Re: [Puppet Users] puppet and CI
On 01.08.2013 16:35, Stefan Wiederoder wrote: Hello puppet users, I扉e setup gerrit/jenkins on a box to add versioniong/CI to my puppet setup. I惴 a jenkins/git beginner, therefore I扉e googled to find bits and pieces which I扉e put together. It愀 working fine so far, the only drawback is that my jenkins job is always checking the whole repository (which takes six minutes) - instead of only checking the patchset (one .pp file) I suspect that my Refspec/branches to build is wrong, can anybody help me regarding this topic? After jenkins has checked out the repo, there is no immediate indication what actually changed. You need to code more intelligence into the jenkins job to look at the git history and extract the list of changed files from there. Take care that you also think of dependencies from your changes. e.g. if a parameter was removed, everyone who's using that might grow an error, because that is still using this parameter. What checks are you doing that take 6 minutes? A simple syntax check and erb evaluation takes around 30s on a big repo over here. Regards, David -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Benefits of retrofitting Puppet to a legacy fleet
Hi all, I am going to have a meeting to sell the idea of retrofitting Puppet to a fleet of already-built legacy Unix systems to a skeptical management (as opposed to only using it to build new linux systems, where I don't need to sell the idea). Here, legacy Unix means AIX, Solaris, HP-UX, and various versions of Linux. Much of the work is already done as far as deployment to these platforms is concerned, so the difficulty of compiling Ruby, etc, on Platform X version Y doesn't need to be considered. I see the following benefits: 1) Having facter on every computer in the company is good. 2) Having MCollective replace your for loops everywhere is good. 3) Being able to standardise configuration of some simple services, e.g. NTP, root's profile, etc., is better than not having standardised these services. 4) Any services that you can migrate into Puppet become visible in Puppet manifests, which is always better than documentation in a Wiki, which may or may not be up to date. Being more ambitious, I am thinking that with MCollective, it might be possible to use Puppet to install patches etc. on legacy systems. Maybe even possible, with a lot of effort, to fully automate the patching of everything, and have the change management system automatically updated as well. Any/all ideas/criticisms are appreciated. I have one week to write the proposal. Thanks in advance. Alex -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Wildcards in file resourses -- yet another time
Hi All! I want to grant spetial permissions on some core files. So it would be nice to use something like file { /var/lib/monitorium/core* : mode = 0644, } But that obviously doesn't work. Any people with the same problem i've googled used some workarounds like managing directories recursively or writing more complicated scripts. I can't manage the whole directory because of many other files inside and i don't want to extrabloat my manifests. What should i do? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] puppet and CI
Hello David, What checks are you doing that take 6 minutes? A simple syntax check and erb evaluation takes around 30s on a big repo over here. I´ve to admit that I´m using puppet-lint with all options, which throws a lot of warnings I´ll eliminate a few options. bye , Stefan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Exporting Load Balancer Worker Resources
Hi, Recently i've studying puppet by reading and doing the examples from this book: Pro puppet. books.sysadmins.su/system/files/Pro.Puppet.pdf On page 145 from this book there is example about Exporting Load Balancer Worker Resources. I created the files inside already existing apache module. /etc/puppet/modules/apache/manifests/balancermember.pp define apache::balancermember($url) { file { /etc/httpd/conf.d.members/worker_${name}.conf: ensure = file, owner = 0, group = 0, mode = 644, content = Balancermember $url \n, } } /etc/puppet/modules/apache/manifests/worker.pp class apache::worker { @@balancermember { ${fqdn}: url = http://${fqdn}:18140;, } } /etc/puppet/modules/apache/manifests/loadbalancer_members.pp class apache::loadbalancer_members { Balancermember | | {notify = Service [apache], } } When I run puppet agent I get this error: err: Could not retrieve catalog from remote server: Error 400 on SERVER: Resource type balancermember doesn't exist at /etc/puppet/modules/apache/manifests/loadbalancer_members.pp:3 on node mail-test.sicom.pl After that I added include apache::worker line to this file. /etc/puppet/modules/apache/manifests/loadbalancer_members.pp class apache::loadbalancer_members { *include apache::worker* Balancermember | | {notify = Service [apache], } } And I got this error: err: Could not retrieve catalog from remote server: Error 400 on SERVER: Puppet::Parser::AST::Resource failed with error ArgumentError: Invalid resource type balancermember at /etc/puppet/modules/apache/manifests/worker.pp:4 on node mail-test.nr.sicom.pl On page 143 of this book there is very similar example with host keys management and it works like that on the same puppet master. What should I do to make it work ? