[Puppet Users] Re: Puppet and RH chkconfig
Hi Forrie, Puppet service resource *enable* property internally executes the chkconfig command for red hat, This property behaves quite differently depending on the platform; wherever possible, it relies on local tools to enable or disable a given service.You can confirm the facter *osfamily *returns *redhat *or not. Use provider = redhat along with enable property. Thanks and Regards, Rahul Khengare, NTT DATA OSS Center, Pune, India. On Thursday, September 12, 2013 3:54:51 AM UTC+5:30, Forrie wrote: I've been trying to follow several threads around Google about Puppet and it's use (or non-use) of chkconfig on RH Linux. What prompted me to do this is I noticed that Puppet is, correctly, repeatedly logging that it is changing a services from ON to OFF. Funny, I thought I had disabled that with: service { ip6tables: enable = false, ensure = stopped, } Which certainly works, but it doesn't disable the service (ie: chkconfig servicename off) -- it seems like there should be a provider that correctly integrates with the system chkconfig -- I realize that not all init scripts honor that, and for that folks can do whatever. This is a basic functionality of RH Linux that enables, adds, deletes and otherwise alters the levels of basic services. Seems reasonable that Puppet could properly interact with it? We are up to Puppet 3.4.x now. I'm simply asking here as I didn't seem to find a definitive answer - a lot of code snippets and suggestions, I just wonder if this is on-tap for improvement or if someone has another, perhaps clever approach to working with this? Thanks! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] puppetdb query not working as expected
Yes, using postgresql here. It turns out I have another script pushing facts (without custom facts) into puppetdb, which messed up with puppetdb query outputs. After fixing that script, things are ok now here. Aaah, so it wasn't performance at all. Was that a custom script someone at your company had written, or some other 3rd party tool we should be on the lookout for? I only ask as others might hit the problem :-). ken. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] puppet healthcheck
Hi, I want to put a loadbalancer in front of puppet, this LB includes a healtcheck so it knows not to send requests to a server that is down. However the use of client certificates and pson make that a bit difficult, I should get puppet to return a 200 status message. I already changed auth.conf to include: path /status auth any method find allow * This allows a request on the status without a client certificate like this: curl -ksS -H Accept pson https://puppetmaster.local:8140/production/status/no_keyhttps://dppuwjep001:8140/production/status/no_key But this still gives a 400 HTTP status error on the load balancer since I can't get it to accept pson, meaning it marks the server as down. Is there a way to get puppet to return a 200 HTTP status on some page, perhaps a custom page? So to please the LB. I'm running puppet behind an apache with mod_passenger, and the LB is a Cisco ACE Best regards, Steven -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
RE: [Puppet Users] Re: Is it possible to install actual OS using puppet?
Take a look at razor https://puppetlabs.com/solutions/next-generation-provisioning https://github.com/puppetlabs/razor http://www.slideshare.net/PuppetLabs/puppetandrazor http://www.slideshare.net/PuppetLabs/razor-puppet Steven Subject: Re: [Puppet Users] Re: Is it possible to install actual OS using puppet? From: smcracr...@me.com Date: Wed, 11 Sep 2013 22:36:50 -0700 To: puppet-users@googlegroups.com One popular standard method is: + LDAP initial boot a box from Kickstart or equivalent deploying an appropriate basic OS image + Ensure the post-image-install script includes a puppet agent package and changes to let the box talk with a known puppet master and autostart the puppet agent at system boot + Write more and more and more Puppet patterns to customize the system for given uses NFS server, Database server, Mail server, Compute Server, etc. + Ensure no touch-the-cloud ideas ever appear in non-Puppet form. Nobody as superuser on boxes... The point is to move more of the OS config and continuous drift-prevention into puppet patterns which run 7x24 duringproduction or permit manual-only operation with post-mortem data capture (lsof, ps, top, sar, etc.) for security analysis, logging all changes either way to an audit trail to find out why change is happening, when, and to trace it down to root cause (busy/corrupted fingers, security compromises, phase-of-moon, gamma-rays, etc.) Further, your glove boxes become puppet-applied patterns which must go through a repository-sourced-and-dr'eddev/test/limited-prod/extended-prod. Additionals? On Sep 11, 2013, at 10:20 PM, Rahul Khengare rahulk1...@gmail.com wrote:Hi Rastio, I dont think that puppet do operating system installation. Puppet is configuration management tool, you can use puppet to configure any software and operating system settings after puppet get install on your machine.For automatic installation of operating system there is tools called kickstart, cobler, etc. Refer following blog link about puppet and operating system installation relation,http://puppetlabs.com/blog/your-os-installer-and-you Thanks and regards,Rahul Khengare,NTT DATA OSS Center, Pune, India. On Thursday, September 12, 2013 1:08:02 AM UTC+5:30, Rastio Hodul wrote:Hi,ideally I would like to crate bootable USB stick with, say, Ubuntu + Puppet on it. I would then use this USB stick on a blank computer to boot to it and install new OS (Ubuntu+WhateverIWant) on that blank computer. I know I can do WhateverIWant part, but can I install actual OS? Thanks. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out. --Stuart RHCE/RHCSA/Oracle DBA/Sun SA/Mensahttp://www.linkedin.com/in/stuartcracrafthttp://gnutech.us -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Ordering and templates question/issue
Hi John, On Wednesday, September 11, 2013 3:35:07 PM UTC+2, jcbollinger wrote: On Tuesday, September 10, 2013 8:53:10 AM UTC-5, sjr wrote: Hi John, thanks for your answer, first of all I must say I just wanted to experiment and learn, it's not like I'm going to put such awful hacks :-) in productionmostly because I guess it's easy they can be changed over the time as they are not part of puppet DSL and so, it can be harder to maintain and for other colleagues to understand. OK, now to the point...I forgot to include the node definition, sorry about that, it looks like: node hostname { class {'test1': } test1::print {'test11': message = 'test11', } test1::print {'test12': message = 'test13', } test1::print {'test13': message = 'test13', } So I understand that when you say I haven't defined any resource it's because I forgot to mention that part, right? Yes. If so, why the define types are not showing up in the file? You have not fully appreciated the implications of the evaluation-order dependency of scope.catalog.resources. The defined-type instances are not showing up in the file because their declarations have not yet been evaluated when the template is evaluated. Overall evaluation order is difficult to predict, and it is not stable with respect changes in your manifest set. I cannot emphasize strongly enough how important it is to avoid evaluation-order dependencies in your Puppet code. I see, I was expecting the template being evaluated later due to the ordering dependency I created but I guess I was missing the evaluation order...it's a bit clearer now. Also, as you can see in the content of the file I included in my previous message, Class[test1] was declared and showed in