[Puppet Users] Duplicate declaration
I have module, for which if I add the class in the UI and run the agent with --test it fails with the following error. But If I just add the include classname in the init class and run, it works. Any idea? Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Duplicate declaration: Class[classname] is already declared; cannot redeclare on node nfaxen-ubu1.fqdn Warning: Not using cache on failed catalog Error: Could not retrieve catalog; skipping run -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/142a44e2-e6bc-4658-82b5-a616275466ac%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Puppet Agent does not connect to master after installing Dashboard
I think the problem is with *merging Dashboard with Passenger*.
What I need to have in my Apache config file?
For *Passenger* I need to have in the Apache configuration file the lines:
Listen 8140
VirtualHost *:8140
SSLEngine On
SSLProtocol All -SSLv2
SSLCipherSuite HIGH:!ADH:RC4+RSA:-MEDIUM:-LOW:-EXP
SSLCertificateFile
/var/lib/puppet/ssl/certs/puppetsrv.domain.com.pem
SSLCertificateKeyFile
/var/lib/puppet/ssl/private_keys/puppetsrv.domain.com.pem
SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem
SSLCACertificateFile/var/lib/puppet/ssl/ca/ca_crt.pem
SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem
SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions +StdEnvVars +ExportCertData
RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
* DocumentRoot /usr/share/puppet/rack/puppetmasterd/public/*
Directory /usr/share/puppet/rack/puppetmasterd/
Options -MultiViews
AllowOverride all
Order Allow,Deny
Allow from All
/Directory
/VirtualHost
but for *Dashboard* I need to have the lines:
VirtualHost *:80
ServerName puppetsrv.domain.com
*DocumentRoot /usr/share/puppet-dashboard/public/*
Directory /usr/share/puppet-dashboard/public/
Options None
AllowOverride AuthConfig
Order Allow,Deny
Allow from All
/Directory
ErrorLog /etc/httpd/logs/dashboard_error.log
LogLevel warn
CustomLog /etc/httpd/logs/dashboard_access.log Combined
ServerSignature On
/VirtualHost
How can I merge between the 2 virtual host to make Passenger work with
Dashboard?
Any help is welcome.
Thanks.
On Tuesday, November 26, 2013 11:33:39 AM UTC+2, shlo@gmail.com wrote:
Hi,
I had Puppet + Passenger installed and working.
Then I installed Dashboard on the puppet master.
I had to change the apache configuration file and replace the virtual host
I had when I install Passenger with contain:
VirtualHost *:80
ServerName puppetsrv.domain.com
DocumentRoot /usr/share/puppet-dashboard/public/
Directory /usr/share/puppet-dashboard/public/
Options None
AllowOverride AuthConfig
Order Allow,Deny
Allow from All
/Directory
ErrorLog /etc/httpd/logs/dashboard_error.log
LogLevel warn
CustomLog /etc/httpd/logs/dashboard_access.log Combined
ServerSignature On
/VirtualHost
Now when I run on the agent :
puppet agent --no-daemonize --verbose
I got the error:
Notice: Starting Puppet client version 3.3.1
*Error: Failed to apply catalog: Connection refused - connect(2)*
*Error: Could not send report: Connection refused - connect(2)*
/usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:89:in `exit': no implicit
conversion from nil to integer (TypeError)
from /usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:89:in
`run_in_fork'
from /usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:86:in `fork'
from /usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:86:in
`run_in_fork'
from /usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:41:in `run'
and have no nodes in the Dashboard on the puppet master.
How can I solve this problem?
Thanks.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/24b43c10-77d6-45f8-a458-ab2af7c44a01%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] OSX 10.9 appdmg/pkgdmg
Hi, uhm, looking at your log, it would appear that the package in question is not part of your catalog at all. I gotta ask: Are you including the max-firefox class at all? Aside: Please note that dashes in class names are not strictly valid syntax and should be avoided. HTH, Felix On 11/23/2013 07:23 PM, Zachary Vida wrote: Trying to install dmg files with puppet. However, after running my manifest the .dmg file is never downloaded by curl. I tried pkgdmg and appdmg. I also tried using a local directory as the source. It seems to ignore any path I give as the source even totally bogus ones. ... Applying configuration version '1385230408' Debug: Finishing transaction 70179851846920 Debug: Storing state Debug: Stored state in 0.01 seconds Notice: Finished catalog run in 0.02 seconds -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/5295C181.1050304%40alumni.tu-berlin.de. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Puppet 3x Debian Wheezy and Phusion Passenger
Hi, what are the actual issues you are facing? What errors are being reported and where? Which howto are you using for the dashboard setup? On 11/23/2013 11:53 PM, Doe John wrote: Hello, I'm trying to install puppet-dashboard with Phusion Passenger. It seems to be a bugs or unsupported ruby 1.9 libraries I don't understand why puppet debian packages depends to ruby gem 1.9.1 and 1.9.3 who doesn't work If memory serves, 1.9.1 is merely a metapackage and gets you the correct 1.9 version. Not to worry, all packaged ruby versions are functional. Regards, Felix -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/5295C221.6070801%40alumni.tu-berlin.de. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Is it possible to puppet agent applies the config even when puppet master is unreachable?
On 11/24/2013 11:17 PM, Jo Rhett wrote: You want this: http://docs.puppetlabs.com/references/latest/configuration.html#usecacheonfailure +1 Also, note that --test explicitly disables this option, but it should default to enabled when *not* using --test, i.e. just --onetime --no-daemonize. On Nov 24, 2013, at 7:46 AM, Armindo Silva deathon2l...@gmail.com mailto:deathon2l...@gmail.com wrote: I have several windows machines that are manage using puppet. Some of the machines connect to master through a openvpn tunnel, so when the openvpn client's service is stopped (sometimes by a rogue user), the puppet agent does not apply the config. Is it possible make puppet agent use the cached configuration and apply the latest config it was able to fetch from the master? (which in my case includes ensuring the openvpn service is running). -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/5295C2C5.5040100%40alumni.tu-berlin.de. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Is it possible to puppet agent applies the config even when puppet master is unreachable?
- Original Message - From: Felix Frank felix.fr...@alumni.tu-berlin.de To: puppet-users@googlegroups.com Sent: Wednesday, November 27, 2013 10:00:37 AM Subject: Re: [Puppet Users] Is it possible to puppet agent applies the config even when puppet master is unreachable? On 11/24/2013 11:17 PM, Jo Rhett wrote: You want this: http://docs.puppetlabs.com/references/latest/configuration.html#usecacheonfailure +1 this will most likely not have the desired effect as the cache does not include files so those will fail. worse the cache can open you to really nasty edge cases where you have a catalog compiled for one set of manifests+files but if its reused later you might be getting files from a newer code base which will really spoil your day. The static catalog compiler thing will help with some of this - though still not for a offline master - but it has many bugs and questionable implementation mechanics :( You really want to think very very carefully before using the cache in production. I'd say this option should be off by default -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/3539321.208.1385546629664.JavaMail.zimbra%40devco.net. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] get a *structured* version of the puppet agent output
Thanks Ygor and R.I. Pienaar.
that's exactly what i was looking for!
Regards,
David
On Tuesday, November 26, 2013 8:27:20 PM UTC+1, Ygor wrote:
Reference:
http://docs.puppetlabs.com/puppet/3/reference/format_report.html
Start with this:
#!/usr/bin/ruby
require 'puppet'
if defined?(ARGV)
filename = ARGV.first
if defined?(filename)
report = YAML.load_file(filename)
print Report for :
puts report.host
print Started :
puts report.time
print Log count:
puts report.logs.size
print Metrics count:
puts report.metrics.size
print Resource Status count:
puts report.resource_statuses.size
print Status:
puts report.status
report.logs.each do |logg|
puts LOG -
if logg.file
print File:
puts logg.file
end
if logg.line
print Line:
puts logg.line
end
print Level:
puts logg.level
print Message:
puts logg.message
print Source:
puts logg.source
print Tags:
puts logg.tags.join( )
print Time:
puts logg.time
end
report.resource_statuses.keys.each do |kk|
if report.resource_statuses[#{kk}].change_count 0
puts RESOURCE STATUS
puts #{kk}
report.resource_statuses[#{kk}].events.each do |line|
print property:
puts line.property
print message:
puts line.message
print name:
puts line.name
print status:
puts line.status
print when:
puts line.time
end
end
end
puts -
end
end
--
Good luck.
“Sometimes I think the surest sign that intelligent life exists elsewhere
in the universe is that none of it has tried to contact us.”
Bill Waterson (Calvin Hobbes)
- Original Message -
From: Stuart Cracraft smcra...@me.com javascript:
To: puppet...@googlegroups.com javascript:
Sent: Tuesday, November 26, 2013 2:10:53 PM
Subject: Re: [Puppet Users] get a *structured* version of the puppet agent
output
Who will share a report generator for the yaml reports generated by puppet
so that we do not have to reinvent wheel after wheel after wheel!!
On Nov 26, 2013, at 11:08 AM, R.I.Pienaar r...@devco.netjavascript:
wrote:
- Original Message -
From: Stuart Cracraft smcra...@gmail.com javascript:
To: puppet...@googlegroups.com javascript:
Sent: Tuesday, November 26, 2013 7:02:42 PM
Subject: Re: [Puppet Users] get a *structured* version of the puppet
agent output
What we want is not more complexity, but more simplicity!
I could go into
puppet config print reportdir
and then to its
/var/lib/puppet/reports
then to the host directories of interest and grep out message.
But that seems a very sorry state of affairs.
Puppetmasters speak UP!
you do not need to grep out anything, as I showed you there is a ruby
API
for accessing this data.
If you use PuppetDB it will also be able to store this information and
it has
APIs for extracting these logs in a structured manner.
API access is about as much as you can hope for I think. Your
alternatives are
to write a logger plugin for Puppet that outputs JSON, I've done this
and it
was not clear sailing.
--
You received this message because you are subscribed to a topic in the
Google Groups Puppet Users group.
To unsubscribe from this topic, visit
https://groups.google.com/d/topic/puppet-users/cHpZlKkPmr4/unsubscribe.
To unsubscribe from this group and all its topics, send an email to
puppet-users...@googlegroups.com javascript:.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/1024951816.609.1385492893475.JavaMail.zimbra%40devco.net.
For more options, visit https://groups.google.com/groups/opt_out.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an
email to puppet-users...@googlegroups.com javascript:.
To view this
Re: [Puppet Users] can I pass a class or type to be executed into another class?
Hi,
I think you're overcomplicating.
I suppose you have something like
class mywebapp {
tomcat7::war { mywebapp: ... }
}
You can wrench your code inbetween if you slightly modify your defined
type like so:
define tomcat7::war(...) {
file { tomcat7-war-file-$name:
path = ${tomcat7::sites_dir}/${destFile},
notify = Exec[clean-tomcat7-war-$name],
}
exec { clean-tomcat7-war-$name:
...
}
}
to make the interface more transparent. Then add to class mywebapp:
exec { notify-loadbalancer:
command = ...
suscribe = File[tomcat7-war-file-mywebapp],
before = Exec[clean-tomcat7-war-mywebapp],
}
This is not exactly clean design, of course (use this pattern in enough
places and you've got a maintenance nightmare right on hand).
