet be a better fit over these two? If so why? I think all 3 options are fairly similar (I just recently went digging for automation tools myself, and settled on Puppet). Each one has their strengths and weaknesses. -- Jon [[User:ShakataGaNai]] / KJ6FNQhttp://snowulf.com/http://www.linkedin.com/in/shakataganaihttp://twitter.com/shakataganai -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Is puppet right for us?
Ok a better way to word this can puppet allow us to isolate down the environment so that dev can make changes to their own environment but not QA, Prod etc. I am struggling with comparing these products because I don't think any one of them really does a good job of explaining what they do or how they go about doing it. On Dec 8, 1:16 pm, Luke lutay...@gmail.com wrote: Thanks guys. I should have pointed out that the developers do have builds mostly automated using ant we were just wondering we could have a solution that we could all use to try to standardize things. So I take it that we should probably just stick with that and perhaps look to puppet for our server builds? On Dec 7, 6:29 pm, Jon Davis j...@snowulf.com wrote: On Wed, Dec 7, 2011 at 12:22, Luke lutay...@gmail.com wrote: to automate our complex server builds Well, that's Puppets core skill. and web app deployments but will assist our devs with getting their builds ready to deploy Depends on how you deploy your webapps and your builds, it could, but it might not be the best solution. I use puppet to run my web servers, but I use it in more of an Apache, create websites X, Y Z fashion. Part of that process does create all the requisite folders and setup an rsync from the web master share to all the web servers. So, in effect puppet is controlling it all, but really it is up to the devs to not screw up deploying their code to the share. . Monitoring, integration of Tomcat, mysql etc would be nice as well since configuring nagios is a pain. Integrating Nagios has been done before, so you shouldn't have trouble finding examples. But Puppet isn't going to monitor itself, of course. Can puppet do all of these things? Does it sound right for us? We are also considering CFengine and Chef. Would puppet be a better fit over these two? If so why? I think all 3 options are fairly similar (I just recently went digging for automation tools myself, and settled on Puppet). Each one has their strengths and weaknesses. -- Jon [[User:ShakataGaNai]] / KJ6FNQhttp://snowulf.com/http://www.linkedin.com/in/shakataganaihttp://twitter.com/shakataganai -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Is puppet right for us?
On Thu, Dec 8, 2011 at 9:29 AM, Luke lutay...@gmail.com wrote: Ok a better way to word this can puppet allow us to isolate down the environment so that dev can make changes to their own environment but not QA, Prod etc. Yes. In Puppet these are called environments :) http://docs.puppetlabs.com/guides/environment.html The standard way of achieving your goal is to set up your master to synchronize different branches in your version control system to different environments, and then set up ACLs on your version control such that only approved folks can commit to each branch. A particularly common pattern is to have environments for dev, test and prod, where developers can only commit to dev, and ops are responsible for propagating changes into test and then into prod. I am struggling with comparing these products because I don't think any one of them really does a good job of explaining what they do or how they go about doing it. On Dec 8, 1:16 pm, Luke lutay...@gmail.com wrote: Thanks guys. I should have pointed out that the developers do have builds mostly automated using ant we were just wondering we could have a solution that we could all use to try to standardize things. So I take it that we should probably just stick with that and perhaps look to puppet for our server builds? On Dec 7, 6:29 pm, Jon Davis j...@snowulf.com wrote: On Wed, Dec 7, 2011 at 12:22, Luke lutay...@gmail.com wrote: to automate our complex server builds Well, that's Puppets core skill. and web app deployments but will assist our devs with getting their builds ready to deploy Depends on how you deploy your webapps and your builds, it could, but it might not be the best solution. I use puppet to run my web servers, but I use it in more of an Apache, create websites X, Y Z fashion. Part of that process does create all the requisite folders and setup an rsync from the web master share to all the web servers. So, in effect puppet is controlling it all, but really it is up to the devs to not screw up deploying their code to the share. . Monitoring, integration of Tomcat, mysql etc would be nice as well since configuring nagios is a pain. Integrating Nagios has been done before, so you shouldn't have trouble finding examples. But Puppet isn't going to monitor itself, of course. Can puppet do all of these things? Does it sound right for us? We are also considering CFengine and Chef. Would puppet be a better fit over these two? If so why? I think all 3 options are fairly similar (I just recently went digging for automation tools myself, and settled on Puppet). Each one has their strengths and weaknesses. -- Jon [[User:ShakataGaNai]] / KJ6FNQhttp:// snowulf.com/http://www.linkedin.com/in/shakataganai http://twitter.com/shakataganai -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Nigel Kersten Product Manager, Puppet Labs -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Is puppet right for us?