the content of the file, but the File resource itself was not there when the template was built. Of course it wasn't. The value of the File's 'content' parameter is generated by evaluating the template via the template() function (on the master, during catalog compilation, the same as all Puppet functions are executed). Puppet must compute the values of the resource's parameters before it can add the resource to the catalog. That makes lots of sense I have the feeling the template is evaluated before all this resources are present in the catalog...am I wrong? Is that expected behavior? As described above, in this case the template will reliably be evaluated before the File because the template evaluation is subsidiary to the File's declaration. Also, it happens that the template is evaluated before the three declarations of Test1::Print instances, but you should not over-interpret that result. In particular, you should not use it to try to predict evaluation order within other manifest sets. That should not be a problem, however, since you will be carefully avoiding code for which evaluation order males any difference. Right? Right ;-) John Thanks a lot for taking the time to throw some light to my confusion. Sergio. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] puppetdb query not working as expected
It's a custom script I wrote quite a while ago and I forgot about it ;) On Thu, Sep 12, 2013 at 3:34 AM, Ken Barber k...@puppetlabs.com wrote: Yes, using postgresql here. It turns out I have another script pushing facts (without custom facts) into puppetdb, which messed up with puppetdb query outputs. After fixing that script, things are ok now here. Aaah, so it wasn't performance at all. Was that a custom script someone at your company had written, or some other 3rd party tool we should be on the lookout for? I only ask as others might hit the problem :-). ken. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Purge puppet's reports
That makes sense. Thanks. “Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us.” Bill Waterson (Calvin Hobbes) - Original Message - From: Andrew G andrewgray1...@gmail.com To: puppet-users@googlegroups.com Sent: Thursday, September 12, 2013 1:28:26 AM Subject: Re: [Puppet Users] Purge puppet's reports hi dan, it applies only to any server with a shortform dnsname == puppet. the facter variable $hostname matches the puppet master server name. alternatively, remove the case statement, put it in it's own class and apply that class specifically to your puppetmaster server. Andrew On Thu, Sep 12, 2013 at 7:22 AM, Dan White y...@comcast.net wrote: OK, but the reports live on the puppetmaster. How do you get a list of hostnames to apply to this resource definition ? On Sep 10, 2013, at 10:12 PM, Andrew wrote: blockquote Using tidy to clean up logs, this is pretty self-explanatory, so I wont bother explaining :) case $hostname { /^puppet$/: { tidy { 'puppet::reports': path = '/var/lib/puppet/reports', matches = '*', age = '14d', backup = false, recurse = true, rmdirs = true, type = 'ctime', } # notify { debug: tidy command should run now: } } } Ciao, Andrew. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com . To post to this group, send email to puppet-users@googlegroups.com . Visit this group at http://groups.google.com/group/puppet-users . For more options, visit https://groups.google.com/groups/opt_out . -- You received this message because you are subscribed to a topic in the Google Groups Puppet Users group. To unsubscribe from this topic, visit https://groups.google.com/d/topic/puppet-users/q8vWDr3bn4Q/unsubscribe . To unsubscribe from this group and all its topics, send an email to puppet-users+unsubscr...@googlegroups.com . To post to this group, send email to puppet-users@googlegroups.com . Visit this group at http://groups.google.com/group/puppet-users . For more options, visit https://groups.google.com/groups/opt_out . /blockquote -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users . For more options, visit https://groups.google.com/groups/opt_out . -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: Resolving/ Expanding module puppet:/// URI in exec line
On 11 September 2013 23:55, slafreni...@b-e-f.org wrote: Ed, I am having trouble unzipping any tarball via Puppet. So I installed your module to see how you might have done it. It runs, it creates the javapath and copies the file... but I get the same error that I get on my modules... can I please ask how you made unzip work? I am on Ubuntu 10.4.1, and 2.6.4 (Puppet Enterprise 1.0). err: /Stage[main]/Apache-maven-v3/Exec[install_maven_v3]/returns: change from notrun to 0 failed: /bin/tar zxf /usr/local/java/apache-maven-3.0.3-bin.tar.gz returned 2 instead of one of [0] at /etc/puppetlabs/puppet/modules/apache-maven-v3/manifests/init.pp:18 What happens if you run '/bin/tar zxf /usr/local/java/apache-maven- 3.0.3-bin.tar.gz' from the command line? Additionally, you could change your manifest so that it executes 'pwd /bin/tar zxf /usr/local/java/apache-maven-3.0.3-bin.tar.gz' so that you can see what directory the contents of the file are being extracted to. My suspicion is that you're either extracting to the wrong directory, or the directory you're extracting to has incorrect permissions set on it or the tar file has incorrect permissions set on it. Regards, Matt. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Custom Fact undefined in manifests
On 9/11/13 4:28 PM, Denmat wrote: Hi, Do you have stdlib module installed? http://puppetlabs.com/blog/module-of-the-week-puppetlabsstdlib-puppetlabs-standard-library-part-3 No. I don't see stdlib listed as a requirement to using custom/external facts in the puppet docs: http://docs.puppetlabs.com/guides/custom_facts.html Is there a reason you think stdlib will fix this? David On 12/09/2013, at 1:12, David Thompson dthomp...@waisman.wisc.edu mailto:dthomp...@waisman.wisc.edu wrote: On 9/11/13 8:54 AM, jcbollinger wrote: Lack of response? This is a volunteer community forum, not a paid technical support service. Give it some time. No offense intended. I'm continually impressed by the effort made by the volunteers who watch this lists and provide so much help. Before you open a bug report, you should make sure that the file containing your custom fact(s) is readable by the Puppet agent service. That facter can read the file when you run it from the command line does not prove that. Even though the agent runs as a privileged user (or should), access could still be blocked in various ways, such as 1. Mandatory access controls (a.k.a. SELinux in enforcing mode) could allow you to read the file, but prevent the agent service from doing so. 2. If /etc/facter/facts.d is on an NFS-mounted filesystem that performs root-squashing, then the agent may have less permissions on it than you, personally, do. There are probably other means. Also, make sure Puppet is using the same Facter that you are using from the command line. If you have multiple versions installed then all manner of havoc might ensue. You might get multiple versions by installing them from gem or from source into different Ruby libraries, or into different parts of the same Ruby lib. All good ideas. An strace of puppet agent --test (and/or the test manifest above) shows that puppet is able to read the fact file (and, yes, it's on the local disk), and the the version of facter being loaded is the correct (and only) one (in my case, the RPM version 1.7.2, from /usr/lib/ruby/site_ruby/1.8/facter.rb and friends), and still show the custom facts as undef. Even if I reduce my custom facts to a single file containing a single trivial line (somefact=somevalue), the custom fact shows up in facter but not in puppet. I also get the same result when I pass the fact as yaml. I tried json, but got an error about missing the json gem, even though I have the puppetlabsdep rubygem-json RPM installed. -- David Thompson Waisman Center Brain Imaging and Behavior Lab 1500 Highland Ave. Room T133 Madison, WI 53705-2280 (608) 265-6608 dthompson (at) waisman (dot) wisc (dot) edu -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com mailto:puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com mailto:puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out. -- David Thompson Waisman Center Brain Imaging and Behavior Lab 1500 Highland Ave. Room T133 Madison, WI 53705-2280 (608) 265-6608 dthompson (at) waisman (dot) wisc (dot) edu -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: Incorrect return code for failed exec
