Re: [Puppet Users] Puppetdb will setting gc-interval to 0 disable it
One of the largest indexes was not needed and removed in the latest version of puppetdb. So you might want to try out that version to reduce the index sizes. On Jan 22, 2013 8:41 PM, Chuck cssc...@gmail.com wrote: We didn't notice anything on Sunday. We have a decent number of resources that effect all nodes. This may explain the ocasional performance issues. We have also been messing around with the Indexes as they were getting HUGE. We also started promoting our Puppet changes on a schedule so we effect more nodes at a time than we have in the past. On Tuesday, January 22, 2013 1:27:15 PM UTC-6, Ken Barber wrote: Does this happen across all nodes? This is an indication you might have a resource that affects a large set of nodes that suddenly changes every 4 days. In the catalogs table, the 'hash' is just a hash of the catalogue data, if anything in the catalogue changes - it changes. And new entries are created. The database garbage collection is there to remove the orphaned entries. So really one could consider this part of normal operation, if your catalogues are constantly changing then the garbage collection runs are bigger. Did you see this happen on Sunday? On Fri, Jan 18, 2013 at 12:28 AM, Chuck css...@gmail.com wrote: This is unconfirmed at this point. It seems like every 4 days starting Jan 4. 2013 (interesting is started in 2013 and never happened in 2012) like the Catalog or Resource Hash changes, causing the entire catalog_resource table to insert new entries, then possibly GC deletes the old entries. If this holds true we will see this behavior again on Jan. 20, 2013. Hopefully we will have a better idea of what is going on. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/**msg/puppet-users/-/**APtEGbv578QJhttps://groups.google.com/d/msg/puppet-users/-/APtEGbv578QJ. To post to this group, send email to puppet...@googlegroups.com. To unsubscribe from this group, send email to puppet-users...@**googlegroups.com. For more options, visit this group at http://groups.google.com/**group/puppet-users?hl=enhttp://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/38QnH1c20UcJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
RE: [Puppet Users] facter : Bug #10261
Ok thanks for your answer Cordialement, Bernard Granier CE Plateforme Système bernard.gran...@morpho.com 01 58 11 32 51 -Original Message- From: puppet-users@googlegroups.com [mailto:puppet-users@googlegroups.com] On Behalf Of Josh Cooper Sent: Tuesday, January 22, 2013 6:23 PM To: puppet-users@googlegroups.com Subject: Re: [Puppet Users] facter : Bug #10261 Hi Bernard, On Tue, Jan 22, 2013 at 2:27 AM, GRANIER Bernard (MORPHO) bernard.gran...@morpho.com wrote: Hi, On a VM Windows 7 32bits, I have the bug describe here : http://projects.puppetlabs.com/issues/10261 . Reading the bug history, I understood that the bug has been accepted, corrected, and merged. Did I miss understand ? I have almost the last version of facter, I installed it middle of December 2012. Cordialement, Bernard Granier CE Plateforme Système bernard.gran...@morpho.com 01 58 11 32 51 # This e-mail and any attached documents may contain confidential or proprietary information. If you are not the intended recipient, you are notified that any dissemination, copying of this e-mail and any attachments thereto or use of their contents by any means whatsoever is strictly prohibited. If you have received this e-mail in error, please advise the sender immediately and delete this e-mail and all attached documents from your computer system. # -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. Ticket #10261 was that facter always reported the architecture as x86, even when running a 64-bit OS on x64 hardware. However, there is a still unresolved ticket #16948 when running a 32-bit OS on x64 hardware. Josh -- Josh Cooper Developer, Puppet Labs -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. # This e-mail and any attached documents may contain confidential or proprietary information. If you are not the intended recipient, you are notified that any dissemination, copying of this e-mail and any attachments thereto or use of their contents by any means whatsoever is strictly prohibited. If you have received this e-mail in error, please advise the sender immediately and delete this e-mail and all attached documents from your computer system. # -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Error: Could not request certificate: Connection refused - connect(2)
Hi Doug Sorry my bad English. I executed this commands: 1. puppet cert cleanagent-hostname - 2. rm -rf $(puppet agent --configprint ssldir) Do you run master init shell script? 2013/1/22 Doug douglas.neth...@aapt.com.au Hi Diogo I have this same issue. I don't quite understand your message, could you please help me? You say to fix it you: -restart puppet master -run puppetca --clean 'host_name' -deleting var/lib/puppet/ssl 1. Is that right? 2. Which host do you delete var/lib/puppet/ssl on? Many thanks On Friday, December 7, 2012 3:18:33 AM UTC+11, Diogo Martinez wrote: The solutions went start master pid and redo the ssl certificates with puppet cert clean host_name and deleting var/lib/puppet/ssl. thanks Fran and Jc!!! Em quarta-feira, 5 de dezembro de 2012 08h16min58s UTC-2, Diogo Martinez escreveu: Hi all, I am new at puppet and Im using the puppet learning tutorial. I execute until Basic agent/master puppet. Everything worked ok but after 2 or 3 days, running the command puppet agent --test, start throw the error in subject. That left me with the following questions: how to puppet agent connect to master without service started on master? If this connection is possible ( worked firsts times )what are the possibilities I to be receiving this error? I needed install puppet using tarball because a business rules is that servers have not internet access. Thanks in advance, and sorry for the bad English. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/v1fyCfCiCCEJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] How to apply a single class from an agent with puppet v3?