If you *want* to make it clean, you will have little choice but to
include the code in tomcat7::war after all, along with a new parameter
to explicitly enable it (e.g. $do_notify_loadbalancer = false).
If a compromise is acceptable, you may get away with making it somewhat
generic like
define tomcat7::war(
...
$pre_cleanup_hook = ) {
...
if $pre_cleanup_hook {
exec { tomcat7-war-pch-$name:
command = $pre_cleanup_hook,
subscribe = File[...],
before = Exec[...],
}
}
...
}
HTH,
Felix
On 11/26/2013 07:31 AM, Joshua Chaitin-Pollak wrote:
what I would like to do is pass a parameter into tomcat::war so that if
that the parameter is set, the class (or type) referenced in the
parameter is Notified instead
of Exec[clean_${tomcat7::sites_dir}/${contextPath}], and
then Exec[clean_${tomcat7::sites_dir}/${contextPath}] would be
notified AFTER my code.
This would allow my code a chance to notify the load balancer and pause
before cleaning and restarting tomcat. I don't want the special
load-balancer code in tomcat::war, because it is unique to 'mywebapp'.
Is there a way to do this at all?
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/5295C8B3.8000705%40alumni.tu-berlin.de.
For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] puppet won't change user's password
Hi,
no, it's not. What version of puppet are you using?
To make sure there is nothing funny going on with your overall manifest
structure, can you try this as root on the agent machine:
puppet apply -e 'user { username: password = * }'
For me, this yields
Notice: /User[username]/password: changed password
Notice: Finished catalog run in 0.53 seconds
This is puppet 3.3.1.
TIA,
Felix
On 11/26/2013 04:36 PM, Sergey Arlashin wrote:
Hi!
I'm trying to set password for a user.
I do the following:
user { username:
password = '*',
}
And when I run puppet agent nothing happens. The password remains the same.
But if I create a new user which doesn't exist yet, the password is set
without any problems.
Is this a normal behaviour of 'user' type?
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/5295CA2A.1050102%40alumni.tu-berlin.de.
For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Warning: Unable to fetch my node definition, but the agent run will continue:
Hi, On 11/27/2013 02:01 AM, Shawn Parker wrote: Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Failed when searching for node puppetnode.localdomain: Failed to find puppetnode.localdomain via exec: Execution of '/etc/puppet/snc_enc.py puppetnode.localdomain' returned 1: I am using an external node classifier, not sure what I am doing wrong the ENC either does not work correctly, or the FQDN is not classified. What happens when you run /etc/puppet/snc_enc.py puppetnode.localdomain on the master? Take special notice of the return code. If it does work - how about with the permissions of the master process (i.e., user puppet)? HTH, Felix -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/5295CF76.30708%40alumni.tu-berlin.de. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] puppet won't change user's password
# uname -a
Linux db-node2 3.2.0-55-generic #85-Ubuntu SMP Wed Oct 2 12:29:27 UTC 2013
x86_64 x86_64 x86_64 GNU/Linux
# cat /etc/issue
Ubuntu 12.04.3 LTS \n \l
# puppet -V
3.3.2
# cat /etc/passwd |grep ^testuser
testuser:x:1002:1002::/home/testuser:/bin/sh
# cat /etc/shadow |grep ^testuser
testuser:$6$.JNdUYPK$KUcfD3urk5290LvluOE.wnCKoEibMqd2.uiT/X0ezS29JaXfk4T9K57ea/6mSU7Z/8ppi8IiNNV7bkVYc5p0s0:16036:0:9:7:::
# puppet apply -e 'user { testuser: password = * }'
Notice: Compiled catalog for db-node2.site in environment production in 0.07
seconds
Notice: Finished catalog run in 0.08 seconds
# cat /etc/shadow |grep ^testuser
testuser:$6$.JNdUYPK$KUcfD3urk5290LvluOE.wnCKoEibMqd2.uiT/X0ezS29JaXfk4T9K57ea/6mSU7Z/8ppi8IiNNV7bkVYc5p0s0:16036:0:9:7:::
--
Best regards,
Sergey Arlashin
On Nov 27, 2013, at 2:32 PM, Felix Frank felix.fr...@alumni.tu-berlin.de
wrote:
Hi,
no, it's not. What version of puppet are you using?
To make sure there is nothing funny going on with your overall manifest
structure, can you try this as root on the agent machine:
puppet apply -e 'user { username: password = * }'
For me, this yields
Notice: /User[username]/password: changed password
Notice: Finished catalog run in 0.53 seconds
This is puppet 3.3.1.
TIA,
Felix
On 11/26/2013 04:36 PM, Sergey Arlashin wrote:
Hi!
I'm trying to set password for a user.
I do the following:
user { username:
password = '*',
}
And when I run puppet agent nothing happens. The password remains the same.
But if I create a new user which doesn't exist yet, the password is set
without any problems.
Is this a normal behaviour of 'user' type?
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an
email to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/5295CA2A.1050102%40alumni.tu-berlin.de.
For more options, visit https://groups.google.com/groups/opt_out.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/2689FC78-CD82-4ECF-A3F4-8B66DD2667ED%40gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] puppet won't change user's password
Ugh. So, does it work with other values (e.g., actual password hashes)?
On 11/27/2013 11:57 AM, Sergey Arlashin wrote:
# puppet apply -e 'user { testuser: password = * }'
Notice: Compiled catalog for db-node2.site in environment production in 0.07
seconds
Notice: Finished catalog run in 0.08 seconds
# cat /etc/shadow |grep ^testuser
testuser:$6$.JNdUYPK$KUcfD3urk5290LvluOE.wnCKoEibMqd2.uiT/X0ezS29JaXfk4T9K57ea/6mSU7Z/8ppi8IiNNV7bkVYc5p0s0:16036:0:9:7:::
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/5295D0C3.6090306%40alumni.tu-berlin.de.
For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] puppet won't change user's password
# puppet apply -e 'user { testuser: password =
$6$MhRLkUTo$9RhLb3AfsO4HSxeHdLOLCPBj7LRH6vGOx1zPcvpfVRGOuJPczjEyaYoS3SyQ6MESctWarz2VDhD4ZT9wHe61v/
}'
Notice: Compiled catalog for db-node2.site in environment production in 0.07
seconds
Notice: Finished catalog run in 0.06 seconds
Best regards,
Sergey Arlashin
On Nov 27, 2013, at 3:00 PM, Felix Frank felix.fr...@alumni.tu-berlin.de
wrote:
Ugh. So, does it work with other values (e.g., actual password hashes)?
On 11/27/2013 11:57 AM, Sergey Arlashin wrote:
# puppet apply -e 'user { testuser: password = * }'
Notice: Compiled catalog for db-node2.site in environment production in 0.07
seconds
Notice: Finished catalog run in 0.08 seconds
# cat /etc/shadow |grep ^testuser
testuser:$6$.JNdUYPK$KUcfD3urk5290LvluOE.wnCKoEibMqd2.uiT/X0ezS29JaXfk4T9K57ea/6mSU7Z/8ppi8IiNNV7bkVYc5p0s0:16036:0:9:7:::
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an
email to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/5295D0C3.6090306%40alumni.tu-berlin.de.
For more options, visit https://groups.google.com/groups/opt_out.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/CD1DE611-372E-4D93-9419-598FF52B663E%40gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] puppet won't change user's password
Hi,
no good then.
Please run again with an added -dv switch to puppet apply, and share the
debug output.
Thanks in advance.
On 11/27/2013 12:02 PM, Sergey Arlashin wrote:
# puppet apply -e 'user { testuser: password =
$6$MhRLkUTo$9RhLb3AfsO4HSxeHdLOLCPBj7LRH6vGOx1zPcvpfVRGOuJPczjEyaYoS3SyQ6MESctWarz2VDhD4ZT9wHe61v/
}'
Notice: Compiled catalog for db-node2.site in environment production in 0.07
seconds
Notice: Finished catalog run in 0.06 seconds
Best regards,
Sergey Arlashin
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/5295D1DE.5030106%40alumni.tu-berlin.de.
For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] puppet won't change user's password
Seems to be useradd issue..
Debug: /User[testuser]: Provider useradd does not support features
manages_passwords; not managing attribute password
http://docs.puppetlabs.com/references/latest/type.html#user-provider-useradd:
useradd
User management via useradd and its ilk. Note that you will need to install
Ruby’s shadow password library (often known as ruby-libshadow) if you wish to
manage user passwords.
So I installed libshadow and everything's working now!
# puppet apply -e 'user { testuser: password = * }'
Notice: Compiled catalog for db-node2.site in environment production in 0.08
seconds
Notice: /User[testuser]/password: changed password
Notice: Finished catalog run in 0.13 seconds
Thank you!
--
Best regards,
Sergey Arlashin
On Nov 27, 2013, at 3:05 PM, Felix Frank felix.fr...@alumni.tu-berlin.de
wrote:
Hi,
no good then.
Please run again with an added -dv switch to puppet apply, and share the
debug output.
Thanks in advance.
On 11/27/2013 12:02 PM, Sergey Arlashin wrote:
# puppet apply -e 'user { testuser: password =
$6$MhRLkUTo$9RhLb3AfsO4HSxeHdLOLCPBj7LRH6vGOx1zPcvpfVRGOuJPczjEyaYoS3SyQ6MESctWarz2VDhD4ZT9wHe61v/
}'
Notice: Compiled catalog for db-node2.site in environment production in 0.07
seconds
Notice: Finished catalog run in 0.06 seconds
Best regards,
Sergey Arlashin
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an
email to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/5295D1DE.5030106%40alumni.tu-berlin.de.
For more options, visit https://groups.google.com/groups/opt_out.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/CBD5BDE1-3EF8-4004-8552-D1D898161113%40gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] puppet won't change user's password
Way to go! On 11/27/2013 12:12 PM, Sergey Arlashin wrote: So I installed libshadow and everything's working now! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/5295D4A9.9070101%40alumni.tu-berlin.de. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Status of Data in modules
Hey,
Just to jump in at the end, (been following the thread) and looked at the
implementatino of data in modules, but found that the complexity
surrounding it was a bit much for people who were not experienced. Also,
troubleshooting issues with data, i.e. some form of outcome of a puppet run
that didn't match what was expected, created an extra overhead in trying to
identify where the issue lied. We also really only want to return data for
modules which are included on a host.
I therefore wrote a wrapper function which essentially utilises the
hierarchy but with an addition
- modules/%{module_name}/%{klass}
It retreives the classes from the API, using the node indirection.
%{klass} gets defined in the scope as it iterates, (ephemeral_from) and
merges the data it finds, so, if a module as a dependency on another module
i.e. 'foreman' has sudo rules it requires, you could place those within
modules/sudo/foreman.yaml so that you are containing data relating to a
module, without managing different hierarchical configurations throught
your module structure.
For defaults, we defined that as modules/%{module_name}/defaults, which is
the last in the hierarchy.
This probably would haev been nicer if the data sources could utlises the
returned classes in the hierarchy and naturally iterate over the array, to
save the wrapper functinoaity to do it.
Obviously this wouldn't solve all the problems faced with modules or the
principles of the forge modules being usable easily out of the box, but it
solved the issue we had in categorising data within modules. Thought i
would mention our use case.