Please log this at https://projects.puppetlabs.com/projects/puppet/issues/new In keywords, please put windows. Thanks. On Tue, Sep 10, 2013 at 11:29 AM, Igor Berger codewiz...@gmail.com wrote: Should log an issue about this someplace? On Tuesday, September 3, 2013 10:56:01 AM UTC-4, Igor Berger wrote: It returns 1053. The sc start command prints: [SC] StartService FAILED 1053: The service did not respond to the start or control request in a timely fashion. You can easily reproduce it by registering a service with a non-existing executable: sc create MyService binPath= C:\NotThere.exe Then add this to a test.cmd file: sc start MyService echo %errorlevel% On Tuesday, September 3, 2013 10:34:32 AM UTC-4, Rob Reynolds wrote: What does cmd /c sc start MyService return? On Tue, Sep 3, 2013 at 9:23 AM, Igor Berger codew...@gmail.com wrote: As I mentioned, I'm running into this issue when the service fails to start. sc start returns a failure, Puppet mentions it in the log file. The problem is that puppet apply returns 0 (success) to the shell when sc start fails. However, puppet apply --detailed-exitcodes returns a failure to the shell correctly. On Monday, September 2, 2013 1:51:31 AM UTC-4, Rahul Khengare wrote: Hi Igor, You can run sc start MyService command manually on your machine and check whether the service run correctly. Also check the environment parameters are set for that service. Can you explain your query in more detail manner. Thanks and Regards, Rahul Khengare, NTT DATA OSS Center, Pune, India. On Saturday, August 31, 2013 3:20:54 AM UTC+5:30, Igor Berger wrote: Hello, I'm running puppet agent standalone on Windows. The last step in the manifest is exec { 'start_service': command = sc start MyService }. When the service has a problem and doesn't start, Puppet logs: /Stage[main]//Exec[start_**servi**ce]/returns (err): change from notrun to 0 failed: sc start MyService returned 29 instead of one of [0] However, the %errorlevel% returned is still 0. However, if I use --detailed-exitcodes, the %errorlevel% is correctly set to 6. Regards, Igor. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.**com. To post to this group, send email to puppet...@googlegroups.com. Visit this group at http://groups.google.com/**group/puppet-usershttp://groups.google.com/group/puppet-users . For more options, visit https://groups.google.com/**groups/opt_outhttps://groups.google.com/groups/opt_out . -- Rob Reynolds Developer, Puppet Labs Join us at PuppetConf 2014, September 23-24 in San Francisco -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out. -- Rob Reynolds Developer, Puppet Labs Join us at PuppetConf 2014, September 23-24 in San Francisco -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: Purge puppet's reports
Be aware that this will create a file resource/checksum for EVERY file in that directory and may cause a heavy load on your system if you have a lot of reports. Trevor On Tue, Sep 10, 2013 at 10:12 PM, Andrew andrewgray1...@gmail.com wrote: Using tidy to clean up logs, this is pretty self-explanatory, so I wont bother explaining :) case $hostname { /^puppet$/: { tidy { 'puppet::reports': path = '/var/lib/puppet/reports', matches = '*', age = '14d', backup = false, recurse = true, rmdirs = true, type = 'ctime', } # notify { debug: tidy command should run now: } } } Ciao, Andrew. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out. -- Trevor Vaughan Vice President, Onyx Point, Inc (410) 541-6699 tvaug...@onyxpoint.com -- This account not approved for unencrypted proprietary information -- -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Puppet Master fails when dashboard is unreachable
Hi Chris, We've encountered this issue before. For us it's due to using dashboard as an ENC. When the master compiles the catalog it goes off to the ENC and gets node details. When the dashboard is down obviously the master can't retrieve what it needs so the catalog compilation fails. To test it comment out the lines to do with node_terminus in puppet.conf. I think there are two. Restart the master then switch off the dashboard. See if the puppet agent -t works. We weren't actually dashboard for the ENC capabilities so we removed the two lines and all was ok. AFAIK just using the reporting functionality will not stop the puppet run when the dashboard is down. Cheers, Josh -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: Purge puppet's reports
One thing I found after manually deleting gb's of reports was that they still exists in dashboard but failed to load when you click on them. Don't forget to run the command suggested in http://docs.puppetlabs.com/dashboard/manual/1.2/maintaining.html Josh -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Puppet and RH chkconfig
On Wednesday, September 11, 2013 5:24:51 PM UTC-5, Forrie wrote: I've been trying to follow several threads around Google about Puppet and it's use (or non-use) of chkconfig on RH Linux. What prompted me to do this is I noticed that Puppet is, correctly, repeatedly logging that it is changing a services from ON to OFF. Funny, I thought I had disabled that with: service { ip6tables: enable = false, ensure = stopped, } Which certainly works, but it doesn't disable the service (ie: chkconfig servicename off) -- it seems like there should be a provider that correctly integrates with the system chkconfig -- I realize that not all init scripts honor that, and for that folks can do whatever. This is a basic functionality of RH Linux that enables, adds, deletes and otherwise alters the levels of basic services. Seems reasonable that Puppet could properly interact with it? We are up to Puppet 3.4.x now. I'm simply asking here as I didn't seem to find a definitive answer - a lot of code snippets and suggestions, I just wonder if this is on-tap for improvement or if someone has another, perhaps clever approach to working with this? The default Service provider for RH-family systems certainly does use 'chkconfig' to disable services, and has done for as long as I have been involved with Puppet. It is limited in that it will only enable/disable for the current runlevel, but that is not usually a problem in practice. You can check whether Puppet has done this by looking at the output of '/sbin/chkconfig --list servicename'. Note that disabling a service does not mean that it cannot run -- neither in Puppet DSL nor in chkconfig -- it merely means that the service will not be automatically started when the system boots. That Puppet repeatedly logs service shutdowns on the same node means one of two things: 1. Something else keeps starting the service back up, or 2. Puppet is being fooled about the service running. Since you say that Puppet is *correctly* logging service shutdowns, I infer that you must be running into (1). John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: Is it possible to install actual OS using puppet?