Is it possible to apply a single class in the context of the catalog to a puppet agent? The puppet run has grown lengthy and I would like to run just the puppet class I am working on. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/2jqTPphho9AJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] PuppetDB HA
I assume that each PuppetDB instance maintains its own message queue, and commands sent by the master wait in these queues. Yes, today this is true. In that case, is the following scenario possible: - the master sends facts for a node to PuppetDB through the load balancer - the load balancer gives the task to PuppetDB1 - queue processing halts/gets delayed on PuppetDB1 (for some reason) - upon the next pupptrun, the agent on the same node sends some changed facts to master - the master sends it to PupetDB through the load balancer - the load balancer gives the task to PuppetDB2 - PuppetDB2 writes the fact to the DB - some time later PuppetDB1 continues to process its queue - PuppetDB1 writes the old fact value to the DB The last step won't happen with 1.0.5 at least, we check this first and silently drop the 'replace facts' if the timestamp associated with the stored facts are newer then the message: https://github.com/puppetlabs/puppetdb/blob/master/src/com/puppetlabs/puppetdb/command.clj#L341 You can see this timestamp of the existing facts in the table 'certname_facts_metadata'. If i were to query PuppetDB for this fact for this node now, which value would I get? The latest facts, in this case the facts sent to PuppetDB2. To answer your original question, its recommended to have multiple PuppetDB instances in front of a reverse proxy or load-balancer if you want to provide redundancy. For the database you can review the documentation available on the Postgresql site, as there are many solutions with various pros and cons: http://www.postgresql.org/docs/9.2/static/high-availability.html. Check out the documentation available from our website as it covers scaling in a general manner: http://docs.puppetlabs.com/puppetdb/1.1/scaling_recommendations.html ken. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppetdb will setting gc-interval to 0 disable it
I believe Erik is talking of the removal of the idx_catalog_resources_tags in 1.0.5 - is this correct Erik? https://github.com/puppetlabs/puppetdb/blob/master/src/com/puppetlabs/puppetdb/scf/migrate.clj#L224-L229 This is an index on the catalogue_resources table, and the 'tags' column. ken. On Wed, Jan 23, 2013 at 8:46 AM, Erik Dalén erik.gustav.da...@gmail.com wrote: One of the largest indexes was not needed and removed in the latest version of puppetdb. So you might want to try out that version to reduce the index sizes. On Jan 22, 2013 8:41 PM, Chuck cssc...@gmail.com wrote: We didn't notice anything on Sunday. We have a decent number of resources that effect all nodes. This may explain the ocasional performance issues. We have also been messing around with the Indexes as they were getting HUGE. We also started promoting our Puppet changes on a schedule so we effect more nodes at a time than we have in the past. On Tuesday, January 22, 2013 1:27:15 PM UTC-6, Ken Barber wrote: Does this happen across all nodes? This is an indication you might have a resource that affects a large set of nodes that suddenly changes every 4 days. In the catalogs table, the 'hash' is just a hash of the catalogue data, if anything in the catalogue changes - it changes. And new entries are created. The database garbage collection is there to remove the orphaned entries. So really one could consider this part of normal operation, if your catalogues are constantly changing then the garbage collection runs are bigger. Did you see this happen on Sunday? On Fri, Jan 18, 2013 at 12:28 AM, Chuck css...@gmail.com wrote: This is unconfirmed at this point. It seems like every 4 days starting Jan 4. 2013 (interesting is started in 2013 and never happened in 2012) like the Catalog or Resource Hash changes, causing the entire catalog_resource table to insert new entries, then possibly GC deletes the old entries. If this holds true we will see this behavior again on Jan. 20, 2013. Hopefully we will have a better idea of what is going on. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/APtEGbv578QJ. To post to this group, send email to puppet...@googlegroups.com. To unsubscribe from this group, send email to puppet-users...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/38QnH1c20UcJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppetdb will setting gc-interval to 0 disable it
We didn't notice anything on Sunday. We have a decent number of resources that effect all nodes. This may explain the ocasional performance issues. Sure, more specifically you'll get catalog replaces in the database if you have resources that are always 'changing'. This might be a dynamic parameter to a resource, a dynamic title or alias. The hash doesn't care, any change means that hash is different, thus things become candidates for garbage collection. We have also been messing around with the Indexes as they were getting HUGE. What did you do to the indexes Chuck? Did you rebuild them, if so - which ones - and do you think it helped? Also, I've realised my mistake in asking for explain plans for the select queries I gave you. It didn't take into account the cascades during delete, better that I had asked you for explain plans on the deletes instead: explain analyze verbose DELETE FROM catalogs WHERE NOT EXISTS (SELECT * FROM certname_catalogs cc WHERE cc.catalog=catalogs.hash); explain analyze verbose DELETE FROM resource_params WHERE NOT EXISTS (SELECT * FROM catalog_resources cr WHERE cr.resource=resource_params.resource); Also without a real delete in the first SQL, the second delete wouldn't have triggered any removal. ken. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Problem with Puppet upgrade 2.7 = 3.0 on Centos 5 using puppetlabs dependencies repo.
Hi, I have a problem with puppet upgrade from 2.7 to 3.0 on centos 5. I have included the puppet dependencies repo for el5 (http://yum.puppetlabs.com/el/5/dependencies/x86_64/) to upgrade my ruby version to 1.8.7. However a yum install ruby will give me ruby 1.8.5 from the centos base repo. If i disable the base repo i get ruby 1.8.7 but ruby-libs has depsolving problems - it requires libtk8.4.so which is not present in any of my repos. Resolving Dependencies -- Running transaction check --- Package ruby.x86_64 0:1.8.7.370-1.el5 set to be updated -- Processing Dependency: ruby-libs = 1.8.7.370-1.el5 for package: ruby -- Running transaction check --- Package ruby-libs.x86_64 0:1.8.7.370-1.el5 set to be updated -- Processing Dependency: libtk8.4.so()(64bit) for package: ruby-libs -- Finished Dependency Resolution ruby-libs-1.8.7.370-1.el5.x86_64 from puppetlabs-deps has depsolving problems -- Missing Dependency: libtk8.4.so()(64bit) is needed by package ruby-libs-1.8.7.370-1.el5.x86_64 (puppetlabs-deps) Error: Missing Dependency: libtk8.4.so()(64bit) is needed by package ruby-libs-1.8.7.370-1.el5.x86_64 (puppetlabs-deps) Anyone can help me sort out the problem? Thanks Pascal -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/H5RoktnypwwJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Problem with Puppet upgrade 2.7 = 3.0 on Centos 5 using puppetlabs dependencies repo.
