[Puppet Users] SRV Records and Multiple Masters

2014-07-18 Thread Paul Seymour
Hello,

Just looking for a little "best practice" advice.

If I am using DNS SRV records to load-balance and use multiple Puppet 
Masters, and CA servers (certificate data is sync'ed) which is the best 
recommended way of generating the master certificate ?

So I set certname in the [master] section and can generate a cert in that 
name perhaps - curious to know how people set master CA stuff for hostnames 
other than that of the host it running on.
If so do I have to set dns_alt_names or some such for all the possible 
"physical" hostnames ?  Or just worry about generating one for the certname 
setting in the master section of the config ? If so how
would you go about generating a master certificate set for all of those ?

Thanks

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/e4f858b9-ecc7-4b9b-962f-f7d6554d9f0b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [Puppet Users] puppetdb export before migration

2014-07-18 Thread Fabrice Bacchella
Indeed, there is a few unchanged report in my db. So I'll have to wait until 
2.2.0 I'm afraid.

Le 18 juil. 2014 à 19:22, Ken Barber  a écrit :

> Does this sound like your issue?
> 
> https://tickets.puppetlabs.com/browse/PDB-762
> 
> We found it recently and have already fixed it in source, but not
> shipped a fix yet. We were holding off for someone complaining loud
> enough or just shipping it with 2.2.0 (which should be out in a few
> weeks or so).
> 
> ken.
> 
> On Fri, Jul 18, 2014 at 5:42 PM, Fabrice Bacchella
>  wrote:
>> I ran an  puppetdb export yesterday. It ran fine. It was a puppetdb 2.0
>> 
>> Now, after an export to puppetdb 2.1, I got some strange exception. puppet 
>> master is working fine, I didn't see anything special in the release notes. 
>> puppetmaster is running fine.
>> 
>> Did I miss something ?
>> 
>> $ puppetdb export --outfile ./my-puppetdb-export.tar.gz
>> java.lang.AssertionError: Assert failed: %
>> at com.puppetlabs.puppetdb.cli.export$events_for_report_hash.invoke 
>> (export.clj:114)
>>com.puppetlabs.puppetdb.cli.export$reports_for_node$fn__5294.invoke 
>> (export.clj:150)
>>clojure.core$map$fn__4245.invoke (core.clj:2557)
>>clojure.lang.LazySeq.sval (LazySeq.java:40)
>>clojure.lang.LazySeq.seq (LazySeq.java:49)
>>clojure.lang.RT.seq (RT.java:484)
>>clojure.core$seq.invoke (core.clj:133)
>>clojure.core$map$fn__4245.invoke (core.clj:2551)
>>clojure.lang.LazySeq.sval (LazySeq.java:40)
>>clojure.lang.LazySeq.seq (LazySeq.java:49)
>>clojure.lang.RT.seq (RT.java:484)
>>clojure.core$seq.invoke (core.clj:133)
>>clojure.core$map$fn__4245.invoke (core.clj:2551)
>>clojure.lang.LazySeq.sval (LazySeq.java:40)
>>clojure.lang.LazySeq.seq (LazySeq.java:49)
>>clojure.lang.RT.seq (RT.java:484)
>>clojure.core$seq.invoke (core.clj:133)
>>clojure.core.protocols$seq_reduce.invoke (protocols.clj:30)
>>clojure.core.protocols/fn (protocols.clj:54)
>>clojure.core.protocols$fn__6031$G__6026__6044.invoke (protocols.clj:13)
>>clojure.core$reduce.invoke (core.clj:6289)
>>schema.core$eval3377$fn__3395$fn__3412.invoke (core.clj:787)
>>schema.core$eval3377$fn__3395$fn__3412.invoke (core.clj:785)
>>clojure.core$comp$fn__4192.invoke (core.clj:2403)
>>com.puppetlabs.puppetdb.cli.export$eval5305$report__GT_tar__5306.invoke 
>> (export.clj:153)
>>
>> com.puppetlabs.puppetdb.cli.export$eval5329$get_node_data__5330$fn__5334.invoke
>>  (export.clj:184)
>>com.puppetlabs.puppetdb.cli.export$eval5329$get_node_data__5330.invoke 
>> (export.clj:170)
>>com.puppetlabs.puppetdb.cli.export$_main.doInvoke (export.clj:241)
>>clojure.lang.RestFn.invoke (RestFn.java:421)
>>clojure.lang.Var.invoke (Var.java:383)
>>clojure.lang.AFn.applyToHelper (AFn.java:156)
>>clojure.lang.Var.applyTo (Var.java:700)
>>clojure.core$apply.invoke (core.clj:624)
>>com.puppetlabs.puppetdb.core$run_command.invoke (core.clj:87)
>>com.puppetlabs.puppetdb.core$_main.doInvoke (core.clj:95)
>>clojure.lang.RestFn.invoke (RestFn.java:436)
>>clojure.lang.Var.invoke (Var.java:388)
>>clojure.lang.AFn.applyToHelper (AFn.java:160)
>>clojure.lang.Var.applyTo (Var.java:700)
>>clojure.core$apply.invoke (core.clj:624)
>>clojure.main$main_opt.invoke (main.clj:315)
>>clojure.main$main.doInvoke (main.clj:420)
>>clojure.lang.RestFn.invoke (RestFn.java:482)
>>clojure.lang.Var.invoke (Var.java:401)
>>clojure.lang.AFn.applyToHelper (AFn.java:171)
>>clojure.lang.Var.applyTo (Var.java:700)
>>clojure.main.main (main.java:37)
>> 2014-07-18 18:35:57,650 ERROR [p.t.logging] Uncaught exception
>> java.lang.AssertionError: Assert failed: %
>>at 
>> com.puppetlabs.puppetdb.cli.export$events_for_report_hash.invoke(export.clj:114)
>>  ~[na:na]
>>at 
>> com.puppetlabs.puppetdb.cli.export$reports_for_node$fn__5294.invoke(export.clj:150)
>>  ~[na:na]
>>at clojure.core$map$fn__4245.invoke(core.clj:2557) ~[puppetdb.jar:na]
>>at clojure.lang.LazySeq.sval(LazySeq.java:40) ~[puppetdb.jar:na]
>>at clojure.lang.LazySeq.seq(LazySeq.java:49) ~[puppetdb.jar:na]
>>at clojure.lang.RT.seq(RT.java:484) ~[puppetdb.jar:na]
>>at clojure.core$seq.invoke(core.clj:133) ~[puppetdb.jar:na]
>>at clojure.core$map$fn__4245.invoke(core.clj:2551) ~[puppetdb.jar:na]
>>at clojure.lang.LazySeq.sval(LazySeq.java:40) ~[puppetdb.jar:na]
>>at clojure.lang.LazySeq.seq(LazySeq.java:49) ~[puppetdb.jar:na]
>>at clojure.lang.RT.seq(RT.java:484) ~[puppetdb.jar:na]
>>at clojure.core$seq.invoke(core.clj:133) ~[puppetdb.jar:na]
>>at clojure.core$map$fn__4245.invoke(core.clj:2551) ~[puppetdb.jar:na]
>>at clojure.lang.LazySeq.sval(LazySeq.java:40) ~[puppetdb.jar:na]
>>at clojure.lang.LazySeq.seq(LazySeq.java:49) ~[puppetdb.jar:na]
>>at clojure.lang.RT.seq(RT.java:484) ~[puppetdb.jar:na]
>>at clojure.core$seq.i