Jon
On Friday, 11 October 2013 19:09:23 UTC+1, Eric Sorenson wrote:
Thanks to everyone who kicked the tires on the experimental data in
modules feature included in Puppet 3.3.0. We got a lot of feedback, some
cool proof-of-concept modules, and a definitive conclusion to the
experiment.
The idea of including a module-specific hiera backend is centered around
one primary use case: replacing the 'params class pattern', a common idiom
in Puppet modules that's described in the [Using Parameterized
Classes][param-classes] guide. The problem that most testers ran into
though is that for non-trivial modules they ended up having to re-implement
the Puppet DSL logic encoded in their params.pp in convoluted, non-obvious
ways. The solutions to this led to more contortions until we'd ended up
with the ability to execute parser functions in the right-hand-side of a
yaml value. So something which started out trying to help separate data
from code ended up putting code back into data!
Additionally, even after multiple attempts to simplify the surface area
and user experience with the bindings system (described in ARM-9) that
underlay the data-in-modules implementation, users still found its
complexity daunting. There are some important bits of scaffolding (like an
actual type system for Puppet!) that will prove valuable as more of the
future parser and evaluator work that Henrik is building makes its way into
the product, but in the final analysis the data in modules feature was the
wrong vehicle to introduce them.
Refocusing on the problems users were trying to solve (and here I have to
give shout-outs to Ashley Penney for his [puppetlabs-ntp][] branch and the
dynamic duo of Spencer Krug/William van Hevelingen for their [startrek][]
module) and the problems with the 'params' pattern lent some clarity. We've
gotten into a situation of disparity with regard to hiera and data
bindings, because data bindings enable module _users_ to use their
site-wide hiera data but don't provide moduel _authors_ the same
affordance. But rather than introduce additional complexity, we can close
the gap for existing code patterns.
So the proposed solution at this point is:
- enable an implicit data-binding lookup against the hiera-puppet backend
for a value of 'classname::variable' in the file
'modules/classname/manifests/params.pp', which simplifies class definition
and provides consistency with other hiera backends. As a module author,
you'd still leave your logic for variables in params.pp, but they'd be
implicitly looked up via data bindings as the class is declared, after
consulting site-wide hiera.
- remove the user-facing '--binder' functionality
- fix known problems with the hiera-puppet lookups ([Redmine
15746][15746], namely, but if there are others that are important to you
please speak up!)
To show how this would work, I'll rework the ['smart parameter defaults'
example][param-classes] I linked above, with my commentary behind `##`
comments:
# /etc/puppet/modules/webserver/manifests/params.pp
class webserver::params { ## nothing changes here...
$packages = $operatingsystem ? {
/(?i-mx:ubuntu|debian)/= 'apache2',
/(?i-mx:centos|fedora|redhat)/ = 'httpd',
}
Re: [Puppet Users] puppet won't change user's password
Hi Dan,
I hope this was indeed intended for the list, seeing as I just received
two messages from you to me directly. Something wonky on your end?
As for the issue below - in the OP's case, *no* run ever lead to a
change of passwords.
Cheers,
Felix
On 11/27/2013 12:46 PM, y...@comcast.net wrote:
Why do you expect a password change on the second run ?
From my observations, the parameter value has not changed between runs, so
there is nothing to change.
-Original Message-
From: Felix Frank
To: puppet-users
Sent: November 27, 2013 at 5:32 AM
Subject: Re: [Puppet Users] puppet won't change user's password
Hi,
no, it's not. What version of puppet are you using?
To make sure there is nothing funny going on with your overall manifest
structure, can you try this as root on the agent machine:
puppet apply -e 'user { username: password = * }'
For me, this yields
Notice: /User[username]/password: changed password
Notice: Finished catalog run in 0.53 seconds
This is puppet 3.3.1.
TIA,
Felix
On 11/26/2013 04:36 PM, Sergey Arlashin wrote:
Hi!
I'm trying to set password for a user.
I do the following:
user { username:
password = '*',
}
And when I run puppet agent nothing happens. The password remains the
same. But if I create a new user which doesn't exist yet, the password
is set without any problems.
Is this a normal behaviour of 'user' type?
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/5295DE69.80104%40alumni.tu-berlin.de.
For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Puppet agent messages with rsyslog
Hi, I solved it with this: if $programname == 'puppet-agent' and $syslogseverity = '6' then /var/log/puppet/agent.log if $programname == 'puppet-agent' and $syslogseverity '3' then ~ Regards, Andreas -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/0542244c-633b-4ad5-a7e9-40bdf2298d9d%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Problem with PuppetDB and OpenSSL
Hi chaps, I run all my Puppetised servers on CentOS 6.4. Overnight there were a load of updates for CentOS including an update to openssl-1.0.1e-15.el6. Since installing the updates, PuppetDB is no longer working and seems to be having troubles with SSL. All my puppet nodes show: Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Failed to submit 'replace facts' command for radius-dev.nomadic-core.bris.ac.uk to PuppetDB at puppetdb.resnet.bris.ac.uk:8081: Connection refused - connect(2) The PuppetDB server shows: 2013-11-27 12:09:58,347 WARN [qtp1710594959-45] [io.nio] javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack? Has anyone else had this problem? Any tips? I recreated the PuppetDB certs but this didn't help. Thanks, Jonathan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/5295E13B.1020202%40bristol.ac.uk. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Duplicate declaration
I read the JCBollingers advice and removed the Class[blah blah] stuff and it worked... On Wednesday, 27 November 2013 15:02:18 UTC+5:30, Raj kumar V wrote: I have module, for which if I add the class in the UI and run the agent with --test it fails with the following error. But If I just add the include classname in the init class and run, it works. Any idea? Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Duplicate declaration: Class[classname] is already declared; cannot redeclare on node nfaxen-ubu1.fqdn Warning: Not using cache on failed catalog Error: Could not retrieve catalog; skipping run -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/b5cc713a-87ec-48c3-96d5-52a9d6f56c0c%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Is it possible to puppet agent applies the config even when puppet master is unreachable?
Hi, first thank you for all your answers :) I also dislike using cache on production, but if a node can not reach the master it should still be able to enforce the configuration it already received from the master. I tried several options on puppet.conf from the node *usecacheonfailure=trueuse_cached_catalog=trueignorecache=false* But I always get this error when running the puppet agent: *Error: Failed to apply catalog: A connection attempt failed because the connected party did notproperly respond after a period of time, or established connection failed because connected host has failed to respond. - connect(2)* Any ideas? Thank you. Armindo On Wednesday, November 27, 2013 10:03:49 AM UTC, R.I. Pienaar wrote: - Original Message - From: Felix Frank felix...@alumni.tu-berlin.de javascript: To: puppet...@googlegroups.com javascript: Sent: Wednesday, November 27, 2013 10:00:37 AM Subject: Re: [Puppet Users] Is it possible to puppet agent applies the config even when puppet master is unreachable? On 11/24/2013 11:17 PM, Jo Rhett wrote: You want this: http://docs.puppetlabs.com/references/latest/configuration.html#usecacheonfailure +1 this will most likely not have the desired effect as the cache does not include files so those will fail. worse the cache can open you to really nasty edge cases where you have a catalog compiled for one set of manifests+files but if its reused later you might be getting files from a newer code base which will really spoil your day. The static catalog compiler thing will help with some of this - though still not for a offline master - but it has many bugs and questionable implementation mechanics :( You really want to think very very carefully before using the cache in production. I'd say this option should be off by default -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/c007e54f-9848-4382-908a-e9d229bb44d8%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] puppet won't change user's password
Just my attention-to-detail before sufficient coffee :P
I see down the thread that this was fixed.
“Sometimes I think the surest sign that intelligent life exists elsewhere in
the universe is that none of it has tried to contact us.”
Bill Waterson (Calvin Hobbes)
- Original Message -
From: Felix Frank felix.fr...@alumni.tu-berlin.de
To: Puppet Users puppet-users@googlegroups.com
Sent: Wednesday, November 27, 2013 6:58:33 AM
Subject: Re: [Puppet Users] puppet won't change user's password
Hi Dan,
I hope this was indeed intended for the list, seeing as I just received
two messages from you to me directly. Something wonky on your end?
As for the issue below - in the OP's case, *no* run ever lead to a
change of passwords.
Cheers,
Felix
On 11/27/2013 12:46 PM, y...@comcast.net wrote:
Why do you expect a password change on the second run ?
From my observations, the parameter value has not changed between runs, so
there is nothing to change.
-Original Message-
From: Felix Frank
To: puppet-users
Sent: November 27, 2013 at 5:32 AM
Subject: Re: [Puppet Users] puppet won't change user's password
Hi,
no, it's not. What version of puppet are you using?
To make sure there is nothing funny going on with your overall manifest
structure, can you try this as root on the agent machine:
puppet apply -e 'user { username: password = * }'
For me, this yields
Notice: /User[username]/password: changed password
Notice: Finished catalog run in 0.53 seconds
This is puppet 3.3.1.
TIA,
Felix
On 11/26/2013 04:36 PM, Sergey Arlashin wrote:
Hi!
I'm trying to set password for a user.
I do the following:
user { username:
password = '*',
}
And when I run puppet agent nothing happens. The password remains the
same. But if I create a new user which doesn't exist yet, the password
is set without any problems.
Is this a normal behaviour of 'user' type?
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/5295DE69.80104%40alumni.tu-berlin.de.
For more options, visit https://groups.google.com/groups/opt_out.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/463767999.4761063.1385556227509.JavaMail.root%40sz0126a.westchester.pa.mail.comcast.net.
For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Nsclient install
I am trying to install NSClient on windows 2008r2 using the below manifest
class nsclient ($nagiosservers) {
if ($operatingsystem == windows) {
file { 'C:/NSClient':
ensure = directory,
owner = 'Administrator',
mode= '0755',
}
file { 'C:/NSClient/NSClient-0.3.9-x64.msi':
ensure = present,
owner = 'Administrator',
mode= '0755',
source = puppet:///modules/nsclient/NSClient-0.3.9-x64.msi,
require = File['C:/NSClient'],
}
package { 'NSClient++ (x64)':
ensure = installed,
provider = 'windows',
source = C:\\NSClient\\NSClient-0.3.9-x64.msi,
require = File['C:/NSClient/NSClient-0.3.9-x64.msi'],
}
service { 'NSClient++ (x64)':
ensure = running,
enable = true,
require = Package['NSClient++ (x64)'],
}
file { 'C:/Program Files/NSClient++/NSC.ini':
ensure = file,
owner = 'Administrator',
mode= '0755',
content = template(nsclient/NSC.ini.erb),
require = Package['NSClient++ (x64)'],
notify = Service['NSClient++ (x64)'],
}
file { 'C:/Program Files/NSClient++/scripts/check_bkp.bat':
ensure = file,
owner = 'SYSTEM',
mode= '0755',
source = 'puppet:///modules/nsclient/check_bkp.bat',
require = Package['NSClient++ (x64)'],
}
}
else {
fail('This module is only supported on windows')
}
}
I get the following errors during the initial run
Info: /Stage[main]/Nsclient/File[C:/Program Files/NSClient++/NSC.ini]:
Scheduling refresh of Service[NSClient++ (x64)]
Error: /Stage[main]/Nsclient/Service[NSClient++ (x64)]: Could not evaluate:
Cannot get status of NSClient++ (x64), error was: The specified service
does not exist as an installed service.