Use both repos with the puppetlabs repo at a higher priority (Google: yum priority) “Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us.” Bill Waterson (Calvin Hobbes) - Original Message - From: Pascal Schmiel pascal.schm...@gmail.com To: puppet-users@googlegroups.com Sent: Wednesday, January 23, 2013 5:32:37 AM Subject: [Puppet Users] Problem with Puppet upgrade 2.7 = 3.0 on Centos 5 using puppetlabs dependencies repo. Hi, I have a problem with puppet upgrade from 2.7 to 3.0 on centos 5. I have included the puppet dependencies repo for el5 (http://yum.puppetlabs.com/el/5/dependencies/x86_64/) to upgrade my ruby version to 1.8.7. However a yum install ruby will give me ruby 1.8.5 from the centos base repo. If i disable the base repo i get ruby 1.8.7 but ruby-libs has depsolving problems - it requires libtk8.4.so which is not present in any of my repos. Resolving Dependencies -- Running transaction check --- Package ruby.x86_64 0:1.8.7.370-1.el5 set to be updated -- Processing Dependency: ruby-libs = 1.8.7.370-1.el5 for package: ruby -- Running transaction check --- Package ruby-libs.x86_64 0:1.8.7.370-1.el5 set to be updated -- Processing Dependency: libtk8.4.so()(64bit) for package: ruby-libs -- Finished Dependency Resolution ruby-libs-1.8.7.370-1.el5.x86_64 from puppetlabs-deps has depsolving problems -- Missing Dependency: libtk8.4.so()(64bit) is needed by package ruby-libs-1.8.7.370-1.el5.x86_64 (puppetlabs-deps) Error: Missing Dependency: libtk8.4.so()(64bit) is needed by package ruby-libs-1.8.7.370-1.el5.x86_64 (puppetlabs-deps) Anyone can help me sort out the problem? Thanks Pascal -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/H5RoktnypwwJ . To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] VMware investment in Puppet Labs
Hi all, I'm proud to announce that VMware has invested $30 million in Puppet Labs: http://puppetlabs.com/blog/vmware-invests-30-million-in-puppet-labs/ This investment is about continuing to enable us to invest and grow, staying on the track of being a great, independent company. Just like when we announced OpenStack support, we're not suddenly switching to being a VMware company, a cloud company, a virtualization company - we're staying an infrastructure management company that supports massive heterogeneity. Please contact me if you have any questions. Thanks, Luke -- Luke Kanies | http://about.me/lak | http://puppetlabs.com/ | +1-615-594-8199 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Security considerations for basing decisions on facts
On Jan 22, 2013, at 3:04 PM, jcbollinger john.bollin...@stjude.org wrote: On Tuesday, January 22, 2013 7:08:09 AM UTC-6, Boyan Tabakov wrote: Hello, Let's consider the scenario when a client node in a puppet environment gets compromised. In case some of the puppet modules make decisions based on agent facts, these modules are potentially exposed to abuse from the malicious puppet agent. For example, if a class has: if $some_fact == 'some value' { # deploy some configuration } then the compromised node could send falsified value of that fact to obtain configuration that potentially contains secrets (private keys, passwords, etc) that was meant only for other nodes. AFAIK, the only authenticated piece of information that a puppet agent passes to the puppetmaster server is the name of the node, as specified in the SSL certificate for the agent. However, the value of $fqdn, as seen in a manifest / class on the puppetmaster seems to be based on the agent-supplied fact 'fqdn'. Having said that, then can the value of $hostname be trusted to come from the identity in the agent's SSL certificate? What are best practices for ensuring that a compromised agent can't access configuration meant for different nodes? Are an ENC or external data sources (Hiera) designed to provide trusted puppetmaster-side metadata for nodes? Is that the way to go? You are correct that that only the identity of the client node is authenticated by Puppet, and even that only insomuch as the client can be relied upon to protect its SSL certificate. The $hostname fact cannot be relied upon to convey that information, as it doesn't in any sense need to be the same thing; you're looking for $certname. It is, however, $certname (not $hostname) by which a node block is selected and/or an ENC queried, so Puppet's architectural foundation is secure in that regard. You are also right that a compromised client can, in principle, falsify the fact values presented to the master in an attempt to make it divulge secret information. Whether the master might actually divulge anything is a function of the manifests with which site administration has configured it. In other words, that's a question of how Puppet is used, not of the fundamental security of Puppet itself. To the extent that you want to record server-side node data, I think hiera is the way to go. I prefer that to encoding data in an ENC or in your manifests, but those are some of the other options. All of those are secure to the extent that the master itself is secure, though I wouldn't say that any of them were designed specifically as a secure alternative to node facts. John Several months ago I created a feature request which basically requested the ability to flag certain facts as 'should never change' and have the ability to trigger different behaviors in on the master if $node delivers its facts with those items different… https://projects.puppetlabs.com/issues/13934 if a node reports memory changed, you might want to send an email (IE: a dimm failed, the box panic'ed and rebooted, and now has less memory). This could be done with other methods and tools, this feature doesn't need to be implemented to facilitate that (nor is it necessarily the best tool for the job), but if a node reports that it's fqdn, or '$proprietary_fact' is now different, you may want the master to full-stop on catalog compilation and flag the node as problematic and notify you, as someone may be doing something nasty. you can also use an enc and base lookups off of $certname, as you can trust that you signed that cert at some point in time (assuming you don't have auto signing enabled) and so that should be trusted as legitimate. if you have auto-signing enabled though, this could give someone a path into nefariousness. W This message may contain confidential or privileged information. If you are not the intended recipient, please advise us immediately and delete this message. See http://www.datapipe.com/legal/email_disclaimer/ for further information on confidentiality and the risks of non-secure electronic communication. If you cannot access these links, please notify us by reply message and we will send the contents to you. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: What exactly does notice: Finished catalog run in XX seconds mean?
On Tuesday, January 22, 2013 7:55:55 PM UTC-6, Nikhil Joshi wrote: I see that line in the agent node's log. Is that the time taken by the Puppet Master to compile the manifests into a catalog? Or is that the rime taken by the agent to apply the catalog on the node? It certainly includes the time to apply the catalog. I think it's the total time from catalog request (or maybe even the start of fact gathering) to finish of catalog application. More specifically, I want to determine the exact time taken by the puppet master to compile the catalog for a given node? Is that logged somewhere? You should be looking in the master's log, not the agents' John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/rqjxT4TCwToJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: struggling with vcsrepo, git, latest
On Monday, November 21, 2011 10:00:37 PM UTC-8, jwag wrote: I am working with 2.7.3, latest vcsrepo from github. Trying to get a git workarea kept up to date (latest). The call: vcsrepo { puppetm:git:co: ensure = latest, provider = git, path = $srcdir, source = g...@github.com:/xxx.git, owner = puppet, group = puppet, identity = $puppetm::puppethomedir/.ssh/ $puppetm::pkeyname, } It's missing the 'revision' = 'master' key. If you use this key, the code is cloned if it didn't exist; pulled otherwise. vcsrepo { puppetm:git:co: ensure = latest, provider = git, path = $srcdir, source = g...@github.com:/xxx.git, owner = puppet, group = puppet, identity = $puppetm::puppethomedir/.ssh/$puppetm::pkeyname, revision = master, } -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/4T07bNmagW4J. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: How to apply a single class from an agent with puppet v3?