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Exporting Load Balancer Worker Resources
On Aug 2, 2013, at 1:39, fuzzy186 fuzzy...@o2.pl wrote: Hi, Recently i've studying puppet by reading and doing the examples from this book: Pro puppet. books.sysadmins.su/system/files/Pro.Puppet.pdf ... What should I do to make it work ? The problem is you're using a pirated copy of that book. You need to buy your own copy (http://www.apress.com/9781430230571) for it to work. Good luck! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Benefits of retrofitting Puppet to a legacy fleet
On Fri, Aug 2, 2013 at 4:26 AM, Alex Harvey alexharv...@gmail.com wrote: Hi all, I am going to have a meeting to sell the idea of retrofitting Puppet to a fleet of already-built legacy Unix systems to a skeptical management (as opposed to only using it to build new linux systems, where I don't need to sell the idea). Here, legacy Unix means AIX, Solaris, HP-UX, and various versions of Linux. Much of the work is already done as far as deployment to these platforms is concerned, so the difficulty of compiling Ruby, etc, on Platform X version Y doesn't need to be considered. I see the following benefits: 1) Having facter on every computer in the company is good. 2) Having MCollective replace your for loops everywhere is good. 3) Being able to standardise configuration of some simple services, e.g. NTP, root's profile, etc., is better than not having standardised these services. 4) Any services that you can migrate into Puppet become visible in Puppet manifests, which is always better than documentation in a Wiki, which may or may not be up to date. Being more ambitious, I am thinking that with MCollective, it might be possible to use Puppet to install patches etc. on legacy systems. Maybe even possible, with a lot of effort, to fully automate the patching of everything, and have the change management system automatically updated as well. Any/all ideas/criticisms are appreciated. I have one week to write the proposal. All of those points seem reasonable to me! If it wasn't for HP-UX I would suggest Phttp://docs.puppetlabs.com/pe/latest/install_system_requirements.htmluppet Enterprise as they have pre-compiled everything for AIX, Solaris, and so on. They might be able to package up for HP-UX if the number of nodes is big enough. :) At a previous job I used mcollective for patch management and sort of change control, so these things are definitely possible. We had a modified package agent that could take various options to generate reports in different ways (mostly CSV, we weren't fancy) and could then be used to do rolling patch upgrades across various clusters. For change management we were more focused on tying specific git commits to triggered puppet runs so that we could verify that X change made it out to all the machines, so what you're looking to do sounds completely reasonable. I found when writing proposals for Puppet that focusing on point 4 in your above list was by far the most persuasive. A service fully converted to Puppet is by definition documented and repeatable and in a large corporation that's probably more important than any other point you can raise in favor of puppet. The number of times I've had to deal with a critical failure of an undocumented and unknown system or find a way to migrate an old setup to a new operating system with no information.. Good luck! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Wildcards in file resourses -- yet another time