On Thu, 8 Dec 2011 09:48:51 -0800, Nigel Kersten wrote: On Thu, Dec 8, 2011 at 9:29 AM, Luke wrote: Ok a better way to word this can puppet allow us to isolate down the environment so that dev can make changes to their own environment but not QA, Prod etc. Yes. In Puppet these are called environments :) http://docs.puppetlabs.com/guides/environment.html [10] The standard way of achieving your goal is to set up your master to synchronize different branches in your version control system to different environments, and then set up ACLs on your version control such that only approved folks can commit to each branch. A particularly common pattern is to have environments for dev, test and prod, where developers can only commit to dev, and ops are responsible for propagating changes into test and then into prod. I'm going to wave a flag here for having different puppetmasters rather than different environments. This means that no matter what, we're not breaking the production puppetmaster if we fiddle with our puppetmaster module. Obviously this is cheaper for those of us blessed with large virtualization platforms. I am struggling with comparing these products because I don't think any one of them really does a good job of explaining what they do or how they go about doing it. On Dec 8, 1:16 pm, Luke wrote: Thanks guys. I should have pointed out that the developers do have builds mostly automated using ant we were just wondering we could have a solution that we could all use to try to standardize things. So I take it that we should probably just stick with that and perhaps look to puppet for our server builds? On Dec 7, 6:29 pm, Jon Davis wrote: On Wed, Dec 7, 2011 at 12:22, Luke wrote: to automate our complex server builds Well, that's Puppets core skill. and web app deployments but will assist our devs with getting their builds ready to deploy Depends on how you deploy your webapps and your builds, it could, but it might not be the best solution. I use puppet to run my web servers, but I use it in more of an Apache, create websites X, Y Z fashion. Part of that process does create all the requisite folders and setup an rsync from the web master share to all the web servers. So, in effect puppet is controlling it all, but really it is up to the devs to not screw up deploying their code to the share. . Monitoring, integration of Tomcat, mysql etc would be nice as well since configuring nagios is a pain. Integrating Nagios has been done before, so you shouldn't have trouble finding examples. But Puppet isn't going to monitor itself, of course. Can puppet do all of these things? Does it sound right for us? We are also considering CFengine and Chef. Would puppet be a better fit over these two? If so why? I think all 3 options are fairly similar (I just recently went digging for automation tools myself, and settled on Puppet). Each one has their strengths and weaknesses. -- Jon [[User:ShakataGaNai]] / KJ6FNQhttp://snowulf.com/http://www.linkedin.com/in/shakataganai [4] -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com [6]. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com [7]. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en [8]. -- Nigel Kersten Product Manager, Puppet Labs -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. Links: -- [1] mailto:lutay...@gmail.com [2] mailto:j...@snowulf.com [3] mailto:lutay...@gmail.com [4] http://snowulf.com/http://www.linkedin.com/in/shakataganai [5] http://twitter.com/shakataganai [6] mailto:puppet-users@googlegroups.com [7] mailto:puppet-users%2bunsubscr...@googlegroups.com [8] http://groups.google.com/group/puppet-users?hl=en [9] mailto:lutay...@gmail.com [10] http://docs.puppetlabs.com/guides/environment.html -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Startup help puppet
On the client, run puppet agent --test --trace --debug That would show you what the puppet client is doing If you still have problems: in include test what is test? a module? show the full content of it. I personally use modules for everything and I always have the files distributed at the module level, like: source = puppet:///modules/gu_auth/foo.ext, where gu_auth is the name of a module. Thanks, Mohamed, On Thu, Dec 8, 2011 at 5:45 AM, Wiesel82 wiese...@gmx.ch wrote: Hi all, i started this week to install puppet. Everything runs fine in this part. The client is authenticated with the master and i find them if i start the command puppet cert --list --all I created my first pp-files and my first module. if test all with puppet apply it works. I wrote a module which copy a file to a other place (/etc/puppet/ modules/test/files/test.txt to /test/test.txt). If i test this with puppet apply the file will be copied to this directory.. But now i would like to do this in a authenticated client. I read that i need to create the fileserver.conf and change the url to source = 'puppet:///test/files/test.txt', Firstly i test it with default node in a second test i created a second node (fqdn) and copied the same content inside. node default { notice(Hallo OSMC) include test } node test.vm { notice(Hallo OSMC) include test } What should i do, that the client get this file from the master? Best regards Wiesel -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Is puppet right for us?
Thank you for the reply. I am having difficulty choosing between CFengine, Chef and puppet. Which one would suit us the best as a small web app startup with heavy reliance on mysql/tomcat/nagios.We are entirely virtualized with ESX, want to be scalable and want a product that would work well in the cloud if we ended up making the transition. I mean would we fit into the typical user base of puppet as opposed to those of CFengine/Chef. Can you tell me what features of Puppet out do those in CFengine/ Puppet? On Dec 8, 1:48 pm, Nigel Kersten ni...@puppetlabs.com wrote: On Thu, Dec 8, 2011 at 9:29 AM, Luke lutay...@gmail.com wrote: Ok a better way to word this can puppet allow us to isolate down the environment so that dev can make changes to their own environment but not QA, Prod etc. Yes. In Puppet these are called environments :) http://docs.puppetlabs.com/guides/environment.html The standard way of achieving your goal is to set up your master to synchronize different branches in your version control system to different environments, and then set up ACLs on your version control such that only approved folks can commit to each branch. A particularly common pattern is to have environments for dev, test and prod, where developers can only commit to dev, and ops are responsible for propagating changes into test and then into prod. I am struggling with comparing these products because I don't think any one of them really does a good job of explaining what they do or how they go about doing it. On Dec 8, 1:16 pm, Luke lutay...@gmail.com wrote: Thanks guys. I should have pointed out that the developers do have builds mostly automated using ant we were just wondering we could have a solution that we could all use to try to standardize things. So I take it that we should probably just stick with that and perhaps look to puppet for our server builds? On Dec 7, 6:29 pm, Jon Davis j...@snowulf.com wrote: On Wed, Dec 7, 2011 at 12:22, Luke lutay...@gmail.com wrote: to automate our complex server builds Well, that's Puppets core skill. and web app deployments but will assist our devs with getting their builds ready to deploy Depends on how you deploy your webapps and your builds, it could, but it might not be the best solution. I use puppet to run my web servers, but I use it in more of an Apache, create websites X, Y Z fashion. Part of that process does create all the requisite folders and setup an rsync from the web master share to all the web servers. So, in effect puppet is controlling it all, but really it is up to the devs to not screw up deploying their code to the share. . Monitoring, integration of Tomcat, mysql etc would be nice as well since configuring nagios is a pain. Integrating Nagios has been done before, so you shouldn't have trouble finding examples. But Puppet isn't going to monitor itself, of course. Can puppet do all of these things? Does it sound right for us? We are also considering CFengine and Chef. Would puppet be a better fit over these two? If so why? I think all 3 options are fairly similar (I just recently went digging for automation tools myself, and settled on Puppet). Each one has their strengths and weaknesses. -- Jon [[User:ShakataGaNai]] / KJ6FNQhttp:// snowulf.com/http://www.linkedin.com/in/shakataganai http://twitter.com/shakataganai -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Nigel Kersten Product Manager, Puppet Labs -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Is puppet right for us?
On Thu, Dec 8, 2011 at 10:36, Luke lutay...@gmail.com wrote: I am having difficulty choosing between CFengine, Chef and puppet. Which one would suit us the best as a small web app startup with heavy reliance on mysql/tomcat/nagios.We are entirely virtualized with ESX, want to be scalable and want a product that would work well in the cloud if we ended up making the transition. I mean would we fit into the typical user base of puppet as opposed to those of CFengine/Chef. Would you fit into the typical user base of Puppet, CFEngine, or Chef? Yes - for all of them. None of those products are inappropriate at your scale, or for the purposes you have named. Can you tell me what features of Puppet out do those in CFengine/Puppet? If you are looking for the one killer feature you probably have the wrong approach to the problem: what you are describing as your problem space is a pretty simple deployment scenario, and any of the three tools should do a fine job managing it. Unless there is some unique point in your environment, or in your needs, that you can articulate then you can't find a single feature check-box to let you decide between the three. Instead, I suggest you focus on your ability to learn the concrete use of the tool, and on how effectively you can solve problems with them; doing a small trial of each - solve the same mid-sized problem three times, giving each a day or two - and see what you think works best for your company and culture. There is no silver bullet. Daniel -- ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] how to link items together -- all happen together?
