[Puppet Users] Duplicate declaration
I have module, for which if I add the class in the UI and run the agent with --test it fails with the following error. But If I just add the include classname in the init class and run, it works. Any idea? Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Duplicate declaration: Class[classname] is already declared; cannot redeclare on node nfaxen-ubu1.fqdn Warning: Not using cache on failed catalog Error: Could not retrieve catalog; skipping run -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/142a44e2-e6bc-4658-82b5-a616275466ac%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Puppet Agent does not connect to master after installing Dashboard
I think the problem is with *merging Dashboard with Passenger*. What I need to have in my Apache config file? For *Passenger* I need to have in the Apache configuration file the lines: Listen 8140 VirtualHost *:8140 SSLEngine On SSLProtocol All -SSLv2 SSLCipherSuite HIGH:!ADH:RC4+RSA:-MEDIUM:-LOW:-EXP SSLCertificateFile /var/lib/puppet/ssl/certs/puppetsrv.domain.com.pem SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/puppetsrv.domain.com.pem SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem SSLCACertificateFile/var/lib/puppet/ssl/ca/ca_crt.pem SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem SSLVerifyClient optional SSLVerifyDepth 1 SSLOptions +StdEnvVars +ExportCertData RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e * DocumentRoot /usr/share/puppet/rack/puppetmasterd/public/* Directory /usr/share/puppet/rack/puppetmasterd/ Options -MultiViews AllowOverride all Order Allow,Deny Allow from All /Directory /VirtualHost but for *Dashboard* I need to have the lines: VirtualHost *:80 ServerName puppetsrv.domain.com *DocumentRoot /usr/share/puppet-dashboard/public/* Directory /usr/share/puppet-dashboard/public/ Options None AllowOverride AuthConfig Order Allow,Deny Allow from All /Directory ErrorLog /etc/httpd/logs/dashboard_error.log LogLevel warn CustomLog /etc/httpd/logs/dashboard_access.log Combined ServerSignature On /VirtualHost How can I merge between the 2 virtual host to make Passenger work with Dashboard? Any help is welcome. Thanks. On Tuesday, November 26, 2013 11:33:39 AM UTC+2, shlo@gmail.com wrote: Hi, I had Puppet + Passenger installed and working. Then I installed Dashboard on the puppet master. I had to change the apache configuration file and replace the virtual host I had when I install Passenger with contain: VirtualHost *:80 ServerName puppetsrv.domain.com DocumentRoot /usr/share/puppet-dashboard/public/ Directory /usr/share/puppet-dashboard/public/ Options None AllowOverride AuthConfig Order Allow,Deny Allow from All /Directory ErrorLog /etc/httpd/logs/dashboard_error.log LogLevel warn CustomLog /etc/httpd/logs/dashboard_access.log Combined ServerSignature On /VirtualHost Now when I run on the agent : puppet agent --no-daemonize --verbose I got the error: Notice: Starting Puppet client version 3.3.1 *Error: Failed to apply catalog: Connection refused - connect(2)* *Error: Could not send report: Connection refused - connect(2)* /usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:89:in `exit': no implicit conversion from nil to integer (TypeError) from /usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:89:in `run_in_fork' from /usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:86:in `fork' from /usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:86:in `run_in_fork' from /usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:41:in `run' and have no nodes in the Dashboard on the puppet master. How can I solve this problem? Thanks. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/24b43c10-77d6-45f8-a458-ab2af7c44a01%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] OSX 10.9 appdmg/pkgdmg
Hi, uhm, looking at your log, it would appear that the package in question is not part of your catalog at all. I gotta ask: Are you including the max-firefox class at all? Aside: Please note that dashes in class names are not strictly valid syntax and should be avoided. HTH, Felix On 11/23/2013 07:23 PM, Zachary Vida wrote: Trying to install dmg files with puppet. However, after running my manifest the .dmg file is never downloaded by curl. I tried pkgdmg and appdmg. I also tried using a local directory as the source. It seems to ignore any path I give as the source even totally bogus ones. ... Applying configuration version '1385230408' Debug: Finishing transaction 70179851846920 Debug: Storing state Debug: Stored state in 0.01 seconds Notice: Finished catalog run in 0.02 seconds -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/5295C181.1050304%40alumni.tu-berlin.de. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Puppet 3x Debian Wheezy and Phusion Passenger
Hi, what are the actual issues you are facing? What errors are being reported and where? Which howto are you using for the dashboard setup? On 11/23/2013 11:53 PM, Doe John wrote: Hello, I'm trying to install puppet-dashboard with Phusion Passenger. It seems to be a bugs or unsupported ruby 1.9 libraries I don't understand why puppet debian packages depends to ruby gem 1.9.1 and 1.9.3 who doesn't work If memory serves, 1.9.1 is merely a metapackage and gets you the correct 1.9 version. Not to worry, all packaged ruby versions are functional. Regards, Felix -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/5295C221.6070801%40alumni.tu-berlin.de. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Is it possible to puppet agent applies the config even when puppet master is unreachable?
On 11/24/2013 11:17 PM, Jo Rhett wrote: You want this: http://docs.puppetlabs.com/references/latest/configuration.html#usecacheonfailure +1 Also, note that --test explicitly disables this option, but it should default to enabled when *not* using --test, i.e. just --onetime --no-daemonize. On Nov 24, 2013, at 7:46 AM, Armindo Silva deathon2l...@gmail.com mailto:deathon2l...@gmail.com wrote: I have several windows machines that are manage using puppet. Some of the machines connect to master through a openvpn tunnel, so when the openvpn client's service is stopped (sometimes by a rogue user), the puppet agent does not apply the config. Is it possible make puppet agent use the cached configuration and apply the latest config it was able to fetch from the master? (which in my case includes ensuring the openvpn service is running). -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/5295C2C5.5040100%40alumni.tu-berlin.de. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Is it possible to puppet agent applies the config even when puppet master is unreachable?
- Original Message - From: Felix Frank felix.fr...@alumni.tu-berlin.de To: puppet-users@googlegroups.com Sent: Wednesday, November 27, 2013 10:00:37 AM Subject: Re: [Puppet Users] Is it possible to puppet agent applies the config even when puppet master is unreachable? On 11/24/2013 11:17 PM, Jo Rhett wrote: You want this: http://docs.puppetlabs.com/references/latest/configuration.html#usecacheonfailure +1 this will most likely not have the desired effect as the cache does not include files so those will fail. worse the cache can open you to really nasty edge cases where you have a catalog compiled for one set of manifests+files but if its reused later you might be getting files from a newer code base which will really spoil your day. The static catalog compiler thing will help with some of this - though still not for a offline master - but it has many bugs and questionable implementation mechanics :( You really want to think very very carefully before using the cache in production. I'd say this option should be off by default -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/3539321.208.1385546629664.JavaMail.zimbra%40devco.net. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] get a *structured* version of the puppet agent output
Thanks Ygor and R.I. Pienaar. that's exactly what i was looking for! Regards, David On Tuesday, November 26, 2013 8:27:20 PM UTC+1, Ygor wrote: Reference: http://docs.puppetlabs.com/puppet/3/reference/format_report.html Start with this: #!/usr/bin/ruby require 'puppet' if defined?(ARGV) filename = ARGV.first if defined?(filename) report = YAML.load_file(filename) print Report for : puts report.host print Started : puts report.time print Log count: puts report.logs.size print Metrics count: puts report.metrics.size print Resource Status count: puts report.resource_statuses.size print Status: puts report.status report.logs.each do |logg| puts LOG - if logg.file print File: puts logg.file end if logg.line print Line: puts logg.line end print Level: puts logg.level print Message: puts logg.message print Source: puts logg.source print Tags: puts logg.tags.join( ) print Time: puts logg.time end report.resource_statuses.keys.each do |kk| if report.resource_statuses[#{kk}].change_count 0 puts RESOURCE STATUS puts #{kk} report.resource_statuses[#{kk}].events.each do |line| print property: puts line.property print message: puts line.message print name: puts line.name print status: puts line.status print when: puts line.time end end end puts - end end -- Good luck. “Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us.” Bill Waterson (Calvin Hobbes) - Original Message - From: Stuart Cracraft smcra...@me.com javascript: To: puppet...@googlegroups.com javascript: Sent: Tuesday, November 26, 2013 2:10:53 PM Subject: Re: [Puppet Users] get a *structured* version of the puppet agent output Who will share a report generator for the yaml reports generated by puppet so that we do not have to reinvent wheel after wheel after wheel!! On Nov 26, 2013, at 11:08 AM, R.I.Pienaar r...@devco.netjavascript: wrote: - Original Message - From: Stuart Cracraft smcra...@gmail.com javascript: To: puppet...@googlegroups.com javascript: Sent: Tuesday, November 26, 2013 7:02:42 PM Subject: Re: [Puppet Users] get a *structured* version of the puppet agent output What we want is not more complexity, but more simplicity! I could go into puppet config print reportdir and then to its /var/lib/puppet/reports then to the host directories of interest and grep out message. But that seems a very sorry state of affairs. Puppetmasters speak UP! you do not need to grep out anything, as I showed you there is a ruby API for accessing this data. If you use PuppetDB it will also be able to store this information and it has APIs for extracting these logs in a structured manner. API access is about as much as you can hope for I think. Your alternatives are to write a logger plugin for Puppet that outputs JSON, I've done this and it was not clear sailing. -- You received this message because you are subscribed to a topic in the Google Groups Puppet Users group. To unsubscribe from this topic, visit https://groups.google.com/d/topic/puppet-users/cHpZlKkPmr4/unsubscribe. To unsubscribe from this group and all its topics, send an email to puppet-users...@googlegroups.com javascript:. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/1024951816.609.1385492893475.JavaMail.zimbra%40devco.net. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com javascript:. To view this
Re: [Puppet Users] can I pass a class or type to be executed into another class?