On Wednesday, January 23, 2013 7:25:33 AM UTC-6, Schofield wrote: Is it possible to apply a single class in the context of the catalog to a puppet agent? The puppet run has grown lengthy and I would like to run just the puppet class I am working on. The command puppet agent --tags classname should do about what you want. It may not be limited to just the one class (the class itself may demand otherwise), but it will exclude stuff that puppet doesn't think is relevant to the class in question. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/vHOMx-pVTzIJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Windows Puppet File Resource Getting Puppet Server's UNIX File Permissions
I am only speaking for windows permissions: But if you push the directory with recurse = true, what permissions would files get in that case? Permissions of the file on the master, or default permission for that scope? On Windows the answer is the permissions on the endpoint (no modification). Permissions are never copied from src to dest. Particularly sourcing from *nix, I would end up with a box of chocolateys I don't want to eat. I think you're confusing two unrelated dimensions. Whether the resource is recursive or not, if no mode (uid/gid) is declared for it then Puppet should not modify the mode (uid/gid) of *existing files* as part of managing that resource. This is standard Puppet behavior, and users should be able to rely on it. There are functional reasons to want it, too. No - don't want it. no mode, no perm change. Standard windows inheritance model. There is a completely separate question of what Puppet should do when it *creates a new file*: if the resource declaration does not specify a mode (uid/gid) then Puppet either must choose one by some other means. Its current behavior is to use the properties of the source file, which I actually think is fine, though issue 5240 raises questions about that behavior. Negative - not fine for windows. Never want the source mode to end up on the target. Bad settings = takeown = bad. Recursive File resources have long been a problematic area for Puppet. That's not a flaw in Puppet (unless you consider recursive Files themselves to be a misfeature); rather, it's inherent in the problem. The whole point of recursive File resources is to manage a bunch of files without declaring all the properties of each one individually. But then, you're not declaring the properties of each one individually. If you want fine control then you need something that carries all the needed data. The best alternative in most cases is either to manage Files separately or to package them up and manage them via the Package. On windows inheritance model works nicely. The security.rb and mode interpretation should not be applicable on windows. We need to rewrite perms to respect ntfs. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/jnCsosOdCsAJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppetdb will setting gc-interval to 0 disable it
On Wednesday, January 23, 2013 8:20:34 AM UTC-6, Ken Barber wrote: We didn't notice anything on Sunday. We have a decent number of resources that effect all nodes. This may explain the ocasional performance issues. Sure, more specifically you'll get catalog replaces in the database if you have resources that are always 'changing'. This might be a dynamic parameter to a resource, a dynamic title or alias. The hash doesn't care, any change means that hash is different, thus things become candidates for garbage collection. Yes this does seem to be an issue since we are updating 7k - 8k nodes over the course of an hour. We don't really have any dynamic catalogs, but we are updating our code in ways that does create the new catalog hashes. We have also been messing around with the Indexes as they were getting HUGE. What did you do to the indexes Chuck? Did you rebuild them, if so - which ones - and do you think it helped? Still collecting information on this. Also, I've realised my mistake in asking for explain plans for the select queries I gave you. It didn't take into account the cascades during delete, better that I had asked you for explain plans on the deletes instead: explain analyze verbose DELETE FROM catalogs WHERE NOT EXISTS (SELECT * FROM certname_catalogs cc WHERE cc.catalog=catalogs.hash); puppet=# explain analyze verbose DELETE FROM puppet.catalogs WHERE NOT EXISTS (SELECT puppet(# * FROM puppet.certname_catalogs cc WHERE cc.catalog=catalogs.hash); QUERY PLAN - Delete on puppet.catalogs (cost=764.75..1501.94 rows=985 width=12) (actual time=226.633..226.633 rows=0 loops=1) - Hash Anti Join (cost=764.75..1501.94 rows=985 width=12) (actual time=41.310..100.652 rows=4326 loops=1) Output: catalogs.ctid, cc.ctid Hash Cond: ((catalogs.hash)::text = (cc.catalog)::text) - Seq Scan on puppet.catalogs (cost=0.00..637.63 rows=8663 width=47) (actual time=0.386..46.478 rows=12006 loops=1) Output: catalogs.ctid, catalogs.hash - Hash (cost=668.78..668.78 rows=7678 width=47) (actual time=39.635..39.635 rows=7680 loops=1) Output: cc.ctid, cc.catalog Buckets: 1024 Batches: 1 Memory Usage: 593kB - Seq Scan on puppet.certname_catalogs cc (cost=0.00..668.78 rows=7678 width=47) (actual time=0.022..35.959 rows=7680 loops=1) Output: cc.ctid, cc.catalog Trigger RI_ConstraintTrigger_16919 for constraint catalog_resources_catalog_fkey: time=220008.002 calls=4326 Trigger RI_ConstraintTrigger_16924 for constraint certname_catalogs_catalog_fkey: time=374.236 calls=4326 Trigger RI_ConstraintTrigger_16944 for constraint classes_catalog_fkey: time=45119.841 calls=4326 Trigger RI_ConstraintTrigger_16949 for constraint edges_catalog_fkey: time=395772.761 calls=4326 Trigger RI_ConstraintTrigger_16954 for constraint tags_catalog_fkey: time=46050.487 calls=4326 Total runtime: 707572.852 ms (17 rows) explain analyze verbose DELETE FROM resource_params WHERE NOT EXISTS (SELECT * FROM catalog_resources cr WHERE cr.resource=resource_params.resource); puppet=# explain analyze verbose DELETE FROM puppet.resource_params WHERE NOT EXISTS puppet-# (SELECT * FROM puppet.catalog_resources cr WHERE puppet(# cr.resource=puppet.resource_params.resource); QUERY PLAN -- Delete on puppet.resource_params (cost=0.00..34821.24 rows=422373 width=12) (actual time=177204.058..177204.058 rows=0 loops=1) - Nested Loop Anti Join (cost=0.00..34821.24 rows=422373 width=12) (actual time=1029.091..177055.468 rows=389 loops=1) Output: resource_params.ctid, cr.ctid - Seq Scan on puppet.resource_params (cost=0.00..25337.86 rows=438886 width=47) (actual time=0.014..597.273 rows=446297 loops=1) Output: resource_params.ctid, resource_params.resource - Index Scan using idx_catalog_resources_resource on puppet.catalog_resources cr (cost=0.00..62.39 rows=3155 width=47) (actual time=0.394..0.394 rows=1 loops=446297) Output: cr.ctid, cr.resource Index Cond: ((cr.resource)::text = (resource_params.resource)::text) Total runtime: 177204.131 ms Also without a real delete in the first SQL, the second delete wouldn't have triggered any