[Puppet Users] Re: Facter path issue

2014-07-18 Thread Jim Richard
Yep, a custom fact. In case someone else happens upon this looking for a 
similar answer, here's my custom fact to override Facter's default path 
fact:

Facter.add('path') do
  confine :kernel => 'windows'
  setcode do
   my_fact = Facter::Util::Resolution.exec('C:\Windows\system32\cmd.exe /C 
"reg query "HKLM\SYSTEM\CurrentControlSet\Control\Session 
Manager\Environment" /v Path""')
   my_fact.rpartition('REG_EXPAND_SZ').slice(2).strip
  end
end

Thanks Rob !


On Thursday, July 17, 2014 3:37:03 PM UTC-4, Jim Richard wrote:
>
> Facter on a Windows 2008R2 server is doing something weird. Version of 
> facter is 2.0.2.
>
> If I, from the Puppet command prompt, do a "echo %Path%", I see exactly 
> what I expect. But if I say "facter Path", it shows me all of the Puppet 
> added path stuff twice, ie. the output is almost twice as much text.
>
> Oddly, the original pre: puppet agent install path data is still reported 
> by facter, correctly, not doubled up, but all of the path items added by 
> the puppet agent install process show up twice when I issue a "facter 
> Path". 
>
> My "real" path:
>
>
> E:\oracle\product\11.2.0\db_1\bin;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Unix;E:\oracle\product\11.2.0\db_1\OPatch;C:\jdk_release\bin;F:\RATEWARE
>
> What facter thinks is my Path:
>
> C:\Program Files (x86)\Puppet Labs\Puppet\puppet\bin;C:\Program Files 
> (x86)\Puppet Labs\Puppet\facter\bin;C:\Program Files (x86)\Puppet 
> Labs\Puppet\hiera\bin;C:\Program Files (x86)\Puppet 
> Labs\Puppet\bin;C:\Program Files (x86)\Puppet 
> Labs\Puppet\sys\ruby\bin;C:\Program Files (x86)\Puppet 
> Labs\Puppet\sys\tools\bin;C:\Program Files (x86)\Puppet 
> Labs\Puppet\puppet\bin;C:\Program Files (x86)\Puppet 
> Labs\Puppet\facter\bin;C:\Program Files (x86)\Puppet 
> Labs\Puppet\hiera\bin;C:\Program Files (x86)\Puppet 
> Labs\Puppet\bin;C:\Program Files (x86)\Puppet 
> Labs\Puppet\sys\ruby\bin;C:\ProgramFiles(x86)\PuppetLabs\Puppet\sys\tools\bin;E:\oracle\product\11.2.0\db_1\bin;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Unix;E:\oracle\product\11.2.0\db_1\OPatch;C:\jdk_release\bin;F:\RATEWARE
>
>
> Any ideas what might cause this?
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/a244e99f-3c11-4052-a0d4-f491089a1764%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [Puppet Users] Facter path issue