Hi, I think you're overcomplicating. I suppose you have something like class mywebapp { tomcat7::war { mywebapp: ... } } You can wrench your code inbetween if you slightly modify your defined type like so: define tomcat7::war(...) { file { tomcat7-war-file-$name: path = ${tomcat7::sites_dir}/${destFile}, notify = Exec[clean-tomcat7-war-$name], } exec { clean-tomcat7-war-$name: ... } } to make the interface more transparent. Then add to class mywebapp: exec { notify-loadbalancer: command = ... suscribe = File[tomcat7-war-file-mywebapp], before = Exec[clean-tomcat7-war-mywebapp], } This is not exactly clean design, of course (use this pattern in enough places and you've got a maintenance nightmare right on hand). If you *want* to make it clean, you will have little choice but to include the code in tomcat7::war after all, along with a new parameter to explicitly enable it (e.g. $do_notify_loadbalancer = false). If a compromise is acceptable, you may get away with making it somewhat generic like define tomcat7::war( ... $pre_cleanup_hook = ) { ... if $pre_cleanup_hook { exec { tomcat7-war-pch-$name: command = $pre_cleanup_hook, subscribe = File[...], before = Exec[...], } } ... } HTH, Felix On 11/26/2013 07:31 AM, Joshua Chaitin-Pollak wrote: what I would like to do is pass a parameter into tomcat::war so that if that the parameter is set, the class (or type) referenced in the parameter is Notified instead of Exec[clean_${tomcat7::sites_dir}/${contextPath}], and then Exec[clean_${tomcat7::sites_dir}/${contextPath}] would be notified AFTER my code. This would allow my code a chance to notify the load balancer and pause before cleaning and restarting tomcat. I don't want the special load-balancer code in tomcat::war, because it is unique to 'mywebapp'. Is there a way to do this at all? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/5295C8B3.8000705%40alumni.tu-berlin.de. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] puppet won't change user's password
Hi, no, it's not. What version of puppet are you using? To make sure there is nothing funny going on with your overall manifest structure, can you try this as root on the agent machine: puppet apply -e 'user { username: password = * }' For me, this yields Notice: /User[username]/password: changed password Notice: Finished catalog run in 0.53 seconds This is puppet 3.3.1. TIA, Felix On 11/26/2013 04:36 PM, Sergey Arlashin wrote: Hi! I'm trying to set password for a user. I do the following: user { username: password = '*', } And when I run puppet agent nothing happens. The password remains the same. But if I create a new user which doesn't exist yet, the password is set without any problems. Is this a normal behaviour of 'user' type? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/5295CA2A.1050102%40alumni.tu-berlin.de. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Warning: Unable to fetch my node definition, but the agent run will continue:
Hi, On 11/27/2013 02:01 AM, Shawn Parker wrote: Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Failed when searching for node puppetnode.localdomain: Failed to find puppetnode.localdomain via exec: Execution of '/etc/puppet/snc_enc.py puppetnode.localdomain' returned 1: I am using an external node classifier, not sure what I am doing wrong the ENC either does not work correctly, or the FQDN is not classified. What happens when you run /etc/puppet/snc_enc.py puppetnode.localdomain on the master? Take special notice of the return code. If it does work - how about with the permissions of the master process (i.e., user puppet)? HTH, Felix -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/5295CF76.30708%40alumni.tu-berlin.de. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] puppet won't change user's password
# uname -a Linux db-node2 3.2.0-55-generic #85-Ubuntu SMP Wed Oct 2 12:29:27 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux # cat /etc/issue Ubuntu 12.04.3 LTS \n \l # puppet -V 3.3.2 # cat /etc/passwd |grep ^testuser testuser:x:1002:1002::/home/testuser:/bin/sh # cat /etc/shadow |grep ^testuser testuser:$6$.JNdUYPK$KUcfD3urk5290LvluOE.wnCKoEibMqd2.uiT/X0ezS29JaXfk4T9K57ea/6mSU7Z/8ppi8IiNNV7bkVYc5p0s0:16036:0:9:7::: # puppet apply -e 'user { testuser: password = * }' Notice: Compiled catalog for db-node2.site in environment production in 0.07 seconds Notice: Finished catalog run in 0.08 seconds # cat /etc/shadow |grep ^testuser testuser:$6$.JNdUYPK$KUcfD3urk5290LvluOE.wnCKoEibMqd2.uiT/X0ezS29JaXfk4T9K57ea/6mSU7Z/8ppi8IiNNV7bkVYc5p0s0:16036:0:9:7::: -- Best regards, Sergey Arlashin On Nov 27, 2013, at 2:32 PM, Felix Frank felix.fr...@alumni.tu-berlin.de wrote: Hi, no, it's not. What version of puppet are you using? To make sure there is nothing funny going on with your overall manifest structure, can you try this as root on the agent machine: puppet apply -e 'user { username: password = * }' For me, this yields Notice: /User[username]/password: changed password Notice: Finished catalog run in 0.53 seconds This is puppet 3.3.1. TIA, Felix On 11/26/2013 04:36 PM, Sergey Arlashin wrote: Hi! I'm trying to set password for a user. I do the following: user { username: password = '*', } And when I run puppet agent nothing happens. The password remains the same. But if I create a new user which doesn't exist yet, the password is set without any problems. Is this a normal behaviour of 'user' type? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/5295CA2A.1050102%40alumni.tu-berlin.de. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/2689FC78-CD82-4ECF-A3F4-8B66DD2667ED%40gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] puppet won't change user's password
Ugh. So, does it work with other values (e.g., actual password hashes)? On 11/27/2013 11:57 AM, Sergey Arlashin wrote: # puppet apply -e 'user { testuser: password = * }' Notice: Compiled catalog for db-node2.site in environment production in 0.07 seconds Notice: Finished catalog run in 0.08 seconds # cat /etc/shadow |grep ^testuser testuser:$6$.JNdUYPK$KUcfD3urk5290LvluOE.wnCKoEibMqd2.uiT/X0ezS29JaXfk4T9K57ea/6mSU7Z/8ppi8IiNNV7bkVYc5p0s0:16036:0:9:7::: -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/5295D0C3.6090306%40alumni.tu-berlin.de. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] puppet won't change user's password
# puppet apply -e 'user { testuser: password = $6$MhRLkUTo$9RhLb3AfsO4HSxeHdLOLCPBj7LRH6vGOx1zPcvpfVRGOuJPczjEyaYoS3SyQ6MESctWarz2VDhD4ZT9wHe61v/ }' Notice: Compiled catalog for db-node2.site in environment production in 0.07 seconds Notice: Finished catalog run in 0.06 seconds Best regards, Sergey Arlashin On Nov 27, 2013, at 3:00 PM, Felix Frank felix.fr...@alumni.tu-berlin.de wrote: Ugh. So, does it work with other values (e.g., actual password hashes)? On 11/27/2013 11:57 AM, Sergey Arlashin wrote: # puppet apply -e 'user { testuser: password = * }' Notice: Compiled catalog for db-node2.site in environment production in 0.07 seconds Notice: Finished catalog run in 0.08 seconds # cat /etc/shadow |grep ^testuser testuser:$6$.JNdUYPK$KUcfD3urk5290LvluOE.wnCKoEibMqd2.uiT/X0ezS29JaXfk4T9K57ea/6mSU7Z/8ppi8IiNNV7bkVYc5p0s0:16036:0:9:7::: -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/5295D0C3.6090306%40alumni.tu-berlin.de. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CD1DE611-372E-4D93-9419-598FF52B663E%40gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] puppet won't change user's password
Hi, no good then. Please run again with an added -dv switch to puppet apply, and share the debug output. Thanks in advance. On 11/27/2013 12:02 PM, Sergey Arlashin wrote: # puppet apply -e 'user { testuser: password = $6$MhRLkUTo$9RhLb3AfsO4HSxeHdLOLCPBj7LRH6vGOx1zPcvpfVRGOuJPczjEyaYoS3SyQ6MESctWarz2VDhD4ZT9wHe61v/ }' Notice: Compiled catalog for db-node2.site in environment production in 0.07 seconds Notice: Finished catalog run in 0.06 seconds Best regards, Sergey Arlashin -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/5295D1DE.5030106%40alumni.tu-berlin.de. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] puppet won't change user's password
Seems to be useradd issue.. Debug: /User[testuser]: Provider useradd does not support features manages_passwords; not managing attribute password http://docs.puppetlabs.com/references/latest/type.html#user-provider-useradd: useradd User management via useradd and its ilk. Note that you will need to install Ruby’s shadow password library (often known as ruby-libshadow) if you wish to manage user passwords. So I installed libshadow and everything's working now! # puppet apply -e 'user { testuser: password = * }' Notice: Compiled catalog for db-node2.site in environment production in 0.08 seconds Notice: /User[testuser]/password: changed password Notice: Finished catalog run in 0.13 seconds Thank you! -- Best regards, Sergey Arlashin On Nov 27, 2013, at 3:05 PM, Felix Frank felix.fr...@alumni.tu-berlin.de wrote: Hi, no good then. Please run again with an added -dv switch to puppet apply, and share the debug output. Thanks in advance. On 11/27/2013 12:02 PM, Sergey Arlashin wrote: # puppet apply -e 'user { testuser: password = $6$MhRLkUTo$9RhLb3AfsO4HSxeHdLOLCPBj7LRH6vGOx1zPcvpfVRGOuJPczjEyaYoS3SyQ6MESctWarz2VDhD4ZT9wHe61v/ }' Notice: Compiled catalog for db-node2.site in environment production in 0.07 seconds Notice: Finished catalog run in 0.06 seconds Best regards, Sergey Arlashin -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/5295D1DE.5030106%40alumni.tu-berlin.de. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CBD5BDE1-3EF8-4004-8552-D1D898161113%40gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] puppet won't change user's password
Way to go! On 11/27/2013 12:12 PM, Sergey Arlashin wrote: So I installed libshadow and everything's working now! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/5295D4A9.9070101%40alumni.tu-berlin.de. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Status of Data in modules
Hey, Just to jump in at the end, (been following the thread) and looked at the implementatino of data in modules, but found that the complexity surrounding it was a bit much for people who were not experienced. Also, troubleshooting issues with data, i.e. some form of outcome of a puppet run that didn't match what was expected, created an extra overhead in trying to identify where the issue lied. We also really only want to return data for modules which are included on a host. I therefore wrote a wrapper function which essentially utilises the hierarchy but with an addition - modules/%{module_name}/%{klass} It retreives the classes from the API, using the node indirection. %{klass} gets defined in the scope as it iterates, (ephemeral_from) and merges the data it finds, so, if a module as a dependency on another module i.e. 