On Thu, Sep 12, 2013 at 4:03 AM, Steven Nemetz snem...@hotmail.com wrote: Take a look at razor https://puppetlabs.com/solutions/next-generation-provisioning https://github.com/puppetlabs/razor http://www.slideshare.net/PuppetLabs/puppetandrazor http://www.slideshare.net/PuppetLabs/razor-puppet You should probably also be aware that Razor is currently being rewritten to provide a more stable base for future work; we hope to have that out soon™, but I can't make promises about the schedule there. There are more details on why in the first message of this thread: https://groups.google.com/forum/#!topic/puppet-razor/q4uCVMmUop0 Razor is awesome, but I would caution that you should expect to roll up your sleeves, pull on your developer hat, and at least be ready to diagnose and report bugs -- if not fix them -- if you plan on using it. -- Daniel Pittman ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: getting array of hostnames of clients
On Wednesday, September 11, 2013 8:46:23 PM UTC-5, Steve Wray wrote: On Wednesday, 11 September 2013 22:50:59 UTC+8, jcbollinger wrote: On Wednesday, September 11, 2013 2:49:50 AM UTC-5, Steve Wray wrote: I need to get an array of hostnames of clients of the puppet server. There doesn't seem to be a simple way to do this so I've tried a few methods. I've tried a curl expression in a fact like this: curl -s -k -H Accept: yaml https://localhost:8140/production/facts_search/search?facts.nodetypet=testnodes In other words, this is intended to retrieve the desired information via the master's REST API. I'm not quite making the connection here, however: how is putting that expression into a fact supposed to achieve your result? It was returning a list of hostnames of nodes before I started using puppetdb, but only on the puppetmaster itself. Do you mean you have a custom fact that executes that command and parses the YAML result to produce the desired array? That seems odd, because in that case 'localhost' probably would not resolve to the correct machine (it would be the client, not the master), and because the result is not a property of the node. Yes on the puppetmaster of course. Now, this used to work but doesn't any more. Between it working and now I've changed to using puppetdb. I'm not sure if theres a connection. The error returned is: Caught NoMethodError: undefined method `' for nil:NilClass There could be a connection. I have lately seen some evidence that puppetdb may not reliably escape fact values when it stores them. That would be a serious flaw, but I cannot confirm its existence. Alternatively, if you have also updated your master, then it may be that the data returned by the REST call has changed in form or content. Do you get what you expect if you run it from the command line? I get the error when I run it from the commandline, after seeing it not work in the fact running the curl commandline was the first thing I tried. The next thing I tried was to get each interesting node to create a file on the puppetmaster server. So I now have a bunch of files in /tmp/ with distinctive names which contain only the hostname of that puppet client. Yuck. Yuck indeed. But so far we haven't got any other way to get the list of nodes. I'm asking for a better solution. I have a fact which is supposed to cat these together and, with luck, turn them into an array at some time. What I currently have is this: Facts are properties of target nodes, and their values are evaluated there. Dropping a bunch of files on the master could allow the Puppet agent to collect data from them into a fact when it runs on the Puppet master server, but it cannot do anything for agents running on other nodes. Do you need the information on nodes other than the master? At this point in time the puppet master node will do but ultimately I need this list propagated to the smokeping server. What I am trying to avoid is hard-coding the list of smokeping slaves. Puppet configures the slaves themselves and it should be able to get a list of those slaves onto the smokeping server without me having to list them exhaustively and manually (and keep that list up to date). If I run facter on the commandline like this: FACTERLIB=/etc/puppet/modules/smokeping_prep/lib/facts facter nodelist I get the list I expect. On *which* command line? You could have the fact installed on the master, but not synced to clients. on the commandline on the puppet master of course, otherwise the FACTERLIB path wouldn't make any sense. The fact is being read on the puppet master node and supposedly going into that file but it isn't. I did say On the puppetmaster node definition I have this: and then the code thats supposed to put the fact into a file. Indeed you did. I am struggling with your setup a bit because you are going about things in a very unorthodox way. 1. You are collecting the Files only on the master, therefore only the master's $::nodelist fact could provide the information you want. Yes thats right. But it doesn't. 1. Facts are evaluated before catalog compilation, therefore even the master's $::nodelist fact would be perpetually one cycle behind. I don't think thats a problem. So, sorry, but I have three questions: 1. why isn't that curl getting the facts? Why is it getting this NoMethod error? Beats me. It might help for you to explain more fully how you are using it, and to present the curl output actually generated. I'm running the curl command ON the puppet master itself and that IS the output actually generated, the error. Here it is again: Caught NoMethodError: undefined method `' for nil:NilClass Oh. In that case, file a bug against Puppet about that. Even if the REST service no longer supports your query,
[Puppet Users] testing for truth, are the docs correct?
According to the documentation at http://docs.puppetlabs.com/puppet/2.7/reference/lang_conditional.html#if-statements, you can test for truth with syntax like this: if $is_virtual == 'true' { AFAICT that's not the case. The quotes around 'true' make the comparison always fail. Here's my test case class users { define u($managehome=true) { notice(The value is: ${managehome}) # == says it's true if $managehome == 'true' { notice(...yes, it is true) # == not reached } else{ notice(...no, it is false) # == this prints } } @u { mytest: managehome = false, } } include users realize Users::U[mytest] and these are the results $ puppet apply test.pp notice: Scope(Users::U[mytest]): The value is: true notice: Scope(Users::U[mytest]): ...no, it is false Removing the single quotes in the == comparison make the code work as expected. This is with 2.7.18. Am I misunderstanding something, or is this a problem in the documentation? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] testing for truth, are the docs correct?
- Original Message - From: Kevin G. kgo...@bepress.com To: puppet-users@googlegroups.com Sent: Thursday, September 12, 2013 3:56:30 PM Subject: [Puppet Users] testing for truth, are the docs correct? According to the documentation at http://docs.puppetlabs.com/puppet/2.7/reference/lang_conditional.html#if-statements, you can test for truth with syntax like this: if $is_virtual == 'true' { AFAICT that's not the case. The quotes around 'true' make the comparison always fail. Here's my test case is_virtual is a fact, all facts are strings so in this case 'true' is exactly what is needed :( -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: Using Puppet for remote config management of offline machines?