I've found some problems due to the extremely random ordering puppet does. It is necessary for some of these items to all happen together, with no other random resources executed in between. Is there some way to arrange this with puppet? -- Jo Rhett Net Consonance : consonant endings by net philanthropy, open source and other randomness -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Class name clashes
Hi All, I have a module called openvpn which lives in /etc/puppet/modules/openvpn/. It just sets up generic OpenVPN stuff. I then set-up another class called s_jumpbox::openvpn, which lives in /etc/puppet/services/s_jumpbox/manifests/openvpn.pp. Inside this latter class, I did an include openvpn and for several resources, I set it to: require = Class[openvpn] This confused Puppet, as it created a dependency on itself thinking I was referring to s_jumpbox::openvpn, which is not the case. Is this how it's supposed to work? Regards Gonzalo -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Class name clashes
On 7 December 2011 23:09, Gonzalo Servat gser...@gmail.com wrote: Hi All, I have a module called openvpn which lives in /etc/puppet/modules/openvpn/. It just sets up generic OpenVPN stuff. I then set-up another class called s_jumpbox::openvpn, which lives in /etc/puppet/services/s_jumpbox/manifests/openvpn.pp. Inside this latter class, I did an include openvpn and for several resources, I set it to: require = Class[openvpn] This confused Puppet, as it created a dependency on itself thinking I was referring to s_jumpbox::openvpn, which is not the case. Is this how it's supposed to work? Regards Gonzalo Pretty sure I've done this before and haven't had it do that. Could you try specifying the namespace? e.g. ::openvpn What puppet version are you running? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] how to link items together -- all happen together?
On 2011-12-08 11:07 , Jo Rhett wrote: I've found some problems due to the extremely random ordering puppet does. It is necessary for some of these items to all happen together, with no other random resources executed in between. Is there some way to arrange this with puppet? -- Jo Rhett Net Consonance : consonant endings by net philanthropy, open source and other randomness Have you tried specifying the dependencies between your resources? package { 'foo': ensure = installed, } file { '/etc/foo.conf': ensure = file, source = 'puppet:///module/foo/foo.conf', require = Package['foo'], } service { 'foo': ensure = running, subscribe = File['/etc/foo/foo.conf'], Package['foo'], } Both subscribe and require will setup ordering between resources. -- Jacob Helwig http://technosorcery.net/about/me signature.asc Description: OpenPGP digital signature
Re: [Puppet Users] Re: Is puppet right for us?
I should also add that a very important consideration is to take in mind _who_ will be working with this. Are they developers, sysadmins, QA? Will the people working on it be spending a lot of time with Puppet/Chef/CFengine, or just a little? Are you planning on writing a bunch of custom modules, or relying on the community? What languages does your team work on primarily? For example, folks that work with Ruby a lot would probably do better with Puppet and Chef. As a sysadmin, I often see developers get distracted by arguments about what's best or the most technically advanced. Often they forget that in the end the real answer is often which tool gets the job done the quickest, with the least amount of labor, and is the most supportable. Jeffrey. On Thu, Dec 8, 2011 at 12:44 PM, Daniel Pittman dan...@puppetlabs.comwrote: Instead, I suggest you focus on your ability to learn the concrete use of the tool, and on how effectively you can solve problems with them; doing a small trial of each - solve the same mid-sized problem three times, giving each a day or two - and see what you think works best for your company and culture. There is no silver bullet. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Using array's in Puppet (in combination with Augeas).
On 12/02/11 13:29, Adrian van Dongen wrote: So now I am kind of stuck. I could write a separate define for the up rules but I would rather have this within the define for interfaces. No, that's how you generally do it. Make a defined type that does the required augeas to add an 'up' rule, then have your interfaces define make one of those 'up' resources per array element. Sorry For The Inconvenience ;-) Cheers, Felix -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Is puppet right for us?
This tool will be used by primarily system admins to automate server builds app installs, configurations etc. The devs will use it in their own environment to help automate some of their tasks. I don't think we have too much Ruby expertise since we are mostly a Java shop. In terms of performance I have read that CFengine uses much less memory and can be faster than puppet. Can anyone comment on the agent and server memory usage? I have read that the puppet agent can use 85mb and the server upwards to 1GB after 20-30agents. Is that accurate? I guess which tool would you consider to be the quickest, easy to implement etc? From what I am seeing the community here seems to be much more active than the others. I have yet to get a response on the other forums. On Dec 8, 4:39 pm, Jeffrey Watts jeffrey.w.wa...@gmail.com wrote: I should also add that a very important consideration is to take in mind _who_ will be working with this. Are they developers, sysadmins, QA? Will the people working on it be spending a lot of time with Puppet/Chef/CFengine, or just a little? Are you planning on writing a bunch of custom modules, or relying on the community? What languages does your team work on primarily? For example, folks that work with Ruby a lot would probably do better with Puppet and Chef. As a sysadmin, I often see developers get distracted by arguments about what's best or the most technically advanced. Often they forget that in the end the real answer is often which tool gets the job done the quickest, with the least amount of labor, and is the most supportable. Jeffrey. On Thu, Dec 8, 2011 at 12:44 PM, Daniel Pittman dan...@puppetlabs.comwrote: Instead, I suggest you focus on your ability to learn the concrete use of the tool, and on how effectively you can solve problems with them; doing a small trial of each - solve the same mid-sized problem three times, giving each a day or two - and see what you think works best for your company and culture. There is no silver bullet. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Is puppet right for us?
