date:20120712

I've been trying to wrap my head around ENCs.

Kelsey Hightower gave me some very useful info in IRC the other day, but 
there are still some things I can't quite get my head around.

From what I can tell, an ENC allows you to assign classes and parameters 
(top scope variables) to a given node or group of nodes.

They cannot declare/define relationships (chain classes together to order 
them) or declare individual resources.

The purpose is to help separate data and configuration.

From reading what documentation I could find on the puppet site (some of 
which is potentially inaccurate / outdated from the wiki), the only way to 
get around these limits is to build your modules, then define a series of 
wrapper classes and super classes and assign these to the nodes.

We've got 2 dozen or so systems that we manage with puppet, and so far have 
done it all just using node defs.

What benefits would there be in using an ENC, from an admin side of things? 
Is it something that would be worth my time in setting up?

I'm trying to understand this, and my long term goal is to maximize the 
benefit we get from puppet.

Thanks.

Lee

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/Lr4lgnpVWcwJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: how to conditionally add users to a virtualized group?

 
On Wednesday, July 11, 2012 3:03:14 PM UTC-5, Jo wrote:

 I'm fighting with a ticklish issue.  We have some groups and users that 
 only belong on some systems. So we made all users virtual and then realize 
 them in classes specific to those system types.  This works quite well for 
 the users, but not for the groups. When you specify a user, you have to 
 list all the groups they are in. 
 groups = ['support',ops','dev'],

  Obviously some groups aren't realized on all systems, so this produces an 
 error when usermod is run.
 '/usr/sbin/usermod -G support,ops,dev jrhett' returned 6: usermod: unknown 
 group dev
 usermod: unknown group dev

 So I tried to get smarter, and put logic to add the group to each member 
 under the appropriate class
 Class users::dev inherits users { 
 User['jrhett'] { groups + ['dev'] }
 }

 This works… almost. It works for all instances where the user is only 
 subclassed once. But if I do the same technique in multiple classes I get 

 err: Could not retrieve catalog from remote server: Error 400 on SERVER: 
 Parameter 'groups' is already set on User_and_key[jrhett] by 
 #Puppet::Resource::Type:0x7f4feed2d828 at 
 /etc/puppet/modules/users/manifests/support.pp:22; cannot redefine at 
 /etc/puppet/modules/users/manifests/dev.pp:27 on node s2-d1.company.com

 So how can this be achieved, short of using an exec with an unless doing 
 another exec to determine if the group exists?


If it is the case that each user always has the same potential secondary 
groups, and you need to narrow the actual secondary groups to those that 
are actually present, then I think you could do it without too much pain.  
The main ingredients would be a list (array) of the groups that are 
supposed to be present, and a custom function that forms the intersection 
of two arrays.  (Or you could use an inline template and split(), but yuck!)

Hiera would probably provide a good means for building the list of 
available groups, which you could then use not only to filter user 
definitions but also to drive virtual group realization.  Here's a skeleton 
of how it might work:

class auth::constants {
  $available_groups = hiera('groups')
}

class auth::groups::virtual {
  # Virtual group declarations, such as
  @group { 'dev': 
gid = 4242,
ensure = present
  }
}

define auth::concrete_group () {
  include 'auth::groups::virtual'
  realize Group[$name]
}

class auth::groups {
  include 'auth::constants'

  auth::concrete_group { $auth::constants::available_groups: }
}

class auth::users::virtual {
  include 'auth::constants'

  # Virtual user declarations, such as
  @user { 'jbolling':
uid = 4200,
gid = 4200,
groups = intersect(['dev', 'support', 'ops'], 
$auth::constants::available_groups)
  }
}

A few bits are omitted, most notably user realization.  The main concept is 
to declare what you want in the first place, rather than throwing up 
something and trying to tweak it afterward, or trying to build values 
incrementally.  The latter two approaches tends to work poorly in Puppet 
(with certain caveats).

Note also that the above is completely hypothetical.  I think it would 
work, but it's not based on anything I have actually implemented.


John

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/uo9sWOQTJyMJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Environment and layout questions

2012-07-12 Thread earthgecko

Hi Tim

I had a similar question in 
https://groups.google.com/forum/?fromgroups#!topic/puppet-users/fhHYT3LkBoE 
but spent a while figuring out and testing what is possible.  Hopefully 
this will help you or someone work their way around a corner.

Puppet Environments

* Common modules, environment/node specific configs
* Environment specific modules and common or environment/node specific 
configs

It is possible to use both and failback/iterate over configs per 
$environment and per node.
And it is possible to have a shared/common module in (modules) that is 
specific to all environments and have the specific $environment or node 
configs being served via environments.  It is a little complicated but does 
work and allows for quite a bit of flexibility serving environments.

I find that I do not want to maintain all modules per environment in 
puppet, as that means maintaining $(( modules * number_of_environments )), 
but do as shown later :)

Some modules lend then themselves to a common module but environment 
specific configuration.  To achieve this some puppet magic is required, a 
few spells :)  I shall try and describe the concept and steps here.

So for example it is possible to achieve something like the following 
(caveat manifests/${environment} dirs are there if you are also using an 
include ${environment}/*.pp for node definitions):

|+-environments/
|  +-dev/
|  | +-configs/
|  | | |+-mysql_proxy/
|  | | |  +-${puppet_env}.mysql-proxy.erb
|  | | |  +-dev-server-1.mysql-proxy.erb
|  | | |+-mysql_server/
|  | |+-$hostname.cnf
|  | |+-mysql.conf
|  | +-modules/
|  | | |+-httpd/
|  | ||+-manifests/
|  | ||  +-init.pp
|  | ||+-templates/
|  | |   +-httpd.conf.erb
|  | +-repo/
|  |   |+-*.rpm
|  +-prod/
|  | +-configs/
|  | | |+-mysql_proxy/
|  | | |  +-${puppet_env}.mysql-proxy.erb
|  | | |  +-prod-server-2.mysql-proxy.erb
|  | | |+-mysql_server/
|  | |+-$hostname.cnf
|  | |+-mysql.conf
|  | +-modules/
|  | | |+-httpd/
|  | ||+-manifests/
|  | ||  +-init.pp
|  | ||+-templates/
|  | |   +-httpd.conf.erb
|  | +-repo/
|  |   |+-*.rpm
|+-manifests/
|  |+-dev/
|  |  +-dev-server-1.pp
|  |  +-dev-server-2.pp
|  |+-prod/
|  |  +-prod-server-1.pp
|  |  +-prod-server-2.pp
|  |+-extdata/
|  |  +-dev.csv
|  |  +-dev.csv
|  |+-dev.pp
|  |+-prod.pp
|  |+-site.pp
|+-modules/
   |+-mysql_proxy/
   |  |+-manifests/
   |  |  +-init.pp
   |  |+-files/
   | +-mysql-proxy.erb
   |+-mysql_server/
  |+-manifests/
 +-init.pp

To achieve this you need to ensure environments are set in the puppet.conf
SNIP
[agent]
environment = %= environment %
/SNIP

Just for clarification I map $environment to $puppet_env (for some backward 
compatability issues as puppet environments has not always been avaiable).

SNIP
[agent]
environment = %= puppet_env %
/SNIP
,
In the node manifest:

SNIP
  $puppet_env = '$::environment'
/SNIP

In the puppetmaster puppet.conf:

SNIP
[master]

  # Where the puppet manifests live
  templatedir = /opt/puppet/manifests
  modulepath  = $confdir/environments/$environment/modules:$confdir/modules
  manifest= $confdir/manifests/unknown_environment.pp

[dev]
  manifest = $confdir/manifests/dev.pp
[prod]
  manifest = $confdir/manifests/prod.pp
/SNIP

Environment specific manifests.  As you can see above, here if the node is 
a dev node, the manifest/dev.pp will be served and it does:

SNIP
import 'site.pp'
import 'dev/*.pp'
/SNIP

site.pp being common dev and prod variables, etc.

Then in the puppetmaster filerserver.conf (example from a erb template), 
change the /opt/puppet path as appropriate.
For further clarification I use extdata and the extlookup function in erb 
templates and have dev.csv and prod.csv extdata files and there is a top 
scope variable of $puppet_repo = '/opt/puppet'
Here is a snippet that serves 
environments/${environment}/{configs,modules,repo} directories to the nodes.

fileserver.conf(.erb):

SNIP
[configs]
  path /opt/puppet/environments/%= environment %/configs

# Environment nodes
% node_ips.each do |val| -%
  allow %= val %
% end -%
% if cloud_provider == aws %# aws allow private IP
  allow %= ec2_local_ipv4 %% end %

[repo]
  path %= puppet_repo %/environments/%= puppet_env %/repo

# Environment nodes
% node_ips.each do |val| -%
  allow %= val %
% end -%
% if cloud_provider == aws %# aws allow private IP
  allow %= ec2_local_ipv4 %% end %
/SNIP

A note regarding modules and environments, if you have environments 
configured and you have a module is the 
environments/${environment}/modules/module_a you cannot have 
modules/module_a.

Putting it all together

mysql_proxy example init.pp:

SNIP
# mysql-proxy config
  file { '/etc/sysconfig/mysql-proxy':
owner   = 'root',
group   = 'root',
mode= '0644',
# Here we use an inline_template that calls the file() resource.  The 
template
# resource does not allow to use the first file found like the source 
resource
# does.

[Puppet Users] Re: What is the intention of thin_storeconfigs?



On Thursday, July 12, 2012 3:29:15 AM UTC-5, badamowicz wrote:

 I started doing some experiments with the configuration option 
 'thin_storeconfigs=true' by adding this option to one of my Puppet masters. 
 However, I could not determine any change in behavior. I expected to have 
 the resources collected faster, but Puppet still takes some 15min to do the 
 job. So maybe I misunderstood something. Should this option instead be 
 placed in the client's configuration to make them export only the 
 @@-resources? 

 Couldn't find any documentation. So any help is appreciated. 


Google gave me this as my number one hit: 
http://projects.puppetlabs.com/projects/1/wiki/Using_Stored_Configuration.  
It's a bit dated, but it nevertheless contains the key information: [thin 
storeconfigs] only collects and stores to the database exported resources, 
tags and host facts.

'Thick' storeconfigs additionally stores non-exported resources, and 
possibly other things -- overall, a relational representation of nodes' 
entire catalogs.

I would expect thin storeconfigs to accelerate resource collection relative 
to thick only if the *overall* database size were slowing the DBMS.  If the 
problem is specifically with the number and/or complexity of exported 
resources, then thin vs. thick should not make a difference in that area.


John

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/ehNmEJw6uVUJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] CRAY / BlueGeneQ

2012-07-12 Thread Dominic Maraglia

Pablo,

If your Cray systems are running Cray Linux, then it is possible Puppet
will run in your environment, though we have yet to test this ourselves at
Puppet.

Cheers,

Dominic Maragia

On Thu, Jul 12, 2012 at 1:01 AM, Pablo Fernandez pablo.fernan...@cscs.chwrote:

 Dear all,

 I would like to ask you, does anybody here have experience with Puppet
 under CRAY systems, or BlueGeneQ? It would be nice to hear some experiences
 with this, if any.

 Thanks!
 Pablo

 --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to puppet-users+unsubscribe@**
 googlegroups.com puppet-users%2bunsubscr...@googlegroups.com.
 For more options, visit this group at http://groups.google.com/**
 group/puppet-users?hl=enhttp://groups.google.com/group/puppet-users?hl=en
 .




-- 
Dominic Maraglia
QA Engineer
Puppet Labs

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: What is the intention of thin_storeconfigs?



On Thursday, July 12, 2012 3:29:15 AM UTC-5, badamowicz wrote:

 Should [thin_storeconfigs] instead be placed in the client's configuration 
 to make them export only the @@-resources? 


No, (thin_)storeconfigs is a function of the master, at catalog compilation 
time.

John

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/7_ug4xm5OFAJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] CRAY / BlueGeneQ

2012-07-12 Thread Ken Barber

I dealt with a case that had a Cray XT4 using Redhat Linux
specifically. More or less since the hardware and OS was just like any
other platform we support, it wasn't a problem and we supported it.

If you are using Cray Linux - I believe its based on the SuSE Linux
platform (and we do support SLES 11sp1/2) - so if you have trouble I'm
sure it wouldn't be hard to adapt, although it isn't a platform we
have specifically targeted in the past. Some Facter patches would
probably be needed to identify its version and OS - but if it works
like SuSE in respect to packaging we already have the code to support
zypper packages (if that is indeed what it uses) and other SuSE
facilities - it all depends on the variations that Cray have taken.

From a support perspective today Cray Linux would fall into a
community effort, but that doesn't mean with some work it couldn't
work for you.

BlueGene/Q on the other hand is a PPC architecture isn't it? So what
OS are you running on it? In most cases when it comes to Puppet - its
the OS that matters.

ken.

On Thu, Jul 12, 2012 at 9:01 AM, Pablo Fernandez
pablo.fernan...@cscs.ch wrote:
 Dear all,

 I would like to ask you, does anybody here have experience with Puppet under
 CRAY systems, or BlueGeneQ? It would be nice to hear some experiences with
 this, if any.

 Thanks!
 Pablo

 --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at
 http://groups.google.com/group/puppet-users?hl=en.


-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] nginx-passenger authentication / certificate issue

2012-07-12 Thread Jon Jaroker

Hello, I have been stumped by an authentication / certificate problem
and would like to know if anyone has resolved a similar issue.

My fresh install of Puppet Master 2.7.18 on Debian 6 works normally
when run standalone, using 'puppet master --verbose --no-daemonize'.

When using nginx-passenger in front of the same puppet master,  puppet
fails with the authentication error:  '… Forbidden request …  access
to /file_metadata/plugins [find] at line 57'

This failure occurs on the same node that had successfully connected
to Puppet Master when it was run standalone.

The full log errors are here: http://pastebin.com/KH8Pyyw3

I can work-around this authentication error by appending 'allow *' for
'path /' in the puppet master's auth.conf file.

Here is the Puppet Master auth.conf file I am using: 
http://pastebin.com/Ju0ke3rP

I don't think this workaround is correct: the default authentication
policy should not allow access to un-authenticated nodes.

Here is my nginx.conf file: http://pastebin.com/q7HMuAZ0

Here is the config.ru configuration file: http://pastebin.com/1aCdsTJE

Does anyone see what I am doing wrong?  I have already tried deleting
and recreating certificates for the agent and master.

Thank you,
Jon

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] nginx-passenger authentication / certificate issue

2012-07-12 Thread Jeff McCune

Are you sure you want to be using the passenger_set_cgi_param nginx
directive and not proxy_set_header?

The problem definitely seems to be Puppet not picking up the values
that should be set in the HTTP_X_CLIENT_VERIFY and HTTP_X_CLIENT_DN
request headers.

-Jeff

On Thu, Jul 12, 2012 at 7:34 AM, Jon Jaroker goo...@jaroker.com wrote:

 Hello, I have been stumped by an authentication / certificate problem
 and would like to know if anyone has resolved a similar issue.