[Puppet Users] Sanity Check Request: Environments in /etc/puppet/puppet.conf
It just struck me that any environment blocks in /etc/puppet/puppet.conf have meaning ONLY on the puppet master. Is that accurate ? “Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us.” Bill Waterson (Calvin Hobbes) -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Security considerations for basing decisions on facts
On Tuesday, January 22, 2013 4:04:22 PM UTC-5, jcbollinger wrote: You are correct that that only the identity of the client node is authenticated by Puppet, and even that only insomuch as the client can be relied upon to protect its SSL certificate. The $hostname fact cannot be relied upon to convey that information, as it doesn't in any sense need to be the same thing; you're looking for $certname. It is, however, $certname (not $hostname) by which a node block is selected and/or an ENC queried, so Puppet's architectural foundation is secure in that regard. Do you mean the $clientcert variable which is described at http://docs.puppetlabs.com/guides/faq.html#are-there-variables-available-other-than-those-provided-by-facter I don't seem to have a $certname variable (I'm using puppet 3). Thanks in advance. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/s2DSmxqSpmYJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] ssh::auth and other ways of managing ssh keys
Thoughts? (1) https://github.com/boklm/puppet-sshkeys (2) https://github.com/vurbia/puppet-sshauth (3) https://github.com/ashleygould/puppet-sshauth (4) http://projects.puppetlabs.com/projects/1/wiki/Module_Ssh_Auth_Patterns#detailed-usage I checked out all of these and I still opted to use the puppet builtin ssh_authorized_key and sshkey. Not quite the most powerful, but good enough. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/QPoNr2wYOVAJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Security considerations for basing decisions on facts
On 1/23/2013 12:22 PM, Jist Anidiot wrote: On Tuesday, January 22, 2013 4:04:22 PM UTC-5, jcbollinger wrote: You are correct that that only the identity of the client node is authenticated by Puppet, and even that only insomuch as the client can be relied upon to protect its SSL certificate. The $hostname fact cannot be relied upon to convey that information, as it doesn't in any sense need to be the same thing; you're looking for $certname. It is, however, $certname (not $hostname) by which a node block is selected and/or an ENC queried, so Puppet's architectural foundation is secure in that regard. Do you mean the $clientcert variable which is described at http://docs.puppetlabs.com/guides/faq.html#are-there-variables-available-other-than-those-provided-by-facter I don't seem to have a $certname variable (I'm using puppet 3). Thanks in advance. You would set certname = some.host.example.com in puppet.conf or use --certname some.host.example.com on the command line else certname defaults to nodename which defaults to fqdn. However clientcert is the resulting fact you would access within Puppet. Ramin -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Why is there no forge module for Puppetlabs-dhcp
Hi List, I have checked the puppet forge and searched for DHCP however I cannot find a forge module for puppetlabs-dhcp. Is this best way to install the puppetlabs-dhcp module by using a git clone? Thanks, Peter -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/O86OFLdwX1sJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Why is there no forge module for Puppetlabs-dhcp
A member of the Puppet Labs operations team is the primary contributor to that source code and has released it to the Forge under his name. http://forge.puppetlabs.com/zleslie/dhcp Enjoy! On Wed, Jan 23, 2013 at 2:17 PM, Peter pe...@ifoley.id.au wrote: Hi List, I have checked the puppet forge and searched for DHCP however I cannot find a forge module for puppetlabs-dhcp. Is this best way to install the puppetlabs-dhcp module by using a git clone? Thanks, Peter -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/O86OFLdwX1sJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Ryan Coleman | Modules Forge | @ryanycoleman | ryancoleman in #puppet -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Terrible exported resources performance
This is now reported here: http://projects.puppetlabs.com/issues/18804 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/ZpyFiFkYjawJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] puppetlabs-products yum checksum failing
I'm getting these errors when trying to provision a Centos 6.3 box: puppetlabs-products/primary_db | 70 kB 00:00 http://yum.puppetlabs.com/el/6/products/x86_64/repodata/primary.sqlite.bz2: [Errno -1] Metadata file does not match checksum Trying other mirror. Error: failure: repodata/primary.sqlite.bz2 from puppetlabs-products: [Errno 256] No more mirrors to try. I have another box that it appears to be working fine from. I've tried a 'yum clean all' and even a restart to no avail. This definitely worked 2 days ago doing a very simliar thing. Thoughts on what my problem might be? On Friday, January 18, 2013 12:11:13 PM UTC-5, Greg Chavez wrote: Fixed it. Thanks. On Thu, Jan 17, 2013 at 6:10 PM, Matthaus Owens matt...@puppetlabs.comjavascript: wrote: Greg, I've updated the metadata on our end. Please let me know if your problem still persists, and we can dig a little deeper into what might be going on. On Thu, Jan 17, 2013 at 2:03 PM, Greg Chavez greg@gmail.comjavascript: wrote: I'm reasonably confident that the problem I'm having here is upstream. RHEL5: # yum repolist | grep puppet puppetlabs-depsPuppet Labs Dependencies El 5 - x86_64 45 puppetlabs-productsPuppet Labs Products El 5 - x86_64 161 # yum clean all Loaded plugins: security Cleaning up Everything # yum repolist 21 | grep puppet http://yum.puppetlabs.com/el/5/products/x86_64/repodata/primary.sqlite.bz2 : [Errno -1] Metadata file does not match checksum http://yum.puppetlabs.com/el/5/products/x86_64/repodata/primary.sqlite.bz2 : [Errno -1] Metadata file does not match checksum puppetlabs-depsPuppet Labs Dependencies El 5 - x86_64 45 puppetlabs-productsPuppet Labs Products El 5 - x86_64 0 Same on RHEL6. Insidious problem. Only noticed it because I was kicking some systems today. Should I report this as a bug? -- \*..