this blog by Chris McClimans might be of interest for you http://www.instantinfrastructure.org/ On 12 Sep 2013, at 20:13, jcbollinger john.bollin...@stjude.org wrote: On Wednesday, September 11, 2013 10:48:58 AM UTC-5, Brad Smith wrote: Hello all, I'm working with a Kenya-based non-profit (tunapanda.org) that uses OSS to provide computing resources to schools where bandwidth is either nonexistent or prohibitively expensive. We provide a customized Edubuntu/LTSP setup which will host local versions of useful online resources like Kahn Academy (via ka-lite), Wikipedia (via Wikipedia For Schools), etc. I'm serving as a sort of Linux/tech advisor to them, and am looking into ways to provide updates to configuration files on classroom servers that... Are not physically accessible to me Are not online (local reps can download updates to a USB drive and bring it to the server) Do not have much in the way of local technical expertise, so deployment will need to be fairly straightforward/scriptable I don't have much experience with tools like Puppet, Chef, etc, but after reading through some of the docs, it sounds like Puppet might be able to do exactly what I want. Before I put too much effort into it, I hope I can run my ideas by y'all for a sanity check and ask some questions: If I maintained a master image configured via a set of Puppet manifests, could I just periodically put those manifests online, have someone in Kenya download them to a USB drive, copy them to the server, and run puppy apply... on them? If they first backed up the server's previous set of manifests, would they be able to roll back changes in case of a problem? Is there a better approach? Any other suggestions for things (including tools other than Puppet) to look at? 1. Yes, absolutely. 2. No, not reliably. The old manifests could be re-applied, but that is not at all the same as a rollback. You cannot 'undo' application of a Puppet catalog because many of the actions Puppet performs to change the state of the system are inherently non-undoable. Execs are the poster child there, but they are by no means the only example. 3. Maybe. One possibility would be to provide full system images. Especially if you put user home directories on a separate file system, you could wipe and replace the system part of each machine to perform updates. The images could be tested pretty well in the lab before they are sent to the field, and they could be completely reverted by wiping again and putting an old image back in place. The update process would consume a lot more time, though, and you might have trouble with locally-installed software. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] testing for truth, are the docs correct?
if $is_virtual == 'true' { is_virtual is a fact, all facts are strings so in this case 'true' is exactly what is needed :( That's helpful, thanks, now I understand why it works in that case and why in my case this is what is needed: if $managehome == true { Since the documentation page is talking about conditional statements *in general*, and not just with facts. I might suggest that making that clear might avoid confusion on the part of people coming to that page looking to find how to make conditional comparisons in puppet. Who would I make that suggestion to, or this this the right forum for that? “If” Statements *“If” statements* take a booleanhttp://docs.puppetlabs.com/puppet/2.7/reference/lang_datatypes.html#booleans condition and an arbitrary block of Puppet code, and will only execute the block if the condition is true. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Puppet SSL cipher suites
Hey there, I looked up puppet.conf documentation and there doesn't seem to be any option to choose which SSL cipher suites are used for communication. Is there some way to configure which cipher suites are preferred? -- Gabriel Filion signature.asc Description: OpenPGP digital signature
Re: [Puppet Users] Re: Puppet ignores hiera completely
Thanks for the reply John. Here's my hiera.yaml file: --- :backends: - yaml :yaml: :datadir: /etc/puppet/%{::environment}/hieradata :hierarchy: - nodes/%{::clientcert} - roles/%{::esg_role} - common My puppet.conf file on the puppet master: [main] logdir=/var/log/puppet vardir=/var/lib/puppet ssldir=/var/lib/puppet/ssl rundir=/var/run/puppet templatedir=$confdir/templates server=puppet.eastsidegamestudio.com privatekeydir = $ssldir/private_keys { group = service } hostprivkey = $privatekeydir/$certname.pem { mode = 640 } pluginsync=true [master] # These are needed when the puppetmaster is run by passenger # and can safely be removed if webrick is used. ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY dns_alt_names = puppet.eastsidegamestudio.com autosign = $confdir/autosign.conf { owner = service, group = service, mode = 664 } [production] manifest = /etc/puppet/production/manifests/site.pp modulepath = /etc/puppet/production/modules fileserverconfig = /etc/puppet/production/fileserver.conf templatedir = /etc/puppet/production/templates/ [staging] manifest = /etc/puppet/staging/manifests/site.pp modulepath = /etc/puppet/staging/modules fileserverconfig = /etc/puppet/staging/fileserver.conf templatedir = /etc/puppet/staging/templates/ [development] manifest = /etc/puppet/development/manifests/site.pp modulepath = /etc/puppet/development/modules fileserverconfig = /etc/puppet/development/fileserver.conf templatedir = /etc/puppet/development/templates/ And finally, the agent node's puppet.conf: [main] logdir=/var/log/puppet vardir=/var/lib/puppet ssldir=/var/lib/puppet/ssl rundir=/var/run/puppet factpath=$vardir/lib/facter templatedir=$confdir/templates server=puppet.eastsidegamestudio.com [master] # These are needed when the puppetmaster is run by passenger # and can safely be removed if webrick is used. ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY [agent] environment=development I tried runnning the puppet agent and specifying the environment on the command line but it didn't make a difference.I also moved the environment directive in the agent conf file to the [main] section, but still no change. Running hiera from the command line with the same settings as the agent has, I get this: $ hiera -d classes ::environment=development ::esg_role=couchbase DEBUG: Thu Sep 12 17:45:31 + 2013: Hiera YAML backend starting DEBUG: Thu Sep 12 17:45:31 + 2013: Looking up classes in YAML backend DEBUG: Thu Sep 12 17:45:31 + 2013: Looking for data source roles/couchbase DEBUG: Thu Sep 12 17:45:31 + 2013: Found classes in roles/couchbase [{couchbase=nil}] Testing for fact esg_role on the agent node: $ facter esg_role couchbase For the record, my puppet version is 3.2.4, hiera is 1.2.1. Hope this helps. Regards, Guy On Thu, Sep 12, 2013 at 10:02 AM, jcbollinger john.bollin...@stjude.orgwrote: On Wednesday, September 11, 2013 5:50:18 PM UTC-5, Guy Knights wrote: I'm not sure at all what's going on here, but I've spent a lot of time reading over the puppet hiera docs and setting everything up, but when I run puppet agent it just seems to ignore the hiera setup completely. Both the puppet master and agent nodes have exactly the same versions of puppet and hiera (installed via the official puppet APT repository). I've laid out my hiera files like this: /etc/hiera/hiera.yaml, /etc/hiera/data/%{::**environment}, have symlinked both /etc/puppet/hiera.yaml and /etc/hiera.yaml to /etc/hiera/hiera.yaml, and have tested the hiera setup using the command line utility. All seems good. Puppet uses hiera only during catalog compilation, so agent nodes do not normally require it. Correspondingly, only hiera data residing on the master contribute to catalogs compiled by the master -- is that your problem? However, when I run puppet on the agent node it doesn't install any of the classes I've outlined in my hierarchy. I tried running the puppet master in debug mode to see if it was having problems locating the hiera config but it seems to locate it ok, eg. Debug: /File[/etc/puppet/hiera.yaml]: Autorequiring File[/etc/puppet]. At least, it doesn't appear to display any errors related to hiera. I'm really at a loss here. Any ideas? Are you anywhere instructing Puppet to include the classes listed in your hiera data in the catalog? You haven't really given us much to work with. Generally speaking, Puppet and hiera work. If they are not working for you, then the problem likely resides in the configuration, manifests, or data that you are feeding them. If you present a simple example that is failing for you, then we can probably help you sort it out. John -- You received this message because you are subscribed to a topic in the Google Groups Puppet Users group. To unsubscribe from this topic, visit https://groups.google.com/d/topic/puppet-users/9kdUVvrsr18/unsubscribe. To
[Puppet Users] How to create a simple, custom type?