 My fresh install of Puppet Master 2.7.18 on Debian 6 works normally
 when run standalone, using 'puppet master --verbose --no-daemonize'.

 When using nginx-passenger in front of the same puppet master,  puppet
 fails with the authentication error:  '… Forbidden request …  access
 to /file_metadata/plugins [find] at line 57'

 This failure occurs on the same node that had successfully connected
 to Puppet Master when it was run standalone.

 The full log errors are here: http://pastebin.com/KH8Pyyw3

 I can work-around this authentication error by appending 'allow *' for
 'path /' in the puppet master's auth.conf file.

 Here is the Puppet Master auth.conf file I am using: 
 http://pastebin.com/Ju0ke3rP

 I don't think this workaround is correct: the default authentication
 policy should not allow access to un-authenticated nodes.

 Here is my nginx.conf file: http://pastebin.com/q7HMuAZ0

 Here is the config.ru configuration file: http://pastebin.com/1aCdsTJE

 Does anyone see what I am doing wrong?  I have already tried deleting
 and recreating certificates for the agent and master.

 Thank you,
 Jon

 --
 You received this message because you are subscribed to the Google Groups 
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to 
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at 
 http://groups.google.com/group/puppet-users?hl=en.


-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: err: Could not request certificate: execution expired

2012-07-12 Thread Ron

I see this also if the time on the client is too far out of sync with the 
time on the server.  set the time to within a few seconds of the server 
first, then try again.

On Tuesday, July 10, 2012 12:39:13 PM UTC-5, Ganesh Ganesh wrote:

 Hi Guys,

 I am trying to executed sign client to server,
 I give the command to client #puppetd --test -d -v


 debug: /File[/var/lib/puppet/ssl/private_keys]: Autorequiring 
 File[/var/lib/puppet/ssl]
 debug: /File[/var/lib/puppet/ssl/certs]: Autorequiring 
 File[/var/lib/puppet/ssl]
 debug: Finishing transaction 23595599384520



 err: Could not request certificate: execution expired
 Exiting; failed to retrieve certificate and waitforcert is disabled

 How to resolve this, please guide me guys.

 -Ganesh.
  
 Did I learn something today? If not, I wasted it.


-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/K6IyTQw6wesJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: nginx-passenger authentication / certificate issue

2012-07-12 Thread David Wooldridge

I know when I was setting this up
(http://z0mbix.github.com/blog/2012/03/01/use-nginx-and-passenger-to-power-your-puppet-master/),

the main gotcha I came up against was the permissions of the config.ru file
have to be the same as your puppet user. I can't remember what error this
caused though.

Cheers David

On Thursday, 12 July 2012 15:34:06 UTC+1, Jon Jaroker wrote:

Hello, I have been stumped by an authentication / certificate problem
and would like to know if anyone has resolved a similar issue.

My fresh install of Puppet Master 2.7.18 on Debian 6 works normally
when run standalone, using 'puppet master --verbose --no-daemonize'.

When using nginx-passenger in front of the same puppet master, puppet
fails with the authentication error: '… Forbidden request … access
to /file_metadata/plugins [find] at line 57'

This failure occurs on the same node that had successfully connected
to Puppet Master when it was run standalone.

The full log errors are here: http://pastebin.com/KH8Pyyw3

I can work-around this authentication error by appending 'allow *' for
'path /' in the puppet master's auth.conf file.

Here is the Puppet Master auth.conf file I am using:
http://pastebin.com/Ju0ke3rP

I don't think this workaround is correct: the default authentication
policy should not allow access to un-authenticated nodes.

Here is my nginx.conf file: http://pastebin.com/q7HMuAZ0

Here is the config.ru configuration file: http://pastebin.com/1aCdsTJE

Does anyone see what I am doing wrong? I have already tried deleting
and recreating certificates for the agent and master.

Thank you,
Jon

--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/2MBuu8evOokJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: nginx-passenger authentication / certificate issue

2012-07-12 Thread Jon Jaroker

Hello Jeff,

Thank you for your reply.  It pointed me in the right direction.

Regarding 'proxy_set_header', I don't believe this directive has an
effect on passenger.  For passenger, I believe the
'passenger_set_cgi_param' directive must be used instead.

My mistake was using the wrong parameter.  While HTTP_X_CLIENT_* will
work for 'proxy_set_header', I think you need to use SSL_CLIENT_*
parameters for 'passenger_set_cgi_param'.

Here is the change in nginx.conf that solved the problem for me.

# passenger_set_cgi_param HTTP_X_CLIENT_DN $ssl_client_s_dn;
# passenger_set_cgi_param HTTP_X_CLIENT_VERIFY $ssl_client_verify;
  passenger_set_cgi_param SSL_CLIENT_S_DN  $ssl_client_s_dn;
  passenger_set_cgi_param SSL_CLIENT_VERIFY$ssl_client_verify;


The puppet client is now able to connect normally.

Regards,
Jon

On Jul 12, 10:44 am, Jeff McCune j...@puppetlabs.com wrote:
 Are you sure you want to be using the passenger_set_cgi_param nginx
 directive and not proxy_set_header?

 The problem definitely seems to be Puppet not picking up the values
 that should be set in the HTTP_X_CLIENT_VERIFY and HTTP_X_CLIENT_DN
 request headers.

 -Jeff







 On Thu, Jul 12, 2012 at 7:34 AM, Jon Jaroker goo...@jaroker.com wrote:

  Hello, I have been stumped by an authentication / certificate problem
  and would like to know if anyone has resolved a similar issue.

  My fresh install of Puppet Master 2.7.18 on Debian 6 works normally
  when run standalone, using 'puppet master --verbose --no-daemonize'.

  When using nginx-passenger in front of the same puppet master,  puppet
  fails with the authentication error:  '… Forbidden request …  access
  to /file_metadata/plugins [find] at line 57'

  This failure occurs on the same node that had successfully connected
  to Puppet Master when it was run standalone.

  The full log errors are here:http://pastebin.com/KH8Pyyw3

  I can work-around this authentication error by appending 'allow *' for
  'path /' in the puppet master's auth.conf file.

  Here is the Puppet Master auth.conf file I am 
  using:http://pastebin.com/Ju0ke3rP

  I don't think this workaround is correct: the default authentication
  policy should not allow access to un-authenticated nodes.

  Here is my nginx.conf file:http://pastebin.com/q7HMuAZ0

  Here is the config.ru configuration file:http://pastebin.com/1aCdsTJE

  Does anyone see what I am doing wrong?  I have already tried deleting
  and recreating certificates for the agent and master.

  Thank you,
  Jon

  --
  You received this message because you are subscribed to the Google Groups 
  Puppet Users group.
  To post to this group, send email to puppet-users@googlegroups.com.
  To unsubscribe from this group, send email to 
  puppet-users+unsubscr...@googlegroups.com.
  For more options, visit this group 
  athttp://groups.google.com/group/puppet-users?hl=en.

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: proper usage of global variables / node variables / +=

2012-07-12 Thread Eric Shamow

Nan is a Puppet Labs guy. One of our best :)

His warning about dynamic scoping is something to take seriously. That's not a 
gratuitous error message - dynamic scoping causes all kinds of problems and has 
been scheduled for deprecation for a while now, and that's coming in the next 
major release.

Details:

http://docs.puppetlabs.com/guides/scope_and_puppet.html

-Eric 

-- 

Eric Shamow
Professional Services
http://puppetlabs.com/
(c)631.871.6441


On Thursday, July 12, 2012 at 1:27 AM, fp wrote:

  At this point, however, I'm hoping that one of the PuppetLabs guys will
  jump in to either explain why I'm wrong or confirm that it's a bug.
 
 
 
 Any PuppetLabs guys reading? I realize they are all busy people, and it 
 may take a while. It's all good.
 
 
 -- 
 You received this message because you are subscribed to the Google Groups 
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com 
 (mailto:puppet-users@googlegroups.com).
 To unsubscribe from this group, send email to 
 puppet-users+unsubscr...@googlegroups.com 
 (mailto:puppet-users+unsubscr...@googlegroups.com).
 For more options, visit this group at 
 http://groups.google.com/group/puppet-users?hl=en.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] How can I list classes available on the puppet master?

Is there a way to get a list of all the classes available from the puppet 
master?

I have 2 goals for this - one is documentation in a human readable form, 
and the other is potentially importing that data into dashboard.

I did find some info on the rest API 
(http://docs.puppetlabs.com/guides/rest_api.html#resource-types ) but I 
can't make any sense of the output from it.

Thanks.

Lee

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/wmJFsgZDA8sJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] problem using apache passenger to run dashboard

I do have a config.ru under /etc/puppet/rack, and it is owned by
puppet. And that is the only config.ru I have.

Under /usr/share/puppet-dashboard/public, there is no config.ru. But
there is a 
/usr/share/puppet-dashboard/vendor/rails/railties/dispatches/config.ru.

In the procedure I followed, it never ask me to config a config.ru
file. http://docs.puppetlabs.com/dashboard/manual/1.2/bootstrapping.html


Thanks.

Hai Tao


On Thu, Jul 12, 2012 at 12:47 AM, Denmat tu2bg...@gmail.com wrote:
 Hi,

 Haven't got details in front of me but check the puppet docs on passenger - I 
 think you haven't set the right perms on your config.ru - should be owned by 
 puppet.

 Cheers
 Den

 On 12/07/2012, at 4:28, Hai Tao ehai...@gmail.com wrote:

 The welcome page should only display when there is no webpage to
 display. I tried to remove the welcome page, and it still is not
 working.

 It looks to me that the passenger is not working correctly.

 httpd error log show this errors:

 # tail -f dashboard_error.log
 [Wed Jul 11 11:27:26 2012] [error] [client ::1] File does not exist:
 /usr/share/puppet-dashboard/public/nodes
 [Wed Jul 11 11:27:26 2012] [error] [client 10.224.78.200] File does
 not exist: /usr/share/puppet-dashboard/public/reports
 [Wed Jul 11 11:27:32 2012] [error] [client ::1] File does not exist:
 /usr/share/puppet-dashboard/public/nodes
 [Wed Jul 11 11:27:32 2012] [error] [client 10.224.78.200] File does
 not exist: /usr/share/puppet-dashboard/public/reports
 [Wed Jul 11 11:27:34 2012] [error] [client ::1] File does not exist:
 /usr/share/puppet-dashboard/public/nodes
 [Wed Jul 11 11:27:34 2012] [error] [client 10.224.78.200] File does
 not exist: /usr/share/puppet-dashboard/public/reports
 [Wed Jul 11 11:27:35 2012] [error] [client ::1] File does not exist:
 /usr/share/puppet-dashboard/public/nodes
 [Wed Jul 11 11:27:35 2012] [error] [client 10.224.78.200] File does
 not exist: /usr/share/puppet-dashboard/public/reports
 [Wed Jul 11 11:27:43 2012] [error] [client ::1] File does not exist:
 /usr/share/puppet-dashboard/public/nodes
 [Wed Jul 11 11:27:44 2012] [error] [client 10.224.78.200] File does
 not exist: /usr/share/puppet-dashboard/public/reports
 [Wed Jul 11 11:27:46 2012] [error] [client ::1] File does not exist:
 /usr/share/puppet-dashboard/public/nodes
 [Wed Jul 11 11:27:46 2012] [error] [client 10.224.78.200] File does
 not exist: /usr/share/puppet-dashboard/public/reports
 [Wed Jul 11 11:27:46 2012] [error] [client ::1] File does not exist:
 /usr/share/puppet-dashboard/public/nodes



 On Wed, Jul 11, 2012 at 11:13 AM, Jo Rhett jrh...@netconsonance.com wrote:
 On Jul 10, 2012, at 4:39 PM, Hai Tao wrote:

 but after I restarted httpd, I see a apache welcome page.


 Did you read the page? It probably tells you to remove
 /etc/httpd/conf.d/welcome.conf ...

 --
 Jo Rhett
 Net Consonance : net philanthropy to improve open source and internet
 projects.



 --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at
 http://groups.google.com/group/puppet-users?hl=en.



 --
 Hai Tao

 --
 You received this message because you are subscribed to the Google Groups 
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to 
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at 
 http://groups.google.com/group/puppet-users?hl=en.


 --
 You received this message because you are subscribed to the Google Groups 
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to 
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at 
 http://groups.google.com/group/puppet-users?hl=en.




-- 
Hai Tao

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] problem using apache passenger to run dashboard

note, I also have a /usr/share/puppet/ext/rack/files/config.ru file.

On Thu, Jul 12, 2012 at 9:04 AM, Hai Tao ehai...@gmail.com wrote:
 I do have a config.ru under /etc/puppet/rack, and it is owned by
 puppet. And that is the only config.ru I have.

 Under /usr/share/puppet-dashboard/public, there is no config.ru. But
 there is a 
 /usr/share/puppet-dashboard/vendor/rails/railties/dispatches/config.ru.

 In the procedure I followed, it never ask me to config a config.ru
 file. http://docs.puppetlabs.com/dashboard/manual/1.2/bootstrapping.html


 Thanks.

 Hai Tao


 On Thu, Jul 12, 2012 at 12:47 AM, Denmat tu2bg...@gmail.com wrote:
 Hi,

 Haven't got details in front of me but check the puppet docs on passenger - 
 I think you haven't set the right perms on your config.ru - should be owned 
 by puppet.

 Cheers
 Den

 On 12/07/2012, at 4:28, Hai Tao ehai...@gmail.com wrote:

 The welcome page should only display when there is no webpage to
 display. I tried to remove the welcome page, and it still is not
 working.

 It looks to me that the passenger is not working correctly.

 httpd error log show this errors:

 # tail -f dashboard_error.log
 [Wed Jul 11 11:27:26 2012] [error] [client ::1] File does not exist:
 /usr/share/puppet-dashboard/public/nodes
 [Wed Jul 11 11:27:26 2012] [error] [client 10.224.78.200] File does
 not exist: /usr/share/puppet-dashboard/public/reports
 [Wed Jul 11 11:27:32 2012] [error] [client ::1] File does not exist:
 /usr/share/puppet-dashboard/public/nodes
 [Wed Jul 11 11:27:32 2012] [error] [client 10.224.78.200] File does
 not exist: /usr/share/puppet-dashboard/public/reports
 [Wed Jul 11 11:27:34 2012] [error] [client ::1] File does not exist:
 /usr/share/puppet-dashboard/public/nodes
 [Wed Jul 11 11:27:34 2012] [error] [client 10.224.78.200] File does
 not exist: /usr/share/puppet-dashboard/public/reports
 [Wed Jul 11 11:27:35 2012] [error] [client ::1] File does not exist:
 /usr/share/puppet-dashboard/public/nodes
 [Wed Jul 11 11:27:35 2012] [error] [client 10.224.78.200] File does
 not exist: /usr/share/puppet-dashboard/public/reports
 [Wed Jul 11 11:27:43 2012] [error] [client ::1] File does not exist:
 /usr/share/puppet-dashboard/public/nodes
 [Wed Jul 11 11:27:44 2012] [error] [client 10.224.78.200] File does
 not exist: /usr/share/puppet-dashboard/public/reports
 [Wed Jul 11 11:27:46 2012] [error] [client ::1] File does not exist:
 /usr/share/puppet-dashboard/public/nodes
 [Wed Jul 11 11:27:46 2012] [error] [client 10.224.78.200] File does
 not exist: /usr/share/puppet-dashboard/public/reports
 [Wed Jul 11 11:27:46 2012] [error] [client ::1] File does not exist:
 /usr/share/puppet-dashboard/public/nodes



 On Wed, Jul 11, 2012 at 11:13 AM, Jo Rhett jrh...@netconsonance.com wrote:
 On Jul 10, 2012, at 4:39 PM, Hai Tao wrote:

 but after I restarted httpd, I see a apache welcome page.


