Re: [Puppet Users] Re: proper usage of global variables / node variables / +=
At this point, however, I'm hoping that one of the PuppetLabs guys will jump in to either explain why I'm wrong or confirm that it's a bug. Any PuppetLabs guys reading? I realize they are all busy people, and it may take a while. It's all good. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] problem using apache passenger to run dashboard
Hi, Haven't got details in front of me but check the puppet docs on passenger - I think you haven't set the right perms on your config.ru - should be owned by puppet. Cheers Den On 12/07/2012, at 4:28, Hai Tao ehai...@gmail.com wrote: The welcome page should only display when there is no webpage to display. I tried to remove the welcome page, and it still is not working. It looks to me that the passenger is not working correctly. httpd error log show this errors: # tail -f dashboard_error.log [Wed Jul 11 11:27:26 2012] [error] [client ::1] File does not exist: /usr/share/puppet-dashboard/public/nodes [Wed Jul 11 11:27:26 2012] [error] [client 10.224.78.200] File does not exist: /usr/share/puppet-dashboard/public/reports [Wed Jul 11 11:27:32 2012] [error] [client ::1] File does not exist: /usr/share/puppet-dashboard/public/nodes [Wed Jul 11 11:27:32 2012] [error] [client 10.224.78.200] File does not exist: /usr/share/puppet-dashboard/public/reports [Wed Jul 11 11:27:34 2012] [error] [client ::1] File does not exist: /usr/share/puppet-dashboard/public/nodes [Wed Jul 11 11:27:34 2012] [error] [client 10.224.78.200] File does not exist: /usr/share/puppet-dashboard/public/reports [Wed Jul 11 11:27:35 2012] [error] [client ::1] File does not exist: /usr/share/puppet-dashboard/public/nodes [Wed Jul 11 11:27:35 2012] [error] [client 10.224.78.200] File does not exist: /usr/share/puppet-dashboard/public/reports [Wed Jul 11 11:27:43 2012] [error] [client ::1] File does not exist: /usr/share/puppet-dashboard/public/nodes [Wed Jul 11 11:27:44 2012] [error] [client 10.224.78.200] File does not exist: /usr/share/puppet-dashboard/public/reports [Wed Jul 11 11:27:46 2012] [error] [client ::1] File does not exist: /usr/share/puppet-dashboard/public/nodes [Wed Jul 11 11:27:46 2012] [error] [client 10.224.78.200] File does not exist: /usr/share/puppet-dashboard/public/reports [Wed Jul 11 11:27:46 2012] [error] [client ::1] File does not exist: /usr/share/puppet-dashboard/public/nodes On Wed, Jul 11, 2012 at 11:13 AM, Jo Rhett jrh...@netconsonance.com wrote: On Jul 10, 2012, at 4:39 PM, Hai Tao wrote: but after I restarted httpd, I see a apache welcome page. Did you read the page? It probably tells you to remove /etc/httpd/conf.d/welcome.conf ... -- Jo Rhett Net Consonance : net philanthropy to improve open source and internet projects. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Hai Tao -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] how to conditionally add users to a virtualized group?
Puppet users and groups are fiddly. My current not implemented thinking is to use ldap and manage pam_groups via puppet on the hosts to get the granularity. More thinking out loud than anything else. Den On 12/07/2012, at 6:03, Jo Rhett jrh...@netconsonance.com wrote: I'm fighting with a ticklish issue. We have some groups and users that only belong on some systems. So we made all users virtual and then realize them in classes specific to those system types. This works quite well for the users, but not for the groups. When you specify a user, you have to list all the groups they are in. groups = ['support',ops','dev'], Obviously some groups aren't realized on all systems, so this produces an error when usermod is run. '/usr/sbin/usermod -G support,ops,dev jrhett' returned 6: usermod: unknown group dev usermod: unknown group dev So I tried to get smarter, and put logic to add the group to each member under the appropriate class Class users::dev inherits users { User['jrhett'] { groups + ['dev'] } } This works… almost. It works for all instances where the user is only subclassed once. But if I do the same technique in multiple classes I get err: Could not retrieve catalog from remote server: Error 400 on SERVER: Parameter 'groups' is already set on User_and_key[jrhett] by #Puppet::Resource::Type:0x7f4feed2d828 at /etc/puppet/modules/users/manifests/support.pp:22; cannot redefine at /etc/puppet/modules/users/manifests/dev.pp:27 on node s2-d1.company.com So how can this be achieved, short of using an exec with an unless doing another exec to determine if the group exists? -- Jo Rhett Net Consonance : net philanthropy to improve open source and internet projects. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] how to conditionally add users to a virtualized group?
I use nss-pam-ldapd and pam_ldap depending on the system, using an ldap filter to allow only certain groups per system. I prefer nss-pam-ldapd. nss-pam-ldapd: CentOS 6 Debian 6 Ubuntu 10.04 pam_ldap: CentOS 5 FreeBSD 9 (Solaris is more like pam_ldap in configuration, but fairly unique.) The manifests to deal with the above are essentially OS-specific. On Thu, Jul 12, 2012 at 05:52:24PM +1000, Denmat wrote: Puppet users and groups are fiddly. My current not implemented thinking is to use ldap and manage pam_groups via puppet on the hosts to get the granularity. More thinking out loud than anything else. Den On 12/07/2012, at 6:03, Jo Rhett [1]jrh...@netconsonance.com wrote: I'm fighting with a ticklish issue. We have some groups and users that only belong on some systems. So we made all users virtual and then realize them in classes specific to those system types. This works quite well for the users, but not for the groups. When you specify a user, you have to list all the groups they are in. groups = ['support',ops','dev'], Obviously some groups aren't realized on all systems, so this produces an error when usermod is run. '/usr/sbin/usermod -G support,ops,dev jrhett' returned 6: usermod: unknown group dev usermod: unknown group dev So I tried to get smarter, and put logic to add the group to each member under the appropriate class Class users::dev inherits users { User['jrhett'] { groups + ['dev'] } } This works� almost. It works for all instances where the user is only subclassed once. But if I do the same technique in multiple classes I get err: Could not retrieve catalog from remote server: Error 400 on SERVER: Parameter 'groups' is already set on User_and_key[jrhett] by #Puppet::Resource::Type:0x7f4feed2d828 at /etc/puppet/modules/users/manifests/support.pp:22; cannot redefine at /etc/puppet/modules/users/manifests/dev.pp:27 on node [2]s2-d1.company.com So how can this be achieved, short of using an exec with an unless doing another exec to determine if the group exists? -- Jo Rhett Net Consonance : net philanthropy to improve open source and internet projects. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to [3]puppet-users@googlegroups.com. To unsubscribe from this group, send email to [4]puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at [5]http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. References Visible links 1. mailto:jrh...@netconsonance.com 2. http://s2-d1.company.com/ 3. mailto:puppet-users@googlegroups.com 4. mailto:puppet-users+unsubscr...@googlegroups.com 5. http://groups.google.com/group/puppet-users?hl=en -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] CRAY / BlueGeneQ
Dear all, I would like to ask you, does anybody here have experience with Puppet under CRAY systems, or BlueGeneQ? It would be nice to hear some experiences with this, if any. Thanks! Pablo -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] What is the intention of thin_storeconfigs?
I started doing some experiments with the configuration option 'thin_storeconfigs=true' by adding this option to one of my Puppet masters. However, I could not determine any change in behavior. I expected to have the resources collected faster, but Puppet still takes some 15min to do the job. So maybe I misunderstood something. Should this option instead be placed in the client's configuration to make them export only the @@-resources? Couldn't find any documentation. So any help is appreciated. Thanks Bernd -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] What is the intention of thin_storeconfigs?
Hi, Thin_storeconfig stores less detail in the database, that won't necessarily speed it up but will reduce its footprint. The actual differences I'm a bit fuzzy on. Den On 12/07/2012, at 18:29, Bernd Adamowicz bernd.adamow...@esailors.de wrote: I started doing some experiments with the configuration option 'thin_storeconfigs=true' by adding this option to one of my Puppet masters. However, I could not determine any change in behavior. I expected to have the resources collected faster, but Puppet still takes some 15min to do the job. So maybe I misunderstood something. Should this option instead be placed in the client's configuration to make them export only the @@-resources? Couldn't find any documentation. So any help is appreciated. Thanks Bernd -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] certname doesn't seem to work on the agent
There was no current cert. It was a new host. The cert was generated using the FQDN.. On Thursday, 12 July 2012 04:42:51 UTC+2, Pete wrote: Hi, Your config looks about right. Did you drop the current cert and request and sign a new one? On 11 July 2012 19:14, Kmbu wrote: Hi guys, I have a box that needs to identify itself to the puppetmaster as something different from the FQDN. I added certname to the agent configuration before the first run, but it doesn't seem to be sufficient. The certificate was generated for the FQDN, and the host appears in the dashboard as the FQDN, and the node name used to evaluate the manifest is also the FQDN. I would like to set it up so that, for all intents and purposes, the node/agent has a different name. I'm running Puppet 2.7.6 via Apache/Passenger. Here is my agent config: [agent] # Whether log files should always flush to disk. autoflush = true # Reporting setup for Puppet Dashboard report = true # Randomize agent runs to avoid clusters splay = true # The main Puppet configuration directory. The default for this parameter is calculated based on the user. If the process # is running as root or the user that Puppet is supposed to run as, it defaults to a system directory, but if it's running as any other user, # it defaults to being in the user's home directory. # The default value is '/etc/puppet'. confdir = confdir # Where Puppet stores dynamic and growing data. The default for this parameter is calculated specially, like `confdir`_. # The default value is '/var/lib/puppet'. vardir = vardir # Whether to print stack traces on some errors trace = true # How often puppet agent applies the client configuration; in seconds. Note that a runinterval of 0 means run continuously rather than never run. # If you want puppet agent to never run, you should start it with the --no-client option. runinterval = 300 # Whether to use colors when logging to the console. # Valid values are `ansi` (equivalent to `true`), `html` (mostly # used during testing with TextMate), and `false`, which produces # no color. # The default value is 'ansi'. color = ansi # The environment Puppet is running in. For clients # (e.g., `puppet agent`) this determines the environment itself, which # is used to find modules and much more. For servers (i.e., `puppet master`) this provides the default environment for nodes # we know nothing about. # The default value is 'production'. environment = pre # Where to find information about nodes. # The default value is 'plain'. # node_terminus = plain # Where the puppet agent web server logs. # The default value is '$logdir/http.log'. httplog = logpath/http.log # Send the process into the background. This is the default. # The default value is 'true'. daemonize = true # The name to use when handling certificates. Defaults # to the fully qualified domain name. certname = dns-name-here # Where Puppet should look for facts. Multiple directories should # be colon-separated, like normal PATH variables. # The default value is '$vardir/lib/facter:$vardir/facts'. factpath = $vardir/lib/facter:$vardir/facts # From where to retrieve facts. The standard Puppet `file` type # is used for retrieval, so anything that is a valid file source can # be used here. # The default value is 'puppet://$server/facts/'. factsource = puppet://puppetmaster/facts/ # The pid file # The default value is '$rundir/$name.pid'. pidfile = vardir/agent.pid # The user puppet master should run as. # The default value is 'puppet'. user = apache # The group puppet master should run as. # The default value is 'puppet'. group = apache # Wether the master should function as a certificate authority. # The default value is 'true'. ca = true # The search path for modules as a list of directories separated by the ':' character. # The default value is '$confdir/modules:/usr/share/puppet/modules'. modulepath = datadir/modules # The explicit value used for the node name for all requests the agent # makes to the master. WARNING: This setting is mutually exclusive with # node_name_fact. Changing this setting also requires changes to the default # auth.conf configuration on the Puppet Master. Please see # http://links.puppetlabs.com/node_name_value for more information. # The default value is '$certname'. # node_name_value =
Re: [Puppet Users] What is the intention of thin_storeconfigs?
Thin stored configs only store exported resources in the database Instead of all resources. There may be more differences though. Sent from my galaxy tab On Jul 12, 2012 6:01 PM, Denmat tu2bg...@gmail.com wrote: Hi, Thin_storeconfig stores less detail in the database, that won't necessarily speed it up but will reduce its footprint. The actual differences I'm a bit fuzzy on. Den On 12/07/2012, at 18:29, Bernd Adamowicz bernd.adamow...@esailors.de wrote: I started doing some experiments with the configuration option 'thin_storeconfigs=true' by adding this option to one of my Puppet masters. However, I could not determine any change in behavior. I expected to have the resources collected faster, but Puppet still takes some 15min to do the job. So maybe I misunderstood something. Should this option instead be placed in the client's configuration to make them export only the @@-resources? Couldn't find any documentation. So any help is appreciated. Thanks Bernd -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] ENC questions
I've been trying to wrap my head around ENCs. Kelsey Hightower gave me some very useful info in IRC the other day, but there are still some things I can't quite get my head around. From what I can tell, an ENC allows you to assign classes and parameters (top scope variables) to a given node or group of nodes. They cannot declare/define relationships (chain classes together to order them) or declare individual resources. The purpose is to help separate data and configuration. From reading what documentation I could find on the puppet site (some of which is potentially inaccurate / outdated from the wiki), the only way to get around these limits is to build your modules, then define a series of wrapper classes and super classes and assign these to the nodes. We've got 2 dozen or so systems that we manage with puppet, and so far have done it all just using node defs. What benefits would there be in using an ENC, from an admin side of things? Is it something that would be worth my time in setting up? I'm trying to understand this, and my long term goal is to maximize the benefit we get from puppet. Thanks. Lee -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/Lr4lgnpVWcwJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: how to conditionally add users to a virtualized group?