On Friday, August 2, 2013 3:39:32 AM UTC-5, Ivan Lysov wrote: Hi All! I want to grant spetial permissions on some core files. So it would be nice to use something like file { /var/lib/monitorium/core* : mode = 0644, } But that obviously doesn't work. Any people with the same problem i've googled used some workarounds like managing directories recursively or writing more complicated scripts. I can't manage the whole directory because of many other files inside and i don't want to extrabloat my manifests. What should i do? If you imagine declaring a single resource of a built-in type that encompasses multiple files inside a given directory, then that can only be structured as a recursive File resource aimed at the directory. Non-recursive Files always represent exactly one file / directory / symlink. Unfortunately, however, Puppet does not support what you are asking. The 'ignore' parameter is as close as it comes: with that you could manage all files in a given directory *except* those matching some glob, but you want the opposite selection criterion. As far as I can see, your best bet for a Puppet-based solution is an Exec. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: escape sequence within generate function
On Thursday, August 1, 2013 2:37:03 PM UTC-5, Jacob McCoy Wade wrote: I'm looking for some help in getting the proper escape sequence within the generate function. Ultimately what I'm trying to do is generate some random strings, store them as variables, and use those variables to populate configuration files stored as templates. I can get this to work when applying the template on the localhost, but it fails when applied via the puppet master.: $random_1 = generate(/bin/sh, -c, /bin/cat /dev/urandom | /usr/bin/ tr -dc 'a-z0-9' | /usr/bin/fold -w 8 | /usr/bin/head -n 1 | /usr/bin/tr-d '\n' ) The closest I've come is to use: $random_1 = generate('/bin/sh', '-c', '\/bin/cat /dev/urandom | /usr /bin/tr -dc \'a-z0-9\' | /usr/bin/fold -w 8 | /usr/bin/head -n 1 | /usr /bin/tr -d \'\n\'\') This however ends up populating the variable with the following and appears to ignore the the /usr/bin/tr -d '\n' as there are line breaks inserted: /bin/sh: /bin/cat: No such file or directory So, that's the wrong thing to do, because 'cat' will keep reading its input until it reaches the end, which it never will in this case. It may be that having 'head' in the pipeline would rescue it by closing its own input, but you might end up with a bunch of stalled, orphaned processes. You should instead use /bin/dd or some other command that allows you to limit the amount of data read from /dev/urandom. But that brings us to the next problem: The output you see on the master appears to be telling you that the file you are trying to cat (/dev/urandom) does not exist there. Possibly it's there, but it or its parent directory is not readable by Puppet. Unless you can sort that out, you will need an altogether different approach. What I'm really wanting (I think) to be executed on the puppet master is /bin/sh -c /bin/cat /dev/urandom | /usr/bin/tr -dc 'a-z0-9' | /usr/bin/fold -w 8 | /usr/bin/head -n 1 | /usr/bin/tr -d '\n' Any help would be appreciated. There is also a third, more fundamental problem: it is unlikely that you really want to do what you are trying to do. If you generate a completely random component to a config file on every run, then that file will never match from one run to the next, so it will always be re-synced. That is rarely the intent. More often, you want different, random strings for each node, but you want those strings to be stable from run to run for any given node. One way to achieve that might be to construct strings as the concatenation of a constant stem and a random number generated via Puppet's built-in fqdn_rand() function. Even if that would not be sufficient, I have trouble seeing why it makes sense to use generate() for this purpose. It would be not only lighter-weight but also more flexible to use Ruby's rand() function via Puppet's inline_template() function. You could even use fqdn_rand() to seed the Ruby RNG, so as to get a broader range of consistent pseudorandom values. And, you would have as much control as you want over the random data -- such as, for instance, ensuring that it does not contain null (0) bytes. As for the question in your title, to insert the literal two-character sequence '\n' into a double-quoted Puppet string, escape the backslash by doubling it: ... /usr/bin/tr -d '\\n'. (See http://docs.puppetlabs.com/puppet/3/reference/lang_datatypes.html#strings.) Note that only the outermost quotes affect what escape sequences are recognized; the inner single quotes in your string are just ordinary characters to Puppet. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: More node definition complexity