On my file system, I have a classpath.txt file, which contains a java classpath. The classpath contains wildcards, and I need to remove the wildcards, and have it expanded out to list out all the .jar files individually. So, instead of classpath.txt containing: C:/lib1/*;C:/lib2/* I Need: C:/lib1/file_one.jar;C:/lib1/file_two.jar;C:/lib2/file_three.jar I already have the Ruby code to do this, I just need to somehow get Puppet to run this Ruby code. I figured I would need to create a custom type, which I've called classpath_expander. I would include this type in my manifest like this: classpath_expander { 'expand classpath.txt': path = C:/temp/classpath.txt } Currently, my type is defined like this: Puppet::Type.newtype(:classpath_expander) do @doc = Reads the classpass in a file, and expands out any wildcards. newparam(:name, :namevar = true) do desc 'An arbitrary name used as the identity of the resource.' end newparam(:path) do desc 'The path to the classpath file.' end end But at this point, I'm not sure where to put my Ruby code. All the documentation gives examples on how to use the ensurable property; however, I'm not sure that makes sense in this case, does it? If so, what would I need for each of the create, destroy, and exist? methods? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Using Puppet for remote config management of offline machines?
On Wednesday, September 11, 2013 10:48:58 AM UTC-5, Brad Smith wrote: Hello all, I'm working with a Kenya-based non-profit (tunapanda.org) that uses OSS to provide computing resources to schools where bandwidth is either nonexistent or prohibitively expensive. We provide a customized Edubuntu/LTSP setup which will host local versions of useful online resources like Kahn Academy (via ka-lite), Wikipedia (via Wikipedia For Schools), etc. I'm serving as a sort of Linux/tech advisor to them, and am looking into ways to provide updates to configuration files on classroom servers that... - Are not physically accessible to me - Are not online (local reps can download updates to a USB drive and bring it to the server) - Do not have much in the way of local technical expertise, so deployment will need to be fairly straightforward/scriptable I don't have much experience with tools like Puppet, Chef, etc, but after reading through some of the docs, it sounds like Puppet might be able to do exactly what I want. Before I put too much effort into it, I hope I can run my ideas by y'all for a sanity check and ask some questions: 1. If I maintained a master image configured via a set of Puppet manifests, could I just periodically put those manifests online, have someone in Kenya download them to a USB drive, copy them to the server, and run puppy apply... on them? 2. If they first backed up the server's previous set of manifests, would they be able to roll back changes in case of a problem? 3. Is there a better approach? Any other suggestions for things (including tools other than Puppet) to look at? 1. Yes, absolutely. 2. No, not reliably. The old manifests could be re-applied, but that is not at all the same as a rollback. You cannot 'undo' application of a Puppet catalog because many of the actions Puppet performs to change the state of the system are inherently non-undoable. Execs are the poster child there, but they are by no means the only example. 3. Maybe. One possibility would be to provide full system images. Especially if you put user home directories on a separate file system, you could wipe and replace the system part of each machine to perform updates. The images could be tested pretty well in the lab before they are sent to the field, and they could be completely reverted by wiping again and putting an old image back in place. The update process would consume a lot more time, though, and you might have trouble with locally-installed software. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] arnoudj/sudo and different versions of CentOS
Hello, Does anyone have an example of using the arnoudj/sudo module in a mixed environment with both CentOS 5 and 6? So far, my CentOS 6 servers are happy but my CentOS 5 servers are ignoring everything in /etc/sudoers.d/ Thank in advance! Greg -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
RE: [Puppet Users] arnoudj/sudo and different versions of CentOS
I don't know about the module you are using but things to verify: /etc/sudoers contains an include for /etc/sudoers.d Check that the version of sudo is new enough to support this. You may need to upgrade it. I had to on a number of my Redhat 5 servers Steven Date: Thu, 12 Sep 2013 15:01:30 -0700 From: gregc...@gmail.com To: puppet-users@googlegroups.com Subject: [Puppet Users] arnoudj/sudo and different versions of CentOS Hello, Does anyone have an example of using the arnoudj/sudo module in a mixed environment with both CentOS 5 and 6? So far, my CentOS 6 servers are happy but my CentOS 5 servers are ignoring everything in /etc/sudoers.d/ Thank in advance! Greg -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Puppet ignores hiera completely
On Wednesday, September 11, 2013 5:50:18 PM UTC-5, Guy Knights wrote: I'm not sure at all what's going on here, but I've spent a lot of time reading over the puppet hiera docs and setting everything up, but when I run puppet agent it just seems to ignore the hiera setup completely. Both the puppet master and agent nodes have exactly the same versions of puppet and hiera (installed via the official puppet APT repository). I've laid out my hiera files like this: /etc/hiera/hiera.yaml, /etc/hiera/data/%{::environment}, have symlinked both /etc/puppet/hiera.yaml and /etc/hiera.yaml to /etc/hiera/hiera.yaml, and have tested the hiera setup using the command line utility. All seems good. Puppet uses hiera only during catalog compilation, so agent nodes do not normally require it. Correspondingly, only hiera data residing on the master contribute to catalogs compiled by the master -- is that your problem? However, when I run puppet on the agent node it doesn't install any of the classes I've outlined in my hierarchy. I tried running the puppet master in debug mode to see if it was having problems locating the hiera config but it seems to locate it ok, eg. Debug: /File[/etc/puppet/hiera.yaml]: Autorequiring File[/etc/puppet]. At least, it doesn't appear to display any errors related to hiera. I'm really at a loss here. Any ideas? Are you anywhere instructing Puppet to include the classes listed in your hiera data in the catalog? You haven't really given us much to work with. Generally speaking, Puppet and hiera work. If they are not working for you, then the problem likely resides in the configuration, manifests, or data that you are feeding them. If you present a simple example that is failing for you, then we can probably help you sort it out. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Puppet SSL cipher suites
If you're running your puppet master via apache +passenger set in your apache configuration. On Sep 12, 2013 5:41 PM, Gabriel Filion lelu...@gmail.com wrote: Hey there, I looked up puppet.conf documentation and there doesn't seem to be any option to choose which SSL cipher suites are used for communication. Is there some way to configure which cipher suites are preferred? -- Gabriel Filion -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] arnoudj/sudo and different versions of CentOS
Steven, That seemed to do the trick - thanks!!! Greg On Thursday, September 12, 2013 4:30:33 PM UTC-7, Steven wrote: I don't know about the module you are using but things to verify: /etc/sudoers contains an include for /etc/sudoers.d Check that the version of sudo is new enough to support this. You may need to upgrade it. I had to on a number of my Redhat 5 servers Steven -- Date: Thu, 12 Sep 2013 15:01:30 -0700 From: greg...@gmail.com javascript: To: puppet...@googlegroups.com javascript: Subject: [Puppet Users] arnoudj/sudo and different versions of CentOS Hello, Does anyone have an example of using the arnoudj/sudo module in a mixed environment with both CentOS 5 and 6? So far, my CentOS 6 servers are happy but my CentOS 5 servers are ignoring everything in /etc/sudoers.d/ Thank in advance! Greg -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com javascript:. To post to this group, send email to puppet...@googlegroups.comjavascript: . Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] hostname appears in classes.txt
Although I have a node defined (puppet agent --test runs without error) the agent does not pick up files that it should be accessing and I've noticed that the hostname appears in classes.txt. Does anyone have a notion of what's happening? Could it be that my node isn't being recognized as belonging to the class defined on the server? Mark -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: Is it possible to install actual OS using puppet?