+.- --Greg Chavez +//..;}; -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet...@googlegroups.comjavascript: . To unsubscribe from this group, send email to puppet-users...@googlegroups.com javascript:. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Matthaus Owens Release Manager, Puppet Labs -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet...@googlegroups.comjavascript: . To unsubscribe from this group, send email to puppet-users...@googlegroups.com javascript:. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- \*..+.- --Greg Chavez +//..;}; -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/Wqt4twWXcUUJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Why is there no forge module for Puppetlabs-dhcp
Cool, good to know! Hovering over the Project URL it does show it linking to the PuppetLabs-DHCP Github location. It is a bit confusing however I can live with it now I know! Thanks for the quick reply! Peter. On Thursday, 24 January 2013 09:20:31 UTC+11, Ryan Coleman wrote: A member of the Puppet Labs operations team is the primary contributor to that source code and has released it to the Forge under his name. http://forge.puppetlabs.com/zleslie/dhcp Enjoy! On Wed, Jan 23, 2013 at 2:17 PM, Peter pe...@ifoley.id.au javascript:wrote: Hi List, I have checked the puppet forge and searched for DHCP however I cannot find a forge module for puppetlabs-dhcp. Is this best way to install the puppetlabs-dhcp module by using a git clone? Thanks, Peter -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/O86OFLdwX1sJ. To post to this group, send email to puppet...@googlegroups.comjavascript: . To unsubscribe from this group, send email to puppet-users...@googlegroups.com javascript:. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Ryan Coleman | Modules Forge | @ryanycoleman | ryancoleman in #puppet -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/1TVzNp0NpoYJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Why is there no forge module for Puppetlabs-dhcp
On Wed, Jan 23, 2013 at 2:37 PM, Peter pe...@ifoley.id.au wrote: Cool, good to know! Hovering over the Project URL it does show it linking to the PuppetLabs-DHCP Github location. It is a bit confusing however I can live with it now I know! Sorry about that! We can certainly make that less confusing for the next person. Thanks for the quick reply! No problem! Peter. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Puppetlabs-dhcp - Failed to parse template dhcp/dhcp.pool.erb, undefined method each
Hi List, After installing the puppetlabs-dhcp module and trying to run the tests/init.pp file I receive and error see below for sequence: puppet module install zleslie/dhcp Notice: Preparing to install into /etc/puppet/modules ... Notice: Downloading from https://forge.puppetlabs.com ... Notice: Installing -- do not interrupt ... /etc/puppet/modules âââ zleslie-dhcp (v1.1.0) (**Needed to install the concat dependacy for the Puppetlabs-dhcp module. Raised a github issue (#17) to include the dependency in the module**) puppet module install ripienaar/concat Notice: Preparing to install into /etc/puppet/modules ... Notice: Downloading from https://forge.puppetlabs.com ... Notice: Installing -- do not interrupt ... /etc/puppet/modules âââ ripienaar-concat (v0.2.0) puppet apply /etc/puppet/modules/dhcp/tests/init.pp --verbose Info: Loading facts in /etc/puppet/modules/stdlib/lib/facter/pe_version.rb Info: Loading facts in /etc/puppet/modules/stdlib/lib/facter/root_home.rb Info: Loading facts in /etc/puppet/modules/stdlib/lib/facter/puppet_vardir.rb Info: Loading facts in /etc/puppet/modules/stdlib/lib/facter/facter_dot_d.rb Info: Loading facts in /etc/puppet/modules/concat/lib/facter/concat_basedir.rb Warning: Config file /etc/puppet/hiera.yaml not found, using Hiera defaults Error: Failed to parse template dhcp/dhcpd.pool.erb: Filepath: /etc/puppet/modules/dhcp/templates/dhcpd.pool.erb Line: 7 Detail: undefined method `each' for 10.1.1.100 10.1.1.200:String at /etc/puppet/modules/dhcp/manifests/pool.pp:15 on node creator.mgnt.local Error: Failed to parse template dhcp/dhcpd.pool.erb: Filepath: /etc/puppet/modules/dhcp/templates/dhcpd.pool.erb Line: 7 Detail: undefined method `each' for 10.1.1.100 10.1.1.200:String at /etc/puppet/modules/dhcp/manifests/pool.pp:15 on node creator.mgnt.local My question is what could be causing this? I assume that this is something to do with Puppet's DSL? Thanks, Peter -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/6FOeU4PaEQYJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Running an exec after another exec fails
On Wednesday, January 23, 2013 1:19:28 PM UTC-6, Jist Anidiot wrote: I'm using puppet to manage /etc/sysctl.conf on my RHEL 6 boxes. I'm doing something very similar to http://projects.puppetlabs.com/projects/1/wiki/puppet_augeas#/etc/sysctl.conf The problem is sysctl -p on RHEL 6 gives: error: net.bridge.bridge-nf-call-ip6tables is an unknown key error: net.bridge.bridge-nf-call-iptables is an unknown key error: net.bridge.bridge-nf-call-arptables is an unknown key This is apparently not a bug according to RH since these values have to be there in case you load the bridge module. Now I could modify the exec that runs sysctl after updating the .conf file by adding -e however I'd still like to know if I have unknown keys. I'm thinking I'd like to run the normal sysctl -p and if that has an error for puppet to give a notice not an error and then run sysctl -e -p. If that gives an error then puppet should give an error message. Is there any way to set something like this up? Thanks in advance. Puppet does not provide a mechanism for falling back to a different resource or otherwise customizing the response to a resource failure. I submit that pushing out a new sysctl configuration into production is not a good way to test it. If you push it out to a test system instead then you don't need an automated fallback. If the sysctls must not fail to apply on your production systems then you should always use -e for those systems. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/sNuJ1shzjXcJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] passenger-install-apache2-module fails