On Thu, Dec 8, 2011 at 12:59, Luke lutay...@gmail.com wrote: This tool will be used by primarily system admins to automate server builds app installs, configurations etc. The devs will use it in their own environment to help automate some of their tasks. I don't think we have too much Ruby expertise since we are mostly a Java shop. On that front, CFEngine or Puppet are probably nicer than Chef, since they have a less demanding new language to learn. OTOH, if you want to pick up Ruby skills Chef will force you to deal with that more directly. In terms of performance I have read that CFengine uses much less memory and can be faster than puppet. Can anyone comment on the agent and server memory usage? I have read that the puppet agent can use 85mb and the server upwards to 1GB after 20-30agents. Is that accurate? The server is between 80 and 100MB for each concurrent compiler instance; you can work out the system load based on the degree of concurrency you want. (eg: 24 agents, each checking in once a day, you need one concurrent instance, and ~ 100MB. It scales from there the obvious, and linear, way.) I guess which tool would you consider to be the quickest, easy to implement etc? From what I am seeing the community here seems to be much more active than the others. I have yet to get a response on the other forums. That is a very, very hard question to answer, because it depends on your team. Would you get started quicker with something that gave you very few tools, or lots of them? With a simple language, or a full blown programming language? With a declarative, procedural, or dependency-driven input language? With high or low levels of abstraction? I would certainly say that community, published books, and Internet posts talking about the tool significantly influence the ease of getting started. Everyone gets stuck, and being able to get answers makes a huge difference there. If you have a local expert, whatever they know is totally the best choice - you get much higher bandwidth on answers, and can learn from the mistakes someone else made. ;) Daniel -- ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Class name clashes
On Fri, Dec 9, 2011 at 6:50 AM, Adam Gibbins a...@adamgibbins.com wrote: On 7 December 2011 23:09, Gonzalo Servat gser...@gmail.com wrote: Is this how it's supposed to work? Pretty sure I've done this before and haven't had it do that. Could you try specifying the namespace? e.g. ::openvpn As in Class[::openvpn] ? Tried this but Puppet didn't like it. Everything started working as soon as I renamed the second OpenVPN class to s_jumpbox::ovpn, but I don't understand why they clash! What puppet version are you running? 2.7.6 - Gonzalo -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: how to link items together -- all happen together?
It sounds like he wants to not only assue that foo happens before bar, but that nothing happens between foo and bar. I think the only way to ensure that is to use stages, and have a separate stage for the two items that need to be executed together. On Dec 8, 1:58 pm, Jacob Helwig ja...@puppetlabs.com wrote: On 2011-12-08 11:07 , Jo Rhett wrote: I've found some problems due to the extremely random ordering puppet does. It is necessary for some of these items to all happen together, with no other random resources executed in between. Is there some way to arrange this with puppet? -- Jo Rhett Net Consonance : consonant endings by net philanthropy, open source and other randomness Have you tried specifying the dependencies between your resources? package { 'foo': ensure = installed, } file { '/etc/foo.conf': ensure = file, source = 'puppet:///module/foo/foo.conf', require = Package['foo'], } service { 'foo': ensure = running, subscribe = File['/etc/foo/foo.conf'], Package['foo'], } Both subscribe and require will setup ordering between resources. -- Jacob Helwighttp://technosorcery.net/about/me signature.asc 1KViewDownload -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: how to link items together -- all happen together?
On Dec 8, 1:07 pm, Jo Rhett jrh...@netconsonance.com wrote: I've found some problems due to the extremely random ordering puppet does. It is necessary for some of these items to all happen together, with no other random resources executed in between. That's rather unusual. I'll discuss in a minute how you might address this requirement, but are you sure you really need to do so? Would you care to satisfy my curiosity as to why? Are you also going to have a problem if some other process (that is, not the Puppet agent) does any work between? Is there some way to arrange this with puppet? Puppet's resource model assumes that each resource is atomic. If multiple resources really must all be applied one after another, with no others in between, then they oughtn't really to be modeled as separate resources. Rather, they are a single composite resource, and the right way to handle the situation is therefore to write a custom type (and provider) to handle the situation. There is also a quick and dirty solution: use run stages. Assign all the resources that need to be applied consecutively to one run stage, and make sure no others are assigned to it. Or, if you cannot exclude all other resources (since run stages work at class granularity) then use explicit resource relationships to push other resources before or behind the group as needed. Be warned: doing this is likely to cause you continuing grief with dependency cycles, even with classes not unrelated to your resource group. Also be aware that run stages are an entry point to several of the problems attending use of parameterized classes, even if the classes involved are not explicitly parameterized. In principle, you could also do this with ordinary resource relationships. That would keep you away from parameterized class syntax, but it would be horendously messy. I cannot possibly recommend it except maybe if you have some kind of code generator writing your manifests for you. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] MCollective discovery - we did not discover any nodes
If you're looking for monitoring tips, one thing we do is run an 'mco find' on our entire network. A nagios page goes out if the count ('wc -l') drops below a threshold. -Yaakov On Thu, Dec 8, 2011 at 06:50, Jens Braeuer jens.brae...@numberfour.eu wrote: Hi everyone, thank R.I.P. for the pointers. I already planed to add more monitoring to ActiveMQ, so I'll take this as a chance. I dont think Amazon network settings are the root cause in my case, as I have registration agent enabled on all machines. This should keep the connection busy. I filed a bug regarding the exit-code. Is there any chance the fix will make it in 1.2.2? Thanks, Jens -- Jens Bräuer Senior Systems Engineer Dipl. Inf. NumberFour AG Schönhauser Allee 8 10119 Berlin Germany Mobile: +49 175 221 88 34 Phone: +49 30 40505411 Fax: +49 30 40505410 j...@numberfour.eu numberfour.eu facebook.com/NumberFour twitter.com/numberfourag -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Class name clashes