So I have done a full os install using baremetal on a seemingly harder platform- windows. https://github.com/rismoney/puppet-baremetal-windows Now windows has a lot of nuances so it should be easier in theory to do something similar starting from *nix. In essence I use a linux pxe server to boot a live image of an os with puppet installed, and then all the config is deployed to get endpoint to make it as expected. Based on a facter fact I know my host is in build mode or not. Its awesome and a build takes 20 min with no razor, only pure puppet, as all build config is backed in hiera. Most of the repo is dedicated to reproducability of the entire solution whereas the execution a puppet code is relatively small to make the os how I want it. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Java module woes
On Wednesday, September 11, 2013 3:54:11 PM UTC-5, Nathan Nobbe wrote: Hi everyone, Just getting into Puppet, so please bear with me :D I'm setting up a java module to keep an eye on the java installation on our RHEL machines. Quick background, RHEL ships openjdk, we need to use Oracle instead. I've gone ahead and put the latest oracle java6 RPM, * jre-6u45-linux-amd64*, on one of our puppet-managed boxes. Like many distributions, RHEL has a utility to manage multiple installations of java. I've already set the default version of java to the latest oracle, so java -version yields java version 1.6.0_45. Here is a dead simple java module to verify installation class java { package { 'jre-6u45-linux-amd64': ensure = installed, } } This works great, but suppose I change the default by hand, just to gauge puppet's reaction. sudo alternatives --set java /usr/lib/jvm/jre-1.6.0-openjdk.x86_64/bin/java java -version java version 1.6.0_24 Now, when I run sudo puppet agent --test, this is what comes out Error: Execution of '/usr/bin/yum -d 0 -e 0 -y install jre-6u45-linux-amd64' returned 1: Error: Nothing to do Error: /Stage[main]/Java/Package[jre-6u45-linux-amd64]/ensure: change from absent to present failed: Execution of '/usr/bin/yum -d 0 -e 0 -y install jre-6u45-linux-amd64' returned 1: Error: Nothing to do This is actually not what I expected, since* jre-6u45-linux-amd* is installed, just not set to be the default. Puppet seems to think the package is absent however, any thoughts on the reaction from puppet? Your expectation is right for what you presented, supposing that jre-6u45-linux-amd is the actual package name. The only way Puppet should ever present the error message you show is if the package in question is initially absent, but is installed while the agent is running. You should check that you are really using the correct package *name*, however. RPM packages can define logical facilities that they provide, which frequently have names similar to the package name. You can ask yum to install a logical facility by name, and it will find and install an RPM that provides it. Puppet, on the other hand, expects you to identify packages by their actual names, not indirectly by logical facility names. It checks which packages are already installed by querying the RPM database for the names of all installed packages (on RPM-based systems, by default). The result you showed is consistent with jre-6u45-linux-amd being a logical facility name instead of the actual package name. This command should tell you the actual package names of the JRE packages installed on your system: rpm -qa --qf '%{name}\n' | grep 'jre' My bet is that you'll find something like jre-6u45 in place of jre-6u45-linux-amd. Ultimately what I'd like to achieve is a smooth check / ensure that java is installed and at the correct version, but since this is an RPM from outside yum I'm running into a little trouble I don't think the trouble you described is related to your RPM not being in any of the configured repositories. On the other hand, I highly recommend that you create a local Yum repository for your organization, and put that RPM in it. It will not solve the issue you describe, I think, but it will make your life a lot easier in other ways. Puppet can configure your clients to know about the local repo -- see the Yumrepo resource type. . First off, I'd expect the above module to work, even when the correct version isn't configured. The next step in my mind would be to coax puppet into running sudo alternatives --set java /usr/java/jre1.6.0_45/bin/javaif the installation check succeeds, but the default isn't correctly set. I grabbed a *java_version* fact from another groups discussionhttps://groups.google.com/forum/#!topic/puppet-users/W67dvqS-GdU, and naively the module code would look something like this # if version check in package resource succeeds .. if($java_version != '1.6.0_45') # run sudo alternatives --set java /usr/java/jre1.6.0_45/bin/java A fact should only gather information, never alter the system. Instead, you can use the value of a fact to determine whether to instruct Puppet to alter the system. In this case, though, I wouldn't even bother with a fact: package { 'jre6u45': # or whatever the actual package name is ensure = 'installed' } exec { 'set_java_version': path = ['/usr/bin', '/bin', '/usr/sbin', '/sbin'], command = 'alternatives --set java /usr/java/jre1.6.0_45/bin/java', unless = java -version | grep -q '1\.6\.0_45', require = Package['jre6u45'] } HTH, John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com.