Ok well It never finished working in the end. I have just been to busy to mess with it. So I now have passenger installed and my versions are as follows: ruby 1.8.7 (2011-06-30 patchlevel 352) [x86_64-linux] CentOS release 6.3 (Final) Apache/2.2.15 (Unix) rubygem-passenger-3.0.19-1.el6.x86_64 mod_ssl-2.2.15-15.el6.centos.1.x86_64 rubygem-daemon_controller.noarch 1.0.0-1.1.el6 rubygem-fastthread.x86_641.0.7-2.el6 rubygem-json.x86_64 1.4.6-2.el6 rubygem-passenger-native.x86_64 1:3.0.19-1.el6 rubygem-passenger-native-libs.x86_64 rubygem-rack.noarch 1:1.1.0-2.el6 rubygem-rake.noarch 0.8.7-2.1.el6 rubygems.noarch 1.3.7-1.el6 puppet.noarch3.0.2-1.el6 puppet-dashboard.noarch 1.2.20-1.el6 puppet-server.noarch 3.0.2-1.el6 puppetlabs-release.noarch6-6 I am getting a new error when I try to run (File put in attachment): puppet agent -t -d Among other things I get the error: Error: Could not request certificate: Error 500 on SERVER: Ruby (Rack) application could not be started This all is in html tags/code. Weird. Any ideas? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/1Ay-iVxmDA8J. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. [root@new_hydra ~]# puppet agent --test -d Debug: Using settings: adding file resource 'plugindest': 'File[/var/lib/puppet/lib]{:ensure=:directory, :backup=false, :loglevel=:debug, :path=/var/lib/puppet/lib, :links=:follow}' Debug: Using settings: adding file resource 'rundir': 'File[/var/run/puppet]{:ensure=:directory, :backup=false, :loglevel=:debug, :mode=755, :path=/var/run/puppet, :links=:follow}' Debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/dsimport does not exist Debug: Puppet::Type::User::ProviderUser_role_add: file roledel does not exist Debug: Puppet::Type::User::ProviderLdap: true value when expecting false Debug: Puppet::Type::User::ProviderPw: file pw does not exist Debug: Using settings: adding file resource 'hostprivkey': 'File[/var/lib/puppet/ssl/private_keys/new_hydra-agent.pem]{:ensure=:file, :backup=false, :owner=puppet, :loglevel=:debug, :mode=600, :path=/var/lib/puppet/ssl/private_keys/new_hydra-agent.pem, :links=:follow}' Debug: Using settings: adding file resource 'clientbucketdir': 'File[/var/lib/puppet/clientbucket]{:ensure=:directory, :backup=false, :loglevel=:debug, :mode=750, :path=/var/lib/puppet/clientbucket, :links=:follow}' Debug: Using settings: adding file resource 'lastrunfile': 'File[/var/lib/puppet/state/last_run_summary.yaml]{:ensure=:file, :backup=false, :loglevel=:debug, :mode=644, :path=/var/lib/puppet/state/last_run_summary.yaml, :links=:follow}' Debug: Using settings: adding file resource 'ssldir': 'File[/var/lib/puppet/ssl]{:ensure=:directory, :backup=false, :owner=puppet, :loglevel=:debug, :mode=771, :path=/var/lib/puppet/ssl, :links=:follow}' Debug: Using settings: adding file resource 'graphdir': 'File[/var/lib/puppet/state/graphs]{:ensure=:directory, :backup=false, :loglevel=:debug, :path=/var/lib/puppet/state/graphs, :links=:follow}' Debug: Using settings: adding file resource 'logdir': 'File[/var/log/puppet]{:ensure=:directory, :group=puppet, :backup=false, :owner=puppet, :loglevel=:debug, :mode=750, :path=/var/log/puppet, :links=:follow}' Debug: Using settings: adding file resource 'privatekeydir': 'File[/var/lib/puppet/ssl/private_keys]{:ensure=:directory, :backup=false, :owner=puppet, :loglevel=:debug, :mode=750, :path=/var/lib/puppet/ssl/private_keys, :links=:follow}' Debug: Using settings: adding file resource 'clientyamldir': 'File[/var/lib/puppet/client_yaml]{:ensure=:directory, :backup=false, :loglevel=:debug, :mode=750, :path=/var/lib/puppet/client_yaml, :links=:follow}' Debug: Using settings: adding file resource 'hostpubkey': 'File[/var/lib/puppet/ssl/public_keys/new_hydra-agent.pem]{:ensure=:file, :backup=false, :owner=puppet, :loglevel=:debug, :mode=644, :path=/var/lib/puppet/ssl/public_keys/new_hydra-agent.pem, :links=:follow}' Debug: Using settings: adding file resource 'statedir': 'File[/var/lib/puppet/state]{:ensure=:directory, :backup=false, :loglevel=:debug, :mode=1755, :path=/var/lib/puppet/state, :links=:follow}' Debug: Using settings: adding file resource 'lastrunreport': 'File[/var/lib/puppet/state/last_run_report.yaml]{:ensure=:file, :backup=false, :loglevel=:debug, :mode=640, :path=/var/lib/puppet/state/last_run_report.yaml, :links=:follow}' Debug: Using settings: adding file resource 'publickeydir': 'File[/var/lib/puppet/ssl/public_keys]{:ensure=:directory, :backup=false, :owner=puppet,
Re: [Puppet Users] Re: Error: Could not request certificate: Connection refused - connect(2)
Not at all! Thanks for your help. End to end for anyone else with this issue: Stopping puppetd on the client, deleting the ssl dir on the client, restarting puppetd on the client, resigning the cert request on the master with puppetca, and puppetrun from master to host fixed it. On 23 January 2013 21:24, Diogo Martinez diogo.p.marti...@gmail.com wrote: Hi Doug Sorry my bad English. I executed this commands: 1. puppet cert cleanagent-hostname - 2. rm -rf $(puppet agent --configprint ssldir) Do you run master init shell script? 2013/1/22 Doug douglas.neth...@aapt.com.au Hi Diogo I have this same issue. I don't quite understand your message, could you please help me? You say to fix it you: -restart puppet master -run puppetca --clean 'host_name' -deleting var/lib/puppet/ssl 1. Is that right? 2. Which host do you delete var/lib/puppet/ssl on? Many thanks On Friday, December 7, 2012 3:18:33 AM UTC+11, Diogo Martinez wrote: The solutions went start master pid and redo the ssl certificates with puppet cert clean host_name and deleting var/lib/puppet/ssl. thanks Fran and Jc!!! Em quarta-feira, 5 de dezembro de 2012 08h16min58s UTC-2, Diogo Martinez escreveu: Hi all, I am new at puppet and Im using the puppet learning tutorial. I execute until Basic agent/master puppet. Everything worked ok but after 2 or 3 days, running the command puppet agent --test, start throw the error in subject. That left me with the following questions: how to puppet agent connect to master without service started on master? If this connection is possible ( worked firsts times )what are the possibilities I to be receiving this error? I needed install puppet using tarball because a business rules is that servers have not internet access. Thanks in advance, and sorry for the bad English. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/v1fyCfCiCCEJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- *Douglas Nethery* * * * * *Developer, Frontier Team | **frontier.aapt.com.au* E douglas.neth...@aapt.com.au W aapt.com.auhttp://www.google.com/url?q=http%3A%2F%2Fwww.aapt.com.au%2Fsa=Dsntz=1usg=AFrqEzeUEaP7OBbYuecTibCJKGyFeJKllQ *AAPT Ltd. Ground Floor, 30 Ross St, Glebe. 2077* This communication, including any attachments, is confidential. If you are not the intended recipient, you should not read it - please contact me immediately, destroy it, and do not copy or use any part of this communication or disclose anything about it. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Augeas file line edit please help