2014-07-18 Thread Rob Reynolds
On Fri, Jul 18, 2014 at 8:36 AM, Jim Richard  wrote:

> Thanks for the quick reply Rob.
>
> I went ahead and spun up a new Server2008R2 virtual machine to test a very
> basic install:
>
> grabbed the iso from
> http://www.microsoft.com/en-us/download/details.aspx?id=11093
> installed Windows as usual, did the Windows update dance reboot, reboot,
> etc
> got the puppet agent from https://downloads.puppetlabs.com/windows/,
> I tried the most recent agent version and even the oldest, 2.7 version,
> both the same
> I also tried installing to the Administrator account as well as installing
> to another account
>
> And, I saw the same behavior.
>
> I tried echo %PATH% and then environment.bat and that did give a clue. I
> ran environment.bat multiple times and each time the Path var in the Puppet
> shell grows. I've attached a screen shot so you can see what I mean.
>
> So, it looks like the Puppet shell initialization process executes
> environment.bat twice; that happens for scheduled agent runs as well.
>
This is probably because puppet.bat and facter.bat both call it. :(



> If I just wanted Facter to report back the "true" system Path, minus all
> of the puppet shell added stuff, what would you suggest. Pull it from the
> registry? Or via a custom fact, take what Facter reports and chop off all
> of the extra Puppet shell applied stuff with a regex?
>
>
>
> 
>
>
>
Perhaps a custom fact?



>
>
>
>
> On Thursday, July 17, 2014 6:12:26 PM UTC-4, Rob Reynolds wrote:
>>
>>
>> On Thu, Jul 17, 2014 at 2:37 PM, Jim Richard  wrote:
>>
>>> Facter on a Windows 2008R2 server is doing something weird. Version of
>>> facter is 2.0.2.
>>>
>>> If I, from the Puppet command prompt, do a "echo %Path%", I see exactly
>>> what I expect. But if I say "facter Path", it shows me all of the Puppet
>>> added path stuff twice, ie. the output is almost twice as much text.
>>>
>>> Oddly, the original pre: puppet agent install path data is still
>>> reported by facter, correctly, not doubled up, but all of the path items
>>> added by the puppet agent install process show up twice when I issue a
>>> "facter Path".
>>>
>>> My "real" path:
>>>
>>> E:\oracle\product\11.2.0\db_1\bin;%SystemRoot%\system32;%
>>> SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\
>>> System32\WindowsPowerShell\v1.0\;C:\Unix;E:\oracle\product\
>>> 11.2.0\db_1\OPatch;C:\jdk_release\bin;F:\RATEWARE
>>>
>>
>>> What facter thinks is my Path:
>>>
>>> C:\Program Files (x86)\Puppet Labs\Puppet\puppet\bin;C:\Program Files
>>> (x86)\Puppet Labs\Puppet\facter\bin;C:\Program Files (x86)\Puppet
>>> Labs\Puppet\hiera\bin;C:\Program Files (x86)\Puppet
>>> Labs\Puppet\bin;C:\Program Files (x86)\Puppet 
>>> Labs\Puppet\sys\ruby\bin;C:\Program
>>> Files (x86)\Puppet Labs\Puppet\sys\tools\bin;C:\Program Files
>>> (x86)\Puppet Labs\Puppet\puppet\bin;C:\Program Files (x86)\Puppet
>>> Labs\Puppet\facter\bin;C:\Program Files (x86)\Puppet
>>> Labs\Puppet\hiera\bin;C:\Program Files (x86)\Puppet
>>> Labs\Puppet\bin;C:\Program Files (x86)\Puppet Labs\Puppet\sys\ruby\bin;C:\
>>> ProgramFiles(x86)\PuppetLabs\Puppet\sys\tools\bin;E:\
>>> oracle\product\11.2.0\db_1\bin;C:\Windows\system32;C:\
>>> Windows;C:\Windows\System32\Wbem;C:\Windows\System32\
>>> WindowsPowerShell\v1.0\;C:\Unix;E:\oracle\product\11.2.0\
>>> db_1\OPatch;C:\jdk_release\bin;F:\RATEWARE
>>>
>>>
>>> Any ideas what might cause this?
>>>
>>
>> Note the first thing that facter.bat / puppet.bat runs is a call to
>> environment.bat, which ensures that the console has all of the right
>> environment variables set and it updates PATH as well.
>>
>> Why it is doubling up is another issue entirely.
>>
>> Try this - open a command line and call:
>> echo %PATH%
>> environment.bat
>> echo %PATH%
>>
>> Oddly enough, I don't see  C:\Program Files (x86)\Puppet Labs\Puppet\bin
>> in your original path as I might expect to see.
>>
>> How did you install facter on your Windows system?
>>
>>>  --
>>> You received this message because you are subscribed to the Google
>>> Groups "Puppet Users" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to puppet-users...@googlegroups.com.
>>>
>>> To view this discussion on the web visit https://groups.google.com/d/
>>> msgid/puppet-users/97685237-6523-40a3-81ad-38f98df86593%
>>> 40googlegroups.com
>>> 
>>> .
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>
>>
>>
>> --
>> Rob Reynolds
>> Developer, Puppet Labs
>>
>> *Join us at PuppetConf 2014 , September
>> 20-24 in San Francisco*
>> *Register by July 31st to take advantage of the Early Bird discount
>>  **--**save
>> $249!*
>>
>  

[Puppet Users] Puppet module for Windows 2012 SNMP Service

2014-07-18 Thread Matt Shields
Does anyone have a module or example puppet code for turning on SNMP server
and setting the community on a Windows 2012 server?