On Wednesday, July 11, 2012 3:03:14 PM UTC-5, Jo wrote: I'm fighting with a ticklish issue. We have some groups and users that only belong on some systems. So we made all users virtual and then realize them in classes specific to those system types. This works quite well for the users, but not for the groups. When you specify a user, you have to list all the groups they are in. groups = ['support',ops','dev'], Obviously some groups aren't realized on all systems, so this produces an error when usermod is run. '/usr/sbin/usermod -G support,ops,dev jrhett' returned 6: usermod: unknown group dev usermod: unknown group dev So I tried to get smarter, and put logic to add the group to each member under the appropriate class Class users::dev inherits users { User['jrhett'] { groups + ['dev'] } } This works… almost. It works for all instances where the user is only subclassed once. But if I do the same technique in multiple classes I get err: Could not retrieve catalog from remote server: Error 400 on SERVER: Parameter 'groups' is already set on User_and_key[jrhett] by #Puppet::Resource::Type:0x7f4feed2d828 at /etc/puppet/modules/users/manifests/support.pp:22; cannot redefine at /etc/puppet/modules/users/manifests/dev.pp:27 on node s2-d1.company.com So how can this be achieved, short of using an exec with an unless doing another exec to determine if the group exists? If it is the case that each user always has the same potential secondary groups, and you need to narrow the actual secondary groups to those that are actually present, then I think you could do it without too much pain. The main ingredients would be a list (array) of the groups that are supposed to be present, and a custom function that forms the intersection of two arrays. (Or you could use an inline template and split(), but yuck!) Hiera would probably provide a good means for building the list of available groups, which you could then use not only to filter user definitions but also to drive virtual group realization. Here's a skeleton of how it might work: class auth::constants { $available_groups = hiera('groups') } class auth::groups::virtual { # Virtual group declarations, such as @group { 'dev': gid = 4242, ensure = present } } define auth::concrete_group () { include 'auth::groups::virtual' realize Group[$name] } class auth::groups { include 'auth::constants' auth::concrete_group { $auth::constants::available_groups: } } class auth::users::virtual { include 'auth::constants' # Virtual user declarations, such as @user { 'jbolling': uid = 4200, gid = 4200, groups = intersect(['dev', 'support', 'ops'], $auth::constants::available_groups) } } A few bits are omitted, most notably user realization. The main concept is to declare what you want in the first place, rather than throwing up something and trying to tweak it afterward, or trying to build values incrementally. The latter two approaches tends to work poorly in Puppet (with certain caveats). Note also that the above is completely hypothetical. I think it would work, but it's not based on anything I have actually implemented. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/uo9sWOQTJyMJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Environment and layout questions
Hi Tim I had a similar question in https://groups.google.com/forum/?fromgroups#!topic/puppet-users/fhHYT3LkBoE but spent a while figuring out and testing what is possible. Hopefully this will help you or someone work their way around a corner. Puppet Environments * Common modules, environment/node specific configs * Environment specific modules and common or environment/node specific configs It is possible to use both and failback/iterate over configs per $environment and per node. And it is possible to have a shared/common module in (modules) that is specific to all environments and have the specific $environment or node configs being served via environments. It is a little complicated but does work and allows for quite a bit of flexibility serving environments. I find that I do not want to maintain all modules per environment in puppet, as that means maintaining $(( modules * number_of_environments )), but do as shown later :) Some modules lend then themselves to a common module but environment specific configuration. To achieve this some puppet magic is required, a few spells :) I shall try and describe the concept and steps here. So for example it is possible to achieve something like the following (caveat manifests/${environment} dirs are there if you are also using an include ${environment}/*.pp for node definitions): |+-environments/ | +-dev/ | | +-configs/ | | | |+-mysql_proxy/ | | | | +-${puppet_env}.mysql-proxy.erb | | | | +-dev-server-1.mysql-proxy.erb | | | |+-mysql_server/ | | |+-$hostname.cnf | | |+-mysql.conf | | +-modules/ | | | |+-httpd/ | | ||+-manifests/ | | || +-init.pp | | ||+-templates/ | | | +-httpd.conf.erb | | +-repo/ | | |+-*.rpm | +-prod/ | | +-configs/ | | | |+-mysql_proxy/ | | | | +-${puppet_env}.mysql-proxy.erb | | | | +-prod-server-2.mysql-proxy.erb | | | |+-mysql_server/ | | |+-$hostname.cnf | | |+-mysql.conf | | +-modules/ | | | |+-httpd/ | | ||+-manifests/ | | || +-init.pp | | ||+-templates/ | | | +-httpd.conf.erb | | +-repo/ | | |+-*.rpm |+-manifests/ | |+-dev/ | | +-dev-server-1.pp | | +-dev-server-2.pp | |+-prod/ | | +-prod-server-1.pp | | +-prod-server-2.pp | |+-extdata/ | | +-dev.csv | | +-dev.csv | |+-dev.pp | |+-prod.pp | |+-site.pp |+-modules/ |+-mysql_proxy/ | |+-manifests/ | | +-init.pp | |+-files/ | +-mysql-proxy.erb |+-mysql_server/ |+-manifests/ +-init.pp To achieve this you need to ensure environments are set in the puppet.conf SNIP [agent] environment = %= environment % /SNIP Just for clarification I map $environment to $puppet_env (for some backward compatability issues as puppet environments has not always been avaiable). SNIP [agent] environment = %= puppet_env % /SNIP , In the node manifest: SNIP $puppet_env = '$::environment' /SNIP In the puppetmaster puppet.conf: SNIP [master] # Where the puppet manifests live templatedir = /opt/puppet/manifests modulepath = $confdir/environments/$environment/modules:$confdir/modules manifest= $confdir/manifests/unknown_environment.pp [dev] manifest = $confdir/manifests/dev.pp [prod] manifest = $confdir/manifests/prod.pp /SNIP Environment specific manifests. As you can see above, here if the node is a dev node, the manifest/dev.pp will be served and it does: SNIP import 'site.pp' import 'dev/*.pp' /SNIP site.pp being common dev and prod variables, etc. Then in the puppetmaster filerserver.conf (example from a erb template), change the /opt/puppet path as appropriate. For further clarification I use extdata and the extlookup function in erb templates and have dev.csv and prod.csv extdata files and there is a top scope variable of $puppet_repo = '/opt/puppet' Here is a snippet that serves environments/${environment}/{configs,modules,repo} directories to the nodes. fileserver.conf(.erb): SNIP [configs] path /opt/puppet/environments/%= environment %/configs # Environment nodes % node_ips.each do |val| -% allow %= val % % end -% % if cloud_provider == aws %# aws allow private IP allow %= ec2_local_ipv4 %% end % [repo] path %= puppet_repo %/environments/%= puppet_env %/repo # Environment nodes % node_ips.each do |val| -% allow %= val % % end -% % if cloud_provider == aws %# aws allow private IP allow %= ec2_local_ipv4 %% end % /SNIP A note regarding modules and environments, if you have environments configured and you have a module is the environments/${environment}/modules/module_a you cannot have modules/module_a. Putting it all together mysql_proxy example init.pp: SNIP # mysql-proxy config file { '/etc/sysconfig/mysql-proxy': owner = 'root', group = 'root', mode= '0644', # Here we use an inline_template that calls the file() resource. The template # resource does not allow to use the first file found like the source resource # does.
[Puppet Users] Re: What is the intention of thin_storeconfigs?
On Thursday, July 12, 2012 3:29:15 AM UTC-5, badamowicz wrote: I started doing some experiments with the configuration option 'thin_storeconfigs=true' by adding this option to one of my Puppet masters. However, I could not determine any change in behavior. I expected to have the resources collected faster, but Puppet still takes some 15min to do the job. So maybe I misunderstood something. Should this option instead be placed in the client's configuration to make them export only the @@-resources? Couldn't find any documentation. So any help is appreciated. Google gave me this as my number one hit: http://projects.puppetlabs.com/projects/1/wiki/Using_Stored_Configuration. It's a bit dated, but it nevertheless contains the key information: [thin storeconfigs] only collects and stores to the database exported resources, tags and host facts. 'Thick' storeconfigs additionally stores non-exported resources, and possibly other things -- overall, a relational representation of nodes' entire catalogs. I would expect thin storeconfigs to accelerate resource collection relative to thick only if the *overall* database size were slowing the DBMS. If the problem is specifically with the number and/or complexity of exported resources, then thin vs. thick should not make a difference in that area. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/ehNmEJw6uVUJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] CRAY / BlueGeneQ
Pablo, If your Cray systems are running Cray Linux, then it is possible Puppet will run in your environment, though we have yet to test this ourselves at Puppet. Cheers, Dominic Maragia On Thu, Jul 12, 2012 at 1:01 AM, Pablo Fernandez pablo.fernan...@cscs.chwrote: Dear all, I would like to ask you, does anybody here have experience with Puppet under CRAY systems, or BlueGeneQ? It would be nice to hear some experiences with this, if any. Thanks! Pablo -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@** googlegroups.com puppet-users%2bunsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/** group/puppet-users?hl=enhttp://groups.google.com/group/puppet-users?hl=en . -- Dominic Maraglia QA Engineer Puppet Labs -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: What is the intention of thin_storeconfigs?
On Thursday, July 12, 2012 3:29:15 AM UTC-5, badamowicz wrote: Should [thin_storeconfigs] instead be placed in the client's configuration to make them export only the @@-resources? No, (thin_)storeconfigs is a function of the master, at catalog compilation time. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/7_ug4xm5OFAJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] CRAY / BlueGeneQ
I dealt with a case that had a Cray XT4 using Redhat Linux specifically. More or less since the hardware and OS was just like any other platform we support, it wasn't a problem and we supported it. If you are using Cray Linux - I believe its based on the SuSE Linux platform (and we do support SLES 11sp1/2) - so if you have trouble I'm sure it wouldn't be hard to adapt, although it isn't a platform we have specifically targeted in the past. Some Facter patches would probably be needed to identify its version and OS - but if it works like SuSE in respect to packaging we already have the code to support zypper packages (if that is indeed what it uses) and other SuSE facilities - it all depends on the variations that Cray have taken. From a support perspective today Cray Linux would fall into a community effort, but that doesn't mean with some work it couldn't work for you. BlueGene/Q on the other hand is a PPC architecture isn't it? So what OS are you running on it? In most cases when it comes to Puppet - its the OS that matters. ken. On Thu, Jul 12, 2012 at 9:01 AM, Pablo Fernandez pablo.fernan...@cscs.ch wrote: Dear all, I would like to ask you, does anybody here have experience with Puppet under CRAY systems, or BlueGeneQ? It would be nice to hear some experiences with this, if any. Thanks! Pablo -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] nginx-passenger authentication / certificate issue
Hello, I have been stumped by an authentication / certificate problem and would like to know if anyone has resolved a similar issue. My fresh install of Puppet Master 2.7.18 on Debian 6 works normally when run standalone, using 'puppet master --verbose --no-daemonize'. When using nginx-passenger in front of the same puppet master, puppet fails with the authentication error: '… Forbidden request … access to /file_metadata/plugins [find] at line 57' This failure occurs on the same node that had successfully connected to Puppet Master when it was run standalone. The full log errors are here: http://pastebin.com/KH8Pyyw3 I can work-around this authentication error by appending 'allow *' for 'path /' in the puppet master's auth.conf file. Here is the Puppet Master auth.conf file I am using: http://pastebin.com/Ju0ke3rP I don't think this workaround is correct: the default authentication policy should not allow access to un-authenticated nodes. Here is my nginx.conf file: http://pastebin.com/q7HMuAZ0 Here is the config.ru configuration file: http://pastebin.com/1aCdsTJE Does anyone see what I am doing wrong? I have already tried deleting and recreating certificates for the agent and master. Thank you, Jon -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] nginx-passenger authentication / certificate issue
Are you sure you want to be using the passenger_set_cgi_param nginx directive and not proxy_set_header? The problem definitely seems to be Puppet not picking up the values that should be set in the HTTP_X_CLIENT_VERIFY and HTTP_X_CLIENT_DN request headers. -Jeff On Thu, Jul 12, 2012 at 7:34 AM, Jon Jaroker goo...@jaroker.com wrote: Hello, I have been stumped by an authentication / certificate problem and would like to know if anyone has resolved a similar issue. My fresh install of Puppet Master 2.7.18 on Debian 6 works normally when run standalone, using 'puppet master --verbose --no-daemonize'. When using nginx-passenger in front of the same puppet master, puppet fails with the authentication error: '… Forbidden request … access to /file_metadata/plugins [find] at line 57' This failure occurs on the same node that had successfully connected to Puppet Master when it was run standalone. The full log errors are here: http://pastebin.com/KH8Pyyw3 I can work-around this authentication error by appending 'allow *' for 'path /' in the puppet master's auth.conf file. Here is the Puppet Master auth.conf file I am using: http://pastebin.com/Ju0ke3rP I don't think this workaround is correct: the default authentication policy should not allow access to un-authenticated nodes. Here is my nginx.conf file: http://pastebin.com/q7HMuAZ0 Here is the config.ru configuration file: http://pastebin.com/1aCdsTJE Does anyone see what I am doing wrong? I have already tried deleting and recreating certificates for the agent and master. Thank you, Jon -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: err: Could not request certificate: execution expired
I see this also if the time on the client is too far out of sync with the time on the server. set the time to within a few seconds of the server first, then try again. On Tuesday, July 10, 2012 12:39:13 PM UTC-5, Ganesh Ganesh wrote: Hi Guys, I am trying to executed sign client to server, I give the command to client #puppetd --test -d -v debug: /File[/var/lib/puppet/ssl/private_keys]: Autorequiring File[/var/lib/puppet/ssl] debug: /File[/var/lib/puppet/ssl/certs]: Autorequiring File[/var/lib/puppet/ssl] debug: Finishing transaction 23595599384520 err: Could not request certificate: execution expired Exiting; failed to retrieve certificate and waitforcert is disabled How to resolve this, please guide me guys. -Ganesh. Did I learn something today? If not, I wasted it. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/K6IyTQw6wesJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: nginx-passenger authentication / certificate issue
I know when I was setting this up (http://z0mbix.github.com/blog/2012/03/01/use-nginx-and-passenger-to-power-your-puppet-master/), the main gotcha I came up against was the permissions of the config.ru file have to be the same as your puppet user. I can't remember what error this caused though. Cheers David On Thursday, 12 July 2012 15:34:06 UTC+1, Jon Jaroker wrote: Hello, I have been stumped by an authentication / certificate problem and would like to know if anyone has resolved a similar issue. My fresh install of Puppet Master 2.7.18 on Debian 6 works normally when run standalone, using 'puppet master --verbose --no-daemonize'. When using nginx-passenger in front of the same puppet master, puppet fails with the authentication error: '… Forbidden request … access to /file_metadata/plugins [find] at line 57' This failure occurs on the same node that had successfully connected to Puppet Master when it was run standalone. The full log errors are here: http://pastebin.com/KH8Pyyw3 I can work-around this authentication error by appending 'allow *' for 'path /' in the puppet master's auth.conf file. Here is the Puppet Master auth.conf file I am using: http://pastebin.com/Ju0ke3rP I don't think this workaround is correct: the default authentication policy should not allow access to un-authenticated nodes. Here is my nginx.conf file: http://pastebin.com/q7HMuAZ0 Here is the config.ru configuration file: http://pastebin.com/1aCdsTJE Does anyone see what I am doing wrong? I have already tried deleting and recreating certificates for the agent and master. Thank you, Jon -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/2MBuu8evOokJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: nginx-passenger authentication / certificate issue
Hello Jeff, Thank you for your reply. It pointed me in the right direction. Regarding 'proxy_set_header', I don't believe this directive has an effect on passenger. For passenger, I believe the 'passenger_set_cgi_param' directive must be used instead. My mistake was using the wrong parameter. While HTTP_X_CLIENT_* will work for 'proxy_set_header', I think you need to use SSL_CLIENT_* parameters for 'passenger_set_cgi_param'. Here is the change in nginx.conf that solved the problem for me. # passenger_set_cgi_param HTTP_X_CLIENT_DN $ssl_client_s_dn; # passenger_set_cgi_param HTTP_X_CLIENT_VERIFY $ssl_client_verify; passenger_set_cgi_param SSL_CLIENT_S_DN $ssl_client_s_dn; passenger_set_cgi_param SSL_CLIENT_VERIFY$ssl_client_verify; The puppet client is now able to connect normally. Regards, Jon On Jul 12, 10:44 am, Jeff McCune j...@puppetlabs.com wrote: Are you sure you want to be using the passenger_set_cgi_param nginx directive and not proxy_set_header? The problem definitely seems to be Puppet not picking up the values that should be set in the HTTP_X_CLIENT_VERIFY and HTTP_X_CLIENT_DN request headers. -Jeff On Thu, Jul 12, 2012 at 7:34 AM, Jon Jaroker goo...@jaroker.com wrote: Hello, I have been stumped by an authentication / certificate problem and would like to know if anyone has resolved a similar issue. My fresh install of Puppet Master 2.7.18 on Debian 6 works normally when run standalone, using 'puppet master --verbose --no-daemonize'. When using nginx-passenger in front of the same puppet master, puppet fails with the authentication error: '… Forbidden request … access to /file_metadata/plugins [find] at line 57' This failure occurs on the same node that had successfully connected to Puppet Master when it was run standalone. The full log errors are here:http://pastebin.com/KH8Pyyw3 I can work-around this authentication error by appending 'allow *' for 'path /' in the puppet master's auth.conf file. Here is the Puppet Master auth.conf file I am using:http://pastebin.com/Ju0ke3rP I don't think this workaround is correct: the default authentication policy should not allow access to un-authenticated nodes. Here is my nginx.conf file:http://pastebin.com/q7HMuAZ0 Here is the config.ru configuration file:http://pastebin.com/1aCdsTJE Does anyone see what I am doing wrong? I have already tried deleting and recreating certificates for the agent and master. Thank you, Jon -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group athttp://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: proper usage of global variables / node variables / +=
Nan is a Puppet Labs guy. One of our best :) His warning about dynamic scoping is something to take seriously. That's not a gratuitous error message - dynamic scoping causes all kinds of problems and has been scheduled for deprecation for a while now, and that's coming in the next major release. Details: http://docs.puppetlabs.com/guides/scope_and_puppet.html -Eric -- Eric Shamow Professional Services http://puppetlabs.com/ (c)631.871.6441 On Thursday, July 12, 2012 at 1:27 AM, fp wrote: At this point, however, I'm hoping that one of the PuppetLabs guys will jump in to either explain why I'm wrong or confirm that it's a bug. Any PuppetLabs guys reading? I realize they are all busy people, and it may take a while. It's all good. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com (mailto:puppet-users@googlegroups.com). To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com (mailto:puppet-users+unsubscr...@googlegroups.com). For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] How can I list classes available on the puppet master?