On Dec 8, 3:36 pm, Gonzalo Servat gser...@gmail.com wrote: On Fri, Dec 9, 2011 at 6:50 AM, Adam Gibbins a...@adamgibbins.com wrote: On 7 December 2011 23:09, Gonzalo Servat gser...@gmail.com wrote: Is this how it's supposed to work? Pretty sure I've done this before and haven't had it do that. Could you try specifying the namespace? e.g. ::openvpn As in Class[::openvpn] ? Tried this but Puppet didn't like it. I would file a bug report about that. It was supposed to be valid, last I knew, and it is anyway necessary for resolving ambiguities such as yours. Everything started working as soon as I renamed the second OpenVPN class to s_jumpbox::ovpn, but I don't understand why they clash! Puppet supports refering to classes by relative name, where (IIRC) that name can be relative to any enclosing namespace. My recollection is more uncertain on this, but I think Puppet searches namespaces from the innermost enclosing one to the outermost (certainly that's consistent with your observation). Supposing I've got that right, then, here's how the name resolution went for you: 1) look for class openvpn in namespace ::s_jumpbox::openvpn (i.e. ::s_jumpbox::openvpn::openvpn) [not found] 2) look for class openvpn in namespace ::s_jumpbox (i.e. ::s_jumpbox::openvpn) [we have a winner] Not reached: 3) look for class openvpn in namespace :: (i.e. ::openvpn) John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Error 400 on SERVER: Could not write /var/lib/puppet/ssl/ca/requests/node13.pem
Hi, I think the error is self explanatory. What are the perms on the directory? The simplest thing here is to remove /var/lib/puppet/ssl and let it be recreated. Cheers, Den On 09/12/2011, at 3:33, Utoplenick arifulovre...@gmail.com wrote: If anybody knows? plese tell me what is a reason of this problem, i`m novice with puppet and sorry for my english=) have error on client: [root@node13 ~]# [root@node13 ~]# puppet agent --server=head02 --test warning: peer certificate won't be verified in this SSL session warning: peer certificate won't be verified in this SSL session info: Creating a new SSL certificate request for node13 info: Certificate Request fingerprint (md5): 74:5D:F2:AA: 9C:DC:F5:E3:2D:FE:B7:6B:A0:35:67:11 warning: peer certificate won't be verified in this SSL session err: Could not request certificate: Error 400 on SERVER: Could not write /var/lib/puppet/ssl/ca/requests/node13.pem to csrdir: Could not find a default provider for user Exiting; failed to retrieve certificate and waitforcert is disabled here is the outpupt for the same command with --debug option: debug: Failed to load library 'rubygems' for feature 'rubygems' debug: Puppet::Type::User::ProviderPw: file pw does not exist debug: Puppet::Type::User::ProviderUser_role_add: file roleadd does not exist debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/ dscl does not exist debug: Puppet::Type::User::ProviderLdap: true value when expecting false debug: Puppet::Type::File::ProviderMicrosoft_windows: feature microsoft_windows is missing debug: /File[/var/lib/puppet/client_data]/seluser: Found seluser default 'system_u' for /var/lib/puppet/client_data debug: /File[/var/lib/puppet/client_data]/selrole: Found selrole default 'object_r' for /var/lib/puppet/client_data debug: /File[/var/lib/puppet/client_data]/seltype: Found seltype default 'puppet_var_lib_t' for /var/lib/puppet/client_data debug: /File[/var/lib/puppet/client_data]/selrange: Found selrange default 's0' for /var/lib/puppet/client_data debug: /File[/var/lib/puppet/ssl/private_keys]/seluser: Found seluser default 'system_u' for /var/lib/puppet/ssl/private_keys debug: /File[/var/lib/puppet/ssl/private_keys]/selrole: Found selrole default 'object_r' for /var/lib/puppet/ssl/private_keys debug: /File[/var/lib/puppet/ssl/private_keys]/seltype: Found seltype default 'puppet_var_lib_t' for /var/lib/puppet/ssl/private_keys debug: /File[/var/lib/puppet/ssl/private_keys]/selrange: Found selrange default 's0' for /var/lib/puppet/ssl/private_keys debug: /File[/var/run/puppet]/seluser: Found seluser default 'system_u' for /var/run/puppet debug: /File[/var/run/puppet]/selrole: Found selrole default 'object_r' for /var/run/puppet debug: /File[/var/run/puppet]/seltype: Found seltype default 'puppet_var_run_t' for /var/run/puppet debug: /File[/var/run/puppet]/selrange: Found selrange default 's0' for /var/run/puppet debug: /File[/var/run/puppet/agent.pid]/seluser: Found seluser default 'system_u' for /var/run/puppet/agent.pid debug: /File[/var/run/puppet/agent.pid]/selrole: Found selrole default 'object_r' for /var/run/puppet/agent.pid debug: /File[/var/run/puppet/agent.pid]/seltype: Found seltype default 'puppet_var_run_t' for /var/run/puppet/agent.pid debug: /File[/var/run/puppet/agent.pid]/selrange: Found selrange default 's0' for /var/run/puppet/agent.pid debug: /File[/var/lib/puppet/ssl/public_keys/node13.pem]/seluser: Found seluser default 'system_u' for /var/lib/puppet/ssl/public_keys/ node13.pem debug: /File[/var/lib/puppet/ssl/public_keys/node13.pem]/selrole: Found selrole default 'object_r' for /var/lib/puppet/ssl/public_keys/ node13.pem debug: /File[/var/lib/puppet/ssl/public_keys/node13.pem]/seltype: Found seltype default 'puppet_var_lib_t' for /var/lib/puppet/ssl/ public_keys/node13.pem debug: /File[/var/lib/puppet/ssl/public_keys/node13.pem]/selrange: Found selrange default 's0' for /var/lib/puppet/ssl/public_keys/ node13.pem debug: /File[/var/lib/puppet/facts]/seluser: Found seluser default 'system_u' for /var/lib/puppet/facts debug: /File[/var/lib/puppet/facts]/selrole: Found selrole default 'object_r' for /var/lib/puppet/facts debug: /File[/var/lib/puppet/facts]/seltype: Found seltype default 'puppet_var_lib_t' for /var/lib/puppet/facts debug: /File[/var/lib/puppet/facts]/selrange: Found selrange default 's0' for /var/lib/puppet/facts debug: /File[/var/lib/puppet/state]/seluser: Found seluser default 'system_u' for /var/lib/puppet/state debug: /File[/var/lib/puppet/state]/selrole: Found selrole default 'object_r' for /var/lib/puppet/state debug: /File[/var/lib/puppet/state]/seltype: Found seltype default 'puppet_var_lib_t' for /var/lib/puppet/state debug: /File[/var/lib/puppet/state]/selrange: Found selrange default 's0' for /var/lib/puppet/state debug: /File[/var/lib/puppet/state/graphs]/seluser: Found seluser default 'system_u' for /var/lib/puppet/state/graphs
[Puppet Users] Re: Using a defined resource declared within a parameterized class?