Matt

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAOTD2YQqu_sKX-E%3Ddvr6UXw%3DnFGsYJJg-UTktnZxuJ9bz8e65Q%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.


Re: [Puppet Users] puppetdb export before migration

2014-07-18 Thread Ken Barber
Does this sound like your issue?

https://tickets.puppetlabs.com/browse/PDB-762

We found it recently and have already fixed it in source, but not
shipped a fix yet. We were holding off for someone complaining loud
enough or just shipping it with 2.2.0 (which should be out in a few
weeks or so).

ken.

On Fri, Jul 18, 2014 at 5:42 PM, Fabrice Bacchella
 wrote:
> I ran an  puppetdb export yesterday. It ran fine. It was a puppetdb 2.0
>
> Now, after an export to puppetdb 2.1, I got some strange exception. puppet 
> master is working fine, I didn't see anything special in the release notes. 
> puppetmaster is running fine.
>
> Did I miss something ?
>
> $ puppetdb export --outfile ./my-puppetdb-export.tar.gz
> java.lang.AssertionError: Assert failed: %
>  at com.puppetlabs.puppetdb.cli.export$events_for_report_hash.invoke 
> (export.clj:114)
> com.puppetlabs.puppetdb.cli.export$reports_for_node$fn__5294.invoke 
> (export.clj:150)
> clojure.core$map$fn__4245.invoke (core.clj:2557)
> clojure.lang.LazySeq.sval (LazySeq.java:40)
> clojure.lang.LazySeq.seq (LazySeq.java:49)
> clojure.lang.RT.seq (RT.java:484)
> clojure.core$seq.invoke (core.clj:133)
> clojure.core$map$fn__4245.invoke (core.clj:2551)
> clojure.lang.LazySeq.sval (LazySeq.java:40)
> clojure.lang.LazySeq.seq (LazySeq.java:49)
> clojure.lang.RT.seq (RT.java:484)
> clojure.core$seq.invoke (core.clj:133)
> clojure.core$map$fn__4245.invoke (core.clj:2551)
> clojure.lang.LazySeq.sval (LazySeq.java:40)
> clojure.lang.LazySeq.seq (LazySeq.java:49)
> clojure.lang.RT.seq (RT.java:484)
> clojure.core$seq.invoke (core.clj:133)
> clojure.core.protocols$seq_reduce.invoke (protocols.clj:30)
> clojure.core.protocols/fn (protocols.clj:54)
> clojure.core.protocols$fn__6031$G__6026__6044.invoke (protocols.clj:13)
> clojure.core$reduce.invoke (core.clj:6289)
> schema.core$eval3377$fn__3395$fn__3412.invoke (core.clj:787)
> schema.core$eval3377$fn__3395$fn__3412.invoke (core.clj:785)
> clojure.core$comp$fn__4192.invoke (core.clj:2403)
> com.puppetlabs.puppetdb.cli.export$eval5305$report__GT_tar__5306.invoke 
> (export.clj:153)
> 
> com.puppetlabs.puppetdb.cli.export$eval5329$get_node_data__5330$fn__5334.invoke
>  (export.clj:184)
> com.puppetlabs.puppetdb.cli.export$eval5329$get_node_data__5330.invoke 
> (export.clj:170)
> com.puppetlabs.puppetdb.cli.export$_main.doInvoke (export.clj:241)
> clojure.lang.RestFn.invoke (RestFn.java:421)
> clojure.lang.Var.invoke (Var.java:383)
> clojure.lang.AFn.applyToHelper (AFn.java:156)
> clojure.lang.Var.applyTo (Var.java:700)
> clojure.core$apply.invoke (core.clj:624)
> com.puppetlabs.puppetdb.core$run_command.invoke (core.clj:87)
> com.puppetlabs.puppetdb.core$_main.doInvoke (core.clj:95)
> clojure.lang.RestFn.invoke (RestFn.java:436)
> clojure.lang.Var.invoke (Var.java:388)
> clojure.lang.AFn.applyToHelper (AFn.java:160)
> clojure.lang.Var.applyTo (Var.java:700)
> clojure.core$apply.invoke (core.clj:624)
> clojure.main$main_opt.invoke (main.clj:315)
> clojure.main$main.doInvoke (main.clj:420)
> clojure.lang.RestFn.invoke (RestFn.java:482)
> clojure.lang.Var.invoke (Var.java:401)
> clojure.lang.AFn.applyToHelper (AFn.java:171)
> clojure.lang.Var.applyTo (Var.java:700)
> clojure.main.main (main.java:37)
> 2014-07-18 18:35:57,650 ERROR [p.t.logging] Uncaught exception
> java.lang.AssertionError: Assert failed: %
> at 
> com.puppetlabs.puppetdb.cli.export$events_for_report_hash.invoke(export.clj:114)
>  ~[na:na]
> at 
> com.puppetlabs.puppetdb.cli.export$reports_for_node$fn__5294.invoke(export.clj:150)
>  ~[na:na]
> at clojure.core$map$fn__4245.invoke(core.clj:2557) ~[puppetdb.jar:na]
> at clojure.lang.LazySeq.sval(LazySeq.java:40) ~[puppetdb.jar:na]
> at clojure.lang.LazySeq.seq(LazySeq.java:49) ~[puppetdb.jar:na]
> at clojure.lang.RT.seq(RT.java:484) ~[puppetdb.jar:na]
> at clojure.core$seq.invoke(core.clj:133) ~[puppetdb.jar:na]
> at clojure.core$map$fn__4245.invoke(core.clj:2551) ~[puppetdb.jar:na]
> at clojure.lang.LazySeq.sval(LazySeq.java:40) ~[puppetdb.jar:na]
> at clojure.lang.LazySeq.seq(LazySeq.java:49) ~[puppetdb.jar:na]
> at clojure.lang.RT.seq(RT.java:484) ~[puppetdb.jar:na]
> at clojure.core$seq.invoke(core.clj:133) ~[puppetdb.jar:na]
> at clojure.core$map$fn__4245.invoke(core.clj:2551) ~[puppetdb.jar:na]
> at clojure.lang.LazySeq.sval(LazySeq.java:40) ~[puppetdb.jar:na]
> at clojure.lang.LazySeq.seq(LazySeq.java:49) ~[puppetdb.jar:na]
> at clojure.lang.RT.seq(RT.java:484) ~[puppetdb.jar:na]
> at clojure.core$seq.invoke(core.clj:133) ~[puppetdb.jar:na]
> at clojure.core.protocols$seq_reduce.invoke(protocols.clj:30) 
> ~[puppetdb.jar:na]
> at clojure.core.protocols$fn__6078.invoke(protocols.cl