 Did you read the page? It probably tells you to remove
 /etc/httpd/conf.d/welcome.conf ...

 --
 Jo Rhett
 Net Consonance : net philanthropy to improve open source and internet
 projects.



 --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at
 http://groups.google.com/group/puppet-users?hl=en.



 --
 Hai Tao

 --
 You received this message because you are subscribed to the Google Groups 
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to 
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at 
 http://groups.google.com/group/puppet-users?hl=en.


 --
 You received this message because you are subscribed to the Google Groups 
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to 
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at 
 http://groups.google.com/group/puppet-users?hl=en.




 --
 Hai Tao



-- 
Hai Tao

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: The Puppet Way to handle slow resources? (newbie)

2012-07-12 Thread Tim Mooney


In regard to: [Puppet Users] Re: The Puppet Way to handle slow resources?...:


Chris, I'll take a look at exported resources. I don't have a problem with
MCollective per se, I just don't want to add a bunch of other software if
there's a native puppet way to solve the problem. From what I've seen,
Puppet itself isn't supposed to solve this problem, MCollective is.


Agreed.


My plan A right now is that when the slow-running service is up and
running it will tell Puppet to run. I haven't really thought about how this
would work for multiple instances of the slow-service, I'm pretty sure
that's not a hard problem to solve though.


I've only partially followed this thread so I don't know if someone else
has already suggested this, but if the real issue is that the interaction
between software, init script, and puppet isn't working correctly, then
why not have puppet manage and use a wrapper init script?  You keep the
init script that came with the software, but instead of having puppet use
that for start/stop/status, you write your own local-service or
mycompany-service init script and have that script call the original
script and augment the logic in start/stop/status/whatever to do whatever
is needed to work correctly with puppet.

Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing  Infrastructure  701-231-1076 (Voice)
Room 242-J6, IACC Building 701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] OpenssL::BN Error

2012-07-12 Thread Ganesh Kumar

Hi Guys,

I an trying to remove puppetca revoke certification i got openssl error

[root@dvtelx3bayxit55 ~]# puppetca --revoke all
notice: Revoked certificate with serial # Inventory of signed certificates
# SERIAL NOT_BEFORE NOT_AFTER SUBJECT
0x0001 2012-07-11T17:29:51GMT 2017-07-11T17:29:51GMT /CN=Puppet CA:
dvtelx3bayxit55.localdomain

err: Could not call revoke: Cannot convert into OpenSSL::BN
[root@dvtelx3bayxit55 ~]#

How to resolve this, please guide me..

-Ganesh.

Did I learn something today? If not, I wasted it.

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] how to conditionally add users to a virtualized group?

That's great if you have centralized and co-hosted infrastructure and are 
willing to accept the dependancy. Given that this is a small need for a small 
number of users on a very small amount of systems (like 3 out of hundreds) 
without a centralized backbone between them, implementing LDAP makes little 
sense.

On Jul 12, 2012, at 12:52 AM, Denmat wrote:
 Puppet users and groups are fiddly. My current not implemented thinking is to 
 use ldap and manage pam_groups via puppet on the hosts to get the 
 granularity. 
 
 More thinking out loud than anything else.
 
 Den
 
 On 12/07/2012, at 6:03, Jo Rhett jrh...@netconsonance.com wrote:
 
 I'm fighting with a ticklish issue.  We have some groups and users that only 
 belong on some systems. So we made all users virtual and then realize them 
 in classes specific to those system types.  This works quite well for the 
 users, but not for the groups. When you specify a user, you have to list all 
 the groups they are in. 
   groups = ['support',ops','dev'],
 
  Obviously some groups aren't realized on all systems, so this produces an 
 error when usermod is run.
  '/usr/sbin/usermod -G support,ops,dev jrhett' returned 6: usermod: 
 unknown group dev
  usermod: unknown group dev
 
 So I tried to get smarter, and put logic to add the group to each member 
 under the appropriate class
  Class users::dev inherits users { 
  User['jrhett'] { groups + ['dev'] }
  }
 
 This works… almost. It works for all instances where the user is only 
 subclassed once. But if I do the same technique in multiple classes I get 
 
 err: Could not retrieve catalog from remote server: Error 400 on SERVER: 
 Parameter 'groups' is already set on User_and_key[jrhett] by 
 #Puppet::Resource::Type:0x7f4feed2d828 at 
 /etc/puppet/modules/users/manifests/support.pp:22; cannot redefine at 
 /etc/puppet/modules/users/manifests/dev.pp:27 on node s2-d1.company.com
 
 So how can this be achieved, short of using an exec with an unless doing 
 another exec to determine if the group exists?
 
 -- 
 Jo Rhett
 Net Consonance : net philanthropy to improve open source and internet 
 projects.
 
 
 
 
 -- 
 You received this message because you are subscribed to the Google Groups 
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to 
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at 
 http://groups.google.com/group/puppet-users?hl=en.
 
 
 -- 
 You received this message because you are subscribed to the Google Groups 
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to 
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at 
 http://groups.google.com/group/puppet-users?hl=en.

-- 
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] how to conditionally add users to a virtualized group?


On Jul 12, 2012, at 4:30 AM, Felix Frank wrote:
 On 07/11/2012 10:03 PM, Jo Rhett wrote:
 So I tried to get smarter, and put logic to add the group to each member
 under the appropriate class
 Class users::dev inherits users { 
 User['jrhett'] { groups + ['dev'] }
 }
 
 This works… almost. It works for all instances where the user is only
 subclassed once. But if I do the same technique in multiple classes I get 
 
 sound approach, but I've hit this wall a couple of times as well.
 
 I've resorted to horrors that would add items to array variables that
 are declared in a central, well-known class, and use the final value for
 the resources in question. Depending on how much flexibility is
 required, this may not be feasible at all.

Hm. That might work, but seems even uglier :(

 Perhaps hiera can be used to do something clever here?


This is actually something that hiera seems perfect for, but we simply don't 
have any backend dataset from which to derive hiera data at this time. That is 
going to change, and I'm looking forward to having hiera access at that point.

-- 
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] how to conditionally add users to a virtualized group?

On Jul 12, 2012, at 6:46 AM, jcbollinger wrote:
 If it is the case that each user always has the same potential secondary 
 groups, and you need to narrow the actual secondary groups to those that are 
 actually present, then I think you could do it without too much pain.  The 
 main ingredients would be a list (array) of the groups that are supposed to 
 be present, and a custom function that forms the intersection of two arrays.  
 (Or you could use an inline template and split(), but yuck!)
 
 Hiera would probably provide a good means for building the list of available 
 groups, which you could then use not only to filter user definitions but also 
 to drive virtual group realization.  Here's a skeleton of how it might work:
 
 class auth::constants {
   $available_groups = hiera('groups')
 }

Interesting idea, but depends on an external datasource that tells us which 
groups are valid.  Since all of these groups are already defined in puppet, I 
simply don't see the value of managing intersections of data between a hiera 
data source and puppet.

   # Virtual user declarations, such as
   @user { 'jbolling':
 uid = 4200,
 gid = 4200,
 groups = intersect(['dev', 'support', 'ops'], 
 $auth::constants::available_groups)
   }
 }


I think the intersect idea is valid, as long as I can find out if a parameter 
is realized or not.  Basically, write a function that removes from the array 
any group which isn't realized. This removes any need for heira.  However I'm 
poking around and the docs don't show any methods to determine if something has 
been realized or not.

If I am reading this right, intersect is provided by stdlib, right?  So I 
really just need to write a function to determine if something is realized or 
not. I suspect this is going to fall back to the same issues as defined() 
unless I can delay execution until the end.

-- 
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] puppet 3.0.0 and hiera

2012-07-12 Thread Steve Traylen

On Tuesday, 10 July 2012 03:18:47 UTC+2, Henrik Lindberg wrote:

 On 2012-09-07 19:07, Kelsey Hightower wrote: 
  You'll need hiera-puppet, which contains the parser functions. Puppet 
 3.0.0 should bring in both Hiera and hiera-puppet as deps. 
  
 Thanks, 
 that is a good start. My issue is however that I don't want to install 
 things in order to scan them for content as I am building an index of 
 functions, types, etc. in the puppet runtime. 

 Currently Geppetto does not offer users the ability to do these scans so 
 I can just mash something up to create the index, but ultimately I would 
 want to be able to scan an (any) installation and get all the installed 
 functions. 

 So, my questions is really, in an installation, how does puppet find 
 puppet-hiera and know that there are parser functions. Is it added to 
 the module path or is it done via some other mechanism? 

 Reading this: 
 http://puppetlabs.com/blog/first-look-installing-and-using-hiera/ It 
 looks like the source needs to be copied into puppet's modulepath 
 drectory - will this be different in 3.0.0 


Yes that's exactly what happens. Nothing has to be done. It will just 
work.
 


 Regards 
 - henrik 

  On Jul 9, 2012, at 9:21 AM, Henrik Lindberg 
 henrik.lindb...@cloudsmith.com wrote: 
  
  Hi, 
  If I have understood it correctly, puppet 3.0.0 will include / require 
 hiera. In order to add support for hiera directly in Geppetto I downloaded 
 the puppet 3.0.0rc tarball expecting to find the puppet-hiera functions, 
 but they where not there. 
  
  What is the expected packaging going to be when 3.0.0 is released? 
  Where should I expect the hiera parser functions to be located? 
  
  (For now I can compose the result manually, but I would like to know 
 where they are supposed to be so I do this correctly from the start). 
  
  If you want to, you can also comment on 
 https://github.com/cloudsmith/geppetto/issues/282 
  
  Regards 
  - henrik 
  
  -- 
  You received this message because you are subscribed to the Google 
 Groups Puppet Users group. 
  To post to this group, send email to puppet-users@googlegroups.com. 
  To unsubscribe from this group, send email to 
 puppet-users+unsubscr...@googlegroups.com. 
  For more options, visit this group at 
 http://groups.google.com/group/puppet-users?hl=en. 
  
  





-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/bQXKaarut08J.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] How can I list classes available on the puppet master?

2012-07-12 Thread Ryan Coleman

One way to approach this (for documentation) is to build a file
resource backed by a template. The template would contain something
like the following. It prints out all the classes defined in that
agents catalog.

% classes.each do |klass| -%
The class %= klass % is defined
% end -%

This example could be used to build something like /etc/motd on each
system with the list of defined classes.

As for Dashboard, if you chose to use it as your ENC, the class
information is already there. Otherwise, that's not something you can
really do (afaik) outside of a custom fact that each machine populates
into the Dashboards inventory service.

HTH,
--Ryan

On Thu, Jul 12, 2012 at 8:54 AM, llow...@oreillyauto.com
llow...@oreillyauto.com wrote:
 Is there a way to get a list of all the classes available from the puppet
 master?

 I have 2 goals for this - one is documentation in a human readable form, and
 the other is potentially importing that data into dashboard.

 I did find some info on the rest API
 (http://docs.puppetlabs.com/guides/rest_api.html#resource-types ) but I
 can't make any sense of the output from it.

 Thanks.

 Lee

 --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To view this discussion on the web visit
 https://groups.google.com/d/msg/puppet-users/-/wmJFsgZDA8sJ.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at
 http://groups.google.com/group/puppet-users?hl=en.



-- 
Ryan Coleman | about.me/ryc
Modules  Forge @ Puppet Labs

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] How can I list classes available on the puppet master?

2012-07-12 Thread Ryan Coleman

Crap, I forgot to mention my source:
http://docs.puppetlabs.com/guides/templating.html#access-to-defined-tags-and-classes

On Thu, Jul 12, 2012 at 1:08 PM, Ryan Coleman r...@puppetlabs.com wrote:
 One way to approach this (for documentation) is to build a file
 resource backed by a template. The template would contain something
 like the following. It prints out all the classes defined in that
 agents catalog.

 % classes.each do |klass| -%
 The class %= klass % is defined
 % end -%

 This example could be used to build something like /etc/motd on each
 system with the list of defined classes.

 As for Dashboard, if you chose to use it as your ENC, the class
 information is already there. Otherwise, that's not something you can
 really do (afaik) outside of a custom fact that each machine populates
 into the Dashboards inventory service.

 HTH,
 --Ryan

 On Thu, Jul 12, 2012 at 8:54 AM, llow...@oreillyauto.com
 llow...@oreillyauto.com wrote:
 Is there a way to get a list of all the classes available from the puppet
 master?

 I have 2 goals for this - one is documentation in a human readable form, and
 the other is potentially importing that data into dashboard.

 I did find some info on the rest API
 (http://docs.puppetlabs.com/guides/rest_api.html#resource-types ) but I
 can't make any sense of the output from it.

 Thanks.

 Lee

 --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To view this discussion on the web visit
 https://groups.google.com/d/msg/puppet-users/-/wmJFsgZDA8sJ.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at
 http://groups.google.com/group/puppet-users?hl=en.



 --
 Ryan Coleman | about.me/ryc
 Modules  Forge @ Puppet Labs



-- 
Ryan Coleman | about.me/ryc
Modules  Forge @ Puppet Labs

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] How can I list classes available on the puppet master?

Comments inline.

On Thursday, July 12, 2012 3:08:10 PM UTC-5, Ryan Coleman wrote:

 One way to approach this (for documentation) is to build a file 
 resource backed by a template. The template would contain something 
 like the following. It prints out all the classes defined in that 
 agents catalog. 


I'm not really wanting a listing of classes currently applied to a given 
node.

I am wanting to get a listing of every class that is defined and available 
to be used in node defs.

 

 % classes.each do |klass| -% 
 The class %= klass % is defined 
 % end -% 

 This example could be used to build something like /etc/motd on each 
 system with the list of defined classes. 

 As for Dashboard, if you chose to use it as your ENC, the class 
 information is already there. Otherwise, that's not something you can 
 really do (afaik) outside of a custom fact that each machine populates 
 into the Dashboards inventory service. 


The class info is not already there, it only sees and can use classes that 
you define either through it's web UI or by inserting directly into it's DB.
 

 HTH, 
 --Ryan 

 On Thu, Jul 12, 2012 at 8:54 AM, llowder wrote: 
  Is there a way to get a list of all the classes available from the 
 puppet 
  master? 
  