Is there a way to get a list of all the classes available from the puppet master? I have 2 goals for this - one is documentation in a human readable form, and the other is potentially importing that data into dashboard. I did find some info on the rest API (http://docs.puppetlabs.com/guides/rest_api.html#resource-types ) but I can't make any sense of the output from it. Thanks. Lee -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/wmJFsgZDA8sJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] problem using apache passenger to run dashboard
I do have a config.ru under /etc/puppet/rack, and it is owned by puppet. And that is the only config.ru I have. Under /usr/share/puppet-dashboard/public, there is no config.ru. But there is a /usr/share/puppet-dashboard/vendor/rails/railties/dispatches/config.ru. In the procedure I followed, it never ask me to config a config.ru file. http://docs.puppetlabs.com/dashboard/manual/1.2/bootstrapping.html Thanks. Hai Tao On Thu, Jul 12, 2012 at 12:47 AM, Denmat tu2bg...@gmail.com wrote: Hi, Haven't got details in front of me but check the puppet docs on passenger - I think you haven't set the right perms on your config.ru - should be owned by puppet. Cheers Den On 12/07/2012, at 4:28, Hai Tao ehai...@gmail.com wrote: The welcome page should only display when there is no webpage to display. I tried to remove the welcome page, and it still is not working. It looks to me that the passenger is not working correctly. httpd error log show this errors: # tail -f dashboard_error.log [Wed Jul 11 11:27:26 2012] [error] [client ::1] File does not exist: /usr/share/puppet-dashboard/public/nodes [Wed Jul 11 11:27:26 2012] [error] [client 10.224.78.200] File does not exist: /usr/share/puppet-dashboard/public/reports [Wed Jul 11 11:27:32 2012] [error] [client ::1] File does not exist: /usr/share/puppet-dashboard/public/nodes [Wed Jul 11 11:27:32 2012] [error] [client 10.224.78.200] File does not exist: /usr/share/puppet-dashboard/public/reports [Wed Jul 11 11:27:34 2012] [error] [client ::1] File does not exist: /usr/share/puppet-dashboard/public/nodes [Wed Jul 11 11:27:34 2012] [error] [client 10.224.78.200] File does not exist: /usr/share/puppet-dashboard/public/reports [Wed Jul 11 11:27:35 2012] [error] [client ::1] File does not exist: /usr/share/puppet-dashboard/public/nodes [Wed Jul 11 11:27:35 2012] [error] [client 10.224.78.200] File does not exist: /usr/share/puppet-dashboard/public/reports [Wed Jul 11 11:27:43 2012] [error] [client ::1] File does not exist: /usr/share/puppet-dashboard/public/nodes [Wed Jul 11 11:27:44 2012] [error] [client 10.224.78.200] File does not exist: /usr/share/puppet-dashboard/public/reports [Wed Jul 11 11:27:46 2012] [error] [client ::1] File does not exist: /usr/share/puppet-dashboard/public/nodes [Wed Jul 11 11:27:46 2012] [error] [client 10.224.78.200] File does not exist: /usr/share/puppet-dashboard/public/reports [Wed Jul 11 11:27:46 2012] [error] [client ::1] File does not exist: /usr/share/puppet-dashboard/public/nodes On Wed, Jul 11, 2012 at 11:13 AM, Jo Rhett jrh...@netconsonance.com wrote: On Jul 10, 2012, at 4:39 PM, Hai Tao wrote: but after I restarted httpd, I see a apache welcome page. Did you read the page? It probably tells you to remove /etc/httpd/conf.d/welcome.conf ... -- Jo Rhett Net Consonance : net philanthropy to improve open source and internet projects. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Hai Tao -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Hai Tao -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] problem using apache passenger to run dashboard
note, I also have a /usr/share/puppet/ext/rack/files/config.ru file. On Thu, Jul 12, 2012 at 9:04 AM, Hai Tao ehai...@gmail.com wrote: I do have a config.ru under /etc/puppet/rack, and it is owned by puppet. And that is the only config.ru I have. Under /usr/share/puppet-dashboard/public, there is no config.ru. But there is a /usr/share/puppet-dashboard/vendor/rails/railties/dispatches/config.ru. In the procedure I followed, it never ask me to config a config.ru file. http://docs.puppetlabs.com/dashboard/manual/1.2/bootstrapping.html Thanks. Hai Tao On Thu, Jul 12, 2012 at 12:47 AM, Denmat tu2bg...@gmail.com wrote: Hi, Haven't got details in front of me but check the puppet docs on passenger - I think you haven't set the right perms on your config.ru - should be owned by puppet. Cheers Den On 12/07/2012, at 4:28, Hai Tao ehai...@gmail.com wrote: The welcome page should only display when there is no webpage to display. I tried to remove the welcome page, and it still is not working. It looks to me that the passenger is not working correctly. httpd error log show this errors: # tail -f dashboard_error.log [Wed Jul 11 11:27:26 2012] [error] [client ::1] File does not exist: /usr/share/puppet-dashboard/public/nodes [Wed Jul 11 11:27:26 2012] [error] [client 10.224.78.200] File does not exist: /usr/share/puppet-dashboard/public/reports [Wed Jul 11 11:27:32 2012] [error] [client ::1] File does not exist: /usr/share/puppet-dashboard/public/nodes [Wed Jul 11 11:27:32 2012] [error] [client 10.224.78.200] File does not exist: /usr/share/puppet-dashboard/public/reports [Wed Jul 11 11:27:34 2012] [error] [client ::1] File does not exist: /usr/share/puppet-dashboard/public/nodes [Wed Jul 11 11:27:34 2012] [error] [client 10.224.78.200] File does not exist: /usr/share/puppet-dashboard/public/reports [Wed Jul 11 11:27:35 2012] [error] [client ::1] File does not exist: /usr/share/puppet-dashboard/public/nodes [Wed Jul 11 11:27:35 2012] [error] [client 10.224.78.200] File does not exist: /usr/share/puppet-dashboard/public/reports [Wed Jul 11 11:27:43 2012] [error] [client ::1] File does not exist: /usr/share/puppet-dashboard/public/nodes [Wed Jul 11 11:27:44 2012] [error] [client 10.224.78.200] File does not exist: /usr/share/puppet-dashboard/public/reports [Wed Jul 11 11:27:46 2012] [error] [client ::1] File does not exist: /usr/share/puppet-dashboard/public/nodes [Wed Jul 11 11:27:46 2012] [error] [client 10.224.78.200] File does not exist: /usr/share/puppet-dashboard/public/reports [Wed Jul 11 11:27:46 2012] [error] [client ::1] File does not exist: /usr/share/puppet-dashboard/public/nodes On Wed, Jul 11, 2012 at 11:13 AM, Jo Rhett jrh...@netconsonance.com wrote: On Jul 10, 2012, at 4:39 PM, Hai Tao wrote: but after I restarted httpd, I see a apache welcome page. Did you read the page? It probably tells you to remove /etc/httpd/conf.d/welcome.conf ... -- Jo Rhett Net Consonance : net philanthropy to improve open source and internet projects. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Hai Tao -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Hai Tao -- Hai Tao -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: The Puppet Way to handle slow resources? (newbie)
In regard to: [Puppet Users] Re: The Puppet Way to handle slow resources?...: Chris, I'll take a look at exported resources. I don't have a problem with MCollective per se, I just don't want to add a bunch of other software if there's a native puppet way to solve the problem. From what I've seen, Puppet itself isn't supposed to solve this problem, MCollective is. Agreed. My plan A right now is that when the slow-running service is up and running it will tell Puppet to run. I haven't really thought about how this would work for multiple instances of the slow-service, I'm pretty sure that's not a hard problem to solve though. I've only partially followed this thread so I don't know if someone else has already suggested this, but if the real issue is that the interaction between software, init script, and puppet isn't working correctly, then why not have puppet manage and use a wrapper init script? You keep the init script that came with the software, but instead of having puppet use that for start/stop/status, you write your own local-service or mycompany-service init script and have that script call the original script and augment the logic in start/stop/status/whatever to do whatever is needed to work correctly with puppet. Tim -- Tim Mooney tim.moo...@ndsu.edu Enterprise Computing Infrastructure 701-231-1076 (Voice) Room 242-J6, IACC Building 701-231-8541 (Fax) North Dakota State University, Fargo, ND 58105-5164 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] OpenssL::BN Error
Hi Guys, I an trying to remove puppetca revoke certification i got openssl error [root@dvtelx3bayxit55 ~]# puppetca --revoke all notice: Revoked certificate with serial # Inventory of signed certificates # SERIAL NOT_BEFORE NOT_AFTER SUBJECT 0x0001 2012-07-11T17:29:51GMT 2017-07-11T17:29:51GMT /CN=Puppet CA: dvtelx3bayxit55.localdomain err: Could not call revoke: Cannot convert into OpenSSL::BN [root@dvtelx3bayxit55 ~]# How to resolve this, please guide me.. -Ganesh. Did I learn something today? If not, I wasted it. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] how to conditionally add users to a virtualized group?
That's great if you have centralized and co-hosted infrastructure and are willing to accept the dependancy. Given that this is a small need for a small number of users on a very small amount of systems (like 3 out of hundreds) without a centralized backbone between them, implementing LDAP makes little sense. On Jul 12, 2012, at 12:52 AM, Denmat wrote: Puppet users and groups are fiddly. My current not implemented thinking is to use ldap and manage pam_groups via puppet on the hosts to get the granularity. More thinking out loud than anything else. Den On 12/07/2012, at 6:03, Jo Rhett jrh...@netconsonance.com wrote: I'm fighting with a ticklish issue. We have some groups and users that only belong on some systems. So we made all users virtual and then realize them in classes specific to those system types. This works quite well for the users, but not for the groups. When you specify a user, you have to list all the groups they are in. groups = ['support',ops','dev'], Obviously some groups aren't realized on all systems, so this produces an error when usermod is run. '/usr/sbin/usermod -G support,ops,dev jrhett' returned 6: usermod: unknown group dev usermod: unknown group dev So I tried to get smarter, and put logic to add the group to each member under the appropriate class Class users::dev inherits users { User['jrhett'] { groups + ['dev'] } } This works… almost. It works for all instances where the user is only subclassed once. But if I do the same technique in multiple classes I get err: Could not retrieve catalog from remote server: Error 400 on SERVER: Parameter 'groups' is already set on User_and_key[jrhett] by #Puppet::Resource::Type:0x7f4feed2d828 at /etc/puppet/modules/users/manifests/support.pp:22; cannot redefine at /etc/puppet/modules/users/manifests/dev.pp:27 on node s2-d1.company.com So how can this be achieved, short of using an exec with an unless doing another exec to determine if the group exists? -- Jo Rhett Net Consonance : net philanthropy to improve open source and internet projects. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Jo Rhett Net Consonance : net philanthropy to improve open source and internet projects. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] how to conditionally add users to a virtualized group?
On Jul 12, 2012, at 4:30 AM, Felix Frank wrote: On 07/11/2012 10:03 PM, Jo Rhett wrote: So I tried to get smarter, and put logic to add the group to each member under the appropriate class Class users::dev inherits users { User['jrhett'] { groups + ['dev'] } } This works… almost. It works for all instances where the user is only subclassed once. But if I do the same technique in multiple classes I get sound approach, but I've hit this wall a couple of times as well. I've resorted to horrors that would add items to array variables that are declared in a central, well-known class, and use the final value for the resources in question. Depending on how much flexibility is required, this may not be feasible at all. Hm. That might work, but seems even uglier :( Perhaps hiera can be used to do something clever here? This is actually something that hiera seems perfect for, but we simply don't have any backend dataset from which to derive hiera data at this time. That is going to change, and I'm looking forward to having hiera access at that point. -- Jo Rhett Net Consonance : net philanthropy to improve open source and internet projects. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] how to conditionally add users to a virtualized group?