On Thursday, August 1, 2013 12:01:28 PM UTC-5, Worker Bee wrote: Hi Everyone; First, thanks for your help! I am trying to create a way to categorize hosts based on both/either/or the name of the host as well as the location of the host. Right now, I have .pp files that categorize the hosts based on the hostname. I have written a custom fact to determine the datacenter location but, I cannot figure out how to create .pp files that will allow me to apply catalogs either based on hostname or datacenter name. Is there any way to do this outside of hiera or ENC? Yes, but much depends on the details. The simplest -- in principle -- direction to go from where you are now would be to write one or more classes that encompass the datacenter-specific details, and apply the appropriate one of those to each of your nodes in addition to what you are applying now. For instance, if your custom fact $::datacenter may take the values 'smithville', 'springfield', and 'washington', you might have classes named 'datacenter::smithville, 'datacenter::springfield' and 'datacenter::washington', and apply the appropriate one via a declaration such as include datacenter::${::datacenter} You could put that declaration into each node block or into a single base node block that all the others inherit, but if you truly want it applied to all nodes then your best bet might be simply to put it at top level in your site.pp, outside any node block. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Puppet Support for Windows
On Thursday, August 1, 2013 5:45:29 PM UTC-5, Josh Cooper wrote: Hi John, On Thu, Aug 1, 2013 at 6:00 AM, jcbollinger john.bo...@stjude.orgjavascript: wrote: On Wednesday, July 31, 2013 8:22:01 AM UTC-5, cha...@lyricalsoftware.comwrote: Hopefully my $0.02 can we worth something here ;) I'd argue that it's really a separate resource type - since the ACL is related to the user space. If you're going to extend it to multiple providers (solaris as per your example) it's really similar in idea to RBAC. In fact, if you look at Windows ACLs, RBAC, and set/get facl you pretty much have a new type. Or at least that's what I'd hope :) And of course some Solaris is by no means the only Unix-y OS with ACL support. It is available on Linux, too, at least for the most frequently used filesystems, and I'm sure there are others. I'm inclined to agree that a type aimed at broad ACL / RBAC support would be a win. Yep, I agree. Now, how exactly to map the type across different implementations? Windows ACLs support inheritance. An ACL can be marked as protected, breaking inheritance, and for directories, everything below it. ACEs specify a subject (SID) and the rights that are granted/denied. This is a bitfield, though users are more typically used to saying Full Control or Read Execute. Windows ACEs can either be allow or deny, the order matters, and if no ACEs match, access is denied. An ACE for a directory can be marked as object-inherit and/or container-inherit. This doesn't affect the effective permissions on the directory, only files and subdirectories, respectively. How are these similar different to Unix-y ACLs? Please allow me to refine my terminology from Unix-y to POSIX. Here's a document that does a pretty good job of explaining POSIX ACLs: http://users.suse.com/~agruen/acl/linux-acls/online/. To answer your questions more directly, however: *ACL Inheritance*: POSIX defines default ACLs for directories, which provide the closest analog to Windows ACL inheritance. A directory's default ACL is assigned as the ACL of each file or directory created therein, and also as the default ACL of each directory created therein (subject to further restriction according to the requested initial mode for the file/directory). POSIX does not differentiate between files and directories in this regard, except inasmuch as only directories have default ACLs. ACLs are bound directly to each file and directory; they do not automatically change if their parent directory's default ACLs are changed, and access control decisions are based only on Files own ACLs (and I suspect this is true under the covers for Windows, too). POSIX differs from Windows in not defining features for automatically or implicitly updating the ACLs of a directory's contents when that directory's default ACL is modified: POSIX default ACLs are relevant only at the creation of new files and subdirectories. *ACL Scope and Structure*: POSIX ACEs reflect and extend the standard POSIX file permission scheme, allowing for read, write, and execute permission to be granted (or not) to specified users or groups. The traditional POSIX 'group' permissions map to a mask of the maximum permissions that any ACE other than the owner's or 'other' can grant. Access attempts that are not otherwise mapped to an ACE use the 'other' ACE that all files have; this is analogous to Windows's Everyone. It does not necessarily grant any access. There is no affirmative permission denial as such, only absence of permission grant. It amounts to the same thing for users because if there is an ACE matching the UID of the process requesting access then that ACE determines access, or lack thereof. For groups, however, access can be granted through any of the process's groups, even if others of its groups do not have the requested access. POSIX ACL order is not significant, but ACE specificity is. When a user-specific ACE is applicable, it determines access, possibly in conjunction with the mask ACE. Otherwise, when one or more group-specific ACEs are applicable, they jointly determine access, together with any mask ACE. Only if no other ACE applies is the 'other' ACE relevant. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] custom provider question