Re: [Puppet Users] HA puppetmaster in AWS

2014-07-18 Thread chris mague
I used this approach detailed below in production for a large-ish 
environment.
When used in conjunction with Nginx load balancing in AWS 
(http://blog.mague.com/?p=286) it worked very well.

1) Route all certificate requests (explained above) to a pair of boxes that 
have the sync setup listed below
2) Route specific environments to specific puppet backends

One further refinement is to set up a puppet master running in debug mode 
and create a debug environment which is useful for troubleshooting.

-c

On Friday, July 18, 2014 6:03:51 AM UTC-7, Juan Sierra Pons wrote:
>
> Hi 
>
> What about this approach? [1] Sync Puppet Certs between EC2 regions 
>
> It seems very easy to implement: unison + incron +  scripts 
>
> Disclaimer: not tested yet. Hope to have a prof of concept next week. 
>
> Best regards 
>
> [1] http://blog.mague.com/?p=468 
>
> --
>  
>
> Juan Sierra Pons ju...@elsotanillo.net 
>  
> Linux User Registered: #257202 
> Web: http://www.elsotanillo.net Git: http://www.github.com/juasiepo 
> GPG key = 0xA110F4FE 
> Key Fingerprint = DF53 7415 0936 244E 9B00  6E66 E934 3406 A110 F4FE 
> --
>  
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/d092191d-f933-4669-9272-2f104a894851%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[Puppet Users] Re: user authentication with proxyserver

2014-07-18 Thread jcbollinger


On Friday, July 18, 2014 4:32:18 AM UTC-5, robert api wrote:
>
> Hi,
>
> i was trying to configure my client with a proxy that requires user 
> authentication, upon looking through the configuration reference page, i 
> only found the settings for proxy hostname/port.
> as long as the proxy server permits every user without further 
> authentication everything runs good, but i may need to configure a user 
> authentication for some nodes, to be able to access to internet and 
> communicate with my puppetmaster.
>
>

That's unusual.  It's atypical to need to go through a proxy server to get 
to resources on your own network, and that's normally where the master 
would reside.  It is even more unusual to need to go through an 
*authenticated* proxy server to get at your own network.

 

> any idea how i would achieve that or is such a feature not implemented 
> yet? i cant seem to find google hits for my searches.
>
>

You can use an Exec or a custom resource type to authenticate to the proxy 
server at the beginning of your puppet run (and also to log off at the 
end).  Run stages would serve well to ensure that is done at the 
appropriate times relative to all your regular classes.  The details of the 
Exec and/or of the operation of a custom type's provider would depend on 
the implementation of the relevant authentication system.

All of that assumes, however, that you're ok with putting the proxy server 
credentials in your catalogs (probably in plain text), or that you are 
willing to record them somewhere on each client system.  If you need to go 
through a proxy such as you describe for Puppet to work, but you can't 
entrust Puppet with the credentials, then automated runs just aren't going 
to work for you.  You would need to go to some scheme around local 
manifests and data, and 'puppet apply', so that a live user could and would 
be there to authenticate.