Error: /Stage[main]/Nsclient/Service[NSClient++ (x64)]: Failed to call
refresh: Cannot get status of NSClient++ (x64), error was: The specified
service does not exist as an installed service.
Error: /Stage[main]/Nsclient/Service[NSClient++ (x64)]: Cannot get status
of NSClient++ (x64), error was: The specified service does not exist as an
installed service.
If I run the following to list the services
sc queryex type= service state= all | find DISPLAY_NAME
There is a row that says DISPLAY_NAME: NSClient++ (x64) so the service is
there puppet is just not starting it.
any more runs of the agent return this error
Error: /Stage[main]/Nsclient/Service[nsclient]: Could not evaluate: Cannot
get status of NSClient++ (x64), error was: The specified service does not
exist as an installed service.
puppetmaster : 3.2.3
puppet agent : 3.1.1
Is there something wrong with my config or is puppet having a hard time
with the special characters in the service display name ?
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/4d96e34c-4cad-4472-aab5-c5137768e71a%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] scope for templates that is called from a class that includes the class that calls the template.
according to http://docs.puppetlabs.com/guides/scope_and_puppet.html
about dynamic lookup from an included puppet file:
puppet 2.7 warns about it, and puppet 3.2 stops working, as expected.
however,
about dynamic lookup from a template called on an included puppet file:
both puppet 2.7 and puppet 3.2 it works, without even a warning. (see in
red the below example)
Why is that?
And so, does this mean that dynamic lookup is bad from a puppet file, but
not from a template file?
See below a specific example:
test.pp
class c1 {
$var = 'hello'
notify {var from c1: $var: }
include c2
}
class c2 {
notify {var from c2: $var: }
file { '/tmp/file.txt':
content = template('file.txt.erb'),
}
}
class { c1: }
file.txt.erb
var from file.txt.erb: %= @var %
running with puppet 2.7.19:
$ puppet apply --templatedir templates/ test.pp
*warning: Dynamic lookup of $var at /vagrant/t1/test.pp:8 is deprecated.*For
more information, see
http://docs.puppetlabs.com/guides/scope_and_puppet.html. To see the change
in behavior, use the --debug flag.
notice: var from c1: hello
notice: /Stage[main]/C1/Notify[var from c1: hello]/message: defined
'message' as 'var from c1: hello'
notice: /Stage[main]/C2/File[/tmp/file.txt]/ensure: defined content as
'{md5}ea0d73f3957b0893f63e03cb9d8c9d98'
*notice: var from c2: hello*
notice: /Stage[main]/C2/Notify[var from c2: hello]/message: defined
'message' as 'var from c2: hello'
notice: Finished catalog run in 0.05 seconds
$ cat /tmp/file.txt
*var from file.txt.erb: hello*
running with puppet 3.3.2:
$ puppet apply --templatedir templates/ test.pp
Notice: Compiled catalog for mac4c.local in environment production in 0.16
seconds
Notice: var from c1: hello
Notice: /Stage[main]/C1/Notify[var from c1: hello]/message: defined
'message' as 'var from c1: hello'
*Notice: var from c2: *
Notice: /Stage[main]/C2/Notify[var from c2: ]/message: defined 'message' as
'var from c2: '
Notice: /Stage[main]/C2/File[/tmp/file.txt]/ensure: defined content as
'{md5}ea0d73f3957b0893f63e03cb9d8c9d98'
$ cat /tmp/file.txt
*var from file.txt.erb: hello*
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/70380351-7612-4b51-b338-8bb7eadeac83%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Java REST Client to access Puppet API
Hi,
I am building a Java RESTful Client to connect access Puppet Master
services. While attempting this, I am unable to get SSLHandshake through.
Can you pls let me know where I am going wrong:
Puppet Master: puppetmaster.domain.com
Java Client: javaclient.domain.com
Obtained required signed certificates from puppetmaster.domain.com using:
a. Run command *puppet cert --generate javaclient.domain.com*
b. Obtained
Signed Certificate from {ssldir}/certs/javaclient.domain.com.pem renamed
it to javaclient.domain.com-cert.pem
Private key from {ssldir}/private_keys/javaclient.domain.com.pem renamed
it to javaclient.domain.com-key.pem
c. Created PKCS12 keystore using *openssl pkcs12 -export -name
myservercert
-in javaclient.domain.com-cert.pem -inkey javaclient.domain.com-key.pem -out
javaclient.domain.com.p12*
d. Convert PKCS12 keystore into a JKS keystore using *keytool
-importkeystore
-destkeystore javaclient.domain.com.jks -srckeystore javaclient.domain.com.p12
-srcstoretype
pkcs12 -alias myservercert*
Now the keystore *javaclient.domain.com.jks* is used in the java
application using the snippet
KeyStore trustStore = KeyStore.getInstance(JKS);
trustStore.load(new FileInputStream({javaclient.domain.com.jks
path}), {Password}.toCharArray());
TrustManagerFactory tmf = TrustManagerFactory.getInstance(SunX509);
tmf.init(trustStore);
ctx = SSLContext.getInstance(SSL);
ctx.init(null, tmf.getTrustManagers(), null);
ClientConfig config = new DefaultClientConfig(); // Jersey API
config.getProperties().put(HTTPSProperties.PROPERTY_HTTPS_PROPERTIES, new
HTTPSProperties(hostnameVerifier, ctx));
The Java client fails to run with exception No trusted certficate found
com.sun.jersey.api.client.ClientHandlerException:
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: No trusted certificate found
at
com.sun.jersey.client.urlconnection.URLConnectionClientHandler.handle(URLConnectionClientHandler.java:151)
at com.sun.jersey.api.client.Client.handle(Client.java:648)
at com.sun.jersey.api.client.WebResource.handle(WebResource.java:680)
at com.sun.jersey.api.client.WebResource.access$200(WebResource.java:74)
at com.sun.jersey.api.client.WebResource$Builder.get(WebResource.java:507)
at test.JerseyRestAPI.executeRestAPI(JerseyRestAPI.java:105)
at test.JerseyRestAPI.main(JerseyRestAPI.java:37)
Caused by: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: No trusted certificate found
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1884)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270)
at
sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1341)
at
sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:153)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:804)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016)
at
sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:563)
at
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at
sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1300)
at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:468)
at
sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:338)
at
com.sun.jersey.client.urlconnection.URLConnectionClientHandler._invoke(URLConnectionClientHandler.java:249)
at
com.sun.jersey.client.urlconnection.URLConnectionClientHandler.handle(URLConnectionClientHandler.java:149)
Can you suggest where I am going wrong - in creating Signed certificate on
Puppet Master (or) creation of Keystore from the obtained certificate
private-key?
Thanks,
Naveen.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/d1579151-ca08-43fb-9f31-d780b5b2d904%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] scope for templates that is called from a class that includes the class that calls the template.
and according to http://docs.puppetlabs.com/guides/templating.html
*All of the variables visible in the current scope are available as Ruby
instance variables*
but out of the scope variables should be accessed by scope.lookupvar.
so, why does the previous example works? why does file.txt get the 'hello'
value?
*var from file.txt.erb: hello*
On Wednesday, November 27, 2013 2:40:41 PM UTC+1, David Portabella wrote:
according to http://docs.puppetlabs.com/guides/scope_and_puppet.html
about dynamic lookup from an included puppet file:
puppet 2.7 warns about it, and puppet 3.2 stops working, as expected.
however,
about dynamic lookup from a template called on an included puppet file:
both puppet 2.7 and puppet 3.2 it works, without even a warning. (see in
red the below example)
Why is that?
And so, does this mean that dynamic lookup is bad from a puppet file, but
not from a template file?
See below a specific example:
test.pp
class c1 {
$var = 'hello'
notify {var from c1: $var: }
include c2
}
class c2 {
notify {var from c2: $var: }
file { '/tmp/file.txt':
content = template('file.txt.erb'),
}
}
class { c1: }
file.txt.erb
var from file.txt.erb: %= @var %
running with puppet 2.7.19:
$ puppet apply --templatedir templates/ test.pp
*warning: Dynamic lookup of $var at /vagrant/t1/test.pp:8 is deprecated.*For
more information, see
http://docs.puppetlabs.com/guides/scope_and_puppet.html. To see the
change in behavior, use the --debug flag.