Hi all, I am using the sysctl provider from fiddyspence and it is doing a great job managing my system tuning. However, one thing that I would like to do is extend the provider to simply add the ability to insert a comment as part of the values that get written out so that visually on a system we can eye ball what the tuning parameter is being used for (so that we do not have to rely on puppet code commenting). Any help would be appreciated. This is my first time looking into working with a custom provider, and just need a push in the right direction. Thanks! Chuck -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: escape sequence within generate function
On Friday, August 2, 2013 6:43:01 AM UTC-7, jcbollinger wrote: On Thursday, August 1, 2013 2:37:03 PM UTC-5, Jacob McCoy Wade wrote: The closest I've come is to use: $random_1 = generate('/bin/sh', '-c', '\/bin/cat /dev/urandom | /usr /bin/tr -dc \'a-z0-9\' | /usr/bin/fold -w 8 | /usr/bin/head -n 1 | /usr /bin/tr -d \'\n\'\') This however ends up populating the variable with the following and appears to ignore the the /usr/bin/tr -d '\n' as there are line breaks inserted: /bin/sh: /bin/cat: No such file or directory So, that's the wrong thing to do, because 'cat' will keep reading its input until it reaches the end, which it never will in this case. It may be that having 'head' in the pipeline would rescue it by closing its own input, but you might end up with a bunch of stalled, orphaned processes. You should instead use /bin/dd or some other command that allows you to limit the amount of data read from /dev/urandom. I was using head to close the input. The other thing I can't quite make sense of is why it works when I apply the module directly on the node, but not when using a puppet master. There is also a third, more fundamental problem: it is unlikely that you really want to do what you are trying to do. If you generate a completely random component to a config file on every run, then that file will never match from one run to the next, so it will always be re-synced. That is rarely the intent. More often, you want different, random strings for each node, but you want those strings to be stable from run to run for any given node. One way to achieve that might be to construct strings as the concatenation of a constant stem and a random number generated via Puppet's built-in fqdn_rand() function. I was thinking that I could use replace = 'no', within the module so that puppet won't re-sync the file every run. Even if that would not be sufficient, I have trouble seeing why it makes sense to use generate() for this purpose. It would be not only lighter-weight but also more flexible to use Ruby's rand() function via Puppet's inline_template() function. You could even use fqdn_rand() to seed the Ruby RNG, so as to get a broader range of consistent pseudorandom values. And, you would have as much control as you want over the random data -- such as, for instance, ensuring that it does not contain null (0) bytes. I've yet to use the inline_template() function and am not fluent enough in Ruby to know how to use the rand() function, but it sounds like it might be time to learn how :) As for the question in your title, to insert the literal two-character sequence '\n' into a double-quoted Puppet string, escape the backslash by doubling it: ... /usr/bin/tr -d '\\n'. (See http://docs.puppetlabs.com/puppet/3/reference/lang_datatypes.html#strings.) Note that only the outermost quotes affect what escape sequences are recognized; the inner single quotes in your string are just ordinary characters to Puppet. That helps me at least understand about escape sequencing in Puppet. The other issue with using the generate() function is that I run in to either Generators must be fully qualified or Generators can only contain alphanumerics, file separators, and dashes. More proof that it's time to give up on trying to make the generator() function work for this purpose. Thanks for the help. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] crapload of files to check permissions and ownership