John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/f274a5e0-98a2-493d-9bc2-4fc84d727912%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[Puppet Users] puppetdb export before migration

2014-07-18 Thread Fabrice Bacchella
I ran an  puppetdb export yesterday. It ran fine. It was a puppetdb 2.0

Now, after an export to puppetdb 2.1, I got some strange exception. puppet 
master is working fine, I didn't see anything special in the release notes. 
puppetmaster is running fine.

Did I miss something ?

$ puppetdb export --outfile ./my-puppetdb-export.tar.gz
java.lang.AssertionError: Assert failed: %
 at com.puppetlabs.puppetdb.cli.export$events_for_report_hash.invoke 
(export.clj:114)
com.puppetlabs.puppetdb.cli.export$reports_for_node$fn__5294.invoke 
(export.clj:150)
clojure.core$map$fn__4245.invoke (core.clj:2557)
clojure.lang.LazySeq.sval (LazySeq.java:40)
clojure.lang.LazySeq.seq (LazySeq.java:49)
clojure.lang.RT.seq (RT.java:484)
clojure.core$seq.invoke (core.clj:133)
clojure.core$map$fn__4245.invoke (core.clj:2551)
clojure.lang.LazySeq.sval (LazySeq.java:40)
clojure.lang.LazySeq.seq (LazySeq.java:49)
clojure.lang.RT.seq (RT.java:484)
clojure.core$seq.invoke (core.clj:133)
clojure.core$map$fn__4245.invoke (core.clj:2551)
clojure.lang.LazySeq.sval (LazySeq.java:40)
clojure.lang.LazySeq.seq (LazySeq.java:49)
clojure.lang.RT.seq (RT.java:484)
clojure.core$seq.invoke (core.clj:133)
clojure.core.protocols$seq_reduce.invoke (protocols.clj:30)
clojure.core.protocols/fn (protocols.clj:54)
clojure.core.protocols$fn__6031$G__6026__6044.invoke (protocols.clj:13)
clojure.core$reduce.invoke (core.clj:6289)
schema.core$eval3377$fn__3395$fn__3412.invoke (core.clj:787)
schema.core$eval3377$fn__3395$fn__3412.invoke (core.clj:785)
clojure.core$comp$fn__4192.invoke (core.clj:2403)
com.puppetlabs.puppetdb.cli.export$eval5305$report__GT_tar__5306.invoke 
(export.clj:153)

com.puppetlabs.puppetdb.cli.export$eval5329$get_node_data__5330$fn__5334.invoke 
(export.clj:184)
com.puppetlabs.puppetdb.cli.export$eval5329$get_node_data__5330.invoke 
(export.clj:170)
com.puppetlabs.puppetdb.cli.export$_main.doInvoke (export.clj:241)
clojure.lang.RestFn.invoke (RestFn.java:421)
clojure.lang.Var.invoke (Var.java:383)
clojure.lang.AFn.applyToHelper (AFn.java:156)
clojure.lang.Var.applyTo (Var.java:700)
clojure.core$apply.invoke (core.clj:624)
com.puppetlabs.puppetdb.core$run_command.invoke (core.clj:87)
com.puppetlabs.puppetdb.core$_main.doInvoke (core.clj:95)
clojure.lang.RestFn.invoke (RestFn.java:436)
clojure.lang.Var.invoke (Var.java:388)
clojure.lang.AFn.applyToHelper (AFn.java:160)
clojure.lang.Var.applyTo (Var.java:700)
clojure.core$apply.invoke (core.clj:624)
clojure.main$main_opt.invoke (main.clj:315)
clojure.main$main.doInvoke (main.clj:420)
clojure.lang.RestFn.invoke (RestFn.java:482)
clojure.lang.Var.invoke (Var.java:401)
clojure.lang.AFn.applyToHelper (AFn.java:171)
clojure.lang.Var.applyTo (Var.java:700)
clojure.main.main (main.java:37)
2014-07-18 18:35:57,650 ERROR [p.t.logging] Uncaught exception
java.lang.AssertionError: Assert failed: %
at 
com.puppetlabs.puppetdb.cli.export$events_for_report_hash.invoke(export.clj:114)
 ~[na:na]
at 
com.puppetlabs.puppetdb.cli.export$reports_for_node$fn__5294.invoke(export.clj:150)
 ~[na:na]
at clojure.core$map$fn__4245.invoke(core.clj:2557) ~[puppetdb.jar:na]
at clojure.lang.LazySeq.sval(LazySeq.java:40) ~[puppetdb.jar:na]
at clojure.lang.LazySeq.seq(LazySeq.java:49) ~[puppetdb.jar:na]
at clojure.lang.RT.seq(RT.java:484) ~[puppetdb.jar:na]
at clojure.core$seq.invoke(core.clj:133) ~[puppetdb.jar:na]
at clojure.core$map$fn__4245.invoke(core.clj:2551) ~[puppetdb.jar:na]
at clojure.lang.LazySeq.sval(LazySeq.java:40) ~[puppetdb.jar:na]
at clojure.lang.LazySeq.seq(LazySeq.java:49) ~[puppetdb.jar:na]
at clojure.lang.RT.seq(RT.java:484) ~[puppetdb.jar:na]
at clojure.core$seq.invoke(core.clj:133) ~[puppetdb.jar:na]
at clojure.core$map$fn__4245.invoke(core.clj:2551) ~[puppetdb.jar:na]
at clojure.lang.LazySeq.sval(LazySeq.java:40) ~[puppetdb.jar:na]
at clojure.lang.LazySeq.seq(LazySeq.java:49) ~[puppetdb.jar:na]
at clojure.lang.RT.seq(RT.java:484) ~[puppetdb.jar:na]
at clojure.core$seq.invoke(core.clj:133) ~[puppetdb.jar:na]
at clojure.core.protocols$seq_reduce.invoke(protocols.clj:30) 
~[puppetdb.jar:na]
at clojure.core.protocols$fn__6078.invoke(protocols.clj:54) 
~[puppetdb.jar:na]
at 
clojure.core.protocols$fn__6031$G__6026__6044.invoke(protocols.clj:13) 
~[puppetdb.jar:na]
at clojure.core$reduce.invoke(core.clj:6289) ~[puppetdb.jar:na]
at schema.core$eval3377$fn__3395$fn__3412.invoke(core.clj:787) ~[na:na]
at schema.core$eval3377$fn__3395$fn__3412.invoke(core.clj:785) ~[na:na]
at clojure.core$comp$fn__4192.invoke(core.clj:2403) ~[puppetdb.jar:na]
at 
com.puppetlabs.puppetdb.cli.export$eval5305$report__GT_tar__5306.invoke(export.clj:153