[Puppet Users] Refactoring my modules and moving from 2.7.x to 3.3 and have a few questions
Mostly surrounding if there are better(less hackish) ways of doing things. The first is the classic exported resource expiration problem. My existing modules use a wrapper that uses an inline template to call out to Ruby's Time function, set a timestamp, and set the resource to absent after an expiration period, a cleanup script then runs on the database node and purges exported resources that belong to nodes that would qualify as unresponsive + a grace period of a few days. I see I can now generify this a bit more with create_resources, but Is there a better or built-in way to do this now? The second involves puppet being declarative and the edge cases where you really need it not to be. A lot of times I wound up writing custom providers or lenses to skirt around this, but when that just wouldn't do(or was overkill), I used a rather hackish wrapper around Puppet::Provider::Collection. I'd either construct the Collection and then evaluate it(when I wanted the resources realized) or do an instance_eval to directly access the private collection method, followed by a map/collect to convert the selected resource into a hash, and return a entirely constructed array composed of said hashes. I was never quite able to figure out how I was supposed to pass in equery/vquery, so I wound up re-implementing those and the whole thing is pretty inefficient and a bit dangerous. All I really need to be able to do is collect say, all exported resources of type foo with target bar into an array so I can iterate through it in some of my templates where a provider is overkill and no lens is available. Is this possible yet, or are we still stuck on never allowing this? Thanks for any replies, --Nick -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Nagios Puppet Module - Multiple Service File Permissions Issues
On Wednesday, September 11, 2013 2:59:22 PM UTC-5, phundisk wrote: I am using the nagios puppet module to create and manage services via stored configurations. The original module, stored all service cheks in one file and this was causing my puppet run on my nagios server to take 30+ minutes. I have read here ( http://pieter.barrezeele.be/2009/05/11/puppet-and-nagios/) that if you split up the services files into multiple, puppet can run faster since it doesn't have to look through one huge file. I would like to split this up by host. (i.e. nagios_service_$::fqdn.cfg) One issue I am running into, is that the file that is created using the target method has the permissions of root:root 600, and thus nagios will crash when trying to read it since it does not have permissions. The original nagios_service file is controlled via the following... I could add each hostname below, but that does not scale well. Is there another way in which this can be more easily managed? You could do this: exec { 'make_nagios_config_readable': command = chmod 0644 ${nagios::defaults::vars::int_cfgdir}/conf.d/*.cfg, onlyif = find ${nagios::defaults::vars::int_cfgdir}/conf.d/* -maxdepth 0 -not -perm 0644 | grep -q '\.cfg', provider = 'sh', notify = Service['nagios'] } Nagios_command| | - Exec['make_nagios_config_readable'] Nagios_contact| | - Exec['make_nagios_config_readable'] Nagios_contactgroup| | - Exec['make_nagios_config_readable'] Nagios_host| | - Exec['make_nagios_config_readable'] Nagios_hostdependency| | - Exec['make_nagios_config_readable'] Nagios_hostescalation| | - Exec['make_nagios_config_readable'] Nagios_hostextinfo| | - Exec['make_nagios_config_readable'] Nagios_hostgroup| | - Exec['make_nagios_config_readable'] Nagios_service| | - Exec['make_nagios_config_readable'] Nagios_servicedependency| | - Exec['make_nagios_config_readable'] Nagios_serviceescalation| | - Exec['make_nagios_config_readable'] Nagios_serviceextinfo| | - Exec['make_nagios_config_readable'] Nagios_servicegroup| | - Exec['make_nagios_config_readable'] Nagios_timeperiod| | - Exec['make_nagios_config_readable'] John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: Puppet ignores hiera completely
Actually, one thing I've noticed while trying to troubleshoot this issue is that I can't see any evidence that puppet agent is using the environment specified in its config file. If I run puppet agent with the --debug flag there is no mention of the environment whatsoever. Is there any way to get puppet agent to tell me what environment it's using when it requests the catalogue from the master? Thanks, Guy On Thu, Sep 12, 2013 at 10:48 AM, Guy Knights g...@eastsidegamestudio.comwrote: Thanks for the reply John. Here's my hiera.yaml file: --- :backends: - yaml :yaml: :datadir: /etc/puppet/%{::environment}/hieradata :hierarchy: - nodes/%{::clientcert} - roles/%{::esg_role} - common My puppet.conf file on the puppet master: [main] logdir=/var/log/puppet vardir=/var/lib/puppet ssldir=/var/lib/puppet/ssl rundir=/var/run/puppet templatedir=$confdir/templates server=puppet.eastsidegamestudio.com privatekeydir = $ssldir/private_keys { group = service } hostprivkey = $privatekeydir/$certname.pem { mode = 640 } pluginsync=true [master] # These are needed when the puppetmaster is run by passenger # and can safely be removed if webrick is used. ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY dns_alt_names = puppet.eastsidegamestudio.com autosign = $confdir/autosign.conf { owner = service, group = service, mode = 664 } [production] manifest = /etc/puppet/production/manifests/site.pp modulepath = /etc/puppet/production/modules fileserverconfig = /etc/puppet/production/fileserver.conf templatedir = /etc/puppet/production/templates/ [staging] manifest = /etc/puppet/staging/manifests/site.pp modulepath = /etc/puppet/staging/modules fileserverconfig = /etc/puppet/staging/fileserver.conf templatedir = /etc/puppet/staging/templates/ [development] manifest = /etc/puppet/development/manifests/site.pp modulepath = /etc/puppet/development/modules fileserverconfig = /etc/puppet/development/fileserver.conf templatedir = /etc/puppet/development/templates/ And finally, the agent node's puppet.conf: [main] logdir=/var/log/puppet vardir=/var/lib/puppet ssldir=/var/lib/puppet/ssl rundir=/var/run/puppet factpath=$vardir/lib/facter templatedir=$confdir/templates server=puppet.eastsidegamestudio.com [master] # These are needed when the puppetmaster is run by passenger # and can safely be removed if webrick is used. ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY [agent] environment=development I tried runnning the puppet agent and specifying the environment on the command line but it didn't make a difference.I also moved the environment directive in the agent conf file to the [main] section, but still no change. Running hiera from the command line with the same settings as the agent has, I get this: $ hiera -d classes ::environment=development ::esg_role=couchbase DEBUG: Thu Sep 12 17:45:31 + 2013: Hiera YAML backend starting DEBUG: Thu Sep 12 17:45:31 + 2013: Looking up classes in YAML backend DEBUG: Thu Sep 12 17:45:31 + 2013: Looking for data source roles/couchbase DEBUG: Thu Sep 12 17:45:31 + 2013: Found classes in roles/couchbase [{couchbase=nil}] Testing for fact esg_role on the agent node: $ facter esg_role couchbase For the record, my puppet version is 3.2.4, hiera is 1.2.1. Hope this helps. Regards, Guy On Thu, Sep 12, 2013 at 10:02 AM, jcbollinger john.bollin...@stjude.orgwrote: On Wednesday, September 11, 2013 5:50:18 PM UTC-5, Guy Knights wrote: I'm not sure at all what's going on here, but I've spent a lot of time reading over the puppet hiera docs and setting everything up, but when I run puppet agent it just seems to ignore the hiera setup completely. Both the puppet master and agent nodes have exactly the same versions of puppet and hiera (installed via the official puppet APT repository). I've laid out my hiera files like this: /etc/hiera/hiera.yaml, /etc/hiera/data/%{::**environment}, have symlinked both /etc/puppet/hiera.yaml and /etc/hiera.yaml to /etc/hiera/hiera.yaml, and have tested the hiera setup using the command line utility. All seems good. Puppet uses hiera only during catalog compilation, so agent nodes do not normally require it. Correspondingly, only hiera data residing on the master contribute to catalogs compiled by the master -- is that your problem? However, when I run puppet on the agent node it doesn't install any of the classes I've outlined in my hierarchy. I tried running the puppet master in debug mode to see if it was having problems locating the hiera config but it seems to locate it ok, eg. Debug: /File[/etc/puppet/hiera.yaml]: Autorequiring File[/etc/puppet]. At least, it doesn't appear to display any errors related to hiera. I'm really at a loss here. Any ideas? Are you anywhere instructing Puppet to include the classes listed in your hiera data in the