notice: var from c1: hello
notice: /Stage[main]/C1/Notify[var from c1: hello]/message: defined
'message' as 'var from c1: hello'
notice: /Stage[main]/C2/File[/tmp/file.txt]/ensure: defined content as
'{md5}ea0d73f3957b0893f63e03cb9d8c9d98'
*notice: var from c2: hello*
notice: /Stage[main]/C2/Notify[var from c2: hello]/message: defined
'message' as 'var from c2: hello'
notice: Finished catalog run in 0.05 seconds
$ cat /tmp/file.txt
*var from file.txt.erb: hello*
running with puppet 3.3.2:
$ puppet apply --templatedir templates/ test.pp
Notice: Compiled catalog for mac4c.local in environment production in 0.16
seconds
Notice: var from c1: hello
Notice: /Stage[main]/C1/Notify[var from c1: hello]/message: defined
'message' as 'var from c1: hello'
*Notice: var from c2: *
Notice: /Stage[main]/C2/Notify[var from c2: ]/message: defined 'message'
as 'var from c2: '
Notice: /Stage[main]/C2/File[/tmp/file.txt]/ensure: defined content as
'{md5}ea0d73f3957b0893f63e03cb9d8c9d98'
$ cat /tmp/file.txt
*var from file.txt.erb: hello*
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/da8a8221-a5a7-4a1e-bec4-f9ae93b9f389%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Problem with PuppetDB and OpenSSL
I run all my Puppetised servers on CentOS 6.4. Overnight there were a load of updates for CentOS including an update to openssl-1.0.1e-15.el6. Since installing the updates, PuppetDB is no longer working and seems to be having troubles with SSL. All my puppet nodes show: Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Failed to submit 'replace facts' command for radius-dev.nomadic-core.bris.ac.uk to PuppetDB at puppetdb.resnet.bris.ac.uk:8081: Connection refused - connect(2) The PuppetDB server shows: 2013-11-27 12:09:58,347 WARN [qtp1710594959-45] [io.nio] javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack? Has anyone else had this problem? Any tips? I recreated the PuppetDB certs but this didn't help. This all sounds pretty serious, but something isn't quite right here with the information you have provided. This error: puppetdb.resnet.bris.ac.uk:8081: Connection refused - connect(2) Its very rare that a bug in a running piece of code/framework whatever will cause a connection refused (destination port unreachable) message on its own, its usually because the port and IP you are connecting to is wrong and your client never got to connect to your application. Thus its the kernel that returns the error, not the application. So generally, this doesn't marry up in my mind with this error message: 2013-11-27 12:09:58,347 WARN [qtp1710594959-45] [io.nio] javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack? This implies you _did_ connect. In short I almost believe these are somehow unrelated, or we're mixing errors here. The SSL error is most definitely concerning, but doesn't make sense with the connection refused message. A connection refused usually happens long before the client gets to the serving application, if you see what I mean :-). Can you test the port with 'telnet puppetdb.resnet.bris.ac.uk 8081' from the puppet master and confirm the connection refused manually? Also - can you make sure these errors truly to correlate? Try to reproduce both at the same time if you can. Also make sure no other traffic is going to the PuppetDB web server at the same time. The details for how the master connects to the PuppetDB instance is in /etc/puppet/puppetdb.conf, double check these are correct and that the hostname resolves to what you think it does. Also check you don't have any firewalling enabled, its rare but firewalls can throw destination port unreachable also. Now the SSL error is valid and concerning to me on a separate level. I have a whole bunch of questions though: * What _exact_ version of the JDK is PuppetDB using? The output of 'jinfo pid' (pid of the jvm process for puppetdb) would be helpful here, and the exact package revision from Centos. * What exact version of PuppetDB are you running? * Are you sure it was just openssl that was upgraded? Not java as well? Double check your yum.log or whatever. * Have you tried downgrading the recently upgraded packages to see if it solves it? If it was an upgrade that caused it, a downgrade and restart of PuppetDB should solve it in theory. I'd be interested if this works, and what packages you downgraded to. * Can you show the full stack trace from the PuppetDB log, if there is more to it. ken. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAE4bNTm9ZFkO%2B20u5eNAi_%2BSgKZQx2aF_ThGcSjCy8jnhcAx7A%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Problem with PuppetDB and OpenSSL
On Wed, Nov 27, 2013 at 9:55 AM, Ken Barber k...@puppetlabs.com wrote: I run all my Puppetised servers on CentOS 6.4. Overnight there were a load of updates for CentOS including an update to openssl-1.0.1e-15.el6. Since installing the updates, PuppetDB is no longer working and seems to be having troubles with SSL. All my puppet nodes show: Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Failed to submit 'replace facts' command for radius-dev.nomadic-core.bris.ac.uk to PuppetDB at puppetdb.resnet.bris.ac.uk:8081: Connection refused - connect(2) The PuppetDB server shows: 2013-11-27 12:09:58,347 WARN [qtp1710594959-45] [io.nio] javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack? Has anyone else had this problem? Any tips? I recreated the PuppetDB certs but this didn't help. This all sounds pretty serious, but something isn't quite right here with the information you have provided. This error: puppetdb.resnet.bris.ac.uk:8081: Connection refused - connect(2) Its very rare that a bug in a running piece of code/framework whatever will cause a connection refused (destination port unreachable) message on its own, its usually because the port and IP you are connecting to is wrong and your client never got to connect to your application. Thus its the kernel that returns the error, not the application. So generally, this doesn't marry up in my mind with this error message: 2013-11-27 12:09:58,347 WARN [qtp1710594959-45] [io.nio] javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack? This implies you _did_ connect. In short I almost believe these are somehow unrelated, or we're mixing errors here. The SSL error is most definitely concerning, but doesn't make sense with the connection refused message. A connection refused usually happens long before the client gets to the serving application, if you see what I mean :-). Can you test the port with 'telnet puppetdb.resnet.bris.ac.uk 8081' from the puppet master and confirm the connection refused manually? Also - can you make sure these errors truly to correlate? Try to reproduce both at the same time if you can. Also make sure no other traffic is going to the PuppetDB web server at the same time. The details for how the master connects to the PuppetDB instance is in /etc/puppet/puppetdb.conf, double check these are correct and that the hostname resolves to what you think it does. Also check you don't have any firewalling enabled, its rare but firewalls can throw destination port unreachable also. Now the SSL error is valid and concerning to me on a separate level. I have a whole bunch of questions though: * What _exact_ version of the JDK is PuppetDB using? The output of 'jinfo pid' (pid of the jvm process for puppetdb) would be helpful here, and the exact package revision from Centos. * What exact version of PuppetDB are you running? * Are you sure it was just openssl that was upgraded? Not java as well? Double check your yum.log or whatever. * Have you tried downgrading the recently upgraded packages to see if it solves it? If it was an upgrade that caused it, a downgrade and restart of PuppetDB should solve it in theory. I'd be interested if this works, and what packages you downgraded to. * Can you show the full stack trace from the PuppetDB log, if there is more to it. If your runnning jdk 6u26 or older you're probably hitting these bugs. I had this same error with the OpenDJ LDAP server a few years back and upgrading the JDK fixed it. http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6932403 http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=7025227 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CADaviKt5DNnOGb31_-1dWeXpEGX7L3eG34RBx5%3DYPGcCwXgDZQ%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] get a *structured* version of the puppet agent output
Thanks again! It is great to use the puppet report yaml files!
here there is an example script that prints all resources statuses,
then it filters them by taking only the services,
then it filters them by taking only the services changed to running.
test.ruby
#!/usr/bin/ruby
require 'puppet'
filename = ARGV.first
report = YAML.load_file(filename)
rs = report.resource_statuses.values.sort_by{|r| r.resource}
puts PRINT ALL RESOURCES STATUSES.
rs.each do |r|
puts #{r.change_count} #{r.events.map {|e| e.previous_value}}
#{r.events.map {|e| e.desired_value}} #{r.resource}
end
puts PRINT ALL SERVICES.
services = rs.select{|r| r.resource_type == 'Service'}
services.each do |r|
puts #{r.change_count} #{r.events.map {|e| e.previous_value}}
#{r.events.map {|e| e.desired_value}} #{r.resource}
end
puts PRINT ALL SERVICES CHANGED TO RUNNING.
services_changed_to_running = rs.select{|r| r.resource_type == 'Service'
r.change_count 0 r.events.index { |e| e.desired_value == :running } !=
nil}
services_changed_to_running.each do |r|
puts #{r.change_count} #{r.events.map {|e| e.previous_value}}
#{r.events.map {|e| e.desired_value}} #{r.resource}
end
example output:
$ test.ruby /var/opt/lib/pe-puppet/reports/test/201311261645.yaml
PRINT ALL RESOURCES STATUSES.
1 [:absent] [:directory] File[/var/app]
1 [:absent] [:file] File[/var/app/app.conf]
2 [0, 755] [91, 775] File[/var/log/tomcat6]
0 [] [] Filebucket[puppet]
1 [:absent] [:present] Group[release]
1 [:absent] [:present] Package[varnish]
0 [] [] Schedule[weekly]
1 [:stopped] [:running] Service[varnish]
0 [] [] Tidy[/etc/collectd.d/]
1 [/sbin/nologin] [/bin/bash] User[tomcat]
...
PRINT ALL SERVICES.
1 [:stopped] [:running] Service[collectd]
1 [:stopped] [:running] Service[logstash-agent]
1 [:true] [:false] Service[logstash]
1 [:stopped] [:running] Service[nginx]
0 [] [] Service[rsyslog]
1 [:stopped] [:running] Service[statsd]
1 [:false] [:true] Service[supervisord]
1 [:stopped] [:running] Service[varnish]
PRINT ALL SERVICES CHANGED TO RUNNING
1 [:stopped] [:running] Service[collectd]
1 [:stopped] [:running] Service[logstash-agent]
1 [:stopped] [:running] Service[nginx]
1 [:stopped] [:running] Service[statsd]
1 [:stopped] [:running] Service[varnish]
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/c70db1f6-b133-4290-a8e1-827ea239028b%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Problem with PuppetDB and OpenSSL
On 27/11/13 14:55, Ken Barber wrote: This all sounds pretty serious, but something isn't quite right here with the information you have provided. This error: puppetdb.resnet.bris.ac.uk:8081: Connection refused - connect(2) Its very rare that a bug in a running piece of code/framework whatever will cause a connection refused (destination port unreachable) message on its own, its usually because the port and IP you are connecting to is wrong and your client never got to connect to your application. Thus its the kernel that returns the error, not the application. Sorry, my mistake. This is the message I am getting - the above message was the result of some of my tinkering. Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Failed to submit 'replace facts' command for radius-dev.nomadic-core.bris.ac.uk to PuppetDB at puppetdb.resnet.bris.ac.uk:8081: SSL_connect returned=1 errno=0 state=SSLv3 read server key exchange B: EC lib Warning: Not using cache on failed catalog Error: Could not retrieve catalog; skipping run -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/52960C93.1000408%40bristol.ac.uk. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Problem with PuppetDB and OpenSSL
Oops, I was a bit premature firing off my previous response. Here are the responses to your questions - and thanks very much for your help. Sorry for the massive email... On 27/11/13 14:55, Ken Barber wrote: * What_exact_ version of the JDK is PuppetDB using? The output of 'jinfo pid' (pid of the jvm process for puppetdb) would be helpful here, and the exact package revision from Centos. [jg4461@puppetdb log]$ yum list installed java* Installed Packages java-1.6.0-openjdk.x86_64 1:1.6.0.0-1.66.1.13.0.el6 @cr java-1.6.0-openjdk-devel.x86_64 [jg4461@puppetdb log]$ sudo jinfo 12199 Attaching to process ID 12199, please wait... Debugger attached successfully. Server compiler detected. JVM version is 23.25-b01 Java System Properties: org.apache.kahadb.util.LockFile.lock./var/lib/puppetdb/mq/localhost/KahaDB/lock = Wed Nov 27 13:24:14 GMT 2013 java.runtime.name = OpenJDK Runtime Environment java.vm.version = 23.25-b01 sun.boot.library.path = /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/lib/amd64 java.vendor.url = http://java.sun.com/ java.vm.vendor = Sun Microsystems Inc. path.separator = : file.encoding.pkg = sun.io java.vm.name = OpenJDK 64-Bit Server VM sun.os.patch.level = unknown user.country = GB sun.java.launcher = SUN_STANDARD user.dir = / java.vm.specification.name = Java Virtual Machine Specification java.runtime.version = 1.6.0_28-b28 java.awt.graphicsenv = sun.awt.X11GraphicsEnvironment os.arch = amd64 java.endorsed.dirs = /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/lib/endorsed java.io.tmpdir = /tmp line.separator = java.vm.specification.vendor = Sun Microsystems Inc. os.name = Linux sun.jnu.encoding = ISO-8859-1 java.library.path = /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/lib/amd64/server:/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/lib/amd64:/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/../lib/amd64:/usr/java/packages/lib/amd64:/usr/lib64:/lib64:/lib:/usr/lib java.specification.name = Java Platform API Specification java.class.version = 50.0 sun.management.compiler = HotSpot 64-Bit Tiered Compilers os.version = 2.6.32-431.el6.x86_64 user.home = /usr/share/puppetdb user.timezone = Europe/London java.awt.printerjob = sun.print.PSPrinterJob file.encoding = ISO-8859-1 java.specification.version = 1.6 user.name = puppetdb java.class.path = /usr/share/puppetdb/puppetdb.jar java.vm.specification.version = 1.0 sun.arch.data.model = 64 sun.java.command = /usr/share/puppetdb/puppetdb.jar services -c /etc/puppetdb/conf.d java.home = /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre user.language = en java.specification.vendor = Sun Microsystems Inc. org.apache.kahadb.util.LockFile.lock./var/lib/puppetdb/mq/localhost/scheduler/lock = Wed Nov 27 13:24:14 GMT 2013 java.vm.info = mixed mode java.version = 1.6.0_28 java.ext.dirs = /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/lib/ext:/usr/java/packages/lib/ext sun.boot.class.path = /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/lib/resources.jar:/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/lib/rt.jar:/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/lib/sunrsasign.jar:/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/lib/jsse.jar:/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/lib/jce.jar:/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/lib/charsets.jar:/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/lib/jfr.jar:/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/lib/netx.jar:/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/lib/plugin.jar:/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/lib/rhino.jar:/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/classes java.vendor = Sun Microsystems Inc. file.separator = / java.vendor.url.bug = http://java.sun.com/cgi-bin/bugreport.cgi sun.io.unicode.encoding = UnicodeLittle sun.cpu.endian = little sun.cpu.isalist = VM Flags: -XX:OnOutOfMemoryError=kill -9 %p -Xmx192m -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/var/log/puppetdb/puppetdb-oom.hprof * What exact version of PuppetDB are you running? puppetdb-1.5.2-1.el6, from puppetlabs-products * Are you sure it was just openssl that was upgraded? Not java as well? Double check your yum.log or whatever. Hmm. Java was indeed updated. I'm not suyre which version we were running before - whatever was latest in the 1.6.0 series from CentOS 6 (including CR) Nov 27 10:18:22 Updated: 1:java-1.6.0-openjdk-1.6.0.0-1.66.1.13.0.el6.x86_64 * Have you tried downgrading the recently upgraded packages to see if it solves it? If it was an upgrade that caused it, a downgrade and restart of PuppetDB should solve it in theory. I'd be interested if this works, and what packages you downgraded to. I tried downgrading openssl which was not possible, because half the OS is pinned to the new version. I just noted that java-1.7.0 is available and I will try upgrading to that next, if you think that is a wise move. * Can you show the full stack trace from the PuppetDB log, if there is
Re: [Puppet Users] get a *structured* version of the puppet agent output
Very nice.