Re: [Puppet Users] Re: Passing undef as argument to classes & defines overrides default parameter

2014-07-18 Thread jcbollinger


On Thursday, July 17, 2014 1:27:03 PM UTC-5, Cristian Falcas wrote:
>
> Hi,
>
> I have a "postfix" class with this init:
>
> class postfix (
>   $ensure = 'latest',
>   $email_user = undef,
>   $email_pass = undef,
>   $smtp_endpoint  = "smtp.${::domain}",
>   $smtp_endpoint_port = '25',
>   $from_domain= $::domain,
>   $from_user  = 'donotreply',
>   $debug  = false) {
>   anchor { 'postfix::begin': }
>   anchor { 'postfix::end': }
>
>   include postfix::install
>   include postfix::config
>   include postfix::service
>
>   Anchor['postfix::begin'] ->
>   Class['postfix::install'] ->
>   Class['postfix::config'] ~>
>   Class['postfix::service'] ->
>   Anchor['postfix::end']
> }
>
>
> And I call it from an other module like this:
>
>   class { 'postfix':
> email_user => hiera('email_user', undef),
> email_pass => hiera('email_pass', undef),
> smtp_endpoint  => hiera('email_smtp_endpoint', undef),
> smtp_endpoint_port => hiera('smtp_endpoint_port', undef),
> from_domain=> hiera('email_from_domain', undef),
> from_user  => hiera('email_from_user', undef),
>   }
>
> All parameters that not found in hiera are not initialized with the 
> default values. In the template I use for the config I get only empty 
> values.
>
>

That does look a lot like issue 16221, but I'm uncertain whether it's 
really the same because classes are special, and the way their parameters 
are bound to them is especially special.  I don't know whether what you are 
doing should be expected to work or not.

With that said, you seem to be going to a lot of extra effort here.  
Automated data binding will do exactly what you appear to want if you 
change the hiera keys to suit.  Then you can just do

include 'postfix'

, which is better form for most purposes than the resource-like syntax (see 
the best practices commentary at 
http://docs.puppetlabs.com/puppet/3/reference/lang_classes.html#include-like-vs-resource-like).
  
For that to work, the keys must have form 
::, so "postfix::email_user" for 
example.


John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/307ef13f-4070-4587-acea-4e1026e796b3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[Puppet Users] Re: error. only root user can exec comands

2014-07-18 Thread jcbollinger


On Thursday, July 17, 2014 9:52:23 AM UTC-5, Supriya Uppalapati wrote:
>
> Hi,
>  
> I am having an issue with exc statement. running through non-root user.
>  
> *Error: Failed to apply catalog: Parameter user failed on Exec[extract 
> p17071663_1036_Generic.zip]: Only root can execute commands as other users 
> at 
> /etc/puppetlabs/puppet/environments/testing/modules/wls/manifests/bsupatch.pp*
>  
>  
> *Let me know how to exec through non root user*
>  
>


The message seems pretty clear to me.  If you are running Puppet as 
non-root then you must not specify a 'user' for your command to run as.  
You must not specify even the non-root user who happens to be running that 
puppet agent instance, as Puppet cannot necessarily recognize that that's 
what you have done.  If you just omit the 'user' parameter from your exec 
then it will automatically run as whatever user the agent is running as.