Very new to Puppet and I need to create a class that checks the file permissions and ownership for 60- 100 files. Some of the files will be named differenty or have a different path depending on the OS. I am aware of the core_permissions class demonstrated in the Puppet 3.0 Quick Start, and I have read Reduce Duplicated File Attributes here: https://groups.google.com/forum/?hl=en#!newtopic/puppet-users That document advocates setting a default set of attributes for the File resource, and then nest all the declarations inside one resource statement, like so: File { ensure = present, owner = root, group = root, mode = 644, } file { /etc/cobbler/modules.conf: content = template(cobbler/modules.conf); /etc/cobbler/dhcp.template: content = template(cobbler/dhcp.template); # override the permissions for this one file /etc/cobbler/users.digest: source = puppet:///modules/cobbler/users.digest.live, mode = 660; } This looks kind of ugly to me. Anyone figure out a nicer way to do this? I will only be checking ensure, mode, owner and group. I want the class to be readable to admins who are new to Puppet, but I don't want to have a separate file declaration for each file. Thanks. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] crapload of files to check permissions and ownership
Your link is for posting a new message to this group on Google Groups. Perhaps you wanted this: http://www.puppetcookbook.com/posts/remove-duplicated-file-resource-attributes.html You say you want to check file permission/ownership. Do you want to make any changes if things are not how you want them ? Subtle, but different. Any file managed by Puppet can be controlled. However, Puppet does not (directly) do anything to any file it does not manage. The above cookbook-example will not set permission/ownership to any file not explicitly managed. Do you plan to manage all these files in Puppet ? If not, another approach is needed. “Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us.” Bill Waterson (Calvin Hobbes) - Original Message - From: root clri.c0t...@gmail.com To: puppet-users@googlegroups.com Sent: Friday, August 2, 2013 2:29:27 PM Subject: [Puppet Users] crapload of files to check permissions and ownership Very new to Puppet and I need to create a class that checks the file permissions and ownership for 60- 100 files. Some of the files will be named differenty or have a different path depending on the OS. I am aware of the core_permissions class demonstrated in the Puppet 3.0 Quick Start, and I have read Reduce Duplicated File Attributes here: https://groups.google.com/forum/?hl=en#!newtopic/puppet-users That document advocates setting a default set of attributes for the File resource, and then nest all the declarations inside one resource statement, like so: File { ensure = present, owner = root, group = root, mode = 644, } file { /etc/cobbler/modules.conf: content = template(cobbler/modules.conf); /etc/cobbler/dhcp.template: content = template(cobbler/dhcp.template); # override the permissions for this one file /etc/cobbler/users.digest: source = puppet:///modules/cobbler/users.digest.live, mode = 660; } This looks kind of ugly to me. Anyone figure out a nicer way to do this? I will only be checking ensure, mode, owner and group. I want the class to be readable to admins who are new to Puppet, but I don't want to have a separate file declaration for each file. Thanks. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users . For more options, visit https://groups.google.com/groups/opt_out . -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Wildcards in file resourses -- yet another time
Hi Ivan, You can try putting the all file names in array variable and use that array variable in file resource. File resource of puppet support array structure. This might work. On Friday, August 2, 2013 2:09:32 PM UTC+5:30, Ivan Lysov wrote: Hi All! I want to grant spetial permissions on some core files. So it would be nice to use something like file { /var/lib/monitorium/core* : mode = 0644, } But that obviously doesn't work. Any people with the same problem i've googled used some workarounds like managing directories recursively or writing more complicated scripts. I can't manage the whole directory because of many other files inside and i don't want to extrabloat my manifests. What should i do? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: Wildcards in file resourses -- yet another time