I am still learning Ruby and this will help
Thanks.
“Sometimes I think the surest sign that intelligent life exists elsewhere in
the universe is that none of it has tried to contact us.”
Bill Waterson (Calvin Hobbes)
- Original Message -
From: David Portabella david.portabe...@gmail.com
To: puppet-users@googlegroups.com
Sent: Wednesday, November 27, 2013 10:12:48 AM
Subject: Re: [Puppet Users] get a *structured* version of the puppet agent
output
Thanks again! It is great to use the puppet report yaml files!
here there is an example script that prints all resources statuses,
then it filters them by taking only the services,
then it filters them by taking only the services changed to running.
test.ruby
#!/usr/bin/ruby
require 'puppet'
filename = ARGV.first
report = YAML.load_file(filename)
rs = report.resource_statuses.values.sort_by{|r| r.resource}
puts PRINT ALL RESOURCES STATUSES.
rs.each do |r|
puts #{r.change_count} #{r.events.map {|e| e.previous_value}} #{r.events.map
{|e| e.desired_value}} #{r.resource}
end
puts PRINT ALL SERVICES.
services = rs.select{|r| r.resource_type == 'Service'}
services.each do |r|
puts #{r.change_count} #{r.events.map {|e| e.previous_value}} #{r.events.map
{|e| e.desired_value}} #{r.resource}
end
puts PRINT ALL SERVICES CHANGED TO RUNNING.
services_changed_to_running = rs.select{|r| r.resource_type == 'Service'
r.change_count 0 r.events.index { |e| e.desired_value == :running } !=
nil}
services_changed_to_running.each do |r|
puts #{r.change_count} #{r.events.map {|e| e.previous_value}} #{r.events.map
{|e| e.desired_value}} #{r.resource}
end
example output:
$ test.ruby /var/opt/lib/pe-puppet/reports/test/201311261645.yaml
PRINT ALL RESOURCES STATUSES.
1 [:absent] [:directory] File[/var/app]
1 [:absent] [:file] File[/var/app/app.conf]
2 [0, 755] [91, 775] File[/var/log/tomcat6]
0 [] [] Filebucket[puppet]
1 [:absent] [:present] Group[release]
1 [:absent] [:present] Package[varnish]
0 [] [] Schedule[weekly]
1 [:stopped] [:running] Service[varnish]
0 [] [] Tidy[/etc/collectd.d/]
1 [/sbin/nologin] [/bin/bash] User[tomcat]
...
PRINT ALL SERVICES.
1 [:stopped] [:running] Service[collectd]
1 [:stopped] [:running] Service[logstash-agent]
1 [:true] [:false] Service[logstash]
1 [:stopped] [:running] Service[nginx]
0 [] [] Service[rsyslog]
1 [:stopped] [:running] Service[statsd]
1 [:false] [:true] Service[supervisord]
1 [:stopped] [:running] Service[varnish]
PRINT ALL SERVICES CHANGED TO RUNNING
1 [:stopped] [:running] Service[collectd]
1 [:stopped] [:running] Service[logstash-agent]
1 [:stopped] [:running] Service[nginx]
1 [:stopped] [:running] Service[statsd]
1 [:stopped] [:running] Service[varnish]
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/c70db1f6-b133-4290-a8e1-827ea239028b%40googlegroups.com
.
For more options, visit https://groups.google.com/groups/opt_out .
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/1253465309.4764508.1385567092577.JavaMail.root%40sz0126a.westchester.pa.mail.comcast.net.
For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] puppet client automatic self enrollment to puppet enterprise
Hi I'm developing templates for vm cloud provisioning and would like to include puppet client in the template has anybody have knowledge or experience to assist with my objective of puppet client automatic self enrollment to puppet enterprise e.g. as a new vm is built Any help appreciated Regards Martin -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/a22ee4b3-375a-44fc-b891-731501057d33%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] get a *structured* version of the puppet agent output
+1 I've been using this script for the last month to view the last run details, and it works very well. Here at my shop I am not worried about changes, but I am worried about errors. I wrote a small Python script that queries PuppetDB (if you're not using it, use it) and reports if there were any errors on any nodes during their last run of the night (we do not run Puppet during trading hours). I also use Puppet Dashboard for at-a-glance sanity checking and as an easy way to drill down on unresponsive hosts and to easily view reports. The combination of these three tools work very well for me. Jeffrey. On Tue, Nov 26, 2013 at 1:15 PM, R.I.Pienaar r...@devco.net wrote: not everyone shares the same goals so everyone tend to write them, but here you go this is one I wrote http://www.devco.net/archives/2013/10/10/cli-report-viewer-for-puppet.php -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAMvPdm17zvpCCJfbxp%2BB_CkNGeY-QYfmdgpZoYoc0TnntAG3eQ%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] get a *structured* version of the puppet agent output
Get the book Learning Ruby.
Worth it.
On Nov 27, 2013, at 7:44 AM, Dan White y...@comcast.net wrote:
Very nice.
I am still learning Ruby and this will help
Thanks.
“Sometimes I think the surest sign that intelligent life exists elsewhere in
the universe is that none of it has tried to contact us.”
Bill Waterson (Calvin Hobbes)
From: David Portabella david.portabe...@gmail.com
To: puppet-users@googlegroups.com
Sent: Wednesday, November 27, 2013 10:12:48 AM
Subject: Re: [Puppet Users] get a *structured* version of the puppet agent
output
Thanks again! It is great to use the puppet report yaml files!
here there is an example script that prints all resources statuses,
then it filters them by taking only the services,
then it filters them by taking only the services changed to running.
test.ruby
#!/usr/bin/ruby
require 'puppet'
filename = ARGV.first
report = YAML.load_file(filename)
rs = report.resource_statuses.values.sort_by{|r| r.resource}
puts PRINT ALL RESOURCES STATUSES.
rs.each do |r|
puts #{r.change_count} #{r.events.map {|e| e.previous_value}}
#{r.events.map {|e| e.desired_value}} #{r.resource}
end
puts PRINT ALL SERVICES.
services = rs.select{|r| r.resource_type == 'Service'}
services.each do |r|
puts #{r.change_count} #{r.events.map {|e| e.previous_value}}
#{r.events.map {|e| e.desired_value}} #{r.resource}
end
puts PRINT ALL SERVICES CHANGED TO RUNNING.
services_changed_to_running = rs.select{|r| r.resource_type == 'Service'
r.change_count 0 r.events.index { |e| e.desired_value == :running } !=
nil}
services_changed_to_running.each do |r|
puts #{r.change_count} #{r.events.map {|e| e.previous_value}}
#{r.events.map {|e| e.desired_value}} #{r.resource}
end
example output:
$ test.ruby /var/opt/lib/pe-puppet/reports/test/201311261645.yaml
PRINT ALL RESOURCES STATUSES.
1 [:absent] [:directory] File[/var/app]
1 [:absent] [:file] File[/var/app/app.conf]
2 [0, 755] [91, 775] File[/var/log/tomcat6]
0 [] [] Filebucket[puppet]
1 [:absent] [:present] Group[release]
1 [:absent] [:present] Package[varnish]
0 [] [] Schedule[weekly]
1 [:stopped] [:running] Service[varnish]
0 [] [] Tidy[/etc/collectd.d/]
1 [/sbin/nologin] [/bin/bash] User[tomcat]
...
PRINT ALL SERVICES.
1 [:stopped] [:running] Service[collectd]
1 [:stopped] [:running] Service[logstash-agent]
1 [:true] [:false] Service[logstash]
1 [:stopped] [:running] Service[nginx]
0 [] [] Service[rsyslog]
1 [:stopped] [:running] Service[statsd]
1 [:false] [:true] Service[supervisord]
1 [:stopped] [:running] Service[varnish]
PRINT ALL SERVICES CHANGED TO RUNNING
1 [:stopped] [:running] Service[collectd]
1 [:stopped] [:running] Service[logstash-agent]
1 [:stopped] [:running] Service[nginx]
1 [:stopped] [:running] Service[statsd]
1 [:stopped] [:running] Service[varnish]
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an
email to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/c70db1f6-b133-4290-a8e1-827ea239028b%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
--
You received this message because you are subscribed to a topic in the Google
Groups Puppet Users group.
To unsubscribe from this topic, visit
https://groups.google.com/d/topic/puppet-users/cHpZlKkPmr4/unsubscribe.
To unsubscribe from this group and all its topics, send an email to
puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/1253465309.4764508.1385567092577.JavaMail.root%40sz0126a.westchester.pa.mail.comcast.net.
For more options, visit https://groups.google.com/groups/opt_out.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/36085646-13B6-4457-A36B-B2C8F97A603E%40me.com.
For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] get a *structured* version of the puppet agent output
This one: http://shop.oreilly.com/product/9780596529864.do ?
“Sometimes I think the surest sign that intelligent life exists elsewhere in
the universe is that none of it has tried to contact us.”
Bill Waterson (Calvin Hobbes)
- Original Message -
From: Stuart Cracraft smcracr...@me.com
To: puppet-users@googlegroups.com
Sent: Wednesday, November 27, 2013 11:00:00 AM
Subject: Re: [Puppet Users] get a *structured* version of the puppet agent
output
Get the book Learning Ruby.
Worth it.
On Nov 27, 2013, at 7:44 AM, Dan White y...@comcast.net wrote:
Very nice.
I am still learning Ruby and this will help
Thanks.
“Sometimes I think the surest sign that intelligent life exists elsewhere in
the universe is that none of it has tried to contact us.”