  I have 2 goals for this - one is documentation in a human readable form, 
 and 
  the other is potentially importing that data into dashboard. 
  
  I did find some info on the rest API 
  (http://docs.puppetlabs.com/guides/rest_api.html#resource-types ) but I 
  can't make any sense of the output from it. 
  
  Thanks. 
  
  Lee 
  
  -- 
  You received this message because you are subscribed to the Google 
 Groups 
  Puppet Users group. 
  To view this discussion on the web visit 
  https://groups.google.com/d/msg/puppet-users/-/wmJFsgZDA8sJ. 
  To post to this group, send email to puppet-users@googlegroups.com. 
  To unsubscribe from this group, send email to 
  puppet-users+unsubscr...@googlegroups.com. 
  For more options, visit this group at 
  http://groups.google.com/group/puppet-users?hl=en. 



 -- 
 Ryan Coleman | about.me/ryc 
 Modules  Forge @ Puppet Labs 


-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/aQ2szZ_TnUcJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] How can I list classes available on the puppet master?

2012-07-12 Thread Nigel Kersten

On Thu, Jul 12, 2012 at 8:54 AM, llow...@oreillyauto.com
llow...@oreillyauto.com wrote:
 Is there a way to get a list of all the classes available from the puppet
 master?

We've actually addressed this more directly in the upcoming Telly
branch, where we've extended the resource_type REST API to make this
simpler:

https://projects.puppetlabs.com/issues/14137

You'll be able to directly ask the question via an API of what
classes exist in this environment?

Note you can do this already prior to Telly, but you need to do
filtering yourself on the returned output to just grab class
information.





 I have 2 goals for this - one is documentation in a human readable form, and
 the other is potentially importing that data into dashboard.

 I did find some info on the rest API
 (http://docs.puppetlabs.com/guides/rest_api.html#resource-types ) but I
 can't make any sense of the output from it.

 Thanks.

 Lee

 --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To view this discussion on the web visit
 https://groups.google.com/d/msg/puppet-users/-/wmJFsgZDA8sJ.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at
 http://groups.google.com/group/puppet-users?hl=en.



-- 
Nigel Kersten | http://puppetlabs.com | @nigelkersten
Schedule Meetings at: http://tungle.me/nigelkersten

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] How can I list classes available on the puppet master?

2012-07-12 Thread R.I.Pienaar

- Original Message -
 From: Ryan Coleman r...@puppetlabs.com
 To: puppet-users@googlegroups.com
 Sent: Thursday, July 12, 2012 9:08:55 PM
 Subject: Re: [Puppet Users] How can I list classes available on the puppet 
 master?

 Crap, I forgot to mention my source:
 http://docs.puppetlabs.com/guides/templating.html#access-to-defined-tags-and-classes

 On Thu, Jul 12, 2012 at 1:08 PM, Ryan Coleman r...@puppetlabs.com
 wrote:
  One way to approach this (for documentation) is to build a file
  resource backed by a template. The template would contain something
  like the following. It prints out all the classes defined in that
  agents catalog.

  % classes.each do |klass| -%
  The class %= klass % is defined
  % end -%

that classes array is built up during parsing so when used like this it wont be
complete till the end of the compile, so its not reliable.

same reason that defined() doesnt work.

Best way is to check classes.txt on the node.

this code:
-
class one { }
class two { }

include one

notice(inline_template(%= classes.inspect %))

include two

notice(inline_template(%= classes.inspect %))
-

does:
-
notice: Scope(Class[main]): [settings, one]
notice: Scope(Class[main]): [settings, one, two]
notice: Finished catalog run in 0.04 seconds
-

you can see the contents depend on the parse order and will only be 
complete at the end of the compile.

if you supply a class list from an ENC the whole ENC received list
will be in there from the start though

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] How can I list classes available on the puppet master?

2012-07-12 Thread Dan White

http://docs.puppetlabs.com/man/doc.html

I use a command like this:

puppet doc --outputdir yadda...yadda/apache/htdocs/puppetmaster --mode rdoc 
--manifestdir /etc/puppet/manifests --modulepath /etc/puppet/modules

And I get a fantastic web-tree describing every class on my PuppetMaster

It does require you to document your code, but it is worth it IMNSHO :)

“Sometimes I think the surest sign that intelligent life exists elsewhere in 
the universe is that none of it has tried to contact us.”
Bill Waterson (Calvin  Hobbes)

- llow...@oreillyauto.com wrote:
 Is there a way to get a list of all the classes available from the puppet 
 master?
 
 I have 2 goals for this - one is documentation in a human readable form, 
 and the other is potentially importing that data into dashboard.
 
 I did find some info on the rest API 
 (http://docs.puppetlabs.com/guides/rest_api.html#resource-types ) but I 
 can't make any sense of the output from it.
 
 Thanks.
 
 Lee
 
 -- 
 You received this message because you are subscribed to the Google Groups 
 Puppet Users group.
 To view this discussion on the web visit 
 https://groups.google.com/d/msg/puppet-users/-/wmJFsgZDA8sJ.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to 
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at 
 http://groups.google.com/group/puppet-users?hl=en.
 

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] How can I list classes available on the puppet master?

2012-07-12 Thread Walter Heck

It's pretty ghetto, but we've used this script before, which I can confirm
still works on Puppet 2.7.17:
http://www.devco.net/archives/2010/02/26/what_does_puppet_manage_on_a_node-2.php

cheers,

Walter

On Fri, Jul 13, 2012 at 4:22 AM, R.I.Pienaar r...@devco.net wrote:



 - Original Message -
  From: Ryan Coleman r...@puppetlabs.com
  To: puppet-users@googlegroups.com
  Sent: Thursday, July 12, 2012 9:08:55 PM
  Subject: Re: [Puppet Users] How can I list classes available on the
 puppet master?
 
  Crap, I forgot to mention my source:
 
 http://docs.puppetlabs.com/guides/templating.html#access-to-defined-tags-and-classes
 
  On Thu, Jul 12, 2012 at 1:08 PM, Ryan Coleman r...@puppetlabs.com
  wrote:
   One way to approach this (for documentation) is to build a file
   resource backed by a template. The template would contain something
   like the following. It prints out all the classes defined in that
   agents catalog.
  
   % classes.each do |klass| -%
   The class %= klass % is defined
   % end -%

 that classes array is built up during parsing so when used like this it
 wont be
 complete till the end of the compile, so its not reliable.

 same reason that defined() doesnt work.

 Best way is to check classes.txt on the node.

 this code:
 -
 class one { }
 class two { }

 include one

 notice(inline_template(%= classes.inspect %))

 include two

 notice(inline_template(%= classes.inspect %))
 -

 does:
 -
 notice: Scope(Class[main]): [settings, one]
 notice: Scope(Class[main]): [settings, one, two]
 notice: Finished catalog run in 0.04 seconds
 -

 you can see the contents depend on the parse order and will only be
 complete at the end of the compile.

 if you supply a class list from an ENC the whole ENC received list
 will be in there from the start though

 --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at
 http://groups.google.com/group/puppet-users?hl=en.




-- 
Walter Heck

--
Check out my startup: Puppet training and consulting @
http://www.olindata.com
Follow @olindata on Twitter and/or 'Like' our Facebook page at
http://www.facebook.com/olindata

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Announce: PuppetDB 0.9.2 Available

2012-07-12 Thread Matthaus Litteken

PuppetDB 0.9.2 is the third beta release on the road to 1.0. Changes
include new features and bug fixes. For details on changes
in this release, please see the release notes below.

# Downloads

Available in native package format at

http://yum.puppetlabs.com

http://apt.puppetlabs.com

Source (same license as Puppet):  http://github.com/puppetlabs/puppetdb

Available for use with Puppet Enterprise 2.5.1 and later at

http://yum-enterprise.puppetlabs.com/ and http://apt-enterprise.puppetlabs.com/

# Documentation (including how to install): http://docs.puppetlabs.com/puppetdb

# Issues can be filed at:
http://projects.puppetlabs.com/projects/puppetdb/issues

# Upgrading

1. On your puppetdb server, stop the puppetdb daemon
2. On your puppetmaster(s), stop the puppetmaster daemon
3. On your puppetdb server, install the new puppetdb package
4. On your puppetdb server, start the puppetdb daemon
5. On your puppetmaster(s), install the new puppetdb-terminus package
6. On your puppetmaster(s), start the puppetmaster daemon

0.9.2
=

Many thanks to the following people who contributed patches to this
release:

* Jason Ashby
* Kushal Pisavadia
* Erik Dalén
* Deepak Giridharagopal
* Nick Lewis
* Matthaus Litteken
* Chris Price

Notable features:

* Allow more advanced storeconfigs queries

  Now, when using PuppetDB, your puppet manifests can use and and
  or in collection queries:

File | mode == 0755 or content == bar |

* (#14947) Restrict accetable client certificates by CN

  PuppetDB now implements an optional whitelist for HTTPS clients. If
  enabled by the user, we validate that the CN of the supplied client
  certificate exactly matches an entry in the whitelist. This allows
  users to restrict access to PuppetDB using the same CA
  infrastructure that Puppet already uses. For example, you can
  restrict access to PuppetDB to just your puppetmaster boxes.

  This feature is off by default. Refer to the documentation on the
  `certificate-whitelist` configuration option for details.

Notable fixes:

* (#15388) Add redirect from '/' to the dashboard

  Prior to this fix, if you started up PuppetDB and then attempted to
  browse to /, you'd get an error message that might lead you to
  believe that the server wasn't actually running (depending on your
  browser).

  This commit simply adds a redirect from / to the dashboard index
  page.

* (#14688) Improve stdout/stderr handling for redhat init script

  Prior to this fix, the redhat init script was keeping stdout/stderr
  open when you called service puppetdb stop. This resulted in some
  undesirable behavior; starting the service over an ssh connection
  would not release the ssh connection, errors would appear on the
  console rather than in the log file, etc. Now, daemon startup
  redirects stdout/stderr to a file (puppetdb-daemon.log) instead of
  spamming the console, and we more properly background the launched
  process to prevent locking of a parent SSH connection.

* (#15349) Work around non-string resource titles

  It's possible in some cases for Puppet to generate a resource whose
  title isn't a string. However, since the generated edges refer to
  the resource using a string title, we end up with a mismatch. Now we
  will stringify all resource titles on the way out. In future, Puppet
  should do this for us.

* (#15446) Improve handling of user/group removal on rpm removal

  Fixed the following bugs in our handling of user/group removal
  during rpm removal:

  1. We were not conditioning the calls to groupdel / userdel to avoid
 running them during an upgrade, which meant that we were trying
 to delete them even during upgrades... which would have been bad.
  2. We had an || where we needed an , so we weren't actually
 calling the groupdel / userdel commands.
  3. We were hard-coding the user's home dir to a bad path.
  4. We had some '-r' flags that were wrong and/or unnecessary.

* (#15136, #15340) Properly handle non-string node queries

  Previously, these would result in 500 errors as the database failed
  the comparisons because of mismatched types. Now, all equality
  comparisons will be done against strings, and all numeric
  comparisons will be done against numbers.

  For equality comparisons, non-string arguments will be
  converted. This allows natural queries against numbers or booleans
  to work despite all fact values technically being strings.

  For numeric comparisons, non-numeric arguments will be converted.
  However, if the argument doesn't represent a number, the query will
  be rejected.

* (#15075) Improve handling of service start/stop during rpm
  upgrade/uninstall

  On uninstall, we now check to see if this is part of an upgrade or
  not, and we only stop and disable the service if this is *not* part
  of an upgrade. Also, we stop the service before we install the new
  package, and restart it after we finish removing the old package.

* (#15321) Add aliases for namevars that are munged via

Re: [Puppet Users] How can I list classes available on the puppet master?


Comments inline
On Thursday, July 12, 2012 3:29:27 PM UTC-5, Ygor wrote:

 http://docs.puppetlabs.com/man/doc.html 

 I use a command like this: 

 puppet doc --outputdir yadda...yadda/apache/htdocs/puppetmaster --mode 
 rdoc --manifestdir /etc/puppet/manifests --modulepath /etc/puppet/modules 

 And I get a fantastic web-tree describing every class on my PuppetMaster 

 It does require you to document your code, but it is worth it IMNSHO :) 


I had tried this before, unsuccessfully. But it is working on my dev 
environment (perhaps my prod and test masters don't have rdoc installed? 
Shall have to look into that later).

So I am glad that part is working.

Now I just need to find a good ay to get the info into dashboard.
 

 “Sometimes I think the surest sign that intelligent life exists elsewhere 
 in the universe is that none of it has tried to contact us.” 
 Bill Waterson (Calvin  Hobbes) 




-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/OFj4YYtBmBwJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] How can I list classes available on the puppet master?

2012-07-12 Thread R.I.Pienaar

Here's a little script that finds all .pp files in an environment
parse them an print all the found classes.

I didnt test if it works for .pp files with more than 1 class in them

Just point it at your module path and environment at the top


require 'puppet'
require 'find'

Puppet.settings[:modulepath] = /etc/puppet/manifests/common/modules
parser = Puppet::Parser::Parser.new(Puppet::Node::Environment.new(production))

klasses = []

Find.find(Puppet.settings[:modulepath]) do |f|
  next unless f =~ /\.pp$/

  parser.file = f
  ast = parser.parse

  ast.instantiate('').each do |resource_type|
klasses  resource_type.namespace if resource_type.file == f
  end

end

klasses.sort.each{|k| puts k}
--

- Original Message -
 From: llow...@oreillyauto.com
 To: puppet-users@googlegroups.com
 Sent: Thursday, July 12, 2012 9:55:55 PM
 Subject: Re: [Puppet Users] How can I list classes available on the puppet 
 master?
 
 
 Comments inline
 On Thursday, July 12, 2012 3:29:27 PM UTC-5, Ygor wrote:
 
 http://docs.puppetlabs.com/man/doc.html
 
 I use a command like this:
 
 puppet doc --outputdir yadda...yadda/apache/htdocs/puppetmaster
 --mode rdoc --manifestdir /etc/puppet/manifests --modulepath
 /etc/puppet/modules
 
 And I get a fantastic web-tree describing every class on my
 PuppetMaster
 
 It does require you to document your code, but it is worth it IMNSHO
 :)
 
 
 
 I had tried this before, unsuccessfully. But it is working on my dev
 environment (perhaps my prod and test masters don't have rdoc
 installed? Shall have to look into that later).
 
 So I am glad that part is working.
 
 Now I just need to find a good ay to get the info into dashboard.
 
 
 “Sometimes I think the surest sign that intelligent life exists
 elsewhere in the universe is that none of it has tried to contact
 us.”
 Bill Waterson (Calvin  Hobbes)
 
 
 
 
 --
 You received this message because you are subscribed to the Google
 Groups Puppet Users group.
 To view this discussion on the web visit
 https://groups.google.com/d/msg/puppet-users/-/OFj4YYtBmBwJ .
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at
 http://groups.google.com/group/puppet-users?hl=en.