what i thought would be a simple edit using augeas is turning out to not be so straight forward, can anyone please help ? the plan is to edit sendmail.cf and change the default DS to DShostname.domain class mail { $key = DS service { 'sendmail':; } augeas { sendmail.cf/$key: context = /files/etc/mail/sendmail.cf, changes = set $key mail.hostname.domain, notify = Service['sendmail']; } } debug: Augeas[sendmail.cf/DS](provider=augeas): Opening augeas with root /, lens path , flags 0 debug: Augeas[sendmail.cf/DS](provider=augeas): Augeas version 0.9.0 is installed debug: Augeas[sendmail.cf/DS](provider=augeas): Will attempt to save and only run if files changed debug: Augeas[sendmail.cf/DS](provider=augeas): sending command 'set' with params [/files/etc/mail/sendmail.cf/DS, mail.hostname.domain] debug: Augeas[sendmail.cf/DS](provider=augeas): Skipping because no files were changed debug: Augeas[sendmail.cf/DS](provider=augeas): Closed the augeas connection -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/bAKjIzLscaYJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Augeas file line edit please help
might be easier to just use sed in a exec statement to replace all occurances of DS with DShostname.domain Ex: sed 's/DS/c DShostname.domain' /etc/mail/sendmail.cf On Thursday, January 24, 2013 2:28:34 PM UTC+10, kdo wrote: what i thought would be a simple edit using augeas is turning out to not be so straight forward, can anyone please help ? the plan is to edit sendmail.cf and change the default DS to DShostname.domain class mail { $key = DS service { 'sendmail':; } augeas { sendmail.cf/$key: context = /files/etc/mail/sendmail.cf, changes = set $key mail.hostname.domain, notify = Service['sendmail']; } } debug: Augeas[sendmail.cf/DS](provider=augeas)http://sendmail.cf/DS%5D(provider=augeas): Opening augeas with root /, lens path , flags 0 debug: Augeas[sendmail.cf/DS](provider=augeas)http://sendmail.cf/DS%5D(provider=augeas): Augeas version 0.9.0 is installed debug: Augeas[sendmail.cf/DS](provider=augeas)http://sendmail.cf/DS%5D(provider=augeas): Will attempt to save and only run if files changed debug: Augeas[sendmail.cf/DS](provider=augeas)http://sendmail.cf/DS%5D(provider=augeas): sending command 'set' with params [/files/etc/mail/sendmail.cf/DS, mail.hostname.domain] debug: Augeas[sendmail.cf/DS](provider=augeas)http://sendmail.cf/DS%5D(provider=augeas): Skipping because no files were changed debug: Augeas[sendmail.cf/DS](provider=augeas)http://sendmail.cf/DS%5D(provider=augeas): Closed the augeas connection -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/m8UfPL9e84cJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] puppet agent returns zero even when fails to execute a catalog
I am running below command to connect puppet master puppet agent --certname testcertname --no-daemonize --onetime --server server_host_name --verbose it outputs error like: Error: Execution of '/usr/bin/yum -d 0 -e 0 -y install dnsmasq' returned 1: Error: Cannot find a valid baseurl for repo: base Could not retrieve mirrorlist http://mirrorlist.centos.org/?release=6arch=x86_64repo=os error was 14: PYCURL ERROR 6 - Couldn't resolve host 'mirrorlist.centos.org' Error: /Stage[main]/Virtualrouter_agent/Package[dnsmasq]/ensure: change from absent to present failed: Execution of '/usr/bin/yum -d 0 -e 0 -y install dnsmasq' returned 1: Error: Cannot find a valid baseurl for repo: base Could not retrieve mirrorlist http://mirrorlist.centos.org/?release=6arch=x86_64repo=os error was 14: PYCURL ERROR 6 - Couldn't resolve host 'mirrorlist.centos.org' to my surprise, echo $? returns 0 which indicates a success. why doesn't puppet return 1? my script heavily depends on the return value to judge if puppet runs successfully. Is there any dependable way to get the real execution result of puppet agent? thank you. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/-GIkg6P3_04J. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] puppet agent returns zero even when fails to execute a catalog
You can pass the --detailed-exitcodes flag to puppet agent to get non-zero exit codes. Here's the description from the puppet-agent man page: --detailed-exitcodes Provide transaction information via exit codes. If this is enabled, an exit code of '2' means there were changes, an exit code of '4' means there were failures during the transaction, and an exit code of '6' means there were both changes and failures. HTH On Wed, Jan 23, 2013 at 10:24 PM, xin zhang xing5...@gmail.com wrote: I am running below command to connect puppet master puppet agent --certname testcertname --no-daemonize --onetime --server server_host_name --verbose it outputs error like: Error: Execution of '/usr/bin/yum -d 0 -e 0 -y install dnsmasq' returned 1: Error: Cannot find a valid baseurl for repo: base Could not retrieve mirrorlist http://mirrorlist.centos.org/?release=6arch=x86_64repo=os error was 14: PYCURL ERROR 6 - Couldn't resolve host 'mirrorlist.centos.org' Error: /Stage[main]/Virtualrouter_agent/Package[dnsmasq]/ensure: change from absent to present failed: Execution of '/usr/bin/yum -d 0 -e 0 -y install dnsmasq' returned 1: Error: Cannot find a valid baseurl for repo: base Could not retrieve mirrorlist http://mirrorlist.centos.org/?release=6arch=x86_64repo=os error was 14: PYCURL ERROR 6 - Couldn't resolve host 'mirrorlist.centos.org' to my surprise, echo $? returns 0 which indicates a success. why doesn't puppet return 1? my script heavily depends on the return value to judge if puppet runs successfully. Is there any dependable way to get the real execution result of puppet agent? thank you. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/-GIkg6P3_04J. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Matthaus Owens Release Manager, Puppet Labs -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.