Bill Waterson (Calvin Hobbes)
- Original Message -
From: David Portabella david.portabe...@gmail.com
To: puppet-users@googlegroups.com
Sent: Wednesday, November 27, 2013 10:12:48 AM
Subject: Re: [Puppet Users] get a *structured* version of the puppet agent
output
Thanks again! It is great to use the puppet report yaml files!
here there is an example script that prints all resources statuses,
then it filters them by taking only the services,
then it filters them by taking only the services changed to running.
test.ruby
#!/usr/bin/ruby
require 'puppet'
filename = ARGV.first
report = YAML.load_file(filename)
rs = report.resource_statuses.values.sort_by{|r| r.resource}
puts PRINT ALL RESOURCES STATUSES.
rs.each do |r|
puts #{r.change_count} #{r.events.map {|e| e.previous_value}} #{r.events.map
{|e| e.desired_value}} #{r.resource}
end
puts PRINT ALL SERVICES.
services = rs.select{|r| r.resource_type == 'Service'}
services.each do |r|
puts #{r.change_count} #{r.events.map {|e| e.previous_value}} #{r.events.map
{|e| e.desired_value}} #{r.resource}
end
puts PRINT ALL SERVICES CHANGED TO RUNNING.
services_changed_to_running = rs.select{|r| r.resource_type == 'Service'
r.change_count 0 r.events.index { |e| e.desired_value == :running } !=
nil}
services_changed_to_running.each do |r|
puts #{r.change_count} #{r.events.map {|e| e.previous_value}} #{r.events.map
{|e| e.desired_value}} #{r.resource}
end
example output:
$ test.ruby /var/opt/lib/pe-puppet/reports/test/201311261645.yaml
PRINT ALL RESOURCES STATUSES.
1 [:absent] [:directory] File[/var/app]
1 [:absent] [:file] File[/var/app/app.conf]
2 [0, 755] [91, 775] File[/var/log/tomcat6]
0 [] [] Filebucket[puppet]
1 [:absent] [:present] Group[release]
1 [:absent] [:present] Package[varnish]
0 [] [] Schedule[weekly]
1 [:stopped] [:running] Service[varnish]
0 [] [] Tidy[/etc/collectd.d/]
1 [/sbin/nologin] [/bin/bash] User[tomcat]
...
PRINT ALL SERVICES.
1 [:stopped] [:running] Service[collectd]
1 [:stopped] [:running] Service[logstash-agent]
1 [:true] [:false] Service[logstash]
1 [:stopped] [:running] Service[nginx]
0 [] [] Service[rsyslog]
1 [:stopped] [:running] Service[statsd]
1 [:false] [:true] Service[supervisord]
1 [:stopped] [:running] Service[varnish]
PRINT ALL SERVICES CHANGED TO RUNNING
1 [:stopped] [:running] Service[collectd]
1 [:stopped] [:running] Service[logstash-agent]
1 [:stopped] [:running] Service[nginx]
1 [:stopped] [:running] Service[statsd]
1 [:stopped] [:running] Service[varnish]
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com .
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/c70db1f6-b133-4290-a8e1-827ea239028b%40googlegroups.com
.
For more options, visit https://groups.google.com/groups/opt_out .
--
You received this message because you are subscribed to a topic in the Google
Groups Puppet Users group.
To unsubscribe from this topic, visit
https://groups.google.com/d/topic/puppet-users/cHpZlKkPmr4/unsubscribe .
To unsubscribe from this group and all its topics, send an email to
puppet-users+unsubscr...@googlegroups.com .
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/1253465309.4764508.1385567092577.JavaMail.root%40sz0126a.westchester.pa.mail.comcast.net
.
For more options, visit https://groups.google.com/groups/opt_out .
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/36085646-13B6-4457-A36B-B2C8F97A603E%40me.com
.
For more options, visit https://groups.google.com/groups/opt_out .
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop
Re: [Puppet Users] Problem with PuppetDB and OpenSSL
Hmm, well I removed java-1.6.0-openjdk and installed java-1.7.0-openjdk. Reinstalled puppetdb, which pulled java-1.6.0-openjdk back in again, so the two javas were installed simultaneously. Restarted puppetdb and puppetmaster and everything works again I have no idea what was wrong. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/529619B2.7070504%40bristol.ac.uk. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Custom Functions and hash as parameter
Hi all,
I try write a custom function
My code:
* $gluster = {*
*'10.241.5.6' = '/data/gv0/brick1',*
*'10.241.5.7' = '/data/gv0/brick1',*
* }*
* $a = glusterFunctions($gluster)*
* notify{$a:}*
My simple custom function:
*require 'rubygems'*
*module Puppet::Parser::Functions*
*class GlusterFunctions*
* def initialize(gluster)*
*@gluster = gluster*
* end*
* def formatBricks()*
*r = ''*
*@gluster.each do |k,v|*
* r += #{k}:#{v} *
*end*
*return r[0..-2]*
* end*
*end*
* newfunction(:glusterFunctions, :type = :rvalue) do |args|*
*gluster = args # with one argument args isn't an array*
*g = GlusterFunctions.new(gluster)*
*return g.formatBricks()*
* end*
*end*
The notify:
*notice: 10.241.5.7/data/gv0/brick110.241.5.6/data/gv0/brick1:*
It's seems like if hash paremeter is converted in a string
Why? Any solutions?
Thanks
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/83967dbd-47b6-4c7d-8c19-314c053322f0%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Problem with PuppetDB and OpenSSL
On Nov 27, 2013, at 9:11 AM, Jonathan Gazeley jonathan.gaze...@bristol.ac.uk wrote: Hmm, well I removed java-1.6.0-openjdk and installed java-1.7.0-openjdk. Reinstalled puppetdb, which pulled java-1.6.0-openjdk back in again, so the two javas were installed simultaneously. Restarted puppetdb and puppetmaster and everything works again I have no idea what was wrong. Hmm, pulling in an older version jdk despite the presence of a newer one smells like a bug to me...can you file one against PuppetDB? We're touching that code right now, as we're actually in the process of deprecating use of JDK 1.6 with PuppetDB. So the upgrade situation you describe is something we should try and test. -- Deepak Giridharagopal / Puppet Labs -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/FCCB631E-F9CF-4DC7-A925-B681CAAA2D3F%40puppetlabs.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] package conflict resolution method:
I personally went the tiny class route, creating a module with a bunch of little classes for various packages. I opted for this route as it let me deal with naming differences between apt and yum, and let me do repo dependencies for stuff in Epel. Here is an example: https://github.com/TJNII/puppet-commonpackages/blob/master/manifests/python/argparse.pp I'm currently not making use of the forge, at this time I'm still rolling my own modules. So that's a bridge I'll likely have to cross later. -- On Tue, 19 Nov 2013 11:48:26 -0800 (PST) Matt Simmons band...@gmail.com wrote: Hi John, I'm new around here, but I'm also in the same situation as Tom, who started this thread. I was wondering if you could expound a little bit on the better solution that you mention. I write what I could refer to as third grade puppet, but I'd like to get better. When you suggest factoring out these resources into separate classes and modules, do you mean that, in essence, all possibly-shared resources should be in discrete modules or classes? How does that jive with modules included from Puppet Forge? Doesn't that mean refactoring everything you include there, as well? Thanks, and sorry for what I'm sure is an overly-basic question, --Matt Simmons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/20131127110935.660409a7%40TJNII-Desktop.rackspace.corp. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] OSX 10.9 appdmg/pkgdmg
Frank, I was doing a puppet apply --debug init.pp to get the output shown above. I forgot when apply manifest directly in that manner that I would need a have an include somewhere. I just removed my outside class as this is just a test at this point, and everything starting to work. Thanks for the help. On Wednesday, November 27, 2013 4:55:13 AM UTC-5, Felix.Frank wrote: Hi, uhm, looking at your log, it would appear that the package in question is not part of your catalog at all. I gotta ask: Are you including the max-firefox class at all? Aside: Please note that dashes in class names are not strictly valid syntax and should be avoided. HTH, Felix On 11/23/2013 07:23 PM, Zachary Vida wrote: Trying to install dmg files with puppet. However, after running my manifest the .dmg file is never downloaded by curl. I tried pkgdmg and appdmg. I also tried using a local directory as the source. It seems to ignore any path I give as the source even totally bogus ones. ... Applying configuration version '1385230408' Debug: Finishing transaction 70179851846920 Debug: Storing state Debug: Stored state in 0.01 seconds Notice: Finished catalog run in 0.02 seconds -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/aed1f51d-46f8-41a2-867c-3152fc13f77f%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Problem with facter/puppet on smartos
On Nov 22, 2013, at 9:57 AM, Don Jackson puppet-us...@clark-communications.com wrote: Trying to get puppet factor working on SmartOS. Installed first from pkgsrc, then upgraded puppet via gem. I've never had luck mingling them. Either use the version from your package manager, or use them installed from gem. They have different assumptions about where things belong on most platforms I've used, so you get an inconsistent experience. -- Jo Rhett Net Consonance : net philanthropy to improve open source and internet projects. Author of Instant Puppet 3 Starter: http://www.netconsonance.com/instant-puppet-3-starter-book/ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/9A5A8F93-6E11-48DC-8117-7674A25D3ECE%40netconsonance.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] analyzing Puppet's actions and proposed actions via comprehensive reporting
Anyone know of a Ruby, Perl, Python, Bash, etc. script to do this already written? Summarize /var/lib/puppet/reports/*all hosts*/*.yaml Assume infinite store in above. For any given period in the above, summarize: action that was performed by puppet or would be performed if in noop including the specific cli-command-line command equivalent (e.g. chmod xyz abc, etc.) number of times and dates/timetamps the actions were taken and what method of initiation was done (human-initiated, puppet-initiated, etc.) So that's it. I don't care what it's written in as I am not a Ruby purist. --Stuart -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/22c71b08-bc1a-454e-832e-910d0b2bc06e%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Custom Functions and hash as parameter
On 2013-27-11 17:33, Israel Calvete wrote:
Hi all,
I try write a custom function
My code:
/ $gluster = {/
/'10.241.5.6' = '/data/gv0/brick1',/
/'10.241.5.7' = '/data/gv0/brick1',/
/ }/
/
/
/ $a = glusterFunctions($gluster)/
/
/
/ notify{$a:}/
My simple custom function:
/require 'rubygems'/
/
/
/module Puppet::Parser::Functions/
/
/
/class GlusterFunctions/
/
/
/ def initialize(gluster)/
/@gluster = gluster/
/ end/
/
/
/ def formatBricks()/
/r = ''/
/@gluster.each do |k,v|/
/ r += #{k}:#{v} /
/end/
/return r[0..-2]/
/ end/
/end/
/
/
/ newfunction(:glusterFunctions, :type = :rvalue) do |args|/
/gluster = args *# with one argument args isn't an arra*y/
/
/
/g = GlusterFunctions.new(gluster)/
/return g.formatBricks()/
/ end/
/end/
The notify:
/notice: 10.241.5.7/data/gv0/brick110.241.5.6/data/gv0/brick1:/
It's seems like if hash paremeter is converted in a string
Why? Any solutions?
All functions get their arguments as an array. The first argument passed
is found in args[0], the second in args[1], etc.
You probably want to do this:
gluster = args[0]
unless gluster.is_a? Hash
raise ArgumentError, glusterFunctions(): first arg must be a hash
end
Regards
- henrik
--
You received this message because you are subscribed to the Google Groups Puppet
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/l75qoo%24aqn%241%40ger.gmane.org.