On Jul 12, 2012, at 6:46 AM, jcbollinger wrote: If it is the case that each user always has the same potential secondary groups, and you need to narrow the actual secondary groups to those that are actually present, then I think you could do it without too much pain. The main ingredients would be a list (array) of the groups that are supposed to be present, and a custom function that forms the intersection of two arrays. (Or you could use an inline template and split(), but yuck!) Hiera would probably provide a good means for building the list of available groups, which you could then use not only to filter user definitions but also to drive virtual group realization. Here's a skeleton of how it might work: class auth::constants { $available_groups = hiera('groups') } Interesting idea, but depends on an external datasource that tells us which groups are valid. Since all of these groups are already defined in puppet, I simply don't see the value of managing intersections of data between a hiera data source and puppet. # Virtual user declarations, such as @user { 'jbolling': uid = 4200, gid = 4200, groups = intersect(['dev', 'support', 'ops'], $auth::constants::available_groups) } } I think the intersect idea is valid, as long as I can find out if a parameter is realized or not. Basically, write a function that removes from the array any group which isn't realized. This removes any need for heira. However I'm poking around and the docs don't show any methods to determine if something has been realized or not. If I am reading this right, intersect is provided by stdlib, right? So I really just need to write a function to determine if something is realized or not. I suspect this is going to fall back to the same issues as defined() unless I can delay execution until the end. -- Jo Rhett Net Consonance : net philanthropy to improve open source and internet projects. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] puppet 3.0.0 and hiera
On Tuesday, 10 July 2012 03:18:47 UTC+2, Henrik Lindberg wrote: On 2012-09-07 19:07, Kelsey Hightower wrote: You'll need hiera-puppet, which contains the parser functions. Puppet 3.0.0 should bring in both Hiera and hiera-puppet as deps. Thanks, that is a good start. My issue is however that I don't want to install things in order to scan them for content as I am building an index of functions, types, etc. in the puppet runtime. Currently Geppetto does not offer users the ability to do these scans so I can just mash something up to create the index, but ultimately I would want to be able to scan an (any) installation and get all the installed functions. So, my questions is really, in an installation, how does puppet find puppet-hiera and know that there are parser functions. Is it added to the module path or is it done via some other mechanism? Reading this: http://puppetlabs.com/blog/first-look-installing-and-using-hiera/ It looks like the source needs to be copied into puppet's modulepath drectory - will this be different in 3.0.0 Yes that's exactly what happens. Nothing has to be done. It will just work. Regards - henrik On Jul 9, 2012, at 9:21 AM, Henrik Lindberg henrik.lindb...@cloudsmith.com wrote: Hi, If I have understood it correctly, puppet 3.0.0 will include / require hiera. In order to add support for hiera directly in Geppetto I downloaded the puppet 3.0.0rc tarball expecting to find the puppet-hiera functions, but they where not there. What is the expected packaging going to be when 3.0.0 is released? Where should I expect the hiera parser functions to be located? (For now I can compose the result manually, but I would like to know where they are supposed to be so I do this correctly from the start). If you want to, you can also comment on https://github.com/cloudsmith/geppetto/issues/282 Regards - henrik -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/bQXKaarut08J. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] How can I list classes available on the puppet master?
One way to approach this (for documentation) is to build a file resource backed by a template. The template would contain something like the following. It prints out all the classes defined in that agents catalog. % classes.each do |klass| -% The class %= klass % is defined % end -% This example could be used to build something like /etc/motd on each system with the list of defined classes. As for Dashboard, if you chose to use it as your ENC, the class information is already there. Otherwise, that's not something you can really do (afaik) outside of a custom fact that each machine populates into the Dashboards inventory service. HTH, --Ryan On Thu, Jul 12, 2012 at 8:54 AM, llow...@oreillyauto.com llow...@oreillyauto.com wrote: Is there a way to get a list of all the classes available from the puppet master? I have 2 goals for this - one is documentation in a human readable form, and the other is potentially importing that data into dashboard. I did find some info on the rest API (http://docs.puppetlabs.com/guides/rest_api.html#resource-types ) but I can't make any sense of the output from it. Thanks. Lee -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/wmJFsgZDA8sJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Ryan Coleman | about.me/ryc Modules Forge @ Puppet Labs -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] How can I list classes available on the puppet master?
Crap, I forgot to mention my source: http://docs.puppetlabs.com/guides/templating.html#access-to-defined-tags-and-classes On Thu, Jul 12, 2012 at 1:08 PM, Ryan Coleman r...@puppetlabs.com wrote: One way to approach this (for documentation) is to build a file resource backed by a template. The template would contain something like the following. It prints out all the classes defined in that agents catalog. % classes.each do |klass| -% The class %= klass % is defined % end -% This example could be used to build something like /etc/motd on each system with the list of defined classes. As for Dashboard, if you chose to use it as your ENC, the class information is already there. Otherwise, that's not something you can really do (afaik) outside of a custom fact that each machine populates into the Dashboards inventory service. HTH, --Ryan On Thu, Jul 12, 2012 at 8:54 AM, llow...@oreillyauto.com llow...@oreillyauto.com wrote: Is there a way to get a list of all the classes available from the puppet master? I have 2 goals for this - one is documentation in a human readable form, and the other is potentially importing that data into dashboard. I did find some info on the rest API (http://docs.puppetlabs.com/guides/rest_api.html#resource-types ) but I can't make any sense of the output from it. Thanks. Lee -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/wmJFsgZDA8sJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Ryan Coleman | about.me/ryc Modules Forge @ Puppet Labs -- Ryan Coleman | about.me/ryc Modules Forge @ Puppet Labs -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] How can I list classes available on the puppet master?
Comments inline. On Thursday, July 12, 2012 3:08:10 PM UTC-5, Ryan Coleman wrote: One way to approach this (for documentation) is to build a file resource backed by a template. The template would contain something like the following. It prints out all the classes defined in that agents catalog. I'm not really wanting a listing of classes currently applied to a given node. I am wanting to get a listing of every class that is defined and available to be used in node defs. % classes.each do |klass| -% The class %= klass % is defined % end -% This example could be used to build something like /etc/motd on each system with the list of defined classes. As for Dashboard, if you chose to use it as your ENC, the class information is already there. Otherwise, that's not something you can really do (afaik) outside of a custom fact that each machine populates into the Dashboards inventory service. The class info is not already there, it only sees and can use classes that you define either through it's web UI or by inserting directly into it's DB. HTH, --Ryan On Thu, Jul 12, 2012 at 8:54 AM, llowder wrote: Is there a way to get a list of all the classes available from the puppet master? I have 2 goals for this - one is documentation in a human readable form, and the other is potentially importing that data into dashboard. I did find some info on the rest API (http://docs.puppetlabs.com/guides/rest_api.html#resource-types ) but I can't make any sense of the output from it. Thanks. Lee -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/wmJFsgZDA8sJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Ryan Coleman | about.me/ryc Modules Forge @ Puppet Labs -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/aQ2szZ_TnUcJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] How can I list classes available on the puppet master?
On Thu, Jul 12, 2012 at 8:54 AM, llow...@oreillyauto.com llow...@oreillyauto.com wrote: Is there a way to get a list of all the classes available from the puppet master? We've actually addressed this more directly in the upcoming Telly branch, where we've extended the resource_type REST API to make this simpler: https://projects.puppetlabs.com/issues/14137 You'll be able to directly ask the question via an API of what classes exist in this environment? Note you can do this already prior to Telly, but you need to do filtering yourself on the returned output to just grab class information. I have 2 goals for this - one is documentation in a human readable form, and the other is potentially importing that data into dashboard. I did find some info on the rest API (http://docs.puppetlabs.com/guides/rest_api.html#resource-types ) but I can't make any sense of the output from it. Thanks. Lee -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/wmJFsgZDA8sJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Nigel Kersten | http://puppetlabs.com | @nigelkersten Schedule Meetings at: http://tungle.me/nigelkersten -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] How can I list classes available on the puppet master?
- Original Message - From: Ryan Coleman r...@puppetlabs.com To: puppet-users@googlegroups.com Sent: Thursday, July 12, 2012 9:08:55 PM Subject: Re: [Puppet Users] How can I list classes available on the puppet master? Crap, I forgot to mention my source: http://docs.puppetlabs.com/guides/templating.html#access-to-defined-tags-and-classes On Thu, Jul 12, 2012 at 1:08 PM, Ryan Coleman r...@puppetlabs.com wrote: One way to approach this (for documentation) is to build a file resource backed by a template. The template would contain something like the following. It prints out all the classes defined in that agents catalog. % classes.each do |klass| -% The class %= klass % is defined % end -% that classes array is built up during parsing so when used like this it wont be complete till the end of the compile, so its not reliable. same reason that defined() doesnt work. Best way is to check classes.txt on the node. this code: - class one { } class two { } include one notice(inline_template(%= classes.inspect %)) include two notice(inline_template(%= classes.inspect %)) - does: - notice: Scope(Class[main]): [settings, one] notice: Scope(Class[main]): [settings, one, two] notice: Finished catalog run in 0.04 seconds - you can see the contents depend on the parse order and will only be complete at the end of the compile. if you supply a class list from an ENC the whole ENC received list will be in there from the start though -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] How can I list classes available on the puppet master?
http://docs.puppetlabs.com/man/doc.html I use a command like this: puppet doc --outputdir yadda...yadda/apache/htdocs/puppetmaster --mode rdoc --manifestdir /etc/puppet/manifests --modulepath /etc/puppet/modules And I get a fantastic web-tree describing every class on my PuppetMaster It does require you to document your code, but it is worth it IMNSHO :) “Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us.” Bill Waterson (Calvin Hobbes) - llow...@oreillyauto.com wrote: Is there a way to get a list of all the classes available from the puppet master? I have 2 goals for this - one is documentation in a human readable form, and the other is potentially importing that data into dashboard. I did find some info on the rest API (http://docs.puppetlabs.com/guides/rest_api.html#resource-types ) but I can't make any sense of the output from it. Thanks. Lee -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/wmJFsgZDA8sJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] How can I list classes available on the puppet master?
It's pretty ghetto, but we've used this script before, which I can confirm still works on Puppet 2.7.17: http://www.devco.net/archives/2010/02/26/what_does_puppet_manage_on_a_node-2.php cheers, Walter On Fri, Jul 13, 2012 at 4:22 AM, R.I.Pienaar r...@devco.net wrote: - Original Message - From: Ryan Coleman r...@puppetlabs.com To: puppet-users@googlegroups.com Sent: Thursday, July 12, 2012 9:08:55 PM Subject: Re: [Puppet Users] How can I list classes available on the puppet master? Crap, I forgot to mention my source: http://docs.puppetlabs.com/guides/templating.html#access-to-defined-tags-and-classes On Thu, Jul 12, 2012 at 1:08 PM, Ryan Coleman r...@puppetlabs.com wrote: One way to approach this (for documentation) is to build a file resource backed by a template. The template would contain something like the following. It prints out all the classes defined in that agents catalog. % classes.each do |klass| -% The class %= klass % is defined % end -% that classes array is built up during parsing so when used like this it wont be complete till the end of the compile, so its not reliable. same reason that defined() doesnt work. Best way is to check classes.txt on the node. this code: - class one { } class two { } include one notice(inline_template(%= classes.inspect %)) include two notice(inline_template(%= classes.inspect %)) - does: - notice: Scope(Class[main]): [settings, one] notice: Scope(Class[main]): [settings, one, two] notice: Finished catalog run in 0.04 seconds - you can see the contents depend on the parse order and will only be complete at the end of the compile. if you supply a class list from an ENC the whole ENC received list will be in there from the start though -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Walter Heck -- Check out my startup: Puppet training and consulting @ http://www.olindata.com Follow @olindata on Twitter and/or 'Like' our Facebook page at http://www.facebook.com/olindata -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Announce: PuppetDB 0.9.2 Available
PuppetDB 0.9.2 is the third beta release on the road to 1.0. Changes include new features and bug fixes. For details on changes in this release, please see the release notes below. # Downloads Available in native package format at http://yum.puppetlabs.com http://apt.puppetlabs.com Source (same license as Puppet): http://github.com/puppetlabs/puppetdb Available for use with Puppet Enterprise 2.5.1 and later at http://yum-enterprise.puppetlabs.com/ and http://apt-enterprise.puppetlabs.com/ # Documentation (including how to install): http://docs.puppetlabs.com/puppetdb # Issues can be filed at: http://projects.puppetlabs.com/projects/puppetdb/issues # Upgrading 1. On your puppetdb server, stop the puppetdb daemon 2. On your puppetmaster(s), stop the puppetmaster daemon 3. On your puppetdb server, install the new puppetdb package 4. On your puppetdb server, start the puppetdb daemon 5. On your puppetmaster(s), install the new puppetdb-terminus package 6. On your puppetmaster(s), start the puppetmaster daemon 0.9.2 = Many thanks to the following people who contributed patches to this release: * Jason Ashby * Kushal Pisavadia * Erik Dalén * Deepak Giridharagopal * Nick Lewis * Matthaus Litteken * Chris Price Notable features: * Allow more advanced storeconfigs queries Now, when using PuppetDB, your puppet manifests can use and and or in collection queries: File | mode == 0755 or content == bar | * (#14947) Restrict accetable client certificates by CN PuppetDB now implements an optional whitelist for HTTPS clients. If enabled by the user, we validate that the CN of the supplied client certificate exactly matches an entry in the whitelist. This allows users to restrict access to PuppetDB using the same CA infrastructure that Puppet already uses. For example, you can restrict access to PuppetDB to just your puppetmaster boxes. This feature is off by default. Refer to the documentation on the `certificate-whitelist` configuration option for details. Notable fixes: * (#15388) Add redirect from '/' to the dashboard Prior to this fix, if you started up PuppetDB and then attempted to browse to /, you'd get an error message that might lead you to believe that the server wasn't actually running (depending on your browser). This commit simply adds a redirect from / to the dashboard index page. * (#14688) Improve stdout/stderr handling for redhat init script Prior to this fix, the redhat init script was keeping stdout/stderr open when you called service puppetdb stop. This resulted in some undesirable behavior; starting the service over an ssh connection would not release the ssh connection, errors would appear on the console rather than in the log file, etc. Now, daemon startup redirects stdout/stderr to a file (puppetdb-daemon.log) instead of spamming the console, and we more properly background the launched process to prevent locking of a parent SSH connection. * (#15349) Work around non-string resource titles It's possible in some cases for Puppet to generate a resource whose title isn't a string. However, since the generated edges refer to the resource using a string title, we end up with a mismatch. Now we will stringify all resource titles on the way out. In future, Puppet should do this for us. * (#15446) Improve handling of user/group removal on rpm removal Fixed the following bugs in our handling of user/group removal during rpm removal: 1. We were not conditioning the calls to groupdel / userdel to avoid running them during an upgrade, which meant that we were trying to delete them even during upgrades... which would have been bad. 2. We had an || where we needed an , so we weren't actually calling the groupdel / userdel commands. 3. We were hard-coding the user's home dir to a bad path. 4. We had some '-r' flags that were wrong and/or unnecessary. * (#15136, #15340) Properly handle non-string node queries Previously, these would result in 500 errors as the database failed the comparisons because of mismatched types. Now, all equality comparisons will be done against strings, and all numeric comparisons will be done against numbers. For equality comparisons, non-string arguments will be converted. This allows natural queries against numbers or booleans to work despite all fact values technically being strings. For numeric comparisons, non-numeric arguments will be converted. However, if the argument doesn't represent a number, the query will be rejected. * (#15075) Improve handling of service start/stop during rpm upgrade/uninstall On uninstall, we now check to see if this is part of an upgrade or not, and we only stop and disable the service if this is *not* part of an upgrade. Also, we stop the service before we install the new package, and restart it after we finish removing the old package. * (#15321) Add aliases for namevars that are munged via
Re: [Puppet Users] How can I list classes available on the puppet master?