'foreman' has sudo rules it requires, you could place those within modules/sudo/foreman.yaml so that you are containing data relating to a module, without managing different hierarchical configurations throught your module structure. For defaults, we defined that as modules/%{module_name}/defaults, which is the last in the hierarchy. This probably would haev been nicer if the data sources could utlises the returned classes in the hierarchy and naturally iterate over the array, to save the wrapper functinoaity to do it. Obviously this wouldn't solve all the problems faced with modules or the principles of the forge modules being usable easily out of the box, but it solved the issue we had in categorising data within modules. Thought i would mention our use case. Jon On Friday, 11 October 2013 19:09:23 UTC+1, Eric Sorenson wrote: Thanks to everyone who kicked the tires on the experimental data in modules feature included in Puppet 3.3.0. We got a lot of feedback, some cool proof-of-concept modules, and a definitive conclusion to the experiment. The idea of including a module-specific hiera backend is centered around one primary use case: replacing the 'params class pattern', a common idiom in Puppet modules that's described in the [Using Parameterized Classes][param-classes] guide. The problem that most testers ran into though is that for non-trivial modules they ended up having to re-implement the Puppet DSL logic encoded in their params.pp in convoluted, non-obvious ways. The solutions to this led to more contortions until we'd ended up with the ability to execute parser functions in the right-hand-side of a yaml value. So something which started out trying to help separate data from code ended up putting code back into data! Additionally, even after multiple attempts to simplify the surface area and user experience with the bindings system (described in ARM-9) that underlay the data-in-modules implementation, users still found its complexity daunting. There are some important bits of scaffolding (like an actual type system for Puppet!) that will prove valuable as more of the future parser and evaluator work that Henrik is building makes its way into the product, but in the final analysis the data in modules feature was the wrong vehicle to introduce them. Refocusing on the problems users were trying to solve (and here I have to give shout-outs to Ashley Penney for his [puppetlabs-ntp][] branch and the dynamic duo of Spencer Krug/William van Hevelingen for their [startrek][] module) and the problems with the 'params' pattern lent some clarity. We've gotten into a situation of disparity with regard to hiera and data bindings, because data bindings enable module _users_ to use their site-wide hiera data but don't provide moduel _authors_ the same affordance. But rather than introduce additional complexity, we can close the gap for existing code patterns. So the proposed solution at this point is: - enable an implicit data-binding lookup against the hiera-puppet backend for a value of 'classname::variable' in the file 'modules/classname/manifests/params.pp', which simplifies class definition and provides consistency with other hiera backends. As a module author, you'd still leave your logic for variables in params.pp, but they'd be implicitly looked up via data bindings as the class is declared, after consulting site-wide hiera. - remove the user-facing '--binder' functionality - fix known problems with the hiera-puppet lookups ([Redmine 15746][15746], namely, but if there are others that are important to you please speak up!) To show how this would work, I'll rework the ['smart parameter defaults' example][param-classes] I linked above, with my commentary behind `##` comments: # /etc/puppet/modules/webserver/manifests/params.pp class webserver::params { ## nothing changes here... $packages = $operatingsystem ? { /(?i-mx:ubuntu|debian)/= 'apache2', /(?i-mx:centos|fedora|redhat)/ = 'httpd', }
Re: [Puppet Users] puppet won't change user's password
Hi Dan, I hope this was indeed intended for the list, seeing as I just received two messages from you to me directly. Something wonky on your end? As for the issue below - in the OP's case, *no* run ever lead to a change of passwords. Cheers, Felix On 11/27/2013 12:46 PM, y...@comcast.net wrote: Why do you expect a password change on the second run ? From my observations, the parameter value has not changed between runs, so there is nothing to change. -Original Message- From: Felix Frank To: puppet-users Sent: November 27, 2013 at 5:32 AM Subject: Re: [Puppet Users] puppet won't change user's password Hi, no, it's not. What version of puppet are you using? To make sure there is nothing funny going on with your overall manifest structure, can you try this as root on the agent machine: puppet apply -e 'user { username: password = * }' For me, this yields Notice: /User[username]/password: changed password Notice: Finished catalog run in 0.53 seconds This is puppet 3.3.1. TIA, Felix On 11/26/2013 04:36 PM, Sergey Arlashin wrote: Hi! I'm trying to set password for a user. I do the following: user { username: password = '*', } And when I run puppet agent nothing happens. The password remains the same. But if I create a new user which doesn't exist yet, the password is set without any problems. Is this a normal behaviour of 'user' type? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/5295DE69.80104%40alumni.tu-berlin.de. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Puppet agent messages with rsyslog
Hi, I solved it with this: if $programname == 'puppet-agent' and $syslogseverity = '6' then /var/log/puppet/agent.log if $programname == 'puppet-agent' and $syslogseverity '3' then ~ Regards, Andreas -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/0542244c-633b-4ad5-a7e9-40bdf2298d9d%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Problem with PuppetDB and OpenSSL
Hi chaps, I run all my Puppetised servers on CentOS 6.4. Overnight there were a load of updates for CentOS including an update to openssl-1.0.1e-15.el6. Since installing the updates, PuppetDB is no longer working and seems to be having troubles with SSL. All my puppet nodes show: Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Failed to submit 'replace facts' command for radius-dev.nomadic-core.bris.ac.uk to PuppetDB at puppetdb.resnet.bris.ac.uk:8081: Connection refused - connect(2) The PuppetDB server shows: 2013-11-27 12:09:58,347 WARN [qtp1710594959-45] [io.nio] javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack? Has anyone else had this problem? Any tips? I recreated the PuppetDB certs but this didn't help. Thanks, Jonathan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/5295E13B.1020202%40bristol.ac.uk. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Duplicate declaration
I read the JCBollingers advice and removed the Class[blah blah] stuff and it worked... On Wednesday, 27 November 2013 15:02:18 UTC+5:30, Raj kumar V wrote: I have module, for which if I add the class in the UI and run the agent with --test it fails with the following error. But If I just add the include classname in the init class and run, it works. Any idea? Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Duplicate declaration: Class[classname] is already declared; cannot redeclare on node nfaxen-ubu1.fqdn Warning: Not using cache on failed catalog Error: Could not retrieve catalog; skipping run -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/b5cc713a-87ec-48c3-96d5-52a9d6f56c0c%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Is it possible to puppet agent applies the config even when puppet master is unreachable?
Hi, first thank you for all your answers :) I also dislike using cache on production, but if a node can not reach the master it should still be able to enforce the configuration it already received from the master. I tried several options on puppet.conf from the node *usecacheonfailure=trueuse_cached_catalog=trueignorecache=false* But I always get this error when running the puppet agent: *Error: Failed to apply catalog: A connection attempt failed because the connected party did notproperly respond after a period of time, or established connection failed because connected host has failed to respond. - connect(2)* Any ideas? Thank you. Armindo On Wednesday, November 27, 2013 10:03:49 AM UTC, R.I. Pienaar wrote: - Original Message - From: Felix Frank felix...@alumni.tu-berlin.de javascript: To: puppet...@googlegroups.com javascript: Sent: Wednesday, November 27, 2013 10:00:37 AM Subject: Re: [Puppet Users] Is it possible to puppet agent applies the config even when puppet master is unreachable? On 11/24/2013 11:17 PM, Jo Rhett wrote: You want this: http://docs.puppetlabs.com/references/latest/configuration.html#usecacheonfailure +1 this will most likely not have the desired effect as the cache does not include files so those will fail. worse the cache can open you to really nasty edge cases where you have a catalog compiled for one set of manifests+files but if its reused later you might be getting files from a newer code base which will really spoil your day. The static catalog compiler thing will help with some of this - though still not for a offline master - but it has many bugs and questionable implementation mechanics :( You really want to think very very carefully before using the cache in production. I'd say this option should be off by default -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/c007e54f-9848-4382-908a-e9d229bb44d8%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] puppet won't change user's password
Just my attention-to-detail before sufficient coffee :P I see down the thread that this was fixed. “Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us.” Bill Waterson (Calvin Hobbes) - Original Message - From: Felix Frank felix.fr...@alumni.tu-berlin.de To: Puppet Users puppet-users@googlegroups.com Sent: Wednesday, November 27, 2013 6:58:33 AM Subject: Re: [Puppet Users] puppet won't change user's password Hi Dan, I hope this was indeed intended for the list, seeing as I just received two messages from you to me directly. Something wonky on your end? As for the issue below - in the OP's case, *no* run ever lead to a change of passwords. Cheers, Felix On 11/27/2013 12:46 PM, y...@comcast.net wrote: Why do you expect a password change on the second run ? From my observations, the parameter value has not changed between runs, so there is nothing to change. -Original Message- From: Felix Frank To: puppet-users Sent: November 27, 2013 at 5:32 AM Subject: Re: [Puppet Users] puppet won't change user's password Hi, no, it's not. What version of puppet are you using? To make sure there is nothing funny going on with your overall manifest structure, can you try this as root on the agent machine: puppet apply -e 'user { username: password = * }' For me, this yields Notice: /User[username]/password: changed password Notice: Finished catalog run in 0.53 seconds This is puppet 3.3.1. TIA, Felix On 11/26/2013 04:36 PM, Sergey Arlashin wrote: Hi! I'm trying to set password for a user. I do the following: user { username: password = '*', } And when I run puppet agent nothing happens. The password remains the same. But if I create a new user which doesn't exist yet, the password is set without any problems. Is this a normal behaviour of 'user' type? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/5295DE69.80104%40alumni.tu-berlin.de. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/463767999.4761063.1385556227509.JavaMail.root%40sz0126a.westchester.pa.mail.comcast.net. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Nsclient install
I am trying to install NSClient on windows 2008r2 using the below manifest class nsclient ($nagiosservers) { if ($operatingsystem == windows) { file { 'C:/NSClient': ensure = directory, owner = 'Administrator', mode= '0755', } file { 'C:/NSClient/NSClient-0.3.9-x64.msi': ensure = present, owner = 'Administrator', mode= '0755', source = puppet:///modules/nsclient/NSClient-0.3.9-x64.msi, require = File['C:/NSClient'], } package { 'NSClient++ (x64)': ensure = installed, provider = 'windows', source = C:\\NSClient\\NSClient-0.3.9-x64.msi, require = File['C:/NSClient/NSClient-0.3.9-x64.msi'], } service { 'NSClient++ (x64)': ensure = running, enable = true, require = Package['NSClient++ (x64)'], } file { 'C:/Program Files/NSClient++/NSC.ini': ensure = file, owner = 'Administrator', mode= '0755', content = template(nsclient/NSC.ini.erb), require = Package['NSClient++ (x64)'], notify = Service['NSClient++ (x64)'], } file { 'C:/Program Files/NSClient++/scripts/check_bkp.bat': ensure = file, owner = 'SYSTEM', mode= '0755', source = 'puppet:///modules/nsclient/check_bkp.bat', require = Package['NSClient++ (x64)'], } } else { fail('This module is only supported on windows') } } I get the following errors during the initial run Info: /Stage[main]/Nsclient/File[C:/Program Files/NSClient++/NSC.ini]: Scheduling refresh of Service[NSClient++ (x64)] Error: /Stage[main]/Nsclient/Service[NSClient++ (x64)]: Could not evaluate: Cannot get status of NSClient++ (x64), error was: The specified service does not exist as an installed service. Error: /Stage[main]/Nsclient/Service[NSClient++ (x64)]: Failed to call refresh: Cannot get status of NSClient++ (x64), error was: The specified service does not exist as an installed service. Error: /Stage[main]/Nsclient/Service[NSClient++ (x64)]: Cannot get status of NSClient++ (x64), error was: The specified service does not exist as an installed service. If I run the following to list the services sc queryex type= service state= all | find DISPLAY_NAME There is a row that says DISPLAY_NAME: NSClient++ (x64) so the service is there puppet is just not starting it. any more runs of the agent return this error Error: /Stage[main]/Nsclient/Service[nsclient]: Could not evaluate: Cannot get status of NSClient++ (x64), error was: The specified service does not exist as an installed service. puppetmaster : 3.2.3 puppet agent : 3.1.1 Is there something wrong with my config or is puppet having a hard time with the special characters in the service display name ? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/4d96e34c-4cad-4472-aab5-c5137768e71a%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] scope for templates that is called from a class that includes the class that calls the template.