-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Crontab overwritten by Puppet

2012-07-12 Thread Stefan Schulte

On Mon, Jul 09, 2012 at 06:48:41AM -0700, Kmbu wrote:
 Hello folks..
 
 I suddenly found the crontab on one of my puppet clients overwritten. It 
 had many entries, including one created by Puppet. Suddenly during one run 
 it was overwritten, keeping only the Puppet entry and removing everything 
 else. Nothing changed between the previous runs and the one that re-created 
 the crontab in terms of configuration. I'm running Puppet 2.7.6.
 
 Fri Jul 06 22:00:16 +0200 2012 Puppet (notice): Reopening log files
 Fri Jul 06 22:03:58 +0200 2012 Puppet (notice): Finished catalog run in 
 5.34 seconds
 Fri Jul 06 22:10:15 +0200 2012 Puppet (notice): Reopening log files
 Fri Jul 06 22:11:18 +0200 2012 Puppet (notice): Finished catalog run in 
 5.30 seconds
 Fri Jul 06 22:20:15 +0200 2012 Puppet (notice): Reopening log files
 Fri Jul 06 22:23:05 +0200 2012 Puppet (notice): Finished catalog run in 
 5.81 seconds
 Fri Jul 06 22:30:15 +0200 2012 Puppet (notice): Reopening log files
 Fri Jul 06 22:35:04 +0200 2012 Puppet (notice): Finished catalog run in 
 5.92 seconds
 Fri Jul 06 22:40:15 +0200 2012 Puppet (notice): Reopening log files
 Fri Jul 06 22:44:35 +0200 2012 
 /Stage[main]/Cre-base/Cron[puppet-run]/ensure (notice): created
 Fri Jul 06 22:44:39 +0200 2012 Puppet (notice): Finished catalog run in 
 5.54 seconds
 
 Why would one run suddenly do this?
 
 Regards,
 

It looks like prefetching (executing »crontab -l root« to get current
cronentries) failed in some way. As a result puppet's in-memory
representation of the crontab is empty. When puppet now evaluates your
Cron['puppet-run'] resource, it detects it to be out of sync (is absent,
should be present), so the in-memory representation now contains only
your 'puppet-run' cronjob. If the new crontab is written back to disk,
you will loose every other cronentry.

Normally I would expect an error message if prefetching failed:

Could not prefetch cron provider

but that doesn't seem to be the case here. On the other hand there is an
outstanding bug about failures beeing silently ignored on solaris [1]

So a failure when running »crontab -l root« (do you manage crontabs of
other users as well? You may hit [2] in that case) would at least
explain the log output but the interesting question now is:
Can you think of a situation *why* the command failed?

[1] http://projects.puppetlabs.com/issues/14283
[2] http://projects.puppetlabs.com/issues/5752

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] how to conditionally add users to a virtualized group?



On Thursday, July 12, 2012 1:42:28 PM UTC-5, Jo wrote:

 On Jul 12, 2012, at 6:46 AM, jcbollinger wrote:

 If it is the case that each user always has the same potential secondary 
 groups, and you need to narrow the actual secondary groups to those that 
 are actually present, then I think you could do it without too much pain.  
 The main ingredients would be a list (array) of the groups that are 
 supposed to be present, and a custom function that forms the intersection 
 of two arrays.  (Or you could use an inline template and split(), but yuck!)

 Hiera would probably provide a good means for building the list of 
 available groups, which you could then use not only to filter user 
 definitions but also to drive virtual group realization.  Here's a skeleton 
 of how it might work:

 class auth::constants {
   $available_groups = hiera('groups')
 }


 Interesting idea, but depends on an external datasource that tells us 
 which groups are valid.  Since all of these groups are already defined in 
 puppet, I simply don't see the value of managing intersections of data 
 between a hiera data source and puppet.


No, it doesn't depend on an external datasource; rather, It depends on 
up-front knowledge of which groups are supposed to be realized for the 
node.  Although I proposed using an external datasource to provide that 
data, it could just as well be provided by an ENC or determined via DSL 
code based on conditionals, node facts, etc.  Even class parameters.

 


   # Virtual user declarations, such as
   @user { 'jbolling':
 uid = 4200,
 gid = 4200,
 groups = intersect(['dev', 'support', 'ops'], 
 $auth::constants::available_groups)
   }
 }


 I think the intersect idea is valid, as long as I can find out if a 
 parameter is realized or not.  Basically, write a function that removes 
 from the array any group which isn't realized. This removes any need for 
 heira.  However I'm poking around and the docs don't show any methods to 
 determine if something has been realized or not.

 If I am reading this right, intersect is provided by stdlib, right?


If so, then I'm somehow overlooking it.  My suggestion and expectation was 
that you would create it yourself, but it seems sufficiently 
general-purpose that you might find something suitable already made.  You 
can also, of course, jerry-rig something based on inline_template().
 

  So I really just need to write a function to determine if something is 
 realized or not. I suspect this is going to fall back to the same issues as 
 defined() unless I can delay execution until the end.


I would avoid that variation on this approach if at all possible.  You 
would sidestep multiple pitfalls if you could determine up front, based on 
node name and facts, which groups are *supposed* to be present, instead of 
attempting to determine after the fact which were realized.  Indeed, you 
might even find it convenient to use that information to drive group 
realization.  If nothing else, doing so would ensure that users aren't 
assigned to secondary groups that don't get realized.


John

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/tO-mgaYJ7-sJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: proper usage of global variables / node variables / +=



On Thursday, July 12, 2012 10:52:23 AM UTC-5, Eric Shamow wrote:

 Nan is a Puppet Labs guy. One of our best :) 

 His warning about dynamic scoping is something to take seriously. That's 
 not a gratuitous error message - dynamic scoping causes all kinds of 
 problems and has been scheduled for deprecation for a while now, and that's 
 coming in the next major release. 

 Details: 

 http://docs.puppetlabs.com/guides/scope_and_puppet.html 


Thanks, Eric, but none of that is responsive to the question presently at 
hand, which is whether the behavior the OP observed with += is buggy (as I 
have claimed) or intentional.  Are you or Nan, either one, willing to opine 
on that one?


John

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/X4j1dAM9TpIJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: ENC questions



On Thursday, July 12, 2012 8:27:16 AM UTC-5, llo...@oreillyauto.com wrote:

 I've been trying to wrap my head around ENCs.

 Kelsey Hightower gave me some very useful info in IRC the other day, but 
 there are still some things I can't quite get my head around.

 From what I can tell, an ENC allows you to assign classes and parameters 
 (top scope variables) to a given node or group of nodes.

 They cannot declare/define relationships (chain classes together to order 
 them) or declare individual resources.

 The purpose is to help separate data and configuration.

 From reading what documentation I could find on the puppet site (some of 
 which is potentially inaccurate / outdated from the wiki), the only way to 
 get around these limits is to build your modules, then define a series of 
 wrapper classes and super classes and assign these to the nodes.

 We've got 2 dozen or so systems that we manage with puppet, and so far 
 have done it all just using node defs.

 What benefits would there be in using an ENC, from an admin side of 
 things? Is it something that would be worth my time in setting up?

 I'm trying to understand this, and my long term goal is to maximize the 
 benefit we get from puppet.


If your node definitions contain only class and maybe variable declarations 
-- a good practice -- then you would not have much trouble doing the same 
thing with an ENC.  With that said, I don't think there are very many sites 
that would benefit from *writing their own* ENCs.  If you are using Foreman 
or the Puppet Dashboard, however, then you already have an ENC available to 
you, with a spiffy UI and everything.

Overall, as long as you're satisfied with writing node definitions in 
Puppet DSL, I don't think it's worth the time and effort to change.


John

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/Yg9jlmWjkEkJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: ENC questions

2012-07-12 Thread Craig White


On Jul 12, 2012, at 2:42 PM, jcbollinger wrote:

 
 
 On Thursday, July 12, 2012 8:27:16 AM UTC-5, llo...@oreillyauto.com wrote:
 I've been trying to wrap my head around ENCs.
 
 Kelsey Hightower gave me some very useful info in IRC the other day, but 
 there are still some things I can't quite get my head around.
 
 From what I can tell, an ENC allows you to assign classes and parameters (top 
 scope variables) to a given node or group of nodes.
 
 They cannot declare/define relationships (chain classes together to order 
 them) or declare individual resources.
 
 The purpose is to help separate data and configuration.
 
 From reading what documentation I could find on the puppet site (some of 
 which is potentially inaccurate / outdated from the wiki), the only way to 
 get around these limits is to build your modules, then define a series of 
 wrapper classes and super classes and assign these to the nodes.
 
 We've got 2 dozen or so systems that we manage with puppet, and so far have 
 done it all just using node defs.
 
 What benefits would there be in using an ENC, from an admin side of things? 
 Is it something that would be worth my time in setting up?
 
 I'm trying to understand this, and my long term goal is to maximize the 
 benefit we get from puppet.
 
 If your node definitions contain only class and maybe variable declarations 
 -- a good practice -- then you would not have much trouble doing the same 
 thing with an ENC.  With that said, I don't think there are very many sites 
 that would benefit from writing their own ENCs.  If you are using Foreman or 
 the Puppet Dashboard, however, then you already have an ENC available to you, 
 with a spiffy UI and everything.
 
 Overall, as long as you're satisfied with writing node definitions in Puppet 
 DSL, I don't think it's worth the time and effort to change.

Just to further this discussion, I would recommend that the OP take a good look 
at Foreman since it not only provides an funcational ENC but also provides a 
listing of puppet classes that can be observed/inspected (another thread).

There are a few instances where I have found Foreman's ENC useful to designate 
a top scoped variable on specific nodes which is then deduced by manifests to 
provide alternate configurations, create 'hostgroups' of grouping of classes so 
I can assign a node to a hostgroup to configure the node and also note that 
these 'hostgroups' are nestable. Lastly, the WebUI of Foreman provides the 
opportunity for others to participate in the configuration of specific nodes 
(or at least view the configuration).

Craig

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: problem using apache passenger to run dashboard

2012-07-12 Thread Clay

you don't need a config.ru  for  puppet-dashboard public folder,  I just  
switched to apache passenger for dashboard,  it's working without the 
config.ru file. 

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/mCuf6Wbh8HEJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: ENC questions



On Thursday, July 12, 2012 4:42:12 PM UTC-5, jcbollinger wrote:



 On Thursday, July 12, 2012 8:27:16 AM UTC-5, llo...@oreillyauto.com wrote:

 I've been trying to wrap my head around ENCs.

 Kelsey Hightower gave me some very useful info in IRC the other day, but 
 there are still some things I can't quite get my head around.

 From what I can tell, an ENC allows you to assign classes and parameters 
 (top scope variables) to a given node or group of nodes.

 They cannot declare/define relationships (chain classes together to order 
 them) or declare individual resources.

 The purpose is to help separate data and configuration.

 From reading what documentation I could find on the puppet site (some of 
 which is potentially inaccurate / outdated from the wiki), the only way to 
 get around these limits is to build your modules, then define a series of 
 wrapper classes and super classes and assign these to the nodes.

 We've got 2 dozen or so systems that we manage with puppet, and so far 
 have done it all just using node defs.

 What benefits would there be in using an ENC, from an admin side of 
 things? Is it something that would be worth my time in setting up?

 I'm trying to understand this, and my long term goal is to maximize the 
 benefit we get from puppet.


 If your node definitions contain only class and maybe variable 
 declarations -- a good practice -- then you would not have much trouble 
 doing the same thing with an ENC.  With that said, I don't think there are 
 very many sites that would benefit from *writing their own* ENCs.  If you 
 are using Foreman or the Puppet Dashboard, however, then you already have 
 an ENC available to you, with a spiffy UI and everything.

 Overall, as long as you're satisfied with writing node definitions in 
 Puppet DSL, I don't think it's worth the time and effort to change.


Our node defs are mostly classes and variables, but they also do some 
ordering using chaining syntax, because, for an web app server, for 
example, you need to make sure that Java is installed before Tomcat.

We don't currently make use of Stages, and while I see their benefit, I 
don't know that we need them with how we are using puppet currently.

I'm not sure that we need an ENC either, as using the node defs is working 
well for us, and we typically only have one person working on a given 
module or node at any given time, but I want to maximize the benefit we get 
from puppet while making it easy to maintain and, as needed, reuse bits and 
pieces.

 


 John



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/Iw2AYnjcc6EJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: problem using apache passenger to run dashboard

what version of dashboard you are running?

can you provide your httpd configuration for dashboard?

Thanks.

On Thu, Jul 12, 2012 at 2:50 PM, Clay clay...@gmail.com wrote:
 you don't need a config.ru  for  puppet-dashboard public folder,  I just
 switched to apache passenger for dashboard,  it's working without the
 config.ru file.

 --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To view this discussion on the web visit
 https://groups.google.com/d/msg/puppet-users/-/mCuf6Wbh8HEJ.

 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at
 http://groups.google.com/group/puppet-users?hl=en.



-- 
Hai Tao

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: OpenssL::BN Error

2012-07-12 Thread Eric Sorenson

That is an (admittedly unhelpful) error which means that the name you gave 
does not match any certificates the CA knows about.  Give it the actual 
certname rather than 'all'.

On Thursday, July 12, 2012 10:52:57 AM UTC-7, Ganesh Ganesh wrote:

 Hi Guys, 

 I an trying to remove puppetca revoke certification i got openssl error 

 [root@dvtelx3bayxit55 ~]# puppetca --revoke all 
 notice: Revoked certificate with serial # Inventory of signed certificates 
 # SERIAL NOT_BEFORE NOT_AFTER SUBJECT 
 0x0001 2012-07-11T17:29:51GMT 2017-07-11T17:29:51GMT /CN=Puppet CA: 
 dvtelx3bayxit55.localdomain 

 err: Could not call revoke: Cannot convert into OpenSSL::BN 
 [root@dvtelx3bayxit55 ~]# 

 How to resolve this, please guide me.. 

 -Ganesh. 

 Did I learn something today? If not, I wasted it. 


-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/2Tl2iX7lqkQJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] how to conditionally add users to a virtualized group?

On Jul 12, 2012, at 2:26 PM, jcbollinger wrote:
 I would avoid that variation on this approach if at all possible.  You would 
 sidestep multiple pitfalls if you could determine up front, based on node 
 name and facts, which groups are supposed to be present, instead of 
 attempting to determine after the fact which were realized.  Indeed, you 
 might even find it convenient to use that information to drive group 
 realization.
 If nothing else, doing so would ensure that users aren't assigned to 
 secondary groups that don't get realized.

This is what policy as expressed in the puppet manifests does. I don't see how 
to avoid the unrealized problem here.

What's funny is that you are expressing exactly what puppet does today, but it 
appears you are suggesting that I need to create another data source and mirror 
the information out of puppet manifests into that for comparison purposes. Huh?

I'm a bit baffled by the fairly constant suggestion by people here that I keep 
spreading out the places where information is stored. The point is to 
centralize the data, not provide more sources to grow inconsistent with each 
other.