+1 on that. exec a shell command. Look at it this way: How can you get the list of files without running a shell command ? Short answer: You cannot, so make it a chmod instead of an ls command and you are done. “Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us.” Bill Waterson (Calvin Hobbes) - Original Message - From: jcbollinger john.bollin...@stjude.org To: puppet-users@googlegroups.com Sent: Friday, August 2, 2013 9:03:21 AM Subject: [Puppet Users] Re: Wildcards in file resourses -- yet another time On Friday, August 2, 2013 3:39:32 AM UTC-5, Ivan Lysov wrote: Hi All! I want to grant spetial permissions on some core files. So it would be nice to use something like file { /var/lib/monitorium/core* : mode = 0644, } But that obviously doesn't work. Any people with the same problem i've googled used some workarounds like managing directories recursively or writing more complicated scripts. I can't manage the whole directory because of many other files inside and i don't want to extrabloat my manifests. What should i do? If you imagine declaring a single resource of a built-in type that encompasses multiple files inside a given directory, then that can only be structured as a recursive File resource aimed at the directory. Non-recursive Files always represent exactly one file / directory / symlink. Unfortunately, however, Puppet does not support what you are asking. The 'ignore' parameter is as close as it comes: with that you could manage all files in a given directory except those matching some glob, but you want the opposite selection criterion. As far as I can see, your best bet for a Puppet-based solution is an Exec. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users . For more options, visit https://groups.google.com/groups/opt_out . -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] crapload of files to check permissions and ownership
[Please respond to THE LIST and not directly/privately] OK, then if you want to manage 100+ files, you need to either LIST 100+ files or manage the file tree using the 'recurse' parameter. There is another thread here recently asking about wildcards in file resources. They were told that wildcards do not work for that. - Original Message - From: root clri.c0t...@gmail.com To: y...@comcast.net Sent: Friday, August 2, 2013 3:00:19 PM Subject: Re: [Puppet Users] crapload of files to check permissions and ownership Yes, my link is not correct, i meant to link to the puppet cookbook page. I do want to mange and change the files. Thanks. On Friday, August 2, 2013 2:45:01 PM UTC-4, Ygor wrote: Your link is for posting a new message to this group on Google Groups. Perhaps you wanted this: http://www.puppetcookbook.com/posts/remove-duplicated-file-resource-attributes.html You say you want to check file permission/ownership. Do you want to make any changes if things are not how you want them ? Subtle, but different. Any file managed by Puppet can be controlled. However, Puppet does not (directly) do anything to any file it does not manage. The above cookbook-example will not set permission/ownership to any file not explicitly managed. Do you plan to manage all these files in Puppet ? If not, another approach is needed. “Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us.” Bill Waterson (Calvin Hobbes) From: root clri@gmail.com To: puppet...@googlegroups.com Sent: Friday, August 2, 2013 2:29:27 PM Subject: [Puppet Users] crapload of files to check permissions and ownership Very new to Puppet and I need to create a class that checks the file permissions and ownership for 60- 100 files. Some of the files will be named differenty or have a different path depending on the OS. I am aware of the core_permissions class demonstrated in the Puppet 3.0 Quick Start, and I have read Reduce Duplicated File Attributes here: https://groups.google.com/forum/?hl=en#!newtopic/puppet-users That document advocates setting a default set of attributes for the File resource, and then nest all the declarations inside one resource statement, like so: File { ensure = present, owner = root, group = root, mode = 644, } file { /etc/cobbler/modules.conf: content = template(cobbler/modules.conf); /etc/cobbler/dhcp.template: content = template(cobbler/dhcp.template); # override the permissions for this one file /etc/cobbler/users.digest: source = puppet:///modules/cobbler/users.digest.live, mode = 660; } This looks kind of ugly to me. Anyone figure out a nicer way to do this? I will only be checking ensure, mode, owner and group. I want the class to be readable to admins who are new to Puppet, but I don't want to have a separate file declaration for each file. Thanks. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com . To post to this group, send email to puppet...@googlegroups.com . Visit this group at http://groups.google.com/group/puppet-users . For more options, visit https://groups.google.com/groups/opt_out . -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] It's my mistake or a bug about define a variable in class?