On Dec 7, 3:17 pm, Michael Cumings mcumi...@narrativescience.com wrote: I want to be able to build a parameterized class that represents each of our major services, and then use a define within that class that will make use of the parameters. For example, have a class that represents a complete application, which is a virtualenv python application. Then use a define within that application instance of the class to add pip installed packages to the virtualenv created by the parameterized class. Is this even possible? What would be the syntax? I'm not sure whether that's possible, but in any event it's not necessary. The class can always forward any of its own parameters to a definition instance via its parameters, and the definition can access the class's variables (including, I think, its parameters) by their qualified names. I recommend you separate the class and definition, and use those tools to provide data to definition instances. It will be a lot clearer. If you want to try what you described, however, then the syntax would be something like this (might not work): class example::foo ($p, $q) { # the definition: define bar ($r) { # using a definition parameter: notice { example-${r}: # using a class parameter: message = ${q} } # ... } # instantiate of the definition example::foo::bar { 'baz': r = $p } } I have no idea whether you could successfully instantiate the definition from outside the class (making it function as a closure), but if so then you would need to be sure to declare the class first. Afterward, if it's possible to do this at all then the same instantiation syntax I show above will work outside the class. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Any way to have exclusive classes?
I have a group of classes (about 6 now) that I want to allow a host to use none or at most one of them. This just a guard rail for admins. :-) Basically like this: base base::opt1 base::opt2 ... base::opt6 base is default to all nodes. We use Puppet and Foreman :-) Thanks -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] problem with fund service
Hi, I wrote a small func module that installs and configures func. The problem I'm having is that the service type isn't properly starting the service. I have the following: class func::service { Service { enable = true, ensure = running, hasrestart = true, hasstatus = true, require = Class[func::config] } service { funcd: ; } } If funcd isn't running, puppet doesn't start it. I checked the funcd service script and it looks correct (if you do service funcd status it returns funcd is not running and the exit status is 3). Any ideas? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Announce: Puppet 2.7.8 Available
Puppet 2.7.8 is available. 2.7.8 contains everything that was being previewed in the 2.7.7rc series as well as some new content. Key highlight in this release (beyond items from 2.7.7rc series) are: * Allow providers to be selected in the run they become suitable * Showdiff is now not auto-enabled when running in noop mode * Provide default subjectAltNames while bootstrapping master (defaulting to puppet and puppet.domain) * Allow optional trailing comma in argument lists. * Output 4-digit file modes in File type Release Notes for 2.7.8 series -- https://projects.puppetlabs.com/projects/puppet/wiki/Release_Notes This release is available for download at: http://downloads.puppetlabs.com/puppet/ See the Verifying Puppet Download section at: http://projects.puppetlabs.com/projects/puppet/wiki/Downloading_Puppet Please report feedback via the Puppet Labs Redmine site, using an affected version of 2.7.8 http://projects.puppetlabs.com/projects/puppet Documentation is available at: http://docs.puppetlabs.com/index.html # 2.7.8 === ##10739 Provide default subjectAltNames while bootstrapping master Prior to #2848 (CVE-2011-3872), if Puppet[:certdnsnames] was not set, puppet would add default subjectAltNames to any non-CA cert it signed, including agent certs. The subjectAltNames were of the form: DNS:puppet, DNS:fqdn, DNS:puppet.domain The fix for #2848, prevented subjectAltNames from ever being implicitly added at signing time. But during this change, the default subjectAltNames behavior was accidentally removed. This commit restores the 'defaulting' behavior that existed previously, but only when bootstrapping the initial master. Additionally, default subjectAltNames are only ever added when generating the master's certificate signing request, not at signing time. This is important, because it ensures all subjectAltNames originate from the CSR and are subject to our internal signing policy. The code now requires that all of the following be true in order to add default subjectAltNames to the CSR: 1. We are a CA and master 2. We're signing the master's cert, not self-signing the CA 3. The CSR is for the current host 4. No subjectAltNames have been specified, e.g. Puppet[:dns_alt_names] 5. The master can resolve its fqdn These should only ever be true when bootstrapping the initial master. In particular, it should never be true for the CA's self-signed cert, for remote agents, or for servers that are either masters or CAs, but not both. The fqdn requirement existed previously, and so the same behavior has been restored. Note if Puppet[:dns_alt_names] are specified when bootstrapping the master, then we do not merge the default options -- it's either one of the other, but not both. #2744 Don't automatically enable show_diff in noop mode As of 845825a, file diffs are now logged, rather than printed to console. Because log messages may be stored and more broadly readable, we no longer implicitly set show_diff in noop mode. ##6907 Allow providers to be selected in the run they become suitable Previously, if a resource did not specify its provider, it would be assigned the most appropriate suitable provider (typically the default). If no provider was suitable, the run would fail before it even began. This meant that a provider which was going to have its requirements delivered during the run could not be used in that run. In the case that an unsuitable provider was explicitly specified, this would only work in certain conditions. Suitability was lazily checked, which meant the resources installing the provider had to come before the resources using it. If this weren't true (because the dependencies weren't specified), those resources would still fail. Now, we will instead *wait* for the provider to become suitable. Similarly, if no provider is specified, we wait for a suitable provider to become available. We accomplish this by deferring unsuitable resources when they are encountered. Once we are out of suitable resources, we re-enqueue our previously-unsuitable resources and check them again. If some are now suitable, we evaluate them as normally, deferring the rest. If all our deferred resources are still deferred, they all fail, and we continue on with their dependents (which will all be marked as skipped due to failed dependencies). This allows providers to be used in the same run as resources using them, without needing to specify any dependencies between resources using the provider and resources installing the provider. Naturally, if the resources installing the provider depend on resources using the provider, the run cannot succeed. Previously, if we chose to use an unsuitable provider, we would not prefetch it because it wasn't suitable at the beginning of the run. Now, we lazily
Re: [Puppet Users] Re: Is puppet right for us?