-- 
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: How can I list classes available on the puppet master?

2012-07-12 Thread Nick Cammorato

You could do something like this,  it's not the cleanest in the world(I 
barely ever use sed anymore), but as something quick and dirty:
curl -k -H Accept: yaml https://puppet:8140/mgmt/resource_types/class | 
more | grep  name:  | sed -e 's/^ *name: //;s/id.* //' | sort | uniq

It'll have some bad data you'll have to parse out(built-in classes like 
notify, fail, etc.), but should work.

On Thursday, July 12, 2012 11:54:25 AM UTC-4, llo...@oreillyauto.com wrote:

 Is there a way to get a list of all the classes available from the puppet 
 master?

 I have 2 goals for this - one is documentation in a human readable form, 
 and the other is potentially importing that data into dashboard.

 I did find some info on the rest API (
 http://docs.puppetlabs.com/guides/rest_api.html#resource-types ) but I 
 can't make any sense of the output from it.

 Thanks.

 Lee


On Thursday, July 12, 2012 11:54:25 AM UTC-4, llo...@oreillyauto.com wrote:

 Is there a way to get a list of all the classes available from the puppet 
 master?

 I have 2 goals for this - one is documentation in a human readable form, 
 and the other is potentially importing that data into dashboard.

 I did find some info on the rest API (
 http://docs.puppetlabs.com/guides/rest_api.html#resource-types ) but I 
 can't make any sense of the output from it.

 Thanks.

 Lee


On Thursday, July 12, 2012 11:54:25 AM UTC-4, llo...@oreillyauto.com wrote:

 Is there a way to get a list of all the classes available from the puppet 
 master?

 I have 2 goals for this - one is documentation in a human readable form, 
 and the other is potentially importing that data into dashboard.

 I did find some info on the rest API (
 http://docs.puppetlabs.com/guides/rest_api.html#resource-types ) but I 
 can't make any sense of the output from it.

 Thanks.

 Lee


On Thursday, July 12, 2012 11:54:25 AM UTC-4, llo...@oreillyauto.com wrote:

 Is there a way to get a list of all the classes available from the puppet 
 master?

 I have 2 goals for this - one is documentation in a human readable form, 
 and the other is potentially importing that data into dashboard.

 I did find some info on the rest API (
 http://docs.puppetlabs.com/guides/rest_api.html#resource-types ) but I 
 can't make any sense of the output from it.

 Thanks.

 Lee


-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/m4XmKKAYwtkJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Using catalog inventory/Puppet::Resource::Catalog?

2012-07-12 Thread Nick Cammorato

I'd like to be able to get a list of all of the classes being applied to 
my nodes and insert this as a list into mcollective's facts.yaml file. The 
reason for this is that I have a couple post-commit hooks that parse out 
changes to specific modules/classes for changelog purposes and I'm 
considering adding in a call to mco find to include a list of affected 
nodes in the report.  Which means the facts need to be there to be found.

Now, puppet stores this in 
/var/lib/puppet/client_yaml/catalog/${fqdn}.yaml, and I could write it up 
as a custom fact extremely easily, or I could drop down to ruby and parse 
it out of the catalog that way, but I'm wondering if there's a built in 
path of exposure to that information somewhere.  Just a list of all 
classes in the catalog.  Anyone know offhand?

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Announce: Puppet Dashboard 1.2.10 Available

2012-07-12 Thread William Hopper

1.2.10 is a maintenance release of Puppet Dashboard.
It includes contributions from Will Hopper and Moses Mendoza.
Thanks to Aaron Patterson for the security content in commit
e17269f.

This release is available for download at:
https://downloads.puppetlabs.com/dashboard/puppet-dashboard-1.2.10.tar.gz

Debian packages are available at
https://apt.puppetlabs.com

RPM packages are available at
https://yum.puppetlabs.com

See the Verifying Puppet Download section at:
http://projects.puppetlabs.com/projects/puppet/wiki/Downloading_Puppet

Please report feedback via the Puppet Labs Redmine site, using an
affected version of 1.2.10:
http://projects.puppetlabs.com/projects/dashboard

Documentation is available at:
http://docs.puppetlabs.com/dashboard/index.html

1.2.10 Security Fixes/Highlights
===
*Patch puppet-dashboard for CVE-2012-2660

   This commit adds a patch to actionpack to address
   CVE-2012-2660, unsafe query generation vulnerability. This
   patch is taken from Aaron Patterson on the rails security list:
   
https://groups.google.com/forum/?fromgroups#!topic/rubyonrails-security/8SA-M3as7A8

*(#11849) Add rake task to install cron job to clean up database reports

   This commit adds a rake task to install a monthly cron
   job to clean up old database reports, as suggested in official
   Puppet Labs documentation. This allows users to easily install
   the optional cron job while not risking undesired data loss for
   those who do not wish to have the job installed by default.

1.2.10 Changelog
===
Will Hopper (1)
   5de691f (#11849) Add rake task to install cron job to clean up database 
reports
Moses Mendoza (3)
   07c75a3 cleanup on puppet-dashboard spec file
   b70344d create certs directory with installation
   d9b7eeb Install a default settings.yml file with database.yml
   e17269f Patch puppet-dashboard for CVE-2012-2660

signature.asc
Description: Message signed with OpenPGP using GPGMail

Re: [Puppet Users] Using catalog inventory/Puppet::Resource::Catalog?

2012-07-12 Thread R.I.Pienaar

- Original Message -
 From: Nick Cammorato nick_cammor...@terc.edu
 To: puppet-users@googlegroups.com
 Sent: Thursday, July 12, 2012 5:35:28 PM
 Subject: [Puppet Users] Using catalog inventory/Puppet::Resource::Catalog?

 I'd like to be able to get a list of all of the classes being applied
 to my nodes and insert this as a list into mcollective's facts.yaml
 file. The reason for this is that I have a couple post-commit hooks
 that parse out changes to specific modules/classes for changelog
 purposes and I'm considering adding in a call to mco find to include
 a list of affected nodes in the report. Which means the facts need
 to be there to be found.

mcollective already knows what classes are on a host, you can access it
on the cli:

mco rpc rpcutil inventory -I some.host

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: problem using apache passenger to run dashboard

2012-07-12 Thread Clay

I'm running puppet dashboard 1.2.9 ,   just followed document at  
http://docs.puppetlabs.com/dashboard/manual/1.2/bootstrapping.html#running-dashboard-in-a-production-quality-server
 
,  

[root@puppet conf.d]# grep -v ^# dashboard-vhost.conf 

Listen 3000
VirtualHost *:3000
ServerName puppet.domain.com
DocumentRoot /usr/share/puppet-dashboard/public/
Directory /usr/share/puppet-dashboard/public/
Options None
Order allow,deny
allow from all
/Directory
  ErrorLog /var/log/httpd/dashboard_error.log
  LogLevel warn
  CustomLog /var/log/httpd/dashboard_access.log combined
  ServerSignature On
/VirtualHost

I have  the passenger module config in /etc/httpd/conf/httpd.conf because  
puppet master is also using passenger. 

LoadModule passenger_module 
/usr/lib64/ruby/gems/1.8/gems/passenger-3.0.13/ext/apache2/mod_passenger.so
PassengerRoot /usr/lib64/ruby/gems/1.8/gems/passenger-3.0.13
PassengerRuby /usr/bin/ruby


-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/rl1IMNDZR3MJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: problem using apache passenger to run dashboard

that is almost exactly what I have , except I put the mod_passenger.so
to /var/lib instead of /var/lib64.

LoadModule passenger_module
/usr/lib/ruby/gems/1.8/gems/passenger-3.0.13/ext/apache2/mod_passenger.so
PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-3.0.13
PassengerRuby /usr/bin/ruby

But I do not think that would affect anything.

The thing is I have no experience with passenger, and I do not know
how to trouble shoot this problem.

Is there suggestions?

Thanks.

On Thu, Jul 12, 2012 at 4:30 PM, Clay clay...@gmail.com wrote:
I'm running puppet dashboard 1.2.9 , just followed document at
http://docs.puppetlabs.com/dashboard/manual/1.2/bootstrapping.html#running-dashboard-in-a-production-quality-server
,

[root@puppet conf.d]# grep -v ^# dashboard-vhost.conf

Listen 3000
VirtualHost *:3000
ServerName puppet.domain.com

DocumentRoot /usr/share/puppet-dashboard/public/
Directory /usr/share/puppet-dashboard/public/
Options None
Order allow,deny
allow from all
/Directory
ErrorLog /var/log/httpd/dashboard_error.log
LogLevel warn
CustomLog /var/log/httpd/dashboard_access.log combined
ServerSignature On
/VirtualHost

I have the passenger module config in /etc/httpd/conf/httpd.conf because
puppet master is also using passenger.

LoadModule passenger_module
/usr/lib64/ruby/gems/1.8/gems/passenger-3.0.13/ext/apache2/mod_passenger.so
PassengerRoot /usr/lib64/ruby/gems/1.8/gems/passenger-3.0.13
PassengerRuby /usr/bin/ruby

--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/rl1IMNDZR3MJ.

To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

--
Hai Tao

--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Announce: Puppet Dashboard 1.2.10 Available

On Jul 12, 2012, at 4:07 PM, William Hopper wrote:
 *(#11849) Add rake task to install cron job to clean up database reports
 
   This commit adds a rake task to install a monthly cron
   job to clean up old database reports, as suggested in official
   Puppet Labs documentation. This allows users to easily install
   the optional cron job while not risking undesired data loss for
   those who do not wish to have the job installed by default.


Where is the documentation for this feature?  How do I invoke it?

The maintaining page still just says to create a cron job.

-- 
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: How can I list classes available on the puppet master?

2012-07-12 Thread Nan Liu

So this is turning it into a small coding contest =). I needed
something similar to this, and there's a pretty easy way to do this
with the puppet resource_type face.

require 'puppet'
require 'puppet/face'

Puppet::Face[:resource_type,:current].search('*').find_all {|x|
x.type==:hostclass}.collect{|x| x.name}.sort

You can do some interesting things, such as get all the classes
parameters as well:

Puppet::Face[:resource_type,:current].search('*').find_all {|x|
x.type==:hostclass}.collect{|x| {x.name=x.arguments.keys}}

Here's an example of classes and parameters it accept:

[{apt::backports=[release, location]},
 {apt::debian::testing=[]},
 {apt::debian::unstable=[]},
 {apt::params=[]},
 {apt::release=[release_id]},
 {apt::update=[]},
 {apt=
   [purge_sources_list_d,
purge_sources_list,
always_apt_update,
proxy_host,
proxy_port,
purge_preferences_d,
disable_keys]},
...

Thanks,

Nan

On Thu, Jul 12, 2012 at 9:50 AM, Nick Cammorato nick_cammor...@terc.edu wrote:
 You could do something like this,  it's not the cleanest in the world(I
 barely ever use sed anymore), but as something quick and dirty:
 curl -k -H Accept: yaml https://puppet:8140/mgmt/resource_types/class |
 more | grep  name:  | sed -e 's/^ *name: //;s/id.* //' | sort | uniq

 It'll have some bad data you'll have to parse out(built-in classes like
 notify, fail, etc.), but should work.


 On Thursday, July 12, 2012 11:54:25 AM UTC-4, llo...@oreillyauto.com wrote:

 Is there a way to get a list of all the classes available from the puppet
 master?

 I have 2 goals for this - one is documentation in a human readable form,
 and the other is potentially importing that data into dashboard.

 I did find some info on the rest API
 (http://docs.puppetlabs.com/guides/rest_api.html#resource-types ) but I
 can't make any sense of the output from it.

 Thanks.

 Lee


 On Thursday, July 12, 2012 11:54:25 AM UTC-4, llo...@oreillyauto.com wrote:

 Is there a way to get a list of all the classes available from the puppet
 master?

 I have 2 goals for this - one is documentation in a human readable form,
 and the other is potentially importing that data into dashboard.

 I did find some info on the rest API
 (http://docs.puppetlabs.com/guides/rest_api.html#resource-types ) but I
 can't make any sense of the output from it.

 Thanks.

 Lee


 On Thursday, July 12, 2012 11:54:25 AM UTC-4, llo...@oreillyauto.com wrote:

 Is there a way to get a list of all the classes available from the puppet
 master?

 I have 2 goals for this - one is documentation in a human readable form,
 and the other is potentially importing that data into dashboard.

 I did find some info on the rest API
 (http://docs.puppetlabs.com/guides/rest_api.html#resource-types ) but I
 can't make any sense of the output from it.

 Thanks.

 Lee


 On Thursday, July 12, 2012 11:54:25 AM UTC-4, llo...@oreillyauto.com wrote:

 Is there a way to get a list of all the classes available from the puppet
 master?

 I have 2 goals for this - one is documentation in a human readable form,
 and the other is potentially importing that data into dashboard.

 I did find some info on the rest API
 (http://docs.puppetlabs.com/guides/rest_api.html#resource-types ) but I
 can't make any sense of the output from it.

 Thanks.

 Lee

 --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To view this discussion on the web visit
 https://groups.google.com/d/msg/puppet-users/-/m4XmKKAYwtkJ.

 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at
 http://groups.google.com/group/puppet-users?hl=en.

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Announce: PuppetDB 0.9.2 Available

Hi Everyone,

I just upgraded to this on my ubuntu puppetmaster and I am having
issues starting the server.
I am running the openjdk-6-jre
After some digging i found the options the start script was using and
tried to start the daemon manually
It gives me this error.

start-stop-daemon --start --chuid puppetdb -v --make-pidfile --pidfile
/var/run/puppetdb.pid --chdir /usr/share/puppet --exec /usr/bin/java
-- -Xmx192m -jar /usr/share/puppetdb/puppetdb.jar services -c
/etc/puppetdb/conf.d
Starting /usr/bin/java...
Exception in thread main java.lang.SecurityException: Invalid
signature file digest for Manifest main attributes
at 
sun.security.util.SignatureFileVerifier.processImpl(SignatureFileVerifier.java:239)
at 
sun.security.util.SignatureFileVerifier.process(SignatureFileVerifier.java:193)
at java.util.jar.JarVerifier.processEntry(JarVerifier.java:294)
at java.util.jar.JarVerifier.update(JarVerifier.java:205)
at java.util.jar.JarFile.initializeVerifier(JarFile.java:338)
at java.util.jar.JarFile.getInputStream(JarFile.java:403)
at sun.misc.JarIndex.getJarIndex(JarIndex.java:116)
at sun.misc.URLClassPath$JarLoader$1.run(URLClassPath.java:623)
at java.security.AccessController.doPrivileged(Native Method)
at sun.misc.URLClassPath$JarLoader.ensureOpen(URLClassPath.java:614)
at sun.misc.URLClassPath$JarLoader.init(URLClassPath.java:598)
at sun.misc.URLClassPath$3.run(URLClassPath.java:348)
at java.security.AccessController.doPrivileged(Native Method)
at sun.misc.URLClassPath.getLoader(URLClassPath.java:337)
at sun.misc.URLClassPath.getLoader(URLClassPath.java:314)
at sun.misc.URLClassPath.getResource(URLClassPath.java:184)
at java.net.URLClassLoader$1.run(URLClassLoader.java:209)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:205)
at java.lang.ClassLoader.loadClass(ClassLoader.java:321)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:294)
at java.lang.ClassLoader.loadClass(ClassLoader.java:266)
Could not find the main class: com.puppetlabs.puppetdb.core. Program will exit.