Version: puppet-3.2.3-1.el6.noarch.rpm -- I just try to create a class as parameters container like this: cat /etc/puppet/modules/ssh/manifests/params.pp EOF class ssh::params { $ssh_package_name = $::operatingsystem ? { 'solaris' = 'openssh', 'centos' = 'openssh-server', } } EOF but there is an error in agent like this: Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Syntax error at '='; expected '}' at /etc/puppet/modules/ssh/manifests/params.pp:2 on node basecentos.mhszdomain.com I saw it in the manual like this: ---Error again... $group = $operatingsystem ? { solaris = 'sysadmin', default = 'wheel', } then I try different type of it: ---Error again... class ssh::params { $ssh_package_name = $::operatingsystem ? { 'solaris' = 'openssh', 'centos' = 'openssh-server' } } ---Error again... class ssh::params { $ssh_package_name = $::operatingsystem ? { solaris = 'openssh', centos = 'openssh-server', } } ---Error again... class ssh::params { $ssh_package_name = $::operatingsystem ? { solaris = 'openssh', 'centos' = 'openssh-server', } } ---Error again... class ssh::params { $sshss = $operatingsystem ? { solaris = 'openssh' } } ---Error again... class ssh::params { $sshss = $operatingsystem ? { 'solaris' = 'openssh' } } so..what happens? does anyone could help me? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Exporting Load Balancer Worker Resources
Hi, Recently i've studying puppet by reading and doing the examples from this book: Pro puppet. books.sysadmins.su/system/files/Pro.Puppet.pdf On page 145 from this book there is example about Exporting Load Balancer Worker Resources. I created the files inside already existing apache module. /etc/puppet/modules/apache/manifests/balancermember.pp define apache::balancermember($url) { file { /etc/httpd/conf.d.members/worker_${name}.conf: ensure = file, owner = 0, group = 0, mode = 644, content = Balancermember $url \n, } } /etc/puppet/modules/apache/manifests/worker.pp class apache::worker { @@balancermember { ${fqdn}: url = http://${fqdn}:18140;, } } /etc/puppet/modules/apache/manifests/loadbalancer_members.pp class apache::loadbalancer_members { Balancermember | | {notify = Service [apache], } } When I run puppet agent I get this error: err: Could not retrieve catalog from remote server: Error 400 on SERVER: Resource type balancermember doesn't exist at /etc/puppet/modules/apache/manifests/loadbalancer_members.pp:3 on node mail-test.sicom.pl After that I added include apache::worker line to this file. /etc/puppet/modules/apache/manifests/loadbalancer_members.pp class apache::loadbalancer_members { include apache::worker Balancermember | | {notify = Service [apache], } } And I got this error: err: Could not retrieve catalog from remote server: Error 400 on SERVER: Puppet::Parser::AST::Resource failed with error ArgumentError: Invalid resource type balancermember at /etc/puppet/modules/apache/manifests/worker.pp:4 on node mail-test.nr.sicom.pl On page 143 of this book there is very similar example with host keys management and it works like that on the same puppet master. What should I do to make it work ? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: open source Puppet 3 cannot compile catalog on newly built Puppetmaster
Hey Josh did you have an opprotunity to look into this issue? On Thursday, July 25, 2013 10:54:20 AM UTC-4, GregC wrote: Following the instructions from puppetlabs for yum install on Red Hat 6, no problems When I try to run a puppet test I get the following error, there are no manifest on the system at this time. [root@puppetmaster3:/etc/puppet/manifests]# puppet --version 3.2.3 [root@puppetmaster3:/etc/puppet/manifests]# puppet agent -tv --test Info: Retrieving plugin Error: Failed to apply catalog: undefined method `support_format?' for nil:NilClass I never had this issue when building a 2.6 or 2.7 puppetmaster, anyone know how to resolve this? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] puppet dashboard certificate request fails
Hi, if I send the certificate request from puppet dashboard to the puppet master, I get the error SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed The master log gives me this message: [2013-08-02 22:28:22] ERROR OpenSSL::SSL::SSLError: SSL_accept returned=1 errno=0 state=SSLv3 read client certificate A: tlsv1 alert unknown ca /usr/lib64/ruby/vendor_ruby/1.9.1/puppet/network/http/webrick.rb:34:in `accept' /usr/lib64/ruby/vendor_ruby/1.9.1/puppet/network/http/webrick.rb:34:in `block (3 levels) in listen' /usr/lib64/ruby/1.9.1/webrick/server.rb:191:in `call' /usr/lib64/ruby/1.9.1/webrick/server.rb:191:in `block in start_thread' The puppet setup at all works fine. A have a lot of nodes connecting without problems to the master. The puppet dashboard runs on the same host like the puppet master. The dashboards collects reports successfully, too. It's openSuSE 12.2 with puppet 3.2.2, puppet-dashboard 1.2.23, ruby 1.9.3p392 and rake 0.9.2.2. Can anybody help? Thanks! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.