according to http://docs.puppetlabs.com/guides/scope_and_puppet.html about dynamic lookup from an included puppet file: puppet 2.7 warns about it, and puppet 3.2 stops working, as expected. however, about dynamic lookup from a template called on an included puppet file: both puppet 2.7 and puppet 3.2 it works, without even a warning. (see in red the below example) Why is that? And so, does this mean that dynamic lookup is bad from a puppet file, but not from a template file? See below a specific example: test.pp class c1 { $var = 'hello' notify {var from c1: $var: } include c2 } class c2 { notify {var from c2: $var: } file { '/tmp/file.txt': content = template('file.txt.erb'), } } class { c1: } file.txt.erb var from file.txt.erb: %= @var % running with puppet 2.7.19: $ puppet apply --templatedir templates/ test.pp *warning: Dynamic lookup of $var at /vagrant/t1/test.pp:8 is deprecated.*For more information, see http://docs.puppetlabs.com/guides/scope_and_puppet.html. To see the change in behavior, use the --debug flag. notice: var from c1: hello notice: /Stage[main]/C1/Notify[var from c1: hello]/message: defined 'message' as 'var from c1: hello' notice: /Stage[main]/C2/File[/tmp/file.txt]/ensure: defined content as '{md5}ea0d73f3957b0893f63e03cb9d8c9d98' *notice: var from c2: hello* notice: /Stage[main]/C2/Notify[var from c2: hello]/message: defined 'message' as 'var from c2: hello' notice: Finished catalog run in 0.05 seconds $ cat /tmp/file.txt *var from file.txt.erb: hello* running with puppet 3.3.2: $ puppet apply --templatedir templates/ test.pp Notice: Compiled catalog for mac4c.local in environment production in 0.16 seconds Notice: var from c1: hello Notice: /Stage[main]/C1/Notify[var from c1: hello]/message: defined 'message' as 'var from c1: hello' *Notice: var from c2: * Notice: /Stage[main]/C2/Notify[var from c2: ]/message: defined 'message' as 'var from c2: ' Notice: /Stage[main]/C2/File[/tmp/file.txt]/ensure: defined content as '{md5}ea0d73f3957b0893f63e03cb9d8c9d98' $ cat /tmp/file.txt *var from file.txt.erb: hello* -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/70380351-7612-4b51-b338-8bb7eadeac83%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Java REST Client to access Puppet API
Hi, I am building a Java RESTful Client to connect access Puppet Master services. While attempting this, I am unable to get SSLHandshake through. Can you pls let me know where I am going wrong: Puppet Master: puppetmaster.domain.com Java Client: javaclient.domain.com Obtained required signed certificates from puppetmaster.domain.com using: a. Run command *puppet cert --generate javaclient.domain.com* b. Obtained Signed Certificate from {ssldir}/certs/javaclient.domain.com.pem renamed it to javaclient.domain.com-cert.pem Private key from {ssldir}/private_keys/javaclient.domain.com.pem renamed it to javaclient.domain.com-key.pem c. Created PKCS12 keystore using *openssl pkcs12 -export -name myservercert -in javaclient.domain.com-cert.pem -inkey javaclient.domain.com-key.pem -out javaclient.domain.com.p12* d. Convert PKCS12 keystore into a JKS keystore using *keytool -importkeystore -destkeystore javaclient.domain.com.jks -srckeystore javaclient.domain.com.p12 -srcstoretype pkcs12 -alias myservercert* Now the keystore *javaclient.domain.com.jks* is used in the java application using the snippet KeyStore trustStore = KeyStore.getInstance(JKS); trustStore.load(new FileInputStream({javaclient.domain.com.jks path}), {Password}.toCharArray()); TrustManagerFactory tmf = TrustManagerFactory.getInstance(SunX509); tmf.init(trustStore); ctx = SSLContext.getInstance(SSL); ctx.init(null, tmf.getTrustManagers(), null); ClientConfig config = new DefaultClientConfig(); // Jersey API config.getProperties().put(HTTPSProperties.PROPERTY_HTTPS_PROPERTIES, new HTTPSProperties(hostnameVerifier, ctx)); The Java client fails to run with exception No trusted certficate found com.sun.jersey.api.client.ClientHandlerException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found at com.sun.jersey.client.urlconnection.URLConnectionClientHandler.handle(URLConnectionClientHandler.java:151) at com.sun.jersey.api.client.Client.handle(Client.java:648) at com.sun.jersey.api.client.WebResource.handle(WebResource.java:680) at com.sun.jersey.api.client.WebResource.access$200(WebResource.java:74) at com.sun.jersey.api.client.WebResource$Builder.get(WebResource.java:507) at test.JerseyRestAPI.executeRestAPI(JerseyRestAPI.java:105) at test.JerseyRestAPI.main(JerseyRestAPI.java:37) Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1884) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1341) at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:153) at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868) at sun.security.ssl.Handshaker.process_record(Handshaker.java:804) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323) at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:563) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1300) at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:468) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:338) at com.sun.jersey.client.urlconnection.URLConnectionClientHandler._invoke(URLConnectionClientHandler.java:249) at com.sun.jersey.client.urlconnection.URLConnectionClientHandler.handle(URLConnectionClientHandler.java:149) Can you suggest where I am going wrong - in creating Signed certificate on Puppet Master (or) creation of Keystore from the obtained certificate private-key? Thanks, Naveen. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/d1579151-ca08-43fb-9f31-d780b5b2d904%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] scope for templates that is called from a class that includes the class that calls the template.
and according to http://docs.puppetlabs.com/guides/templating.html *All of the variables visible in the current scope are available as Ruby instance variables* but out of the scope variables should be accessed by scope.lookupvar. so, why does the previous example works? why does file.txt get the 'hello' value? *var from file.txt.erb: hello* On Wednesday, November 27, 2013 2:40:41 PM UTC+1, David Portabella wrote: according to http://docs.puppetlabs.com/guides/scope_and_puppet.html about dynamic lookup from an included puppet file: puppet 2.7 warns about it, and puppet 3.2 stops working, as expected. however, about dynamic lookup from a template called on an included puppet file: both puppet 2.7 and puppet 3.2 it works, without even a warning. (see in red the below example) Why is that? And so, does this mean that dynamic lookup is bad from a puppet file, but not from a template file? See below a specific example: test.pp class c1 { $var = 'hello' notify {var from c1: $var: } include c2 } class c2 { notify {var from c2: $var: } file { '/tmp/file.txt': content = template('file.txt.erb'), } } class { c1: } file.txt.erb var from file.txt.erb: %= @var % running with puppet 2.7.19: $ puppet apply --templatedir templates/ test.pp *warning: Dynamic lookup of $var at /vagrant/t1/test.pp:8 is deprecated.*For more information, see http://docs.puppetlabs.com/guides/scope_and_puppet.html. To see the change in behavior, use the --debug flag. notice: var from c1: hello notice: /Stage[main]/C1/Notify[var from c1: hello]/message: defined 'message' as 'var from c1: hello' notice: /Stage[main]/C2/File[/tmp/file.txt]/ensure: defined content as '{md5}ea0d73f3957b0893f63e03cb9d8c9d98' *notice: var from c2: hello* notice: /Stage[main]/C2/Notify[var from c2: hello]/message: defined 'message' as 'var from c2: hello' notice: Finished catalog run in 0.05 seconds $ cat /tmp/file.txt *var from file.txt.erb: hello* running with puppet 3.3.2: $ puppet apply --templatedir templates/ test.pp Notice: Compiled catalog for mac4c.local in environment production in 0.16 seconds Notice: var from c1: hello Notice: /Stage[main]/C1/Notify[var from c1: hello]/message: defined 'message' as 'var from c1: hello' *Notice: var from c2: * Notice: /Stage[main]/C2/Notify[var from c2: ]/message: defined 'message' as 'var from c2: ' Notice: /Stage[main]/C2/File[/tmp/file.txt]/ensure: defined content as '{md5}ea0d73f3957b0893f63e03cb9d8c9d98' $ cat /tmp/file.txt *var from file.txt.erb: hello* -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/da8a8221-a5a7-4a1e-bec4-f9ae93b9f389%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Problem with PuppetDB and OpenSSL
I run all my Puppetised servers on CentOS 6.4. Overnight there were a load of updates for CentOS including an update to openssl-1.0.1e-15.el6. Since installing the updates, PuppetDB is no longer working and seems to be having troubles with SSL. All my puppet nodes show: Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Failed to submit 'replace facts' command for radius-dev.nomadic-core.bris.ac.uk to PuppetDB at puppetdb.resnet.bris.ac.uk:8081: Connection refused - connect(2) The PuppetDB server shows: 2013-11-27 12:09:58,347 WARN [qtp1710594959-45] [io.nio] javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack? Has anyone else had this problem? Any tips? I recreated the PuppetDB certs but this didn't help. This all sounds pretty serious, but something isn't quite right here with the information you have provided. This error: puppetdb.resnet.bris.ac.uk:8081: Connection refused - connect(2) Its very rare that a bug in a running piece of code/framework whatever will cause a connection refused (destination port unreachable) message on its own, its usually because the port and IP you are connecting to is wrong and your client never got to connect to your application. Thus its the kernel that returns the error, not the application. So generally, this doesn't marry up in my mind with this error message: 2013-11-27 12:09:58,347 WARN [qtp1710594959-45] [io.nio] javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack? This implies you _did_ connect. In short I almost believe these are somehow unrelated, or we're mixing errors here. The SSL error is most definitely concerning, but doesn't make sense with the connection refused message. A connection refused usually happens long before the client gets to the serving application, if you see what I mean :-). Can you test the port with 'telnet puppetdb.resnet.bris.ac.uk 8081' from the puppet master and confirm the connection refused manually? Also - can you make sure these errors truly to correlate? Try to reproduce both at the same time if you can. Also make sure no other traffic is going to the PuppetDB web server at the same time. The details for how the master connects to the PuppetDB instance is in /etc/puppet/puppetdb.conf, double check these are correct and that the hostname resolves to what you think it does. Also check you don't have any firewalling enabled, its rare but firewalls can throw destination port unreachable also. Now the SSL error is valid and concerning to me on a separate level. I have a whole bunch of questions though: * What _exact_ version of the JDK is PuppetDB using? The output of 'jinfo pid' (pid of the jvm process for puppetdb) would be helpful here, and the exact package revision from Centos. * What exact version of PuppetDB are you running? * Are you sure it was just openssl that was upgraded? Not java as well? Double check your yum.log or whatever. * Have you tried downgrading the recently upgraded packages to see if it solves it? If it was an upgrade that caused it, a downgrade and restart of PuppetDB should solve it in theory. I'd be interested if this works, and what packages you downgraded to. * Can you show the full stack trace from the PuppetDB log, if there is more to it. ken. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAE4bNTm9ZFkO%2B20u5eNAi_%2BSgKZQx2aF_ThGcSjCy8jnhcAx7A%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Problem with PuppetDB and OpenSSL