Comments inline On Thursday, July 12, 2012 3:29:27 PM UTC-5, Ygor wrote: http://docs.puppetlabs.com/man/doc.html I use a command like this: puppet doc --outputdir yadda...yadda/apache/htdocs/puppetmaster --mode rdoc --manifestdir /etc/puppet/manifests --modulepath /etc/puppet/modules And I get a fantastic web-tree describing every class on my PuppetMaster It does require you to document your code, but it is worth it IMNSHO :) I had tried this before, unsuccessfully. But it is working on my dev environment (perhaps my prod and test masters don't have rdoc installed? Shall have to look into that later). So I am glad that part is working. Now I just need to find a good ay to get the info into dashboard. “Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us.” Bill Waterson (Calvin Hobbes) -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/OFj4YYtBmBwJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] How can I list classes available on the puppet master?
Here's a little script that finds all .pp files in an environment parse them an print all the found classes. I didnt test if it works for .pp files with more than 1 class in them Just point it at your module path and environment at the top require 'puppet' require 'find' Puppet.settings[:modulepath] = /etc/puppet/manifests/common/modules parser = Puppet::Parser::Parser.new(Puppet::Node::Environment.new(production)) klasses = [] Find.find(Puppet.settings[:modulepath]) do |f| next unless f =~ /\.pp$/ parser.file = f ast = parser.parse ast.instantiate('').each do |resource_type| klasses resource_type.namespace if resource_type.file == f end end klasses.sort.each{|k| puts k} -- - Original Message - From: llow...@oreillyauto.com To: puppet-users@googlegroups.com Sent: Thursday, July 12, 2012 9:55:55 PM Subject: Re: [Puppet Users] How can I list classes available on the puppet master? Comments inline On Thursday, July 12, 2012 3:29:27 PM UTC-5, Ygor wrote: http://docs.puppetlabs.com/man/doc.html I use a command like this: puppet doc --outputdir yadda...yadda/apache/htdocs/puppetmaster --mode rdoc --manifestdir /etc/puppet/manifests --modulepath /etc/puppet/modules And I get a fantastic web-tree describing every class on my PuppetMaster It does require you to document your code, but it is worth it IMNSHO :) I had tried this before, unsuccessfully. But it is working on my dev environment (perhaps my prod and test masters don't have rdoc installed? Shall have to look into that later). So I am glad that part is working. Now I just need to find a good ay to get the info into dashboard. “Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us.” Bill Waterson (Calvin Hobbes) -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/OFj4YYtBmBwJ . To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Crontab overwritten by Puppet
On Mon, Jul 09, 2012 at 06:48:41AM -0700, Kmbu wrote: Hello folks.. I suddenly found the crontab on one of my puppet clients overwritten. It had many entries, including one created by Puppet. Suddenly during one run it was overwritten, keeping only the Puppet entry and removing everything else. Nothing changed between the previous runs and the one that re-created the crontab in terms of configuration. I'm running Puppet 2.7.6. Fri Jul 06 22:00:16 +0200 2012 Puppet (notice): Reopening log files Fri Jul 06 22:03:58 +0200 2012 Puppet (notice): Finished catalog run in 5.34 seconds Fri Jul 06 22:10:15 +0200 2012 Puppet (notice): Reopening log files Fri Jul 06 22:11:18 +0200 2012 Puppet (notice): Finished catalog run in 5.30 seconds Fri Jul 06 22:20:15 +0200 2012 Puppet (notice): Reopening log files Fri Jul 06 22:23:05 +0200 2012 Puppet (notice): Finished catalog run in 5.81 seconds Fri Jul 06 22:30:15 +0200 2012 Puppet (notice): Reopening log files Fri Jul 06 22:35:04 +0200 2012 Puppet (notice): Finished catalog run in 5.92 seconds Fri Jul 06 22:40:15 +0200 2012 Puppet (notice): Reopening log files Fri Jul 06 22:44:35 +0200 2012 /Stage[main]/Cre-base/Cron[puppet-run]/ensure (notice): created Fri Jul 06 22:44:39 +0200 2012 Puppet (notice): Finished catalog run in 5.54 seconds Why would one run suddenly do this? Regards, It looks like prefetching (executing »crontab -l root« to get current cronentries) failed in some way. As a result puppet's in-memory representation of the crontab is empty. When puppet now evaluates your Cron['puppet-run'] resource, it detects it to be out of sync (is absent, should be present), so the in-memory representation now contains only your 'puppet-run' cronjob. If the new crontab is written back to disk, you will loose every other cronentry. Normally I would expect an error message if prefetching failed: Could not prefetch cron provider but that doesn't seem to be the case here. On the other hand there is an outstanding bug about failures beeing silently ignored on solaris [1] So a failure when running »crontab -l root« (do you manage crontabs of other users as well? You may hit [2] in that case) would at least explain the log output but the interesting question now is: Can you think of a situation *why* the command failed? [1] http://projects.puppetlabs.com/issues/14283 [2] http://projects.puppetlabs.com/issues/5752 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] how to conditionally add users to a virtualized group?
On Thursday, July 12, 2012 1:42:28 PM UTC-5, Jo wrote: On Jul 12, 2012, at 6:46 AM, jcbollinger wrote: If it is the case that each user always has the same potential secondary groups, and you need to narrow the actual secondary groups to those that are actually present, then I think you could do it without too much pain. The main ingredients would be a list (array) of the groups that are supposed to be present, and a custom function that forms the intersection of two arrays. (Or you could use an inline template and split(), but yuck!) Hiera would probably provide a good means for building the list of available groups, which you could then use not only to filter user definitions but also to drive virtual group realization. Here's a skeleton of how it might work: class auth::constants { $available_groups = hiera('groups') } Interesting idea, but depends on an external datasource that tells us which groups are valid. Since all of these groups are already defined in puppet, I simply don't see the value of managing intersections of data between a hiera data source and puppet. No, it doesn't depend on an external datasource; rather, It depends on up-front knowledge of which groups are supposed to be realized for the node. Although I proposed using an external datasource to provide that data, it could just as well be provided by an ENC or determined via DSL code based on conditionals, node facts, etc. Even class parameters. # Virtual user declarations, such as @user { 'jbolling': uid = 4200, gid = 4200, groups = intersect(['dev', 'support', 'ops'], $auth::constants::available_groups) } } I think the intersect idea is valid, as long as I can find out if a parameter is realized or not. Basically, write a function that removes from the array any group which isn't realized. This removes any need for heira. However I'm poking around and the docs don't show any methods to determine if something has been realized or not. If I am reading this right, intersect is provided by stdlib, right? If so, then I'm somehow overlooking it. My suggestion and expectation was that you would create it yourself, but it seems sufficiently general-purpose that you might find something suitable already made. You can also, of course, jerry-rig something based on inline_template(). So I really just need to write a function to determine if something is realized or not. I suspect this is going to fall back to the same issues as defined() unless I can delay execution until the end. I would avoid that variation on this approach if at all possible. You would sidestep multiple pitfalls if you could determine up front, based on node name and facts, which groups are *supposed* to be present, instead of attempting to determine after the fact which were realized. Indeed, you might even find it convenient to use that information to drive group realization. If nothing else, doing so would ensure that users aren't assigned to secondary groups that don't get realized. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/tO-mgaYJ7-sJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: proper usage of global variables / node variables / +=
On Thursday, July 12, 2012 10:52:23 AM UTC-5, Eric Shamow wrote: Nan is a Puppet Labs guy. One of our best :) His warning about dynamic scoping is something to take seriously. That's not a gratuitous error message - dynamic scoping causes all kinds of problems and has been scheduled for deprecation for a while now, and that's coming in the next major release. Details: http://docs.puppetlabs.com/guides/scope_and_puppet.html Thanks, Eric, but none of that is responsive to the question presently at hand, which is whether the behavior the OP observed with += is buggy (as I have claimed) or intentional. Are you or Nan, either one, willing to opine on that one? John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/X4j1dAM9TpIJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: ENC questions
On Thursday, July 12, 2012 8:27:16 AM UTC-5, llo...@oreillyauto.com wrote: I've been trying to wrap my head around ENCs. Kelsey Hightower gave me some very useful info in IRC the other day, but there are still some things I can't quite get my head around. From what I can tell, an ENC allows you to assign classes and parameters (top scope variables) to a given node or group of nodes. They cannot declare/define relationships (chain classes together to order them) or declare individual resources. The purpose is to help separate data and configuration. From reading what documentation I could find on the puppet site (some of which is potentially inaccurate / outdated from the wiki), the only way to get around these limits is to build your modules, then define a series of wrapper classes and super classes and assign these to the nodes. We've got 2 dozen or so systems that we manage with puppet, and so far have done it all just using node defs. What benefits would there be in using an ENC, from an admin side of things? Is it something that would be worth my time in setting up? I'm trying to understand this, and my long term goal is to maximize the benefit we get from puppet. If your node definitions contain only class and maybe variable declarations -- a good practice -- then you would not have much trouble doing the same thing with an ENC. With that said, I don't think there are very many sites that would benefit from *writing their own* ENCs. If you are using Foreman or the Puppet Dashboard, however, then you already have an ENC available to you, with a spiffy UI and everything. Overall, as long as you're satisfied with writing node definitions in Puppet DSL, I don't think it's worth the time and effort to change. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/Yg9jlmWjkEkJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: ENC questions
On Jul 12, 2012, at 2:42 PM, jcbollinger wrote: On Thursday, July 12, 2012 8:27:16 AM UTC-5, llo...@oreillyauto.com wrote: I've been trying to wrap my head around ENCs. Kelsey Hightower gave me some very useful info in IRC the other day, but there are still some things I can't quite get my head around. From what I can tell, an ENC allows you to assign classes and parameters (top scope variables) to a given node or group of nodes. They cannot declare/define relationships (chain classes together to order them) or declare individual resources. The purpose is to help separate data and configuration. From reading what documentation I could find on the puppet site (some of which is potentially inaccurate / outdated from the wiki), the only way to get around these limits is to build your modules, then define a series of wrapper classes and super classes and assign these to the nodes. We've got 2 dozen or so systems that we manage with puppet, and so far have done it all just using node defs. What benefits would there be in using an ENC, from an admin side of things? Is it something that would be worth my time in setting up? I'm trying to understand this, and my long term goal is to maximize the benefit we get from puppet. If your node definitions contain only class and maybe variable declarations -- a good practice -- then you would not have much trouble doing the same thing with an ENC. With that said, I don't think there are very many sites that would benefit from writing their own ENCs. If you are using Foreman or the Puppet Dashboard, however, then you already have an ENC available to you, with a spiffy UI and everything. Overall, as long as you're satisfied with writing node definitions in Puppet DSL, I don't think it's worth the time and effort to change. Just to further this discussion, I would recommend that the OP take a good look at Foreman since it not only provides an funcational ENC but also provides a listing of puppet classes that can be observed/inspected (another thread). There are a few instances where I have found Foreman's ENC useful to designate a top scoped variable on specific nodes which is then deduced by manifests to provide alternate configurations, create 'hostgroups' of grouping of classes so I can assign a node to a hostgroup to configure the node and also note that these 'hostgroups' are nestable. Lastly, the WebUI of Foreman provides the opportunity for others to participate in the configuration of specific nodes (or at least view the configuration). Craig -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: problem using apache passenger to run dashboard
you don't need a config.ru for puppet-dashboard public folder, I just switched to apache passenger for dashboard, it's working without the config.ru file. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/mCuf6Wbh8HEJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: ENC questions
On Thursday, July 12, 2012 4:42:12 PM UTC-5, jcbollinger wrote: On Thursday, July 12, 2012 8:27:16 AM UTC-5, llo...@oreillyauto.com wrote: I've been trying to wrap my head around ENCs. Kelsey Hightower gave me some very useful info in IRC the other day, but there are still some things I can't quite get my head around. From what I can tell, an ENC allows you to assign classes and parameters (top scope variables) to a given node or group of nodes. They cannot declare/define relationships (chain classes together to order them) or declare individual resources. The purpose is to help separate data and configuration. From reading what documentation I could find on the puppet site (some of which is potentially inaccurate / outdated from the wiki), the only way to get around these limits is to build your modules, then define a series of wrapper classes and super classes and assign these to the nodes. We've got 2 dozen or so systems that we manage with puppet, and so far have done it all just using node defs. What benefits would there be in using an ENC, from an admin side of things? Is it something that would be worth my time in setting up? I'm trying to understand this, and my long term goal is to maximize the benefit we get from puppet. If your node definitions contain only class and maybe variable declarations -- a good practice -- then you would not have much trouble doing the same thing with an ENC. With that said, I don't think there are very many sites that would benefit from *writing their own* ENCs. If you are using Foreman or the Puppet Dashboard, however, then you already have an ENC available to you, with a spiffy UI and everything. Overall, as long as you're satisfied with writing node definitions in Puppet DSL, I don't think it's worth the time and effort to change. Our node defs are mostly classes and variables, but they also do some ordering using chaining syntax, because, for an web app server, for example, you need to make sure that Java is installed before Tomcat. We don't currently make use of Stages, and while I see their benefit, I don't know that we need them with how we are using puppet currently. I'm not sure that we need an ENC either, as using the node defs is working well for us, and we typically only have one person working on a given module or node at any given time, but I want to maximize the benefit we get from puppet while making it easy to maintain and, as needed, reuse bits and pieces. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/Iw2AYnjcc6EJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: problem using apache passenger to run dashboard
what version of dashboard you are running? can you provide your httpd configuration for dashboard? Thanks. On Thu, Jul 12, 2012 at 2:50 PM, Clay clay...@gmail.com wrote: you don't need a config.ru for puppet-dashboard public folder, I just switched to apache passenger for dashboard, it's working without the config.ru file. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/mCuf6Wbh8HEJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Hai Tao -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: OpenssL::BN Error
That is an (admittedly unhelpful) error which means that the name you gave does not match any certificates the CA knows about. Give it the actual certname rather than 'all'. On Thursday, July 12, 2012 10:52:57 AM UTC-7, Ganesh Ganesh wrote: Hi Guys, I an trying to remove puppetca revoke certification i got openssl error [root@dvtelx3bayxit55 ~]# puppetca --revoke all notice: Revoked certificate with serial # Inventory of signed certificates # SERIAL NOT_BEFORE NOT_AFTER SUBJECT 0x0001 2012-07-11T17:29:51GMT 2017-07-11T17:29:51GMT /CN=Puppet CA: dvtelx3bayxit55.localdomain err: Could not call revoke: Cannot convert into OpenSSL::BN [root@dvtelx3bayxit55 ~]# How to resolve this, please guide me.. -Ganesh. Did I learn something today? If not, I wasted it. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/2Tl2iX7lqkQJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] how to conditionally add users to a virtualized group?