I've found Puppet to be unreliable running as a daemon - I suspect due to older versions of ruby floating around. So I switched to running it from cron, and it works a lot better. Memory usage doesn't seem to be an issue, and the agent only runs for a few seconds. Use Puppet Dasboard (or something like it) and/or use Nagios to make sure those cron jobs run. I use both. The main thing is to have Puppet managing itself and the cron job. I have ours set up to run the cron job twice an hour, using the concatenated IP address modulo 30 and modulo 30 + 30 as the times (to keep the clients from hammering the Puppetmaster all at once). Let me know if you go with Puppet and I'll show you how I did it. Part of the reason we chose Puppet was the quantity of documentation and working examples and the helpfulness of the community. I support (and implement) our Puppet environment here at my job. I would highly recommend Mr Turnbull's Pro Puppet book. It is VERY sysadmin focused and will save you a lot of time. The sections on environments, modules, and Dashboard were really helpful. Jeffrey Sent from my iPad On Dec 8, 2011, at 2:59 PM, Luke lutay...@gmail.com wrote: This tool will be used by primarily system admins to automate server builds app installs, configurations etc. The devs will use it in their own environment to help automate some of their tasks. I don't think we have too much Ruby expertise since we are mostly a Java shop. In terms of performance I have read that CFengine uses much less memory and can be faster than puppet. Can anyone comment on the agent and server memory usage? I have read that the puppet agent can use 85mb and the server upwards to 1GB after 20-30agents. Is that accurate? I guess which tool would you consider to be the quickest, easy to implement etc? From what I am seeing the community here seems to be much more active than the others. I have yet to get a response on the other forums. On Dec 8, 4:39 pm, Jeffrey Watts jeffrey.w.wa...@gmail.com wrote: I should also add that a very important consideration is to take in mind _who_ will be working with this. Are they developers, sysadmins, QA? Will the people working on it be spending a lot of time with Puppet/Chef/CFengine, or just a little? Are you planning on writing a bunch of custom modules, or relying on the community? What languages does your team work on primarily? For example, folks that work with Ruby a lot would probably do better with Puppet and Chef. As a sysadmin, I often see developers get distracted by arguments about what's best or the most technically advanced. Often they forget that in the end the real answer is often which tool gets the job done the quickest, with the least amount of labor, and is the most supportable. Jeffrey. On Thu, Dec 8, 2011 at 12:44 PM, Daniel Pittman dan...@puppetlabs.comwrote: Instead, I suggest you focus on your ability to learn the concrete use of the tool, and on how effectively you can solve problems with them; doing a small trial of each - solve the same mid-sized problem three times, giving each a day or two - and see what you think works best for your company and culture. There is no silver bullet. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Is puppet right for us?
Let me emphasize the beauty of running Puppet out of cron. Not only do you not end up with resource leaks (or just simple consumption when you don't need it), but you also get much more reliable load on your puppet masters. Further, if you are wiling to make a trivial effort to write a site-specific fqdn_rand() work-alike function, you can even arrange to be sure that updates roll across related servers in a reliable way. On Thu, Dec 8, 2011 at 6:08 PM, Jeffrey Watts jeffrey.w.wa...@gmail.comwrote: I've found Puppet to be unreliable running as a daemon - I suspect due to older versions of ruby floating around. So I switched to running it from cron, and it works a lot better. Memory usage doesn't seem to be an issue, and the agent only runs for a few seconds. Use Puppet Dasboard (or something like it) and/or use Nagios to make sure those cron jobs run. I use both. The main thing is to have Puppet managing itself and the cron job. I have ours set up to run the cron job twice an hour, using the concatenated IP address modulo 30 and modulo 30 + 30 as the times (to keep the clients from hammering the Puppetmaster all at once). Let me know if you go with Puppet and I'll show you how I did it. Part of the reason we chose Puppet was the quantity of documentation and working examples and the helpfulness of the community. I support (and implement) our Puppet environment here at my job. I would highly recommend Mr Turnbull's Pro Puppet book. It is VERY sysadmin focused and will save you a lot of time. The sections on environments, modules, and Dashboard were really helpful. Jeffrey Sent from my iPad On Dec 8, 2011, at 2:59 PM, Luke lutay...@gmail.com wrote: This tool will be used by primarily system admins to automate server builds app installs, configurations etc. The devs will use it in their own environment to help automate some of their tasks. I don't think we have too much Ruby expertise since we are mostly a Java shop. In terms of performance I have read that CFengine uses much less memory and can be faster than puppet. Can anyone comment on the agent and server memory usage? I have read that the puppet agent can use 85mb and the server upwards to 1GB after 20-30agents. Is that accurate? I guess which tool would you consider to be the quickest, easy to implement etc? From what I am seeing the community here seems to be much more active than the others. I have yet to get a response on the other forums. On Dec 8, 4:39 pm, Jeffrey Watts jeffrey.w.wa...@gmail.com wrote: I should also add that a very important consideration is to take in mind _who_ will be working with this. Are they developers, sysadmins, QA? Will the people working on it be spending a lot of time with Puppet/Chef/CFengine, or just a little? Are you planning on writing a bunch of custom modules, or relying on the community? What languages does your team work on primarily? For example, folks that work with Ruby a lot would probably do better with Puppet and Chef. As a sysadmin, I often see developers get distracted by arguments about what's best or the most technically advanced. Often they forget that in the end the real answer is often which tool gets the job done the quickest, with the least amount of labor, and is the most supportable. Jeffrey. On Thu, Dec 8, 2011 at 12:44 PM, Daniel Pittman dan...@puppetlabs.com wrote: Instead, I suggest you focus on your ability to learn the concrete use of the tool, and on how effectively you can solve problems with them; doing a small trial of each - solve the same mid-sized problem three times, giving each a day or two - and see what you think works best for your company and culture. There is no silver bullet. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Is puppet right for us?