On Wed, Nov 27, 2013 at 9:55 AM, Ken Barber k...@puppetlabs.com wrote: I run all my Puppetised servers on CentOS 6.4. Overnight there were a load of updates for CentOS including an update to openssl-1.0.1e-15.el6. Since installing the updates, PuppetDB is no longer working and seems to be having troubles with SSL. All my puppet nodes show: Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Failed to submit 'replace facts' command for radius-dev.nomadic-core.bris.ac.uk to PuppetDB at puppetdb.resnet.bris.ac.uk:8081: Connection refused - connect(2) The PuppetDB server shows: 2013-11-27 12:09:58,347 WARN [qtp1710594959-45] [io.nio] javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack? Has anyone else had this problem? Any tips? I recreated the PuppetDB certs but this didn't help. This all sounds pretty serious, but something isn't quite right here with the information you have provided. This error: puppetdb.resnet.bris.ac.uk:8081: Connection refused - connect(2) Its very rare that a bug in a running piece of code/framework whatever will cause a connection refused (destination port unreachable) message on its own, its usually because the port and IP you are connecting to is wrong and your client never got to connect to your application. Thus its the kernel that returns the error, not the application. So generally, this doesn't marry up in my mind with this error message: 2013-11-27 12:09:58,347 WARN [qtp1710594959-45] [io.nio] javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack? This implies you _did_ connect. In short I almost believe these are somehow unrelated, or we're mixing errors here. The SSL error is most definitely concerning, but doesn't make sense with the connection refused message. A connection refused usually happens long before the client gets to the serving application, if you see what I mean :-). Can you test the port with 'telnet puppetdb.resnet.bris.ac.uk 8081' from the puppet master and confirm the connection refused manually? Also - can you make sure these errors truly to correlate? Try to reproduce both at the same time if you can. Also make sure no other traffic is going to the PuppetDB web server at the same time. The details for how the master connects to the PuppetDB instance is in /etc/puppet/puppetdb.conf, double check these are correct and that the hostname resolves to what you think it does. Also check you don't have any firewalling enabled, its rare but firewalls can throw destination port unreachable also. Now the SSL error is valid and concerning to me on a separate level. I have a whole bunch of questions though: * What _exact_ version of the JDK is PuppetDB using? The output of 'jinfo pid' (pid of the jvm process for puppetdb) would be helpful here, and the exact package revision from Centos. * What exact version of PuppetDB are you running? * Are you sure it was just openssl that was upgraded? Not java as well? Double check your yum.log or whatever. * Have you tried downgrading the recently upgraded packages to see if it solves it? If it was an upgrade that caused it, a downgrade and restart of PuppetDB should solve it in theory. I'd be interested if this works, and what packages you downgraded to. * Can you show the full stack trace from the PuppetDB log, if there is more to it. If your runnning jdk 6u26 or older you're probably hitting these bugs. I had this same error with the OpenDJ LDAP server a few years back and upgrading the JDK fixed it. http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6932403 http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=7025227 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CADaviKt5DNnOGb31_-1dWeXpEGX7L3eG34RBx5%3DYPGcCwXgDZQ%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] get a *structured* version of the puppet agent output
Thanks again! It is great to use the puppet report yaml files! here there is an example script that prints all resources statuses, then it filters them by taking only the services, then it filters them by taking only the services changed to running. test.ruby #!/usr/bin/ruby require 'puppet' filename = ARGV.first report = YAML.load_file(filename) rs = report.resource_statuses.values.sort_by{|r| r.resource} puts PRINT ALL RESOURCES STATUSES. rs.each do |r| puts #{r.change_count} #{r.events.map {|e| e.previous_value}} #{r.events.map {|e| e.desired_value}} #{r.resource} end puts PRINT ALL SERVICES. services = rs.select{|r| r.resource_type == 'Service'} services.each do |r| puts #{r.change_count} #{r.events.map {|e| e.previous_value}} #{r.events.map {|e| e.desired_value}} #{r.resource} end puts PRINT ALL SERVICES CHANGED TO RUNNING. services_changed_to_running = rs.select{|r| r.resource_type == 'Service' r.change_count 0 r.events.index { |e| e.desired_value == :running } != nil} services_changed_to_running.each do |r| puts #{r.change_count} #{r.events.map {|e| e.previous_value}} #{r.events.map {|e| e.desired_value}} #{r.resource} end example output: $ test.ruby /var/opt/lib/pe-puppet/reports/test/201311261645.yaml PRINT ALL RESOURCES STATUSES. 1 [:absent] [:directory] File[/var/app] 1 [:absent] [:file] File[/var/app/app.conf] 2 [0, 755] [91, 775] File[/var/log/tomcat6] 0 [] [] Filebucket[puppet] 1 [:absent] [:present] Group[release] 1 [:absent] [:present] Package[varnish] 0 [] [] Schedule[weekly] 1 [:stopped] [:running] Service[varnish] 0 [] [] Tidy[/etc/collectd.d/] 1 [/sbin/nologin] [/bin/bash] User[tomcat] ... PRINT ALL SERVICES. 1 [:stopped] [:running] Service[collectd] 1 [:stopped] [:running] Service[logstash-agent] 1 [:true] [:false] Service[logstash] 1 [:stopped] [:running] Service[nginx] 0 [] [] Service[rsyslog] 1 [:stopped] [:running] Service[statsd] 1 [:false] [:true] Service[supervisord] 1 [:stopped] [:running] Service[varnish] PRINT ALL SERVICES CHANGED TO RUNNING 1 [:stopped] [:running] Service[collectd] 1 [:stopped] [:running] Service[logstash-agent] 1 [:stopped] [:running] Service[nginx] 1 [:stopped] [:running] Service[statsd] 1 [:stopped] [:running] Service[varnish] -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/c70db1f6-b133-4290-a8e1-827ea239028b%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Problem with PuppetDB and OpenSSL
On 27/11/13 14:55, Ken Barber wrote: This all sounds pretty serious, but something isn't quite right here with the information you have provided. This error: puppetdb.resnet.bris.ac.uk:8081: Connection refused - connect(2) Its very rare that a bug in a running piece of code/framework whatever will cause a connection refused (destination port unreachable) message on its own, its usually because the port and IP you are connecting to is wrong and your client never got to connect to your application. Thus its the kernel that returns the error, not the application. Sorry, my mistake. This is the message I am getting - the above message was the result of some of my tinkering. Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Failed to submit 'replace facts' command for radius-dev.nomadic-core.bris.ac.uk to PuppetDB at puppetdb.resnet.bris.ac.uk:8081: SSL_connect returned=1 errno=0 state=SSLv3 read server key exchange B: EC lib Warning: Not using cache on failed catalog Error: Could not retrieve catalog; skipping run -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/52960C93.1000408%40bristol.ac.uk. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Problem with PuppetDB and OpenSSL
Oops, I was a bit premature firing off my previous response. Here are the responses to your questions - and thanks very much for your help. Sorry for the massive email... On 27/11/13 14:55, Ken Barber wrote: * What_exact_ version of the JDK is PuppetDB using? The output of 'jinfo pid' (pid of the jvm process for puppetdb) would be helpful here, and the exact package revision from Centos. [jg4461@puppetdb log]$ yum list installed java* Installed Packages java-1.6.0-openjdk.x86_64 1:1.6.0.0-1.66.1.13.0.el6 @cr java-1.6.0-openjdk-devel.x86_64 [jg4461@puppetdb log]$ sudo jinfo 12199 Attaching to process ID 12199, please wait... Debugger attached successfully. Server compiler detected. JVM version is 23.25-b01 Java System Properties: org.apache.kahadb.util.LockFile.lock./var/lib/puppetdb/mq/localhost/KahaDB/lock = Wed Nov 27 13:24:14 GMT 2013 java.runtime.name = OpenJDK Runtime Environment java.vm.version = 23.25-b01 sun.boot.library.path = /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/lib/amd64 java.vendor.url = http://java.sun.com/ java.vm.vendor = Sun Microsystems Inc. path.separator = : file.encoding.pkg = sun.io java.vm.name = OpenJDK 64-Bit Server VM sun.os.patch.level = unknown user.country = GB sun.java.launcher = SUN_STANDARD user.dir = / java.vm.specification.name = Java Virtual Machine Specification java.runtime.version = 1.6.0_28-b28 java.awt.graphicsenv = sun.awt.X11GraphicsEnvironment os.arch = amd64 java.endorsed.dirs = /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/lib/endorsed java.io.tmpdir = /tmp line.separator = java.vm.specification.vendor = Sun Microsystems Inc. os.name = Linux sun.jnu.encoding = ISO-8859-1 java.library.path = /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/lib/amd64/server:/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/lib/amd64:/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/../lib/amd64:/usr/java/packages/lib/amd64:/usr/lib64:/lib64:/lib:/usr/lib java.specification.name = Java Platform API Specification java.class.version = 50.0 sun.management.compiler = HotSpot 64-Bit Tiered Compilers os.version = 2.6.32-431.el6.x86_64 user.home = /usr/share/puppetdb user.timezone = Europe/London java.awt.printerjob = sun.print.PSPrinterJob file.encoding = ISO-8859-1 java.specification.version = 1.6 user.name = puppetdb java.class.path = /usr/share/puppetdb/puppetdb.jar java.vm.specification.version = 1.0 sun.arch.data.model = 64 sun.java.command = /usr/share/puppetdb/puppetdb.jar services -c /etc/puppetdb/conf.d java.home = /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre user.language = en java.specification.vendor = Sun Microsystems Inc. org.apache.kahadb.util.LockFile.lock./var/lib/puppetdb/mq/localhost/scheduler/lock = Wed Nov 27 13:24:14 GMT 2013 java.vm.info = mixed mode java.version = 1.6.0_28 java.ext.dirs = /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/lib/ext:/usr/java/packages/lib/ext sun.boot.class.path = /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/lib/resources.jar:/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/lib/rt.jar:/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/lib/sunrsasign.jar:/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/lib/jsse.jar:/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/lib/jce.jar:/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/lib/charsets.jar:/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/lib/jfr.jar:/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/lib/netx.jar:/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/lib/plugin.jar:/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/lib/rhino.jar:/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/classes java.vendor = Sun Microsystems Inc. file.separator = / java.vendor.url.bug = http://java.sun.com/cgi-bin/bugreport.cgi sun.io.unicode.encoding = UnicodeLittle sun.cpu.endian = little sun.cpu.isalist = VM Flags: -XX:OnOutOfMemoryError=kill -9 %p -Xmx192m -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/var/log/puppetdb/puppetdb-oom.hprof * What exact version of PuppetDB are you running? puppetdb-1.5.2-1.el6, from puppetlabs-products * Are you sure it was just openssl that was upgraded? Not java as well? Double check your yum.log or whatever. Hmm. Java was indeed updated. I'm not suyre which version we were running before - whatever was latest in the 1.6.0 series from CentOS 6 (including CR) Nov 27 10:18:22 Updated: 1:java-1.6.0-openjdk-1.6.0.0-1.66.1.13.0.el6.x86_64 * Have you tried downgrading the recently upgraded packages to see if it solves it? If it was an upgrade that caused it, a downgrade and restart of PuppetDB should solve it in theory. I'd be interested if this works, and what packages you downgraded to. I tried downgrading openssl which was not possible, because half the OS is pinned to the new version. I just noted that java-1.7.0 is available and I will try upgrading to that next, if you think that is a wise move. * Can you show the full stack trace from the PuppetDB log, if there is
Re: [Puppet Users] get a *structured* version of the puppet agent output
Very nice. I am still learning Ruby and this will help Thanks. “Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us.” Bill Waterson (Calvin Hobbes) - Original Message - From: David Portabella david.portabe...@gmail.com To: puppet-users@googlegroups.com Sent: Wednesday, November 27, 2013 10:12:48 AM Subject: Re: [Puppet Users] get a *structured* version of the puppet agent output Thanks again! It is great to use the puppet report yaml files! here there is an example script that prints all resources statuses, then it filters them by taking only the services, then it filters them by taking only the services changed to running. test.ruby #!/usr/bin/ruby require 'puppet' filename = ARGV.first report = YAML.load_file(filename) rs = report.resource_statuses.values.sort_by{|r| r.resource} puts PRINT ALL RESOURCES STATUSES. rs.each do |r| puts #{r.change_count} #{r.events.map {|e| e.previous_value}} #{r.events.map {|e| e.desired_value}} #{r.resource} end puts PRINT ALL SERVICES. services = rs.select{|r| r.resource_type == 'Service'} services.each do |r| puts #{r.change_count} #{r.events.map {|e| e.previous_value}} #{r.events.map {|e| e.desired_value}} #{r.resource} end puts PRINT ALL SERVICES CHANGED TO RUNNING. services_changed_to_running = rs.select{|r| r.resource_type == 'Service' r.change_count 0 r.events.index { |e| e.desired_value == :running } != nil} services_changed_to_running.each do |r| puts #{r.change_count} #{r.events.map {|e| e.previous_value}} #{r.events.map {|e| e.desired_value}} #{r.resource} end example output: $ test.ruby /var/opt/lib/pe-puppet/reports/test/201311261645.yaml PRINT ALL RESOURCES STATUSES. 1 [:absent] [:directory] File[/var/app] 1 [:absent] [:file] File[/var/app/app.conf] 2 [0, 755] [91, 775] File[/var/log/tomcat6] 0 [] [] Filebucket[puppet] 1 [:absent] [:present] Group[release] 1 [:absent] [:present] Package[varnish] 0 [] [] Schedule[weekly] 1 [:stopped] [:running] Service[varnish] 0 [] [] Tidy[/etc/collectd.d/] 1 [/sbin/nologin] [/bin/bash] User[tomcat] ... PRINT ALL SERVICES. 1 [:stopped] [:running] Service[collectd] 1 [:stopped] [:running] Service[logstash-agent] 1 [:true] [:false] Service[logstash] 1 [:stopped] [:running] Service[nginx] 0 [] [] Service[rsyslog] 1 [:stopped] [:running] Service[statsd] 1 [:false] [:true] Service[supervisord] 1 [:stopped] [:running] Service[varnish] PRINT ALL SERVICES CHANGED TO RUNNING 1 [:stopped] [:running] Service[collectd] 1 [:stopped] [:running] Service[logstash-agent] 1 [:stopped] [:running] Service[nginx] 1 [:stopped] [:running] Service[statsd] 1 [:stopped] [:running] Service[varnish] -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/c70db1f6-b133-4290-a8e1-827ea239028b%40googlegroups.com . For more options, visit https://groups.google.com/groups/opt_out . -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/1253465309.4764508.1385567092577.JavaMail.root%40sz0126a.westchester.pa.mail.comcast.net. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] puppet client automatic self enrollment to puppet enterprise
Hi I'm developing templates for vm cloud provisioning and would like to include puppet client in the template has anybody have knowledge or experience to assist with my objective of puppet client automatic self enrollment to puppet enterprise e.g. as a new vm is built Any help appreciated Regards Martin -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/a22ee4b3-375a-44fc-b891-731501057d33%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] get a *structured* version of the puppet agent output
+1 I've been using this script for the last month to view the last run details, and it works very well. Here at my shop I am not worried about changes, but I am worried about errors. I wrote a small Python script that queries PuppetDB (if you're not using it, use it) and reports if there were any errors on any nodes during their last run of the night (we do not run Puppet during trading hours). I also use Puppet Dashboard for at-a-glance sanity checking and as an easy way to drill down on unresponsive hosts and to easily view reports. The combination of these three tools work very well for me. Jeffrey. On Tue, Nov 26, 2013 at 1:15 PM, R.I.Pienaar r...@devco.net wrote: not everyone shares the same goals so everyone tend to write them, but here you go this is one I wrote http://www.devco.net/archives/2013/10/10/cli-report-viewer-for-puppet.php -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAMvPdm17zvpCCJfbxp%2BB_CkNGeY-QYfmdgpZoYoc0TnntAG3eQ%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] get a *structured* version of the puppet agent output
Get the book Learning Ruby. Worth it. On Nov 27, 2013, at 7:44 AM, Dan White y...@comcast.net wrote: Very nice. I am still learning Ruby and this will help Thanks. “Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us.” Bill Waterson (Calvin Hobbes) From: David Portabella david.portabe...@gmail.com To: puppet-users@googlegroups.com Sent: Wednesday, November 27, 2013 10:12:48 AM Subject: Re: [Puppet Users] get a *structured* version of the puppet agent output Thanks again! It is great to use the puppet report yaml files! here there is an example script that prints all resources statuses, then it filters them by taking only the services, then it filters them by taking only the services changed to running. test.ruby #!/usr/bin/ruby require 'puppet' filename = ARGV.first report = YAML.load_file(filename) rs = report.resource_statuses.values.sort_by{|r| r.resource} puts PRINT ALL RESOURCES STATUSES. rs.each do |r| puts #{r.change_count} #{r.events.map {|e| e.previous_value}} #{r.events.map {|e| e.desired_value}} #{r.resource} end puts PRINT ALL SERVICES. services = rs.select{|r| r.resource_type == 'Service'} services.each do |r| puts #{r.change_count} #{r.events.map {|e| e.previous_value}} #{r.events.map {|e| e.desired_value}} #{r.resource} end puts PRINT ALL SERVICES CHANGED TO RUNNING. services_changed_to_running = rs.select{|r| r.resource_type == 'Service' r.change_count 0 r.events.index { |e| e.desired_value == :running } != nil} services_changed_to_running.each do |r| puts #{r.change_count} #{r.events.map {|e| e.previous_value}} #{r.events.map {|e| e.desired_value}} #{r.resource} end example output: $ test.ruby /var/opt/lib/pe-puppet/reports/test/201311261645.yaml PRINT ALL RESOURCES STATUSES. 1 [:absent] [:directory] File[/var/app] 1 [:absent] [:file] File[/var/app/app.conf] 2 [0, 755] [91, 775] File[/var/log/tomcat6] 0 [] [] Filebucket[puppet] 1 [:absent] [:present] Group[release] 1 [:absent] [:present] Package[varnish] 0 [] [] Schedule[weekly] 1 [:stopped] [:running] Service[varnish] 0 [] [] Tidy[/etc/collectd.d/] 1 [/sbin/nologin] [/bin/bash] User[tomcat] ... PRINT ALL SERVICES. 1 [:stopped] [:running] Service[collectd] 1 [:stopped] [:running] Service[logstash-agent] 1 [:true] [:false] Service[logstash] 1 [:stopped] [:running] Service[nginx] 0 [] [] Service[rsyslog] 1 [:stopped] [:running] Service[statsd] 1 [:false] [:true] Service[supervisord] 1 [:stopped] [:running] Service[varnish] PRINT ALL SERVICES CHANGED TO RUNNING 1 [:stopped] [:running] Service[collectd] 1 [:stopped] [:running] Service[logstash-agent] 1 [:stopped] [:running] Service[nginx] 1 [:stopped] [:running] Service[statsd] 1 [:stopped] [:running] Service[varnish] -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/c70db1f6-b133-4290-a8e1-827ea239028b%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to a topic in the Google Groups Puppet Users group. To unsubscribe from this topic, visit https://groups.google.com/d/topic/puppet-users/cHpZlKkPmr4/unsubscribe. To unsubscribe from this group and all its topics, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/1253465309.4764508.1385567092577.JavaMail.root%40sz0126a.westchester.pa.mail.comcast.net. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/36085646-13B6-4457-A36B-B2C8F97A603E%40me.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] get a *structured* version of the puppet agent output