For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] puppet client automatic self enrollment to puppet enterprise
There's nothing special. The only thing you'll need is either auto sign or automation on your side to pre-sign certs and deliver them to the VM. On Nov 27, 2013, at 6:30 AM, Martin Knott mkn...@novemgroup.co.uk wrote: I'm developing templates for vm cloud provisioning and would like to include puppet client in the template has anybody have knowledge or experience to assist with my objective of puppet client automatic self enrollment to puppet enterprise e.g. as a new vm is built Any help appreciated Regards Martin -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/a22ee4b3-375a-44fc-b891-731501057d33%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out. -- Jo Rhett Net Consonance : net philanthropy to improve open source and internet projects. Author of Instant Puppet 3 Starter: http://www.netconsonance.com/instant-puppet-3-starter-book/ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/8545EBD4-FDD4-45E2-823C-9556EB227732%40netconsonance.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] facter --timing does not show timing of external facts
From http://docs.puppetlabs.com/guides/custom_facts.html If you are interested in finding out where any bottlenecks are, you can run Facter in timing mode and it will reflect how long it takes to parse your external facts:facter --timingThe output should look similar to the timing for Ruby facts, but will name external facts with their full paths. For example:$ facter --timingkernel: 14.81ms/usr/lib/facter/ext/abc.sh: 48.72ms/usr/lib/facter/ext/foo.sh: 32.69ms/usr/lib/facter/ext/full.json: 104.71ms /usr/lib/facter/ext/sample.txt: 0.65ms However, from the output below you can see that facter is in fact loading external facts from script, but the timing data for that script is not being ouptut. [root@fisheye-10-0-2-15 dist]# facter --version 1.7.3 [root@fisheye-10-0-2-15 dist]# ls /etc/facter/facts.d/ service_discovery.sh [root@fisheye-10-0-2-15 dist]# /etc/facter/facts.d/service_discovery.sh environment=test vxml-generate_sqs=generateVXML ivr-publish_sqs=edgeConfig cassandra_keyspace=PureCloud cassandra_cluster=analytics analyticsApiSegmentIndexConsusmerMaxNumberOfMessages=1 analyticsApiSegmentIndexConsusmerWaitTimeSeconds=1 analyticsApiSegmentIndexConsusmerVisibilityTimeout=1 [root@fisheye-10-0-2-15 dist]# facter --timing kernel: 1.58ms lsbdistid: 0.11ms lsbdistid: 0.10ms operatingsystem: 5480.56ms osfamily: 11421.73ms macaddress: 0.07ms macaddress: 0.06ms macaddress: 4.51ms hardwaremodel: 1.46ms architecture: 2.51ms rubysitedir: 0.08ms memorysize_mb: 0.25ms memorysize: 0.46ms memorytotal: 0.58ms netmask_eth1: 7.02ms sshecdsakey: 0.03ms sshecdsakey: 0.03ms hostname: 2.34ms blockdevice_sr0_size: 0.08ms boardmanufacturer: 0.02ms vlans: 0.13ms vlans: 0.03ms ipaddress6_lo: 6.48ms ipaddress6_lo: 6.69ms uniqueid: 2.49ms operatingsystemrelease: 0.11ms blockdevice_sr1_size: 0.02ms uptime_seconds: 4.58ms uptime_hours: 4.81ms selinux: 2.50ms augeasversion: 0.74ms mtu_lo: 7.52ms network_eth1: 15.86ms id: 2.46ms virtual: 0.04ms virtual: 0.02ms virtual: 23.01ms processor0: 0.03ms path: 0.02ms lsbdistdescription: 0.21ms lsbdistdescription: 0.10ms ipaddress_eth0: 7.06ms lsbrelease: 0.14ms lsbrelease: 0.10ms netmask_eth0: 6.71ms ipaddress6: 4.57ms ipaddress6: 5.06ms serialnumber: 0.02ms facterversion: 0.08ms domain: 7.44ms fqdn: 0.04ms puppetversion: 207.49ms physicalprocessorcount: 4.25ms swapsize_mb: 0.35ms ipaddress6_eth1: 6.42ms ipaddress6_eth1: 6.21ms memoryfree_mb: 0.28ms memoryfree: 0.51ms sshdsakey: 0.07ms blockdevice_sda_vendor: 0.06ms bios_version: 0.02ms filesystems: 3.75ms rubyversion: 0.03ms cfkey: 0.05ms cfkey: 0.04ms mtu_eth1: 5.58ms sshecdsakey: 0.05ms sshecdsakey: 23.63ms sshfp_ecdsa: 23.97ms sshecdsakey: 0.09ms sshecdsakey: 0.07ms sshfp_ecdsa: 0.38ms kernelrelease: 4.16ms kernelversion: 4.50ms boardproductname: 0.04ms hardwareisa: 2.04ms blockdevice_sr0_vendor: 0.11ms macaddress_lo: 6.09ms macaddress_lo: 6.76ms uptime: 0.08ms blockdevice_sr1_vendor: 0.13ms swapfree_mb: 1.17ms swapfree: 1.46ms zfs_version: 0.24ms zfs_version: 0.20ms type: 0.05ms network_lo: 12.34ms processor1: 0.02ms ipaddress6_eth0: 7.51ms ipaddress6_eth0: 6.03ms lsbdistrelease: 0.21ms lsbdistrelease: 0.15ms blockdevices: 0.06ms manufacturer: 0.02ms lsbdistid: 0.16ms lsbdistid: 0.17ms interfaces: 4.78ms zpool_version: 0.19ms zpool_version: 0.10ms ps: 0.02ms ipaddress: 4.23ms netmask: 9.15ms mtu_eth0: 6.52ms sshrsakey: 0.09ms uuid: 0.02ms is_virtual: 0.04ms swapsize: 0.04ms macaddress_eth1: 6.00ms sshfp_dsa: 1.37ms blockdevice_sda_model: 0.09ms bios_release_date: 0.02ms ipaddress_lo: 6.25ms timezone: 0.05ms kernelmajversion: 0.06ms boardserialnumber: 0.04ms blockdevice_sr0_model: 0.08ms uptime_days: 0.00ms netmask_lo: 6.11ms blockdevice_sr1_model: 0.08ms network_eth0: 12.07ms lsbdistcodename: 0.15ms lsbdistcodename: 0.11ms operatingsystemmajrelease: 0.04ms processorcount: 0.16ms lsbdistrelease: 0.15ms lsbdistrelease: 0.13ms lsbdistrelease: 0.69ms lsbdistrelease: 0.16ms lsbmajdistrelease: 1.39ms lsbdistrelease: 0.14ms lsbdistrelease: 0.05ms lsbdistrelease: 0.19ms lsbdistrelease: 0.14ms lsbmajdistrelease: 0.77ms macaddress_eth0: 7.75ms productname: 0.03ms ipaddress_eth1: 8.14ms sshfp_rsa: 0.96ms bios_vendor: 0.03ms blockdevice_sda_size: 0.10ms analytics-uri = http://analytics.inintca.com:9998 analyticsapisegmentindexconsusmermaxnumberofmessages = 1 analyticsapisegmentindexconsusmervisibilitytimeout = 1 analyticsapisegmentindexconsusmerwaittimeseconds = 1 architecture = x86_64 augeasversion = 0.9.0 bios_release_date = 12/01/2006 bios_vendor = innotek GmbH bios_version = VirtualBox blockdevice_sda_model = VBOX HARDDISK blockdevice_sda_size = 214748364800 blockdevice_sda_vendor = ATA blockdevice_sr0_model = CD-ROM blockdevice_sr0_size = 1073741312 blockdevice_sr0_vendor = VBOX blockdevice_sr1_model = CD-ROM blockdevice_sr1_size = 1073741312 blockdevice_sr1_vendor = VBOX blockdevices = sda,sr0,sr1 boardmanufacturer = Oracle Corporation boardproductname = VirtualBox boardserialnumber = 0 cassandra_cluster = analytics
[Puppet Users] external facts cause puppet apply to take inordinately longer to run
My external fact script takes 5s to run. With external fact... puppet takes 2.5m to run facter takes 33s to run Without external fact... puppet takes 27s to run facter takes 0.68s Bottom line... there's no significant change in facter runtime when parsing the external fact, but the puppet runtime quadruples. From watching the logs in real time I can see that the extra time is taken before puppet outputs its first response line (compilation time). Also note that the compilation time that puppet reports is ~2s even though (when watching the output realtime) it takes 2 minutes for that line to return when puppet is parsing the external fact script. Note: This script generates 36 custom facts Should I submit a bug for this? #Time of external fact script [root@fisheye-10-0-2-15 manifests]# time /etc/facter/facts.d/service_discovery.sh environment=test ... service_discovery_script=ran real 0m5.478s user 0m0.053s sys 0m0.111s # Time of puppet run with external fact [root@fisheye-10-0-2-15 manifests]# time FACTER_environment='vagrant' FACTER_role='fisheye' puppet apply --modulepath '/etc/puppet/modules:/tmp/vagrant-puppet/modules-0' site.ppNotice: Compiled catalog for fisheye-10-0-2-15.inin.com in environment production in 2.22 seconds Notice: Finished catalog run in 30.76 seconds real 2m25.856s user 0m5.124s sys 0m3.830s #Time of facter with external fact [root@fisheye-10-0-2-15 manifests]# time facter analyticsapisegmentindexconsusmerwaittimeseconds = 1 architecture = x86_64 ... uptime_hours = 0 uptime_seconds = 2529 real 0m33.587s user 0m0.658s sys 0m0.849s #Removing external fact script [root@fisheye-10-0-2-15 manifests]# rm /etc/facter/facts.d/service_discovery.sh rm: remove regular file `/etc/facter/facts.d/service_discovery.sh'? y [root@fisheye-10-0-2-15 manifests]# ls /etc/facter/facts.d/ #Time of puppet run without external fact script [root@fisheye-10-0-2-15 manifests]# time FACTER_environment='vagrant' FACTER_role='fisheye' puppet apply --modulepath '/etc/puppet/modules:/tmp/vagrant-puppet/modules-0' site.pp Notice: Compiled catalog for fisheye-10-0-2-15.inin.com in environment production in 2.06 seconds Notice: /Stage[main]/System::Facts/Facter::Fact[service_discovery]/File[/etc/facter/facts.d/service_discovery.sh]/ensure: created Notice: Finished catalog run in 23.22 seconds real 0m27.550s user 0m4.408s sys 0m2.292s # Removing script again (cuz puppet run put it back) [root@fisheye-10-0-2-15 manifests]# rm /etc/facter/facts.d/service_discovery.sh rm: remove regular file `/etc/facter/facts.d/service_discovery.sh'? y [root@fisheye-10-0-2-15 manifests]# ls /etc/facter/facts.d/ #Time of facter run without external script [root@fisheye-10-0-2-15 manifests]# time facter architecture = x86_64 augeasversion = 0.9.0 ... virtual = virtualbox real 0m0.687s user 0m0.324s sys 0m0.287s -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/264663b8-a346-4b02-8373-3f822b57c882%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] File handling
Hi There, I am trying to do the following using puppet 1. Create a dir call mydir 2. Download a file from internet using Exec 3. Change the mode of the file 3. Install it and ensure running and service is enabled. 4. Delete it the installer file. When I do this until 3 rd step I am fine. But when I create the file resource again for deleting the installer files, it says it is already declared and cannot redeclare. Is there a option to fix this or I have to change the logic? Thanks Raj -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/c45d6416-fd8e-4661-b09d-3da6d61b5906%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