I would consider the following a small list of pros and cons for the three tools: Pros: Cfengine: Not written in Ruby, so currently is more efficient with system resources. Puppet: IMHO has the most approachable syntax of the three (for sysadmins), and the strongest community. It also has the widest platform support, with a lot of preexisting code and code examples out there. Chef: Configs are written in Ruby, and somewhat modeled on Rails development patterns, so it is relatively easy for Ruby/Rails devs to pick up. Also, Chef was designed from the ground up for the cloud, so is focused on things like dynamically spinning up cloud instances. (Check out knife and databags) If you don't want to manage your own Chef server you can get it as a preconfigured service. Cons: Cfengine: Can be a bit challenging to learn, especially the promise theory. Puppet: Particularly with older versions of Ruby can have memory usage issues. Variable scoping is not ideal. These issues are manageable though. Chef: No true dependency graphing, (implicit execution order) Setting up a chef server is a bit on the challenging side, since it has a number of requirements that don't fall into very common use. (Erlang based CouchDB, and Solr). Learning Ruby is mandatory. None of these tools are perfect and each have their warts, but any one of them would make your life a lot easier. I'd say though that I prefer Puppet over cfengine in almost all cases (except maybe a case where I am managing only machines that have very tight resource constraints). Chef vs Puppet it depends. If I was working entirely in the cloud and I had a very dynamic environment, or was a Ruby shop, Chef would probably be my choice. In almost all other cases I would go with Puppet. That said, the Puppet community is working to address the Cloud deployment differences, so if the cloud is in the future but not a now thing, I wouldn't let that effect your decision. (And puppet does work in the cloud today, just the support is relatively new and not yet as robust as Chef's) All in all, for the reason of community and ecosystem alone, I'd say go with Puppet. Here are some random syntax examples: cfengine: http://www.sysadmin.hep.ac.uk/wiki/Cfengine:_Installing_Xrootd_with_cfengine puppet: http://people.redhat.com/dlutter/puppet-app.html chef: https://github.com/opscode/cookbooks/blob/master/apache2/recipes/default.rb Cheers, Brian P.S. - Another tool to look at, that I have *heard* good things about is bcfg2, but it isn't nearly as popular as the others. -- http://aws.amazon.com/solutions/solution-providers/brandorr/ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] a tips , run puppet in client mode in big datacenter
hi,all this is a tips, when you run puppet in a big data center. you need run more than one puppet master. this is a trouble. and if the puppet master hacked by hacker. all client will be in danger. but run puppet in client mode , can resolve this two problem. the first . client just download the puppet manifest from a ftp or http server with ssl connect. so ,just only one simple puppet manifest distribute server. the second . use the gpg sign the puppet manifest. so the client only run the manifest when the puppet manifest's sign is right. and the client will import the gpg public key. if you have some problem ,please ask me. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Any way to have exclusive classes?
Hi, The way we do as similar kind of thing is use a 'role' class which assigns various classes based on the fact of a node. We created a custom fact that gives a fact that tells us the node's role. We then use: if $role-fact =~ role { include variousclasses } Not as simple as that obviously but I hope that gives the point. In your node declaration you can use similar syntax to include or exclude classes. Hope that helps, Den On 09/12/2011, at 10:05, Len Rugen lenru...@gmail.com wrote: I have a group of classes (about 6 now) that I want to allow a host to use none or at most one of them. This just a guard rail for admins. :-) Basically like this: base base::opt1 base::opt2 ... base::opt6 base is default to all nodes. We use Puppet and Foreman :-) Thanks -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Is puppet right for us?
I would totally recommend Puppet Commander in place of that, if you have the time to get it running: http://projects.puppetlabs.com/projects/mcollective-plugins/wiki/ToolPuppetcommander It uses mcollective and is pretty much awesome. Daniel On Thu, Dec 8, 2011 at 21:22, Brian Gallew g...@gallew.org wrote: Let me emphasize the beauty of running Puppet out of cron. Not only do you not end up with resource leaks (or just simple consumption when you don't need it), but you also get much more reliable load on your puppet masters. Further, if you are wiling to make a trivial effort to write a site-specific fqdn_rand() work-alike function, you can even arrange to be sure that updates roll across related servers in a reliable way. On Thu, Dec 8, 2011 at 6:08 PM, Jeffrey Watts jeffrey.w.wa...@gmail.com wrote: I've found Puppet to be unreliable running as a daemon - I suspect due to older versions of ruby floating around. So I switched to running it from cron, and it works a lot better. Memory usage doesn't seem to be an issue, and the agent only runs for a few seconds. Use Puppet Dasboard (or something like it) and/or use Nagios to make sure those cron jobs run. I use both. The main thing is to have Puppet managing itself and the cron job. I have ours set up to run the cron job twice an hour, using the concatenated IP address modulo 30 and modulo 30 + 30 as the times (to keep the clients from hammering the Puppetmaster all at once). Let me know if you go with Puppet and I'll show you how I did it. Part of the reason we chose Puppet was the quantity of documentation and working examples and the helpfulness of the community. I support (and implement) our Puppet environment here at my job. I would highly recommend Mr Turnbull's Pro Puppet book. It is VERY sysadmin focused and will save you a lot of time. The sections on environments, modules, and Dashboard were really helpful. Jeffrey Sent from my iPad On Dec 8, 2011, at 2:59 PM, Luke lutay...@gmail.com wrote: This tool will be used by primarily system admins to automate server builds app installs, configurations etc. The devs will use it in their own environment to help automate some of their tasks. I don't think we have too much Ruby expertise since we are mostly a Java shop. In terms of performance I have read that CFengine uses much less memory and can be faster than puppet. Can anyone comment on the agent and server memory usage? I have read that the puppet agent can use 85mb and the server upwards to 1GB after 20-30agents. Is that accurate? I guess which tool would you consider to be the quickest, easy to implement etc? From what I am seeing the community here seems to be much more active than the others. I have yet to get a response on the other forums. On Dec 8, 4:39 pm, Jeffrey Watts jeffrey.w.wa...@gmail.com wrote: I should also add that a very important consideration is to take in mind _who_ will be working with this. Are they developers, sysadmins, QA? Will the people working on it be spending a lot of time with Puppet/Chef/CFengine, or just a little? Are you planning on writing a bunch of custom modules, or relying on the community? What languages does your team work on primarily? For example, folks that work with Ruby a lot would probably do better with Puppet and Chef. As a sysadmin, I often see developers get distracted by arguments about what's best or the most technically advanced. Often they forget that in the end the real answer is often which tool gets the job done the quickest, with the least amount of labor, and is the most supportable. Jeffrey. On Thu, Dec 8, 2011 at 12:44 PM, Daniel Pittman dan...@puppetlabs.comwrote: Instead, I suggest you focus on your ability to learn the concrete use of the tool, and on how effectively you can solve problems with them; doing a small trial of each - solve the same mid-sized problem three times, giving each a day or two - and see what you think works best for your company and culture. There is no silver bullet. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send