This one: http://shop.oreilly.com/product/9780596529864.do ? “Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us.” Bill Waterson (Calvin Hobbes) - Original Message - From: Stuart Cracraft smcracr...@me.com To: puppet-users@googlegroups.com Sent: Wednesday, November 27, 2013 11:00:00 AM Subject: Re: [Puppet Users] get a *structured* version of the puppet agent output Get the book Learning Ruby. Worth it. On Nov 27, 2013, at 7:44 AM, Dan White y...@comcast.net wrote: Very nice. I am still learning Ruby and this will help Thanks. “Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us.” Bill Waterson (Calvin Hobbes) - Original Message - From: David Portabella david.portabe...@gmail.com To: puppet-users@googlegroups.com Sent: Wednesday, November 27, 2013 10:12:48 AM Subject: Re: [Puppet Users] get a *structured* version of the puppet agent output Thanks again! It is great to use the puppet report yaml files! here there is an example script that prints all resources statuses, then it filters them by taking only the services, then it filters them by taking only the services changed to running. test.ruby #!/usr/bin/ruby require 'puppet' filename = ARGV.first report = YAML.load_file(filename) rs = report.resource_statuses.values.sort_by{|r| r.resource} puts PRINT ALL RESOURCES STATUSES. rs.each do |r| puts #{r.change_count} #{r.events.map {|e| e.previous_value}} #{r.events.map {|e| e.desired_value}} #{r.resource} end puts PRINT ALL SERVICES. services = rs.select{|r| r.resource_type == 'Service'} services.each do |r| puts #{r.change_count} #{r.events.map {|e| e.previous_value}} #{r.events.map {|e| e.desired_value}} #{r.resource} end puts PRINT ALL SERVICES CHANGED TO RUNNING. services_changed_to_running = rs.select{|r| r.resource_type == 'Service' r.change_count 0 r.events.index { |e| e.desired_value == :running } != nil} services_changed_to_running.each do |r| puts #{r.change_count} #{r.events.map {|e| e.previous_value}} #{r.events.map {|e| e.desired_value}} #{r.resource} end example output: $ test.ruby /var/opt/lib/pe-puppet/reports/test/201311261645.yaml PRINT ALL RESOURCES STATUSES. 1 [:absent] [:directory] File[/var/app] 1 [:absent] [:file] File[/var/app/app.conf] 2 [0, 755] [91, 775] File[/var/log/tomcat6] 0 [] [] Filebucket[puppet] 1 [:absent] [:present] Group[release] 1 [:absent] [:present] Package[varnish] 0 [] [] Schedule[weekly] 1 [:stopped] [:running] Service[varnish] 0 [] [] Tidy[/etc/collectd.d/] 1 [/sbin/nologin] [/bin/bash] User[tomcat] ... PRINT ALL SERVICES. 1 [:stopped] [:running] Service[collectd] 1 [:stopped] [:running] Service[logstash-agent] 1 [:true] [:false] Service[logstash] 1 [:stopped] [:running] Service[nginx] 0 [] [] Service[rsyslog] 1 [:stopped] [:running] Service[statsd] 1 [:false] [:true] Service[supervisord] 1 [:stopped] [:running] Service[varnish] PRINT ALL SERVICES CHANGED TO RUNNING 1 [:stopped] [:running] Service[collectd] 1 [:stopped] [:running] Service[logstash-agent] 1 [:stopped] [:running] Service[nginx] 1 [:stopped] [:running] Service[statsd] 1 [:stopped] [:running] Service[varnish] -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com . To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/c70db1f6-b133-4290-a8e1-827ea239028b%40googlegroups.com . For more options, visit https://groups.google.com/groups/opt_out . -- You received this message because you are subscribed to a topic in the Google Groups Puppet Users group. To unsubscribe from this topic, visit https://groups.google.com/d/topic/puppet-users/cHpZlKkPmr4/unsubscribe . To unsubscribe from this group and all its topics, send an email to puppet-users+unsubscr...@googlegroups.com . To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/1253465309.4764508.1385567092577.JavaMail.root%40sz0126a.westchester.pa.mail.comcast.net . For more options, visit https://groups.google.com/groups/opt_out . -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/36085646-13B6-4457-A36B-B2C8F97A603E%40me.com . For more options, visit https://groups.google.com/groups/opt_out . -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop
Re: [Puppet Users] Problem with PuppetDB and OpenSSL
Hmm, well I removed java-1.6.0-openjdk and installed java-1.7.0-openjdk. Reinstalled puppetdb, which pulled java-1.6.0-openjdk back in again, so the two javas were installed simultaneously. Restarted puppetdb and puppetmaster and everything works again I have no idea what was wrong. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/529619B2.7070504%40bristol.ac.uk. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Custom Functions and hash as parameter
Hi all, I try write a custom function My code: * $gluster = {* *'10.241.5.6' = '/data/gv0/brick1',* *'10.241.5.7' = '/data/gv0/brick1',* * }* * $a = glusterFunctions($gluster)* * notify{$a:}* My simple custom function: *require 'rubygems'* *module Puppet::Parser::Functions* *class GlusterFunctions* * def initialize(gluster)* *@gluster = gluster* * end* * def formatBricks()* *r = ''* *@gluster.each do |k,v|* * r += #{k}:#{v} * *end* *return r[0..-2]* * end* *end* * newfunction(:glusterFunctions, :type = :rvalue) do |args|* *gluster = args # with one argument args isn't an array* *g = GlusterFunctions.new(gluster)* *return g.formatBricks()* * end* *end* The notify: *notice: 10.241.5.7/data/gv0/brick110.241.5.6/data/gv0/brick1:* It's seems like if hash paremeter is converted in a string Why? Any solutions? Thanks -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/83967dbd-47b6-4c7d-8c19-314c053322f0%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Problem with PuppetDB and OpenSSL
On Nov 27, 2013, at 9:11 AM, Jonathan Gazeley jonathan.gaze...@bristol.ac.uk wrote: Hmm, well I removed java-1.6.0-openjdk and installed java-1.7.0-openjdk. Reinstalled puppetdb, which pulled java-1.6.0-openjdk back in again, so the two javas were installed simultaneously. Restarted puppetdb and puppetmaster and everything works again I have no idea what was wrong. Hmm, pulling in an older version jdk despite the presence of a newer one smells like a bug to me...can you file one against PuppetDB? We're touching that code right now, as we're actually in the process of deprecating use of JDK 1.6 with PuppetDB. So the upgrade situation you describe is something we should try and test. -- Deepak Giridharagopal / Puppet Labs -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/FCCB631E-F9CF-4DC7-A925-B681CAAA2D3F%40puppetlabs.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] package conflict resolution method:
I personally went the tiny class route, creating a module with a bunch of little classes for various packages. I opted for this route as it let me deal with naming differences between apt and yum, and let me do repo dependencies for stuff in Epel. Here is an example: https://github.com/TJNII/puppet-commonpackages/blob/master/manifests/python/argparse.pp I'm currently not making use of the forge, at this time I'm still rolling my own modules. So that's a bridge I'll likely have to cross later. -- On Tue, 19 Nov 2013 11:48:26 -0800 (PST) Matt Simmons band...@gmail.com wrote: Hi John, I'm new around here, but I'm also in the same situation as Tom, who started this thread. I was wondering if you could expound a little bit on the better solution that you mention. I write what I could refer to as third grade puppet, but I'd like to get better. When you suggest factoring out these resources into separate classes and modules, do you mean that, in essence, all possibly-shared resources should be in discrete modules or classes? How does that jive with modules included from Puppet Forge? Doesn't that mean refactoring everything you include there, as well? Thanks, and sorry for what I'm sure is an overly-basic question, --Matt Simmons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/20131127110935.660409a7%40TJNII-Desktop.rackspace.corp. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] OSX 10.9 appdmg/pkgdmg
Frank, I was doing a puppet apply --debug init.pp to get the output shown above. I forgot when apply manifest directly in that manner that I would need a have an include somewhere. I just removed my outside class as this is just a test at this point, and everything starting to work. Thanks for the help. On Wednesday, November 27, 2013 4:55:13 AM UTC-5, Felix.Frank wrote: Hi, uhm, looking at your log, it would appear that the package in question is not part of your catalog at all. I gotta ask: Are you including the max-firefox class at all? Aside: Please note that dashes in class names are not strictly valid syntax and should be avoided. HTH, Felix On 11/23/2013 07:23 PM, Zachary Vida wrote: Trying to install dmg files with puppet. However, after running my manifest the .dmg file is never downloaded by curl. I tried pkgdmg and appdmg. I also tried using a local directory as the source. It seems to ignore any path I give as the source even totally bogus ones. ... Applying configuration version '1385230408' Debug: Finishing transaction 70179851846920 Debug: Storing state Debug: Stored state in 0.01 seconds Notice: Finished catalog run in 0.02 seconds -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/aed1f51d-46f8-41a2-867c-3152fc13f77f%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Problem with facter/puppet on smartos
On Nov 22, 2013, at 9:57 AM, Don Jackson puppet-us...@clark-communications.com wrote: Trying to get puppet factor working on SmartOS. Installed first from pkgsrc, then upgraded puppet via gem. I've never had luck mingling them. Either use the version from your package manager, or use them installed from gem. They have different assumptions about where things belong on most platforms I've used, so you get an inconsistent experience. -- Jo Rhett Net Consonance : net philanthropy to improve open source and internet projects. Author of Instant Puppet 3 Starter: http://www.netconsonance.com/instant-puppet-3-starter-book/ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/9A5A8F93-6E11-48DC-8117-7674A25D3ECE%40netconsonance.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] analyzing Puppet's actions and proposed actions via comprehensive reporting
Anyone know of a Ruby, Perl, Python, Bash, etc. script to do this already written? Summarize /var/lib/puppet/reports/*all hosts*/*.yaml Assume infinite store in above. For any given period in the above, summarize: action that was performed by puppet or would be performed if in noop including the specific cli-command-line command equivalent (e.g. chmod xyz abc, etc.) number of times and dates/timetamps the actions were taken and what method of initiation was done (human-initiated, puppet-initiated, etc.) So that's it. I don't care what it's written in as I am not a Ruby purist. --Stuart -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/22c71b08-bc1a-454e-832e-910d0b2bc06e%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Custom Functions and hash as parameter