On 13 July 2012 06:54, Matthaus Litteken matth...@puppetlabs.com wrote:
 PuppetDB 0.9.2 is the third beta release on the road to 1.0. Changes
 include new features and bug fixes. For details on changes
 in this release, please see the release notes below.

 # Downloads

 Available in native package format at

 http://yum.puppetlabs.com

 http://apt.puppetlabs.com

 Source (same license as Puppet):  http://github.com/puppetlabs/puppetdb

 Available for use with Puppet Enterprise 2.5.1 and later at

 http://yum-enterprise.puppetlabs.com/ and 
 http://apt-enterprise.puppetlabs.com/

 # Documentation (including how to install): 
 http://docs.puppetlabs.com/puppetdb

 # Issues can be filed at:
 http://projects.puppetlabs.com/projects/puppetdb/issues

 # Upgrading

 1. On your puppetdb server, stop the puppetdb daemon
 2. On your puppetmaster(s), stop the puppetmaster daemon
 3. On your puppetdb server, install the new puppetdb package
 4. On your puppetdb server, start the puppetdb daemon
 5. On your puppetmaster(s), install the new puppetdb-terminus package
 6. On your puppetmaster(s), start the puppetmaster daemon

 0.9.2
 =

 Many thanks to the following people who contributed patches to this
 release:

 * Jason Ashby
 * Kushal Pisavadia
 * Erik Dalén
 * Deepak Giridharagopal
 * Nick Lewis
 * Matthaus Litteken
 * Chris Price

 Notable features:

 * Allow more advanced storeconfigs queries

   Now, when using PuppetDB, your puppet manifests can use and and
   or in collection queries:

 File | mode == 0755 or content == bar |

 * (#14947) Restrict accetable client certificates by CN

   PuppetDB now implements an optional whitelist for HTTPS clients. If
   enabled by the user, we validate that the CN of the supplied client
   certificate exactly matches an entry in the whitelist. This allows
   users to restrict access to PuppetDB using the same CA
   infrastructure that Puppet already uses. For example, you can
   restrict access to PuppetDB to just your puppetmaster boxes.

   This feature is off by default. Refer to the documentation on the
   `certificate-whitelist` configuration option for details.

 Notable fixes:

 * (#15388) Add redirect from '/' to the dashboard

   Prior to this fix, if you started up PuppetDB and then attempted to
   browse to /, you'd get an error message that might lead you to
   believe that the server wasn't actually running (depending on your
   browser).

   This commit simply adds a redirect from / to the dashboard index
   page.

 * (#14688) Improve stdout/stderr handling for redhat init script

   Prior to this fix, the redhat init script was keeping stdout/stderr
   open when you called service puppetdb stop. This resulted in some

Re: [Puppet Users] certname doesn't seem to work on the agent

You will need to generate the certificate with the name you want to
use other wise it will use the fqdn.
Try using --certname=name_you_want on the command line when you
request the certificate.

On 12 July 2012 21:04, Kmbu yum...@hotmail.com wrote:
 There was no current cert. It was a new host. The cert was generated using
 the FQDN..


 On Thursday, 12 July 2012 04:42:51 UTC+2, Pete wrote:

 Hi,

 Your config looks about right.
 Did you drop the current cert and request and sign a new one?

 On 11 July 2012 19:14, Kmbu wrote:
  Hi guys,
 
  I have a box that needs to identify itself to the puppetmaster as
  something
  different from the FQDN. I added certname to the agent configuration
  before
  the first run, but it doesn't seem to be sufficient. The certificate was
  generated for the FQDN, and the host appears in the dashboard as the
  FQDN,
  and the node name used to evaluate the manifest is also the FQDN. I
  would
  like to set it up so that, for all intents and purposes, the node/agent
  has
  a different name.
 
  I'm running Puppet 2.7.6 via Apache/Passenger.
 
  Here is my agent config:
 
  [agent]
 
  # Whether log files should always flush to disk.
  autoflush = true
 
  # Reporting setup for Puppet Dashboard
  report = true
 
  # Randomize agent runs to avoid clusters
  splay = true
 
  # The main Puppet configuration directory.  The default for this
  parameter is calculated based on the user.  If the process
  # is running as root or the user that Puppet is supposed to run as,
  it
  defaults to a system directory, but if it's running as any other user,
  # it defaults to being in the user's home directory.
  # The default value is '/etc/puppet'.
  confdir = confdir
 
  # Where Puppet stores dynamic and growing data.  The default for
  this
  parameter is calculated specially, like `confdir`_.
  # The default value is '/var/lib/puppet'.
  vardir = vardir
 
  # Whether to print stack traces on some errors
  trace = true
 
  # How often puppet agent applies the client configuration; in
  seconds.
  Note that a runinterval of 0 means run continuously rather than never
  run.
  # If you want puppet agent to never run, you should start it with
  the
  --no-client option.
  runinterval = 300
 
  # Whether to use colors when logging to the console.
  # Valid values are `ansi` (equivalent to `true`), `html` (mostly
  # used during testing with TextMate), and `false`, which produces
  # no color.
  # The default value is 'ansi'.
  color = ansi
 
  # The environment Puppet is running in.  For clients
  # (e.g., `puppet agent`) this determines the environment itself,
  which
  # is used to find modules and much more.  For servers (i.e., `puppet
  master`) this provides the default environment for nodes
  # we know nothing about.
  # The default value is 'production'.
  environment = pre
 
  # Where to find information about nodes.
  # The default value is 'plain'.
  # node_terminus = plain
 
  # Where the puppet agent web server logs.
  # The default value is '$logdir/http.log'.
  httplog = logpath/http.log
 
  # Send the process into the background.  This is the default.
  # The default value is 'true'.
  daemonize = true
 
  # The name to use when handling certificates.  Defaults
  # to the fully qualified domain name.
  certname = dns-name-here
 
  # Where Puppet should look for facts.  Multiple directories should
  # be colon-separated, like normal PATH variables.
  # The default value is '$vardir/lib/facter:$vardir/facts'.
  factpath = $vardir/lib/facter:$vardir/facts
 
  # From where to retrieve facts.  The standard Puppet `file` type
  # is used for retrieval, so anything that is a valid file source can
  # be used here.
  # The default value is 'puppet://$server/facts/'.
  factsource = puppet://puppetmaster/facts/
 
  # The pid file
  # The default value is '$rundir/$name.pid'.
  pidfile = vardir/agent.pid
 
  # The user puppet master should run as.
  # The default value is 'puppet'.
  user = apache
 
  # The group puppet master should run as.
  # The default value is 'puppet'.
  group = apache
 
  # Wether the master should function as a certificate authority.
  # The default value is 'true'.
  ca = true
 
  # The search path for modules as a list of directories separated by
  the
  ':' character.
  # The default value is '$confdir/modules:/usr/share/puppet/modules'.
  modulepath = datadir/modules
 
  # The explicit value used for the node name for all requests the
  agent
  # makes to the master. WARNING: This setting is mutually exclusive
  with
  # node_name_fact.  Changing this setting also requires changes to
  the
  default
  # auth.conf configuration on the Puppet Master.  Please see
  #

Re: [Puppet Users] Announce: PuppetDB 0.9.2 Available

Side note. I downgraded to the old version and it still works so not
as urgent now.

On 13 July 2012 10:54, Peter Brown rendhal...@gmail.com wrote:
 Hi Everyone,

 I just upgraded to this on my ubuntu puppetmaster and I am having
 issues starting the server.
 I am running the openjdk-6-jre
 After some digging i found the options the start script was using and
 tried to start the daemon manually
 It gives me this error.

 start-stop-daemon --start --chuid puppetdb -v --make-pidfile --pidfile
 /var/run/puppetdb.pid --chdir /usr/share/puppet --exec /usr/bin/java
 -- -Xmx192m -jar /usr/share/puppetdb/puppetdb.jar services -c
 /etc/puppetdb/conf.d
 Starting /usr/bin/java...
 Exception in thread main java.lang.SecurityException: Invalid
 signature file digest for Manifest main attributes
 at 
 sun.security.util.SignatureFileVerifier.processImpl(SignatureFileVerifier.java:239)
 at 
 sun.security.util.SignatureFileVerifier.process(SignatureFileVerifier.java:193)
 at java.util.jar.JarVerifier.processEntry(JarVerifier.java:294)
 at java.util.jar.JarVerifier.update(JarVerifier.java:205)
 at java.util.jar.JarFile.initializeVerifier(JarFile.java:338)
 at java.util.jar.JarFile.getInputStream(JarFile.java:403)
 at sun.misc.JarIndex.getJarIndex(JarIndex.java:116)
 at sun.misc.URLClassPath$JarLoader$1.run(URLClassPath.java:623)
 at java.security.AccessController.doPrivileged(Native Method)
 at sun.misc.URLClassPath$JarLoader.ensureOpen(URLClassPath.java:614)
 at sun.misc.URLClassPath$JarLoader.init(URLClassPath.java:598)
 at sun.misc.URLClassPath$3.run(URLClassPath.java:348)
 at java.security.AccessController.doPrivileged(Native Method)
 at sun.misc.URLClassPath.getLoader(URLClassPath.java:337)
 at sun.misc.URLClassPath.getLoader(URLClassPath.java:314)
 at sun.misc.URLClassPath.getResource(URLClassPath.java:184)
 at java.net.URLClassLoader$1.run(URLClassLoader.java:209)
 at java.security.AccessController.doPrivileged(Native Method)
 at java.net.URLClassLoader.findClass(URLClassLoader.java:205)
 at java.lang.ClassLoader.loadClass(ClassLoader.java:321)
 at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:294)
 at java.lang.ClassLoader.loadClass(ClassLoader.java:266)
 Could not find the main class: com.puppetlabs.puppetdb.core. Program will 
 exit.


 On 13 July 2012 06:54, Matthaus Litteken matth...@puppetlabs.com wrote:
 PuppetDB 0.9.2 is the third beta release on the road to 1.0. Changes
 include new features and bug fixes. For details on changes
 in this release, please see the release notes below.

 # Downloads

 Available in native package format at

 http://yum.puppetlabs.com

 http://apt.puppetlabs.com

 Source (same license as Puppet):  http://github.com/puppetlabs/puppetdb

 Available for use with Puppet Enterprise 2.5.1 and later at

 http://yum-enterprise.puppetlabs.com/ and 
 http://apt-enterprise.puppetlabs.com/

 # Documentation (including how to install): 
 http://docs.puppetlabs.com/puppetdb

 # Issues can be filed at:
 http://projects.puppetlabs.com/projects/puppetdb/issues

 # Upgrading

 1. On your puppetdb server, stop the puppetdb daemon
 2. On your puppetmaster(s), stop the puppetmaster daemon
 3. On your puppetdb server, install the new puppetdb package
 4. On your puppetdb server, start the puppetdb daemon
 5. On your puppetmaster(s), install the new puppetdb-terminus package
 6. On your puppetmaster(s), start the puppetmaster daemon

 0.9.2
 =

 Many thanks to the following people who contributed patches to this
 release:

 * Jason Ashby
 * Kushal Pisavadia
 * Erik Dalén
 * Deepak Giridharagopal
 * Nick Lewis
 * Matthaus Litteken
 * Chris Price

 Notable features:

 * Allow more advanced storeconfigs queries

   Now, when using PuppetDB, your puppet manifests can use and and
   or in collection queries:

 File | mode == 0755 or content == bar |

 * (#14947) Restrict accetable client certificates by CN

   PuppetDB now implements an optional whitelist for HTTPS clients. If
   enabled by the user, we validate that the CN of the supplied client
   certificate exactly matches an entry in the whitelist. This allows
   users to restrict access to PuppetDB using the same CA
   infrastructure that Puppet already uses. For example, you can
   restrict access to PuppetDB to just your puppetmaster boxes.

   This feature is off by default. Refer to the documentation on the
   `certificate-whitelist` configuration option for details.

 Notable fixes:

 * (#15388) Add redirect from '/' to the dashboard

   Prior to this fix, if you started up PuppetDB and then attempted to
   browse to /, you'd get an error message that might lead you to
   believe that the server wasn't actually running (depending on your
   browser).

   This commit simply adds a redirect from / to the dashboard index
   page.

 * (#14688) Improve

Re: [Puppet Users] Announce: PuppetDB 0.9.2 Available

2012-07-12 Thread Deepak Giridharagopal

Ouch...I'll take a look at this now! What version of Ubuntu are you
on? I'll bring up a VM and try to reproduce this.

deepak

On Fri, Jul 13, 2012 at 10:54:10AM +1000, Peter Brown rendhal...@gmail.com 
wrote:
 Hi Everyone,
 
 I just upgraded to this on my ubuntu puppetmaster and I am having
 issues starting the server.
 I am running the openjdk-6-jre
 After some digging i found the options the start script was using and
 tried to start the daemon manually
 It gives me this error.
 
 start-stop-daemon --start --chuid puppetdb -v --make-pidfile --pidfile
 /var/run/puppetdb.pid --chdir /usr/share/puppet --exec /usr/bin/java
 -- -Xmx192m -jar /usr/share/puppetdb/puppetdb.jar services -c
 /etc/puppetdb/conf.d
 Starting /usr/bin/java...
 Exception in thread main java.lang.SecurityException: Invalid
 signature file digest for Manifest main attributes
 at 
 sun.security.util.SignatureFileVerifier.processImpl(SignatureFileVerifier.java:239)
 at 
 sun.security.util.SignatureFileVerifier.process(SignatureFileVerifier.java:193)
 at java.util.jar.JarVerifier.processEntry(JarVerifier.java:294)
 at java.util.jar.JarVerifier.update(JarVerifier.java:205)
 at java.util.jar.JarFile.initializeVerifier(JarFile.java:338)
 at java.util.jar.JarFile.getInputStream(JarFile.java:403)
 at sun.misc.JarIndex.getJarIndex(JarIndex.java:116)
 at sun.misc.URLClassPath$JarLoader$1.run(URLClassPath.java:623)
 at java.security.AccessController.doPrivileged(Native Method)
 at sun.misc.URLClassPath$JarLoader.ensureOpen(URLClassPath.java:614)
 at sun.misc.URLClassPath$JarLoader.init(URLClassPath.java:598)
 at sun.misc.URLClassPath$3.run(URLClassPath.java:348)
 at java.security.AccessController.doPrivileged(Native Method)
 at sun.misc.URLClassPath.getLoader(URLClassPath.java:337)
 at sun.misc.URLClassPath.getLoader(URLClassPath.java:314)
 at sun.misc.URLClassPath.getResource(URLClassPath.java:184)
 at java.net.URLClassLoader$1.run(URLClassLoader.java:209)
 at java.security.AccessController.doPrivileged(Native Method)
 at java.net.URLClassLoader.findClass(URLClassLoader.java:205)
 at java.lang.ClassLoader.loadClass(ClassLoader.java:321)
 at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:294)
 at java.lang.ClassLoader.loadClass(ClassLoader.java:266)
 Could not find the main class: com.puppetlabs.puppetdb.core. Program will 
 exit.
 