On Jul 12, 2012, at 2:26 PM, jcbollinger wrote: I would avoid that variation on this approach if at all possible. You would sidestep multiple pitfalls if you could determine up front, based on node name and facts, which groups are supposed to be present, instead of attempting to determine after the fact which were realized. Indeed, you might even find it convenient to use that information to drive group realization. If nothing else, doing so would ensure that users aren't assigned to secondary groups that don't get realized. This is what policy as expressed in the puppet manifests does. I don't see how to avoid the unrealized problem here. What's funny is that you are expressing exactly what puppet does today, but it appears you are suggesting that I need to create another data source and mirror the information out of puppet manifests into that for comparison purposes. Huh? I'm a bit baffled by the fairly constant suggestion by people here that I keep spreading out the places where information is stored. The point is to centralize the data, not provide more sources to grow inconsistent with each other. -- Jo Rhett Net Consonance : net philanthropy to improve open source and internet projects. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: How can I list classes available on the puppet master?
You could do something like this, it's not the cleanest in the world(I barely ever use sed anymore), but as something quick and dirty: curl -k -H Accept: yaml https://puppet:8140/mgmt/resource_types/class | more | grep name: | sed -e 's/^ *name: //;s/id.* //' | sort | uniq It'll have some bad data you'll have to parse out(built-in classes like notify, fail, etc.), but should work. On Thursday, July 12, 2012 11:54:25 AM UTC-4, llo...@oreillyauto.com wrote: Is there a way to get a list of all the classes available from the puppet master? I have 2 goals for this - one is documentation in a human readable form, and the other is potentially importing that data into dashboard. I did find some info on the rest API ( http://docs.puppetlabs.com/guides/rest_api.html#resource-types ) but I can't make any sense of the output from it. Thanks. Lee On Thursday, July 12, 2012 11:54:25 AM UTC-4, llo...@oreillyauto.com wrote: Is there a way to get a list of all the classes available from the puppet master? I have 2 goals for this - one is documentation in a human readable form, and the other is potentially importing that data into dashboard. I did find some info on the rest API ( http://docs.puppetlabs.com/guides/rest_api.html#resource-types ) but I can't make any sense of the output from it. Thanks. Lee On Thursday, July 12, 2012 11:54:25 AM UTC-4, llo...@oreillyauto.com wrote: Is there a way to get a list of all the classes available from the puppet master? I have 2 goals for this - one is documentation in a human readable form, and the other is potentially importing that data into dashboard. I did find some info on the rest API ( http://docs.puppetlabs.com/guides/rest_api.html#resource-types ) but I can't make any sense of the output from it. Thanks. Lee On Thursday, July 12, 2012 11:54:25 AM UTC-4, llo...@oreillyauto.com wrote: Is there a way to get a list of all the classes available from the puppet master? I have 2 goals for this - one is documentation in a human readable form, and the other is potentially importing that data into dashboard. I did find some info on the rest API ( http://docs.puppetlabs.com/guides/rest_api.html#resource-types ) but I can't make any sense of the output from it. Thanks. Lee -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/m4XmKKAYwtkJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Using catalog inventory/Puppet::Resource::Catalog?
I'd like to be able to get a list of all of the classes being applied to my nodes and insert this as a list into mcollective's facts.yaml file. The reason for this is that I have a couple post-commit hooks that parse out changes to specific modules/classes for changelog purposes and I'm considering adding in a call to mco find to include a list of affected nodes in the report. Which means the facts need to be there to be found. Now, puppet stores this in /var/lib/puppet/client_yaml/catalog/${fqdn}.yaml, and I could write it up as a custom fact extremely easily, or I could drop down to ruby and parse it out of the catalog that way, but I'm wondering if there's a built in path of exposure to that information somewhere. Just a list of all classes in the catalog. Anyone know offhand? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Announce: Puppet Dashboard 1.2.10 Available
1.2.10 is a maintenance release of Puppet Dashboard. It includes contributions from Will Hopper and Moses Mendoza. Thanks to Aaron Patterson for the security content in commit e17269f. This release is available for download at: https://downloads.puppetlabs.com/dashboard/puppet-dashboard-1.2.10.tar.gz Debian packages are available at https://apt.puppetlabs.com RPM packages are available at https://yum.puppetlabs.com See the Verifying Puppet Download section at: http://projects.puppetlabs.com/projects/puppet/wiki/Downloading_Puppet Please report feedback via the Puppet Labs Redmine site, using an affected version of 1.2.10: http://projects.puppetlabs.com/projects/dashboard Documentation is available at: http://docs.puppetlabs.com/dashboard/index.html 1.2.10 Security Fixes/Highlights === *Patch puppet-dashboard for CVE-2012-2660 This commit adds a patch to actionpack to address CVE-2012-2660, unsafe query generation vulnerability. This patch is taken from Aaron Patterson on the rails security list: https://groups.google.com/forum/?fromgroups#!topic/rubyonrails-security/8SA-M3as7A8 *(#11849) Add rake task to install cron job to clean up database reports This commit adds a rake task to install a monthly cron job to clean up old database reports, as suggested in official Puppet Labs documentation. This allows users to easily install the optional cron job while not risking undesired data loss for those who do not wish to have the job installed by default. 1.2.10 Changelog === Will Hopper (1) 5de691f (#11849) Add rake task to install cron job to clean up database reports Moses Mendoza (3) 07c75a3 cleanup on puppet-dashboard spec file b70344d create certs directory with installation d9b7eeb Install a default settings.yml file with database.yml e17269f Patch puppet-dashboard for CVE-2012-2660 signature.asc Description: Message signed with OpenPGP using GPGMail
Re: [Puppet Users] Using catalog inventory/Puppet::Resource::Catalog?
- Original Message - From: Nick Cammorato nick_cammor...@terc.edu To: puppet-users@googlegroups.com Sent: Thursday, July 12, 2012 5:35:28 PM Subject: [Puppet Users] Using catalog inventory/Puppet::Resource::Catalog? I'd like to be able to get a list of all of the classes being applied to my nodes and insert this as a list into mcollective's facts.yaml file. The reason for this is that I have a couple post-commit hooks that parse out changes to specific modules/classes for changelog purposes and I'm considering adding in a call to mco find to include a list of affected nodes in the report. Which means the facts need to be there to be found. mcollective already knows what classes are on a host, you can access it on the cli: mco rpc rpcutil inventory -I some.host -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: problem using apache passenger to run dashboard
I'm running puppet dashboard 1.2.9 , just followed document at http://docs.puppetlabs.com/dashboard/manual/1.2/bootstrapping.html#running-dashboard-in-a-production-quality-server , [root@puppet conf.d]# grep -v ^# dashboard-vhost.conf Listen 3000 VirtualHost *:3000 ServerName puppet.domain.com DocumentRoot /usr/share/puppet-dashboard/public/ Directory /usr/share/puppet-dashboard/public/ Options None Order allow,deny allow from all /Directory ErrorLog /var/log/httpd/dashboard_error.log LogLevel warn CustomLog /var/log/httpd/dashboard_access.log combined ServerSignature On /VirtualHost I have the passenger module config in /etc/httpd/conf/httpd.conf because puppet master is also using passenger. LoadModule passenger_module /usr/lib64/ruby/gems/1.8/gems/passenger-3.0.13/ext/apache2/mod_passenger.so PassengerRoot /usr/lib64/ruby/gems/1.8/gems/passenger-3.0.13 PassengerRuby /usr/bin/ruby -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/rl1IMNDZR3MJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: problem using apache passenger to run dashboard
that is almost exactly what I have , except I put the mod_passenger.so to /var/lib instead of /var/lib64. LoadModule passenger_module /usr/lib/ruby/gems/1.8/gems/passenger-3.0.13/ext/apache2/mod_passenger.so PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-3.0.13 PassengerRuby /usr/bin/ruby But I do not think that would affect anything. The thing is I have no experience with passenger, and I do not know how to trouble shoot this problem. Is there suggestions? Thanks. On Thu, Jul 12, 2012 at 4:30 PM, Clay clay...@gmail.com wrote: I'm running puppet dashboard 1.2.9 , just followed document at http://docs.puppetlabs.com/dashboard/manual/1.2/bootstrapping.html#running-dashboard-in-a-production-quality-server , [root@puppet conf.d]# grep -v ^# dashboard-vhost.conf Listen 3000 VirtualHost *:3000 ServerName puppet.domain.com DocumentRoot /usr/share/puppet-dashboard/public/ Directory /usr/share/puppet-dashboard/public/ Options None Order allow,deny allow from all /Directory ErrorLog /var/log/httpd/dashboard_error.log LogLevel warn CustomLog /var/log/httpd/dashboard_access.log combined ServerSignature On /VirtualHost I have the passenger module config in /etc/httpd/conf/httpd.conf because puppet master is also using passenger. LoadModule passenger_module /usr/lib64/ruby/gems/1.8/gems/passenger-3.0.13/ext/apache2/mod_passenger.so PassengerRoot /usr/lib64/ruby/gems/1.8/gems/passenger-3.0.13 PassengerRuby /usr/bin/ruby -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/rl1IMNDZR3MJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Hai Tao -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Announce: Puppet Dashboard 1.2.10 Available
On Jul 12, 2012, at 4:07 PM, William Hopper wrote: *(#11849) Add rake task to install cron job to clean up database reports This commit adds a rake task to install a monthly cron job to clean up old database reports, as suggested in official Puppet Labs documentation. This allows users to easily install the optional cron job while not risking undesired data loss for those who do not wish to have the job installed by default. Where is the documentation for this feature? How do I invoke it? The maintaining page still just says to create a cron job. -- Jo Rhett Net Consonance : net philanthropy to improve open source and internet projects. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: How can I list classes available on the puppet master?