On 2013-27-11 17:33, Israel Calvete wrote: Hi all, I try write a custom function My code: / $gluster = {/ /'10.241.5.6' = '/data/gv0/brick1',/ /'10.241.5.7' = '/data/gv0/brick1',/ / }/ / / / $a = glusterFunctions($gluster)/ / / / notify{$a:}/ My simple custom function: /require 'rubygems'/ / / /module Puppet::Parser::Functions/ / / /class GlusterFunctions/ / / / def initialize(gluster)/ /@gluster = gluster/ / end/ / / / def formatBricks()/ /r = ''/ /@gluster.each do |k,v|/ / r += #{k}:#{v} / /end/ /return r[0..-2]/ / end/ /end/ / / / newfunction(:glusterFunctions, :type = :rvalue) do |args|/ /gluster = args *# with one argument args isn't an arra*y/ / / /g = GlusterFunctions.new(gluster)/ /return g.formatBricks()/ / end/ /end/ The notify: /notice: 10.241.5.7/data/gv0/brick110.241.5.6/data/gv0/brick1:/ It's seems like if hash paremeter is converted in a string Why? Any solutions? All functions get their arguments as an array. The first argument passed is found in args[0], the second in args[1], etc. You probably want to do this: gluster = args[0] unless gluster.is_a? Hash raise ArgumentError, glusterFunctions(): first arg must be a hash end Regards - henrik -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/l75qoo%24aqn%241%40ger.gmane.org. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] puppet client automatic self enrollment to puppet enterprise
There's nothing special. The only thing you'll need is either auto sign or automation on your side to pre-sign certs and deliver them to the VM. On Nov 27, 2013, at 6:30 AM, Martin Knott mkn...@novemgroup.co.uk wrote: I'm developing templates for vm cloud provisioning and would like to include puppet client in the template has anybody have knowledge or experience to assist with my objective of puppet client automatic self enrollment to puppet enterprise e.g. as a new vm is built Any help appreciated Regards Martin -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/a22ee4b3-375a-44fc-b891-731501057d33%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out. -- Jo Rhett Net Consonance : net philanthropy to improve open source and internet projects. Author of Instant Puppet 3 Starter: http://www.netconsonance.com/instant-puppet-3-starter-book/ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/8545EBD4-FDD4-45E2-823C-9556EB227732%40netconsonance.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] facter --timing does not show timing of external facts
From http://docs.puppetlabs.com/guides/custom_facts.html If you are interested in finding out where any bottlenecks are, you can run Facter in timing mode and it will reflect how long it takes to parse your external facts:facter --timingThe output should look similar to the timing for Ruby facts, but will name external facts with their full paths. For example:$ facter --timingkernel: 14.81ms/usr/lib/facter/ext/abc.sh: 48.72ms/usr/lib/facter/ext/foo.sh: 32.69ms/usr/lib/facter/ext/full.json: 104.71ms /usr/lib/facter/ext/sample.txt: 0.65ms However, from the output below you can see that facter is in fact loading external facts from script, but the timing data for that script is not being ouptut. [root@fisheye-10-0-2-15 dist]# facter --version 1.7.3 [root@fisheye-10-0-2-15 dist]# ls /etc/facter/facts.d/ service_discovery.sh [root@fisheye-10-0-2-15 dist]# /etc/facter/facts.d/service_discovery.sh environment=test vxml-generate_sqs=generateVXML ivr-publish_sqs=edgeConfig cassandra_keyspace=PureCloud cassandra_cluster=analytics analyticsApiSegmentIndexConsusmerMaxNumberOfMessages=1 analyticsApiSegmentIndexConsusmerWaitTimeSeconds=1 analyticsApiSegmentIndexConsusmerVisibilityTimeout=1 [root@fisheye-10-0-2-15 dist]# facter --timing kernel: 1.58ms lsbdistid: 0.11ms lsbdistid: 0.10ms operatingsystem: 5480.56ms osfamily: 11421.73ms macaddress: 0.07ms macaddress: 0.06ms macaddress: 4.51ms hardwaremodel: 1.46ms architecture: 2.51ms rubysitedir: 0.08ms memorysize_mb: 0.25ms memorysize: 0.46ms memorytotal: 0.58ms netmask_eth1: 7.02ms sshecdsakey: 0.03ms sshecdsakey: 0.03ms hostname: 2.34ms blockdevice_sr0_size: 0.08ms boardmanufacturer: 0.02ms vlans: 0.13ms vlans: 0.03ms ipaddress6_lo: 6.48ms ipaddress6_lo: 6.69ms uniqueid: 2.49ms operatingsystemrelease: 0.11ms blockdevice_sr1_size: 0.02ms uptime_seconds: 4.58ms uptime_hours: 4.81ms selinux: 2.50ms augeasversion: 0.74ms mtu_lo: 7.52ms network_eth1: 15.86ms id: 2.46ms virtual: 0.04ms virtual: 0.02ms virtual: 23.01ms processor0: 0.03ms path: 0.02ms lsbdistdescription: 0.21ms lsbdistdescription: 0.10ms ipaddress_eth0: 7.06ms lsbrelease: 0.14ms lsbrelease: 0.10ms netmask_eth0: 6.71ms ipaddress6: 4.57ms ipaddress6: 5.06ms serialnumber: 0.02ms facterversion: 0.08ms domain: 7.44ms fqdn: 0.04ms puppetversion: 207.49ms physicalprocessorcount: 4.25ms swapsize_mb: 0.35ms ipaddress6_eth1: 6.42ms ipaddress6_eth1: 6.21ms memoryfree_mb: 0.28ms memoryfree: 0.51ms sshdsakey: 0.07ms blockdevice_sda_vendor: 0.06ms bios_version: 0.02ms filesystems: 3.75ms rubyversion: 0.03ms cfkey: 0.05ms cfkey: 0.04ms mtu_eth1: 5.58ms sshecdsakey: 0.05ms sshecdsakey: 23.63ms sshfp_ecdsa: 23.97ms sshecdsakey: 0.09ms sshecdsakey: 0.07ms sshfp_ecdsa: 0.38ms kernelrelease: 4.16ms kernelversion: 4.50ms boardproductname: 0.04ms hardwareisa: 2.04ms blockdevice_sr0_vendor: 0.11ms macaddress_lo: 6.09ms macaddress_lo: 6.76ms uptime: 0.08ms blockdevice_sr1_vendor: 0.13ms swapfree_mb: 1.17ms swapfree: 1.46ms zfs_version: 0.24ms zfs_version: 0.20ms type: 0.05ms network_lo: 12.34ms processor1: 0.02ms ipaddress6_eth0: 7.51ms ipaddress6_eth0: 6.03ms lsbdistrelease: 0.21ms lsbdistrelease: 0.15ms blockdevices: 0.06ms manufacturer: 0.02ms lsbdistid: 0.16ms lsbdistid: 0.17ms interfaces: 4.78ms zpool_version: 0.19ms zpool_version: 0.10ms ps: 0.02ms ipaddress: 4.23ms netmask: 9.15ms mtu_eth0: 6.52ms sshrsakey: 0.09ms uuid: 0.02ms is_virtual: 0.04ms swapsize: 0.04ms macaddress_eth1: 6.00ms sshfp_dsa: 1.37ms blockdevice_sda_model: 0.09ms bios_release_date: 0.02ms ipaddress_lo: 6.25ms timezone: 0.05ms kernelmajversion: 0.06ms boardserialnumber: 0.04ms blockdevice_sr0_model: 0.08ms uptime_days: 0.00ms netmask_lo: 6.11ms blockdevice_sr1_model: 0.08ms network_eth0: 12.07ms lsbdistcodename: 0.15ms lsbdistcodename: 0.11ms operatingsystemmajrelease: 0.04ms processorcount: 0.16ms lsbdistrelease: 0.15ms lsbdistrelease: 0.13ms lsbdistrelease: 0.69ms lsbdistrelease: 0.16ms lsbmajdistrelease: 1.39ms lsbdistrelease: 0.14ms lsbdistrelease: 0.05ms lsbdistrelease: 0.19ms lsbdistrelease: 0.14ms lsbmajdistrelease: 0.77ms macaddress_eth0: 7.75ms productname: 0.03ms ipaddress_eth1: 8.14ms sshfp_rsa: 0.96ms bios_vendor: 0.03ms blockdevice_sda_size: 0.10ms analytics-uri = http://analytics.inintca.com:9998 analyticsapisegmentindexconsusmermaxnumberofmessages = 1 analyticsapisegmentindexconsusmervisibilitytimeout = 1 analyticsapisegmentindexconsusmerwaittimeseconds = 1 architecture = x86_64 augeasversion = 0.9.0 bios_release_date = 12/01/2006 bios_vendor = innotek GmbH bios_version = VirtualBox blockdevice_sda_model = VBOX HARDDISK blockdevice_sda_size = 214748364800 blockdevice_sda_vendor = ATA blockdevice_sr0_model = CD-ROM blockdevice_sr0_size = 1073741312 blockdevice_sr0_vendor = VBOX blockdevice_sr1_model = CD-ROM blockdevice_sr1_size = 1073741312 blockdevice_sr1_vendor = VBOX blockdevices = sda,sr0,sr1 boardmanufacturer = Oracle Corporation boardproductname = VirtualBox boardserialnumber = 0 cassandra_cluster = analytics
[Puppet Users] external facts cause puppet apply to take inordinately longer to run
My external fact script takes 5s to run. With external fact... puppet takes 2.5m to run facter takes 33s to run Without external fact... puppet takes 27s to run facter takes 0.68s Bottom line... there's no significant change in facter runtime when parsing the external fact, but the puppet runtime quadruples. From watching the logs in real time I can see that the extra time is taken before puppet outputs its first response line (compilation time). Also note that the compilation time that puppet reports is ~2s even though (when watching the output realtime) it takes 2 minutes for that line to return when puppet is parsing the external fact script. Note: This script generates 36 custom facts Should I submit a bug for this? #Time of external fact script [root@fisheye-10-0-2-15 manifests]# time /etc/facter/facts.d/service_discovery.sh environment=test ... service_discovery_script=ran real 0m5.478s user 0m0.053s sys 0m0.111s # Time of puppet run with external fact [root@fisheye-10-0-2-15 manifests]# time FACTER_environment='vagrant' FACTER_role='fisheye' puppet apply --modulepath '/etc/puppet/modules:/tmp/vagrant-puppet/modules-0' site.ppNotice: Compiled catalog for fisheye-10-0-2-15.inin.com in environment production in 2.22 seconds Notice: Finished catalog run in 30.76 seconds real 2m25.856s user 0m5.124s sys 0m3.830s #Time of facter with external fact [root@fisheye-10-0-2-15 manifests]# time facter analyticsapisegmentindexconsusmerwaittimeseconds = 1 architecture = x86_64 ... uptime_hours = 0 uptime_seconds = 2529 real 0m33.587s user 0m0.658s sys 0m0.849s #Removing external fact script [root@fisheye-10-0-2-15 manifests]# rm /etc/facter/facts.d/service_discovery.sh rm: remove regular file `/etc/facter/facts.d/service_discovery.sh'? y [root@fisheye-10-0-2-15 manifests]# ls /etc/facter/facts.d/ #Time of puppet run without external fact script [root@fisheye-10-0-2-15 manifests]# time FACTER_environment='vagrant' FACTER_role='fisheye' puppet apply --modulepath '/etc/puppet/modules:/tmp/vagrant-puppet/modules-0' site.pp Notice: Compiled catalog for fisheye-10-0-2-15.inin.com in environment production in 2.06 seconds Notice: /Stage[main]/System::Facts/Facter::Fact[service_discovery]/File[/etc/facter/facts.d/service_discovery.sh]/ensure: created Notice: Finished catalog run in 23.22 seconds real 0m27.550s user 0m4.408s sys 0m2.292s # Removing script again (cuz puppet run put it back) [root@fisheye-10-0-2-15 manifests]# rm /etc/facter/facts.d/service_discovery.sh rm: remove regular file `/etc/facter/facts.d/service_discovery.sh'? y [root@fisheye-10-0-2-15 manifests]# ls /etc/facter/facts.d/ #Time of facter run without external script [root@fisheye-10-0-2-15 manifests]# time facter architecture = x86_64 augeasversion = 0.9.0 ... virtual = virtualbox real 0m0.687s user 0m0.324s sys 0m0.287s -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/264663b8-a346-4b02-8373-3f822b57c882%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] File handling
Hi There, I am trying to do the following using puppet 1. Create a dir call mydir 2. Download a file from internet using Exec 3. Change the mode of the file 3. Install it and ensure running and service is enabled. 4. Delete it the installer file. When I do this until 3 rd step I am fine. But when I create the file resource again for deleting the installer files, it says it is already declared and cannot redeclare. Is there a option to fix this or I have to change the logic? Thanks Raj -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/c45d6416-fd8e-4661-b09d-3da6d61b5906%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.