 
 On 13 July 2012 06:54, Matthaus Litteken matth...@puppetlabs.com wrote:
  PuppetDB 0.9.2 is the third beta release on the road to 1.0. Changes
  include new features and bug fixes. For details on changes
  in this release, please see the release notes below.
 
  # Downloads
 
  Available in native package format at
 
  http://yum.puppetlabs.com
 
  http://apt.puppetlabs.com
 
  Source (same license as Puppet):  http://github.com/puppetlabs/puppetdb
 
  Available for use with Puppet Enterprise 2.5.1 and later at
 
  http://yum-enterprise.puppetlabs.com/ and 
  http://apt-enterprise.puppetlabs.com/
 
  # Documentation (including how to install): 
  http://docs.puppetlabs.com/puppetdb
 
  # Issues can be filed at:
  http://projects.puppetlabs.com/projects/puppetdb/issues
 
  # Upgrading
 
  1. On your puppetdb server, stop the puppetdb daemon
  2. On your puppetmaster(s), stop the puppetmaster daemon
  3. On your puppetdb server, install the new puppetdb package
  4. On your puppetdb server, start the puppetdb daemon
  5. On your puppetmaster(s), install the new puppetdb-terminus package
  6. On your puppetmaster(s), start the puppetmaster daemon
 
  0.9.2
  =
 
  Many thanks to the following people who contributed patches to this
  release:
 
  * Jason Ashby
  * Kushal Pisavadia
  * Erik Dalén
  * Deepak Giridharagopal
  * Nick Lewis
  * Matthaus Litteken
  * Chris Price
 
  Notable features:
 
  * Allow more advanced storeconfigs queries
 
Now, when using PuppetDB, your puppet manifests can use and and
or in collection queries:
 
  File | mode == 0755 or content == bar |
 
  * (#14947) Restrict accetable client certificates by CN
 
PuppetDB now implements an optional whitelist for HTTPS clients. If
enabled by the user, we validate that the CN of the supplied client
certificate exactly matches an entry in the whitelist. This allows
users to restrict access to PuppetDB using the same CA
infrastructure that Puppet already uses. For example, you can
restrict access to PuppetDB to just your puppetmaster boxes.
 
This feature is off by default. Refer to the documentation on the
`certificate-whitelist` configuration option for details.
 
  Notable fixes:
 
  * (#15388) Add redirect from '/' to the dashboard
 
Prior to this fix, if you started up PuppetDB and then attempted to
browse to /, you'd get an error message that might lead you to
believe that the server wasn't actually

Re: [Puppet Users] Announce: PuppetDB 0.9.2 Available

On 13 July 2012 11:59, Deepak Giridharagopal dee...@puppetlabs.com wrote:
 Ouch...I'll take a look at this now! What version of Ubuntu are you
 on? I'll bring up a VM and try to reproduce this.

Thanks Deepak.

Ubuntu 12.04 (kubuntu actually but same diff)

I noticed my jre was updated today as well.
my openjdk-6-jre version is 6b24-1.11.3-1ubuntu0.12.04.1 if that helps

let me know if you need any more info.


Pete.


 deepak

 On Fri, Jul 13, 2012 at 10:54:10AM +1000, Peter Brown rendhal...@gmail.com 
 wrote:
 Hi Everyone,

 I just upgraded to this on my ubuntu puppetmaster and I am having
 issues starting the server.
 I am running the openjdk-6-jre
 After some digging i found the options the start script was using and
 tried to start the daemon manually
 It gives me this error.

 start-stop-daemon --start --chuid puppetdb -v --make-pidfile --pidfile
 /var/run/puppetdb.pid --chdir /usr/share/puppet --exec /usr/bin/java
 -- -Xmx192m -jar /usr/share/puppetdb/puppetdb.jar services -c
 /etc/puppetdb/conf.d
 Starting /usr/bin/java...
 Exception in thread main java.lang.SecurityException: Invalid
 signature file digest for Manifest main attributes
 at 
 sun.security.util.SignatureFileVerifier.processImpl(SignatureFileVerifier.java:239)
 at 
 sun.security.util.SignatureFileVerifier.process(SignatureFileVerifier.java:193)
 at java.util.jar.JarVerifier.processEntry(JarVerifier.java:294)
 at java.util.jar.JarVerifier.update(JarVerifier.java:205)
 at java.util.jar.JarFile.initializeVerifier(JarFile.java:338)
 at java.util.jar.JarFile.getInputStream(JarFile.java:403)
 at sun.misc.JarIndex.getJarIndex(JarIndex.java:116)
 at sun.misc.URLClassPath$JarLoader$1.run(URLClassPath.java:623)
 at java.security.AccessController.doPrivileged(Native Method)
 at sun.misc.URLClassPath$JarLoader.ensureOpen(URLClassPath.java:614)
 at sun.misc.URLClassPath$JarLoader.init(URLClassPath.java:598)
 at sun.misc.URLClassPath$3.run(URLClassPath.java:348)
 at java.security.AccessController.doPrivileged(Native Method)
 at sun.misc.URLClassPath.getLoader(URLClassPath.java:337)
 at sun.misc.URLClassPath.getLoader(URLClassPath.java:314)
 at sun.misc.URLClassPath.getResource(URLClassPath.java:184)
 at java.net.URLClassLoader$1.run(URLClassLoader.java:209)
 at java.security.AccessController.doPrivileged(Native Method)
 at java.net.URLClassLoader.findClass(URLClassLoader.java:205)
 at java.lang.ClassLoader.loadClass(ClassLoader.java:321)
 at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:294)
 at java.lang.ClassLoader.loadClass(ClassLoader.java:266)
 Could not find the main class: com.puppetlabs.puppetdb.core. Program will 
 exit.


 On 13 July 2012 06:54, Matthaus Litteken matth...@puppetlabs.com wrote:
  PuppetDB 0.9.2 is the third beta release on the road to 1.0. Changes
  include new features and bug fixes. For details on changes
  in this release, please see the release notes below.
 
  # Downloads
 
  Available in native package format at
 
  http://yum.puppetlabs.com
 
  http://apt.puppetlabs.com
 
  Source (same license as Puppet):  http://github.com/puppetlabs/puppetdb
 
  Available for use with Puppet Enterprise 2.5.1 and later at
 
  http://yum-enterprise.puppetlabs.com/ and 
  http://apt-enterprise.puppetlabs.com/
 
  # Documentation (including how to install): 
  http://docs.puppetlabs.com/puppetdb
 
  # Issues can be filed at:
  http://projects.puppetlabs.com/projects/puppetdb/issues
 
  # Upgrading
 
  1. On your puppetdb server, stop the puppetdb daemon
  2. On your puppetmaster(s), stop the puppetmaster daemon
  3. On your puppetdb server, install the new puppetdb package
  4. On your puppetdb server, start the puppetdb daemon
  5. On your puppetmaster(s), install the new puppetdb-terminus package
  6. On your puppetmaster(s), start the puppetmaster daemon
 
  0.9.2
  =
 
  Many thanks to the following people who contributed patches to this
  release:
 
  * Jason Ashby
  * Kushal Pisavadia
  * Erik Dalén
  * Deepak Giridharagopal
  * Nick Lewis
  * Matthaus Litteken
  * Chris Price
 
  Notable features:
 
  * Allow more advanced storeconfigs queries
 
Now, when using PuppetDB, your puppet manifests can use and and
or in collection queries:
 
  File | mode == 0755 or content == bar |
 
  * (#14947) Restrict accetable client certificates by CN
 
PuppetDB now implements an optional whitelist for HTTPS clients. If
enabled by the user, we validate that the CN of the supplied client
certificate exactly matches an entry in the whitelist. This allows
users to restrict access to PuppetDB using the same CA
infrastructure that Puppet already uses. For example, you can
restrict access to PuppetDB to just your puppetmaster boxes.
 
This feature is off by default. Refer to the documentation on the

Re: [Puppet Users] Announce: PuppetDB 0.9.2 Available

Oh on a whim i installed openjdk-7 and got the same results.

On 13 July 2012 12:12, Peter Brown rendhal...@gmail.com wrote:
 On 13 July 2012 11:59, Deepak Giridharagopal dee...@puppetlabs.com wrote:
 Ouch...I'll take a look at this now! What version of Ubuntu are you
 on? I'll bring up a VM and try to reproduce this.

 Thanks Deepak.

 Ubuntu 12.04 (kubuntu actually but same diff)

 I noticed my jre was updated today as well.
 my openjdk-6-jre version is 6b24-1.11.3-1ubuntu0.12.04.1 if that helps

 let me know if you need any more info.


 Pete.


 deepak

 On Fri, Jul 13, 2012 at 10:54:10AM +1000, Peter Brown rendhal...@gmail.com 
 wrote:
 Hi Everyone,

 I just upgraded to this on my ubuntu puppetmaster and I am having
 issues starting the server.
 I am running the openjdk-6-jre
 After some digging i found the options the start script was using and
 tried to start the daemon manually
 It gives me this error.

 start-stop-daemon --start --chuid puppetdb -v --make-pidfile --pidfile
 /var/run/puppetdb.pid --chdir /usr/share/puppet --exec /usr/bin/java
 -- -Xmx192m -jar /usr/share/puppetdb/puppetdb.jar services -c
 /etc/puppetdb/conf.d
 Starting /usr/bin/java...
 Exception in thread main java.lang.SecurityException: Invalid
 signature file digest for Manifest main attributes
 at 
 sun.security.util.SignatureFileVerifier.processImpl(SignatureFileVerifier.java:239)
 at 
 sun.security.util.SignatureFileVerifier.process(SignatureFileVerifier.java:193)
 at java.util.jar.JarVerifier.processEntry(JarVerifier.java:294)
 at java.util.jar.JarVerifier.update(JarVerifier.java:205)
 at java.util.jar.JarFile.initializeVerifier(JarFile.java:338)
 at java.util.jar.JarFile.getInputStream(JarFile.java:403)
 at sun.misc.JarIndex.getJarIndex(JarIndex.java:116)
 at sun.misc.URLClassPath$JarLoader$1.run(URLClassPath.java:623)
 at java.security.AccessController.doPrivileged(Native Method)
 at sun.misc.URLClassPath$JarLoader.ensureOpen(URLClassPath.java:614)
 at sun.misc.URLClassPath$JarLoader.init(URLClassPath.java:598)
 at sun.misc.URLClassPath$3.run(URLClassPath.java:348)
 at java.security.AccessController.doPrivileged(Native Method)
 at sun.misc.URLClassPath.getLoader(URLClassPath.java:337)
 at sun.misc.URLClassPath.getLoader(URLClassPath.java:314)
 at sun.misc.URLClassPath.getResource(URLClassPath.java:184)
 at java.net.URLClassLoader$1.run(URLClassLoader.java:209)
 at java.security.AccessController.doPrivileged(Native Method)
 at java.net.URLClassLoader.findClass(URLClassLoader.java:205)
 at java.lang.ClassLoader.loadClass(ClassLoader.java:321)
 at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:294)
 at java.lang.ClassLoader.loadClass(ClassLoader.java:266)
 Could not find the main class: com.puppetlabs.puppetdb.core. Program will 
 exit.


 On 13 July 2012 06:54, Matthaus Litteken matth...@puppetlabs.com wrote:
  PuppetDB 0.9.2 is the third beta release on the road to 1.0. Changes
  include new features and bug fixes. For details on changes
  in this release, please see the release notes below.
 
  # Downloads
 
  Available in native package format at
 
  http://yum.puppetlabs.com
 
  http://apt.puppetlabs.com
 
  Source (same license as Puppet):  http://github.com/puppetlabs/puppetdb
 
  Available for use with Puppet Enterprise 2.5.1 and later at
 
  http://yum-enterprise.puppetlabs.com/ and 
  http://apt-enterprise.puppetlabs.com/
 
  # Documentation (including how to install): 
  http://docs.puppetlabs.com/puppetdb
 
  # Issues can be filed at:
  http://projects.puppetlabs.com/projects/puppetdb/issues
 
  # Upgrading
 
  1. On your puppetdb server, stop the puppetdb daemon
  2. On your puppetmaster(s), stop the puppetmaster daemon
  3. On your puppetdb server, install the new puppetdb package
  4. On your puppetdb server, start the puppetdb daemon
  5. On your puppetmaster(s), install the new puppetdb-terminus package
  6. On your puppetmaster(s), start the puppetmaster daemon
 
  0.9.2
  =
 
  Many thanks to the following people who contributed patches to this
  release:
 
  * Jason Ashby
  * Kushal Pisavadia
  * Erik Dalén
  * Deepak Giridharagopal
  * Nick Lewis
  * Matthaus Litteken
  * Chris Price
 
  Notable features:
 
  * Allow more advanced storeconfigs queries
 
Now, when using PuppetDB, your puppet manifests can use and and
or in collection queries:
 
  File | mode == 0755 or content == bar |
 
  * (#14947) Restrict accetable client certificates by CN
 
PuppetDB now implements an optional whitelist for HTTPS clients. If
enabled by the user, we validate that the CN of the supplied client
certificate exactly matches an entry in the whitelist. This allows
users to restrict access to PuppetDB using the same CA
infrastructure that Puppet already uses. For example, you can
restrict access to

Re: [Puppet Users] Announce: PuppetDB 0.9.2 Available

2012-07-12 Thread Deepak Giridharagopal

On Fri, Jul 13, 2012 at 12:12:32PM +1000, Peter Brown rendhal...@gmail.com 
wrote:
 On 13 July 2012 11:59, Deepak Giridharagopal dee...@puppetlabs.com wrote:
  Ouch...I'll take a look at this now! What version of Ubuntu are you
  on? I'll bring up a VM and try to reproduce this.
 
 Thanks Deepak.
 
 Ubuntu 12.04 (kubuntu actually but same diff)
 
 I noticed my jre was updated today as well.
 my openjdk-6-jre version is 6b24-1.11.3-1ubuntu0.12.04.1 if that helps
 
 let me know if you need any more info.

I believe we've found the problem. It looks like when we built the
.debs we used a slightly older version of our build tool, which can't
handle dependencies that are cryptographically signed.

I'm going to work with the release team tonight to get those packages
pulled, and rebuild new ones. We should have new .debs posted in the
morning (US time).

Thanks so much for the thorough diagnostics; it made it really easy to
find the root of the problem. And I sincerely apologize for any
problems this may have caused!

deepak

--
Deepak Giridharagopal / Puppet Labs / grim_radical

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Announce: PuppetDB 0.9.2 Available