So this is turning it into a small coding contest =). I needed something similar to this, and there's a pretty easy way to do this with the puppet resource_type face. require 'puppet' require 'puppet/face' Puppet::Face[:resource_type,:current].search('*').find_all {|x| x.type==:hostclass}.collect{|x| x.name}.sort You can do some interesting things, such as get all the classes parameters as well: Puppet::Face[:resource_type,:current].search('*').find_all {|x| x.type==:hostclass}.collect{|x| {x.name=x.arguments.keys}} Here's an example of classes and parameters it accept: [{apt::backports=[release, location]}, {apt::debian::testing=[]}, {apt::debian::unstable=[]}, {apt::params=[]}, {apt::release=[release_id]}, {apt::update=[]}, {apt= [purge_sources_list_d, purge_sources_list, always_apt_update, proxy_host, proxy_port, purge_preferences_d, disable_keys]}, ... Thanks, Nan On Thu, Jul 12, 2012 at 9:50 AM, Nick Cammorato nick_cammor...@terc.edu wrote: You could do something like this, it's not the cleanest in the world(I barely ever use sed anymore), but as something quick and dirty: curl -k -H Accept: yaml https://puppet:8140/mgmt/resource_types/class | more | grep name: | sed -e 's/^ *name: //;s/id.* //' | sort | uniq It'll have some bad data you'll have to parse out(built-in classes like notify, fail, etc.), but should work. On Thursday, July 12, 2012 11:54:25 AM UTC-4, llo...@oreillyauto.com wrote: Is there a way to get a list of all the classes available from the puppet master? I have 2 goals for this - one is documentation in a human readable form, and the other is potentially importing that data into dashboard. I did find some info on the rest API (http://docs.puppetlabs.com/guides/rest_api.html#resource-types ) but I can't make any sense of the output from it. Thanks. Lee On Thursday, July 12, 2012 11:54:25 AM UTC-4, llo...@oreillyauto.com wrote: Is there a way to get a list of all the classes available from the puppet master? I have 2 goals for this - one is documentation in a human readable form, and the other is potentially importing that data into dashboard. I did find some info on the rest API (http://docs.puppetlabs.com/guides/rest_api.html#resource-types ) but I can't make any sense of the output from it. Thanks. Lee On Thursday, July 12, 2012 11:54:25 AM UTC-4, llo...@oreillyauto.com wrote: Is there a way to get a list of all the classes available from the puppet master? I have 2 goals for this - one is documentation in a human readable form, and the other is potentially importing that data into dashboard. I did find some info on the rest API (http://docs.puppetlabs.com/guides/rest_api.html#resource-types ) but I can't make any sense of the output from it. Thanks. Lee On Thursday, July 12, 2012 11:54:25 AM UTC-4, llo...@oreillyauto.com wrote: Is there a way to get a list of all the classes available from the puppet master? I have 2 goals for this - one is documentation in a human readable form, and the other is potentially importing that data into dashboard. I did find some info on the rest API (http://docs.puppetlabs.com/guides/rest_api.html#resource-types ) but I can't make any sense of the output from it. Thanks. Lee -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/m4XmKKAYwtkJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Announce: PuppetDB 0.9.2 Available
Hi Everyone, I just upgraded to this on my ubuntu puppetmaster and I am having issues starting the server. I am running the openjdk-6-jre After some digging i found the options the start script was using and tried to start the daemon manually It gives me this error. start-stop-daemon --start --chuid puppetdb -v --make-pidfile --pidfile /var/run/puppetdb.pid --chdir /usr/share/puppet --exec /usr/bin/java -- -Xmx192m -jar /usr/share/puppetdb/puppetdb.jar services -c /etc/puppetdb/conf.d Starting /usr/bin/java... Exception in thread main java.lang.SecurityException: Invalid signature file digest for Manifest main attributes at sun.security.util.SignatureFileVerifier.processImpl(SignatureFileVerifier.java:239) at sun.security.util.SignatureFileVerifier.process(SignatureFileVerifier.java:193) at java.util.jar.JarVerifier.processEntry(JarVerifier.java:294) at java.util.jar.JarVerifier.update(JarVerifier.java:205) at java.util.jar.JarFile.initializeVerifier(JarFile.java:338) at java.util.jar.JarFile.getInputStream(JarFile.java:403) at sun.misc.JarIndex.getJarIndex(JarIndex.java:116) at sun.misc.URLClassPath$JarLoader$1.run(URLClassPath.java:623) at java.security.AccessController.doPrivileged(Native Method) at sun.misc.URLClassPath$JarLoader.ensureOpen(URLClassPath.java:614) at sun.misc.URLClassPath$JarLoader.init(URLClassPath.java:598) at sun.misc.URLClassPath$3.run(URLClassPath.java:348) at java.security.AccessController.doPrivileged(Native Method) at sun.misc.URLClassPath.getLoader(URLClassPath.java:337) at sun.misc.URLClassPath.getLoader(URLClassPath.java:314) at sun.misc.URLClassPath.getResource(URLClassPath.java:184) at java.net.URLClassLoader$1.run(URLClassLoader.java:209) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:205) at java.lang.ClassLoader.loadClass(ClassLoader.java:321) at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:294) at java.lang.ClassLoader.loadClass(ClassLoader.java:266) Could not find the main class: com.puppetlabs.puppetdb.core. Program will exit. On 13 July 2012 06:54, Matthaus Litteken matth...@puppetlabs.com wrote: PuppetDB 0.9.2 is the third beta release on the road to 1.0. Changes include new features and bug fixes. For details on changes in this release, please see the release notes below. # Downloads Available in native package format at http://yum.puppetlabs.com http://apt.puppetlabs.com Source (same license as Puppet): http://github.com/puppetlabs/puppetdb Available for use with Puppet Enterprise 2.5.1 and later at http://yum-enterprise.puppetlabs.com/ and http://apt-enterprise.puppetlabs.com/ # Documentation (including how to install): http://docs.puppetlabs.com/puppetdb # Issues can be filed at: http://projects.puppetlabs.com/projects/puppetdb/issues # Upgrading 1. On your puppetdb server, stop the puppetdb daemon 2. On your puppetmaster(s), stop the puppetmaster daemon 3. On your puppetdb server, install the new puppetdb package 4. On your puppetdb server, start the puppetdb daemon 5. On your puppetmaster(s), install the new puppetdb-terminus package 6. On your puppetmaster(s), start the puppetmaster daemon 0.9.2 = Many thanks to the following people who contributed patches to this release: * Jason Ashby * Kushal Pisavadia * Erik Dalén * Deepak Giridharagopal * Nick Lewis * Matthaus Litteken * Chris Price Notable features: * Allow more advanced storeconfigs queries Now, when using PuppetDB, your puppet manifests can use and and or in collection queries: File | mode == 0755 or content == bar | * (#14947) Restrict accetable client certificates by CN PuppetDB now implements an optional whitelist for HTTPS clients. If enabled by the user, we validate that the CN of the supplied client certificate exactly matches an entry in the whitelist. This allows users to restrict access to PuppetDB using the same CA infrastructure that Puppet already uses. For example, you can restrict access to PuppetDB to just your puppetmaster boxes. This feature is off by default. Refer to the documentation on the `certificate-whitelist` configuration option for details. Notable fixes: * (#15388) Add redirect from '/' to the dashboard Prior to this fix, if you started up PuppetDB and then attempted to browse to /, you'd get an error message that might lead you to believe that the server wasn't actually running (depending on your browser). This commit simply adds a redirect from / to the dashboard index page. * (#14688) Improve stdout/stderr handling for redhat init script Prior to this fix, the redhat init script was keeping stdout/stderr open when you called service puppetdb stop. This resulted in some
Re: [Puppet Users] certname doesn't seem to work on the agent
You will need to generate the certificate with the name you want to use other wise it will use the fqdn. Try using --certname=name_you_want on the command line when you request the certificate. On 12 July 2012 21:04, Kmbu yum...@hotmail.com wrote: There was no current cert. It was a new host. The cert was generated using the FQDN.. On Thursday, 12 July 2012 04:42:51 UTC+2, Pete wrote: Hi, Your config looks about right. Did you drop the current cert and request and sign a new one? On 11 July 2012 19:14, Kmbu wrote: Hi guys, I have a box that needs to identify itself to the puppetmaster as something different from the FQDN. I added certname to the agent configuration before the first run, but it doesn't seem to be sufficient. The certificate was generated for the FQDN, and the host appears in the dashboard as the FQDN, and the node name used to evaluate the manifest is also the FQDN. I would like to set it up so that, for all intents and purposes, the node/agent has a different name. I'm running Puppet 2.7.6 via Apache/Passenger. Here is my agent config: [agent] # Whether log files should always flush to disk. autoflush = true # Reporting setup for Puppet Dashboard report = true # Randomize agent runs to avoid clusters splay = true # The main Puppet configuration directory. The default for this parameter is calculated based on the user. If the process # is running as root or the user that Puppet is supposed to run as, it defaults to a system directory, but if it's running as any other user, # it defaults to being in the user's home directory. # The default value is '/etc/puppet'. confdir = confdir # Where Puppet stores dynamic and growing data. The default for this parameter is calculated specially, like `confdir`_. # The default value is '/var/lib/puppet'. vardir = vardir # Whether to print stack traces on some errors trace = true # How often puppet agent applies the client configuration; in seconds. Note that a runinterval of 0 means run continuously rather than never run. # If you want puppet agent to never run, you should start it with the --no-client option. runinterval = 300 # Whether to use colors when logging to the console. # Valid values are `ansi` (equivalent to `true`), `html` (mostly # used during testing with TextMate), and `false`, which produces # no color. # The default value is 'ansi'. color = ansi # The environment Puppet is running in. For clients # (e.g., `puppet agent`) this determines the environment itself, which # is used to find modules and much more. For servers (i.e., `puppet master`) this provides the default environment for nodes # we know nothing about. # The default value is 'production'. environment = pre # Where to find information about nodes. # The default value is 'plain'. # node_terminus = plain # Where the puppet agent web server logs. # The default value is '$logdir/http.log'. httplog = logpath/http.log # Send the process into the background. This is the default. # The default value is 'true'. daemonize = true # The name to use when handling certificates. Defaults # to the fully qualified domain name. certname = dns-name-here # Where Puppet should look for facts. Multiple directories should # be colon-separated, like normal PATH variables. # The default value is '$vardir/lib/facter:$vardir/facts'. factpath = $vardir/lib/facter:$vardir/facts # From where to retrieve facts. The standard Puppet `file` type # is used for retrieval, so anything that is a valid file source can # be used here. # The default value is 'puppet://$server/facts/'. factsource = puppet://puppetmaster/facts/ # The pid file # The default value is '$rundir/$name.pid'. pidfile = vardir/agent.pid # The user puppet master should run as. # The default value is 'puppet'. user = apache # The group puppet master should run as. # The default value is 'puppet'. group = apache # Wether the master should function as a certificate authority. # The default value is 'true'. ca = true # The search path for modules as a list of directories separated by the ':' character. # The default value is '$confdir/modules:/usr/share/puppet/modules'. modulepath = datadir/modules # The explicit value used for the node name for all requests the agent # makes to the master. WARNING: This setting is mutually exclusive with # node_name_fact. Changing this setting also requires changes to the default # auth.conf configuration on the Puppet Master. Please see #
Re: [Puppet Users] Announce: PuppetDB 0.9.2 Available
Side note. I downgraded to the old version and it still works so not as urgent now. On 13 July 2012 10:54, Peter Brown rendhal...@gmail.com wrote: Hi Everyone, I just upgraded to this on my ubuntu puppetmaster and I am having issues starting the server. I am running the openjdk-6-jre After some digging i found the options the start script was using and tried to start the daemon manually It gives me this error. start-stop-daemon --start --chuid puppetdb -v --make-pidfile --pidfile /var/run/puppetdb.pid --chdir /usr/share/puppet --exec /usr/bin/java -- -Xmx192m -jar /usr/share/puppetdb/puppetdb.jar services -c /etc/puppetdb/conf.d Starting /usr/bin/java... Exception in thread main java.lang.SecurityException: Invalid signature file digest for Manifest main attributes at sun.security.util.SignatureFileVerifier.processImpl(SignatureFileVerifier.java:239) at sun.security.util.SignatureFileVerifier.process(SignatureFileVerifier.java:193) at java.util.jar.JarVerifier.processEntry(JarVerifier.java:294) at java.util.jar.JarVerifier.update(JarVerifier.java:205) at java.util.jar.JarFile.initializeVerifier(JarFile.java:338) at java.util.jar.JarFile.getInputStream(JarFile.java:403) at sun.misc.JarIndex.getJarIndex(JarIndex.java:116) at sun.misc.URLClassPath$JarLoader$1.run(URLClassPath.java:623) at java.security.AccessController.doPrivileged(Native Method) at sun.misc.URLClassPath$JarLoader.ensureOpen(URLClassPath.java:614) at sun.misc.URLClassPath$JarLoader.init(URLClassPath.java:598) at sun.misc.URLClassPath$3.run(URLClassPath.java:348) at java.security.AccessController.doPrivileged(Native Method) at sun.misc.URLClassPath.getLoader(URLClassPath.java:337) at sun.misc.URLClassPath.getLoader(URLClassPath.java:314) at sun.misc.URLClassPath.getResource(URLClassPath.java:184) at java.net.URLClassLoader$1.run(URLClassLoader.java:209) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:205) at java.lang.ClassLoader.loadClass(ClassLoader.java:321) at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:294) at java.lang.ClassLoader.loadClass(ClassLoader.java:266) Could not find the main class: com.puppetlabs.puppetdb.core. Program will exit. On 13 July 2012 06:54, Matthaus Litteken matth...@puppetlabs.com wrote: PuppetDB 0.9.2 is the third beta release on the road to 1.0. Changes include new features and bug fixes. For details on changes in this release, please see the release notes below. # Downloads Available in native package format at http://yum.puppetlabs.com http://apt.puppetlabs.com Source (same license as Puppet): http://github.com/puppetlabs/puppetdb Available for use with Puppet Enterprise 2.5.1 and later at http://yum-enterprise.puppetlabs.com/ and http://apt-enterprise.puppetlabs.com/ # Documentation (including how to install): http://docs.puppetlabs.com/puppetdb # Issues can be filed at: http://projects.puppetlabs.com/projects/puppetdb/issues # Upgrading 1. On your puppetdb server, stop the puppetdb daemon 2. On your puppetmaster(s), stop the puppetmaster daemon 3. On your puppetdb server, install the new puppetdb package 4. On your puppetdb server, start the puppetdb daemon 5. On your puppetmaster(s), install the new puppetdb-terminus package 6. On your puppetmaster(s), start the puppetmaster daemon 0.9.2 = Many thanks to the following people who contributed patches to this release: * Jason Ashby * Kushal Pisavadia * Erik Dalén * Deepak Giridharagopal * Nick Lewis * Matthaus Litteken * Chris Price Notable features: * Allow more advanced storeconfigs queries Now, when using PuppetDB, your puppet manifests can use and and or in collection queries: File | mode == 0755 or content == bar | * (#14947) Restrict accetable client certificates by CN PuppetDB now implements an optional whitelist for HTTPS clients. If enabled by the user, we validate that the CN of the supplied client certificate exactly matches an entry in the whitelist. This allows users to restrict access to PuppetDB using the same CA infrastructure that Puppet already uses. For example, you can restrict access to PuppetDB to just your puppetmaster boxes. This feature is off by default. Refer to the documentation on the `certificate-whitelist` configuration option for details. Notable fixes: * (#15388) Add redirect from '/' to the dashboard Prior to this fix, if you started up PuppetDB and then attempted to browse to /, you'd get an error message that might lead you to believe that the server wasn't actually running (depending on your browser). This commit simply adds a redirect from / to the dashboard index page. * (#14688) Improve
Re: [Puppet Users] Announce: PuppetDB 0.9.2 Available
Ouch...I'll take a look at this now! What version of Ubuntu are you on? I'll bring up a VM and try to reproduce this. deepak On Fri, Jul 13, 2012 at 10:54:10AM +1000, Peter Brown rendhal...@gmail.com wrote: Hi Everyone, I just upgraded to this on my ubuntu puppetmaster and I am having issues starting the server. I am running the openjdk-6-jre After some digging i found the options the start script was using and tried to start the daemon manually It gives me this error. start-stop-daemon --start --chuid puppetdb -v --make-pidfile --pidfile /var/run/puppetdb.pid --chdir /usr/share/puppet --exec /usr/bin/java -- -Xmx192m -jar /usr/share/puppetdb/puppetdb.jar services -c /etc/puppetdb/conf.d Starting /usr/bin/java... Exception in thread main java.lang.SecurityException: Invalid signature file digest for Manifest main attributes at sun.security.util.SignatureFileVerifier.processImpl(SignatureFileVerifier.java:239) at sun.security.util.SignatureFileVerifier.process(SignatureFileVerifier.java:193) at java.util.jar.JarVerifier.processEntry(JarVerifier.java:294) at java.util.jar.JarVerifier.update(JarVerifier.java:205) at java.util.jar.JarFile.initializeVerifier(JarFile.java:338) at java.util.jar.JarFile.getInputStream(JarFile.java:403) at sun.misc.JarIndex.getJarIndex(JarIndex.java:116) at sun.misc.URLClassPath$JarLoader$1.run(URLClassPath.java:623) at java.security.AccessController.doPrivileged(Native Method) at sun.misc.URLClassPath$JarLoader.ensureOpen(URLClassPath.java:614) at sun.misc.URLClassPath$JarLoader.init(URLClassPath.java:598) at sun.misc.URLClassPath$3.run(URLClassPath.java:348) at java.security.AccessController.doPrivileged(Native Method) at sun.misc.URLClassPath.getLoader(URLClassPath.java:337) at sun.misc.URLClassPath.getLoader(URLClassPath.java:314) at sun.misc.URLClassPath.getResource(URLClassPath.java:184) at java.net.URLClassLoader$1.run(URLClassLoader.java:209) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:205) at java.lang.ClassLoader.loadClass(ClassLoader.java:321) at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:294) at java.lang.ClassLoader.loadClass(ClassLoader.java:266) Could not find the main class: com.puppetlabs.puppetdb.core. Program will exit. On 13 July 2012 06:54, Matthaus Litteken matth...@puppetlabs.com wrote: PuppetDB 0.9.2 is the third beta release on the road to 1.0. Changes include new features and bug fixes. For details on changes in this release, please see the release notes below. # Downloads Available in native package format at http://yum.puppetlabs.com http://apt.puppetlabs.com Source (same license as Puppet): http://github.com/puppetlabs/puppetdb Available for use with Puppet Enterprise 2.5.1 and later at http://yum-enterprise.puppetlabs.com/ and http://apt-enterprise.puppetlabs.com/ # Documentation (including how to install): http://docs.puppetlabs.com/puppetdb # Issues can be filed at: http://projects.puppetlabs.com/projects/puppetdb/issues # Upgrading 1. On your puppetdb server, stop the puppetdb daemon 2. On your puppetmaster(s), stop the puppetmaster daemon 3. On your puppetdb server, install the new puppetdb package 4. On your puppetdb server, start the puppetdb daemon 5. On your puppetmaster(s), install the new puppetdb-terminus package 6. On your puppetmaster(s), start the puppetmaster daemon 0.9.2 = Many thanks to the following people who contributed patches to this release: * Jason Ashby * Kushal Pisavadia * Erik Dalén * Deepak Giridharagopal * Nick Lewis * Matthaus Litteken * Chris Price Notable features: * Allow more advanced storeconfigs queries Now, when using PuppetDB, your puppet manifests can use and and or in collection queries: File | mode == 0755 or content == bar | * (#14947) Restrict accetable client certificates by CN PuppetDB now implements an optional whitelist for HTTPS clients. If enabled by the user, we validate that the CN of the supplied client certificate exactly matches an entry in the whitelist. This allows users to restrict access to PuppetDB using the same CA infrastructure that Puppet already uses. For example, you can restrict access to PuppetDB to just your puppetmaster boxes. This feature is off by default. Refer to the documentation on the `certificate-whitelist` configuration option for details. Notable fixes: * (#15388) Add redirect from '/' to the dashboard Prior to this fix, if you started up PuppetDB and then attempted to browse to /, you'd get an error message that might lead you to believe that the server wasn't actually
Re: [Puppet Users] Announce: PuppetDB 0.9.2 Available
On 13 July 2012 11:59, Deepak Giridharagopal dee...@puppetlabs.com wrote: Ouch...I'll take a look at this now! What version of Ubuntu are you on? I'll bring up a VM and try to reproduce this. Thanks Deepak. Ubuntu 12.04 (kubuntu actually but same diff) I noticed my jre was updated today as well. my openjdk-6-jre version is 6b24-1.11.3-1ubuntu0.12.04.1 if that helps let me know if you need any more info. Pete. deepak On Fri, Jul 13, 2012 at 10:54:10AM +1000, Peter Brown rendhal...@gmail.com wrote: Hi Everyone, I just upgraded to this on my ubuntu puppetmaster and I am having issues starting the server. I am running the openjdk-6-jre After some digging i found the options the start script was using and tried to start the daemon manually It gives me this error. start-stop-daemon --start --chuid puppetdb -v --make-pidfile --pidfile /var/run/puppetdb.pid --chdir /usr/share/puppet --exec /usr/bin/java -- -Xmx192m -jar /usr/share/puppetdb/puppetdb.jar services -c /etc/puppetdb/conf.d Starting /usr/bin/java... Exception in thread main java.lang.SecurityException: Invalid signature file digest for Manifest main attributes at sun.security.util.SignatureFileVerifier.processImpl(SignatureFileVerifier.java:239) at sun.security.util.SignatureFileVerifier.process(SignatureFileVerifier.java:193) at java.util.jar.JarVerifier.processEntry(JarVerifier.java:294) at java.util.jar.JarVerifier.update(JarVerifier.java:205) at java.util.jar.JarFile.initializeVerifier(JarFile.java:338) at java.util.jar.JarFile.getInputStream(JarFile.java:403) at sun.misc.JarIndex.getJarIndex(JarIndex.java:116) at sun.misc.URLClassPath$JarLoader$1.run(URLClassPath.java:623) at java.security.AccessController.doPrivileged(Native Method) at sun.misc.URLClassPath$JarLoader.ensureOpen(URLClassPath.java:614) at sun.misc.URLClassPath$JarLoader.init(URLClassPath.java:598) at sun.misc.URLClassPath$3.run(URLClassPath.java:348) at java.security.AccessController.doPrivileged(Native Method) at sun.misc.URLClassPath.getLoader(URLClassPath.java:337) at sun.misc.URLClassPath.getLoader(URLClassPath.java:314) at sun.misc.URLClassPath.getResource(URLClassPath.java:184) at java.net.URLClassLoader$1.run(URLClassLoader.java:209) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:205) at java.lang.ClassLoader.loadClass(ClassLoader.java:321) at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:294) at java.lang.ClassLoader.loadClass(ClassLoader.java:266) Could not find the main class: com.puppetlabs.puppetdb.core. Program will exit. On 13 July 2012 06:54, Matthaus Litteken matth...@puppetlabs.com wrote: PuppetDB 0.9.2 is the third beta release on the road to 1.0. Changes include new features and bug fixes. For details on changes in this release, please see the release notes below. # Downloads Available in native package format at http://yum.puppetlabs.com http://apt.puppetlabs.com Source (same license as Puppet): http://github.com/puppetlabs/puppetdb Available for use with Puppet Enterprise 2.5.1 and later at http://yum-enterprise.puppetlabs.com/ and http://apt-enterprise.puppetlabs.com/ # Documentation (including how to install): http://docs.puppetlabs.com/puppetdb # Issues can be filed at: http://projects.puppetlabs.com/projects/puppetdb/issues # Upgrading 1. On your puppetdb server, stop the puppetdb daemon 2. On your puppetmaster(s), stop the puppetmaster daemon 3. On your puppetdb server, install the new puppetdb package 4. On your puppetdb server, start the puppetdb daemon 5. On your puppetmaster(s), install the new puppetdb-terminus package 6. On your puppetmaster(s), start the puppetmaster daemon 0.9.2 = Many thanks to the following people who contributed patches to this release: * Jason Ashby * Kushal Pisavadia * Erik Dalén * Deepak Giridharagopal * Nick Lewis * Matthaus Litteken * Chris Price Notable features: * Allow more advanced storeconfigs queries Now, when using PuppetDB, your puppet manifests can use and and or in collection queries: File | mode == 0755 or content == bar | * (#14947) Restrict accetable client certificates by CN PuppetDB now implements an optional whitelist for HTTPS clients. If enabled by the user, we validate that the CN of the supplied client certificate exactly matches an entry in the whitelist. This allows users to restrict access to PuppetDB using the same CA infrastructure that Puppet already uses. For example, you can restrict access to PuppetDB to just your puppetmaster boxes. This feature is off by default. Refer to the documentation on the
Re: [Puppet Users] Announce: PuppetDB 0.9.2 Available
Oh on a whim i installed openjdk-7 and got the same results. On 13 July 2012 12:12, Peter Brown rendhal...@gmail.com wrote: On 13 July 2012 11:59, Deepak Giridharagopal dee...@puppetlabs.com wrote: Ouch...I'll take a look at this now! What version of Ubuntu are you on? I'll bring up a VM and try to reproduce this. Thanks Deepak. Ubuntu 12.04 (kubuntu actually but same diff) I noticed my jre was updated today as well. my openjdk-6-jre version is 6b24-1.11.3-1ubuntu0.12.04.1 if that helps let me know if you need any more info. Pete. deepak On Fri, Jul 13, 2012 at 10:54:10AM +1000, Peter Brown rendhal...@gmail.com wrote: Hi Everyone, I just upgraded to this on my ubuntu puppetmaster and I am having issues starting the server. I am running the openjdk-6-jre After some digging i found the options the start script was using and tried to start the daemon manually It gives me this error. start-stop-daemon --start --chuid puppetdb -v --make-pidfile --pidfile /var/run/puppetdb.pid --chdir /usr/share/puppet --exec /usr/bin/java -- -Xmx192m -jar /usr/share/puppetdb/puppetdb.jar services -c /etc/puppetdb/conf.d Starting /usr/bin/java... Exception in thread main java.lang.SecurityException: Invalid signature file digest for Manifest main attributes at sun.security.util.SignatureFileVerifier.processImpl(SignatureFileVerifier.java:239) at sun.security.util.SignatureFileVerifier.process(SignatureFileVerifier.java:193) at java.util.jar.JarVerifier.processEntry(JarVerifier.java:294) at java.util.jar.JarVerifier.update(JarVerifier.java:205) at java.util.jar.JarFile.initializeVerifier(JarFile.java:338) at java.util.jar.JarFile.getInputStream(JarFile.java:403) at sun.misc.JarIndex.getJarIndex(JarIndex.java:116) at sun.misc.URLClassPath$JarLoader$1.run(URLClassPath.java:623) at java.security.AccessController.doPrivileged(Native Method) at sun.misc.URLClassPath$JarLoader.ensureOpen(URLClassPath.java:614) at sun.misc.URLClassPath$JarLoader.init(URLClassPath.java:598) at sun.misc.URLClassPath$3.run(URLClassPath.java:348) at java.security.AccessController.doPrivileged(Native Method) at sun.misc.URLClassPath.getLoader(URLClassPath.java:337) at sun.misc.URLClassPath.getLoader(URLClassPath.java:314) at sun.misc.URLClassPath.getResource(URLClassPath.java:184) at java.net.URLClassLoader$1.run(URLClassLoader.java:209) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:205) at java.lang.ClassLoader.loadClass(ClassLoader.java:321) at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:294) at java.lang.ClassLoader.loadClass(ClassLoader.java:266) Could not find the main class: com.puppetlabs.puppetdb.core. Program will exit. On 13 July 2012 06:54, Matthaus Litteken matth...@puppetlabs.com wrote: PuppetDB 0.9.2 is the third beta release on the road to 1.0. Changes include new features and bug fixes. For details on changes in this release, please see the release notes below. # Downloads Available in native package format at http://yum.puppetlabs.com http://apt.puppetlabs.com Source (same license as Puppet): http://github.com/puppetlabs/puppetdb Available for use with Puppet Enterprise 2.5.1 and later at http://yum-enterprise.puppetlabs.com/ and http://apt-enterprise.puppetlabs.com/ # Documentation (including how to install): http://docs.puppetlabs.com/puppetdb # Issues can be filed at: http://projects.puppetlabs.com/projects/puppetdb/issues # Upgrading 1. On your puppetdb server, stop the puppetdb daemon 2. On your puppetmaster(s), stop the puppetmaster daemon 3. On your puppetdb server, install the new puppetdb package 4. On your puppetdb server, start the puppetdb daemon 5. On your puppetmaster(s), install the new puppetdb-terminus package 6. On your puppetmaster(s), start the puppetmaster daemon 0.9.2 = Many thanks to the following people who contributed patches to this release: * Jason Ashby * Kushal Pisavadia * Erik Dalén * Deepak Giridharagopal * Nick Lewis * Matthaus Litteken * Chris Price Notable features: * Allow more advanced storeconfigs queries Now, when using PuppetDB, your puppet manifests can use and and or in collection queries: File | mode == 0755 or content == bar | * (#14947) Restrict accetable client certificates by CN PuppetDB now implements an optional whitelist for HTTPS clients. If enabled by the user, we validate that the CN of the supplied client certificate exactly matches an entry in the whitelist. This allows users to restrict access to PuppetDB using the same CA infrastructure that Puppet already uses. For example, you can restrict access to
Re: [Puppet Users] Announce: PuppetDB 0.9.2 Available
On Fri, Jul 13, 2012 at 12:12:32PM +1000, Peter Brown rendhal...@gmail.com wrote: On 13 July 2012 11:59, Deepak Giridharagopal dee...@puppetlabs.com wrote: Ouch...I'll take a look at this now! What version of Ubuntu are you on? I'll bring up a VM and try to reproduce this. Thanks Deepak. Ubuntu 12.04 (kubuntu actually but same diff) I noticed my jre was updated today as well. my openjdk-6-jre version is 6b24-1.11.3-1ubuntu0.12.04.1 if that helps let me know if you need any more info. I believe we've found the problem. It looks like when we built the .debs we used a slightly older version of our build tool, which can't handle dependencies that are cryptographically signed. I'm going to work with the release team tonight to get those packages pulled, and rebuild new ones. We should have new .debs posted in the morning (US time). Thanks so much for the thorough diagnostics; it made it really easy to find the root of the problem. And I sincerely apologize for any problems this may have caused! deepak -- Deepak Giridharagopal / Puppet Labs / grim_radical -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Announce: PuppetDB 0.9.2 Available
On 13 July 2012 13:05, Deepak Giridharagopal dee...@puppetlabs.com wrote: On Fri, Jul 13, 2012 at 12:12:32PM +1000, Peter Brown rendhal...@gmail.com wrote: On 13 July 2012 11:59, Deepak Giridharagopal dee...@puppetlabs.com wrote: Ouch...I'll take a look at this now! What version of Ubuntu are you on? I'll bring up a VM and try to reproduce this. Thanks Deepak. Ubuntu 12.04 (kubuntu actually but same diff) I noticed my jre was updated today as well. my openjdk-6-jre version is 6b24-1.11.3-1ubuntu0.12.04.1 if that helps let me know if you need any more info. I believe we've found the problem. It looks like when we built the .debs we used a slightly older version of our build tool, which can't handle dependencies that are cryptographically signed. Yeah that sounds like what I imagined the problem to be. I'm going to work with the release team tonight to get those packages pulled, and rebuild new ones. We should have new .debs posted in the morning (US time). Thank you so very much. It's Saturday for me tomorrow so I won't see them till Monday. Thanks so much for the thorough diagnostics; it made it really easy to find the root of the problem. And I sincerely apologize for any problems this may have caused! All part of being an early adopter. :) And I am happy to help. I hope it will save someone else some grief. PuppetDB is an excellent addition to the puppet gang by the way. Eagerly awaiting to see it integrated into things more. Thanks again for the speedy replies and speedy resolution Deepak. Pete. deepak -- Deepak Giridharagopal / Puppet Labs / grim_radical -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.