John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/130eee37-66be-47d9-be1e-1da3f59e78f2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [Puppet Users] Facter path issue

2014-07-18 Thread Jim Richard
 

Thanks for the quick reply Rob.

I went ahead and spun up a new Server2008R2 virtual machine to test a very 
basic install:

grabbed the iso from 
http://www.microsoft.com/en-us/download/details.aspx?id=11093
installed Windows as usual, did the Windows update dance reboot, reboot, etc
got the puppet agent from https://downloads.puppetlabs.com/windows/, 
I tried the most recent agent version and even the oldest, 2.7 version, 
both the same
I also tried installing to the Administrator account as well as installing 
to another account

And, I saw the same behavior.

I tried echo %PATH% and then environment.bat and that did give a clue. I 
ran environment.bat multiple times and each time the Path var in the Puppet 
shell grows. I've attached a screen shot so you can see what I mean.

So, it looks like the Puppet shell initialization process executes 
environment.bat twice; that happens for scheduled agent runs as well.

If I just wanted Facter to report back the "true" system Path, minus all of 
the puppet shell added stuff, what would you suggest. Pull it from the 
registry? Or via a custom fact, take what Facter reports and chop off all 
of the extra Puppet shell applied stuff with a regex?









On Thursday, July 17, 2014 6:12:26 PM UTC-4, Rob Reynolds wrote:
>
>
> On Thu, Jul 17, 2014 at 2:37 PM, Jim Richard  > wrote:
>
>> Facter on a Windows 2008R2 server is doing something weird. Version of 
>> facter is 2.0.2.
>>
>> If I, from the Puppet command prompt, do a "echo %Path%", I see exactly 
>> what I expect. But if I say "facter Path", it shows me all of the Puppet 
>> added path stuff twice, ie. the output is almost twice as much text.
>>
>> Oddly, the original pre: puppet agent install path data is still reported 
>> by facter, correctly, not doubled up, but all of the path items added by 
>> the puppet agent install process show up twice when I issue a "facter 
>> Path". 
>>
>> My "real" path:
>>
>>
>> E:\oracle\product\11.2.0\db_1\bin;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Unix;E:\oracle\product\11.2.0\db_1\OPatch;C:\jdk_release\bin;F:\RATEWARE
>>
>
>> What facter thinks is my Path:
>>
>> C:\Program Files (x86)\Puppet Labs\Puppet\puppet\bin;C:\Program Files 
>> (x86)\Puppet Labs\Puppet\facter\bin;C:\Program Files (x86)\Puppet 
>> Labs\Puppet\hiera\bin;C:\Program Files (x86)\Puppet 
>> Labs\Puppet\bin;C:\Program Files (x86)\Puppet 
>> Labs\Puppet\sys\ruby\bin;C:\Program Files (x86)\Puppet 
>> Labs\Puppet\sys\tools\bin;C:\Program Files (x86)\Puppet 
>> Labs\Puppet\puppet\bin;C:\Program Files (x86)\Puppet 
>> Labs\Puppet\facter\bin;C:\Program Files (x86)\Puppet 
>> Labs\Puppet\hiera\bin;C:\Program Files (x86)\Puppet 
>> Labs\Puppet\bin;C:\Program Files (x86)\Puppet 
>> Labs\Puppet\sys\ruby\bin;C:\ProgramFiles(x86)\PuppetLabs\Puppet\sys\tools\bin;E:\oracle\product\11.2.0\db_1\bin;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Unix;E:\oracle\product\11.2.0\db_1\OPatch;C:\jdk_release\bin;F:\RATEWARE
>>
>>
>> Any ideas what might cause this?
>>
>
> Note the first thing that facter.bat / puppet.bat runs is a call to 
> environment.bat, which ensures that the console has all of the right 
> environment variables set and it updates PATH as well.
>
> Why it is doubling up is another issue entirely.
>
> Try this - open a command line and call:
> echo %PATH%
> environment.bat
> echo %PATH%
>
> Oddly enough, I don't see  C:\Program Files (x86)\Puppet Labs\Puppet\bin 
> in your original path as I might expect to see.
>
> How did you install facter on your Windows system?
>
>>  -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to puppet-users...@googlegroups.com .
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/puppet-users/97685237-6523-40a3-81ad-38f98df86593%40googlegroups.com
>>  
>> 
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
>
> -- 
> Rob Reynolds
> Developer, Puppet Labs
>
> *Join us at PuppetConf 2014 , September 
> 20-24 in San Francisco*
> *Register by July 31st to take advantage of the Early Bird discount 
>  **—**save 
> $249!*
>  

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google

[Puppet Users] parameters set with array

2014-07-18 Thread OS
Hello all,

I am newbie to puppet and sorry if it is a silly question. What is wrong 
with my manifest?

define webapp ($domain,$port){
  file { "/tmp/${name}": > This is working and 
creating the files as /tmp/test , /tmp/test1 etc
content => "Server:${port}",
  }
  notify { $domain: }
}

$websites = ['test','test1','test2']

webapp { $websites :
  domain => $websites,  -> Here, how  can iterate websites 
array? It gives error as duplicate definition.
  port => 80,
}

Thanks,
OS



-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/afa8419e-d24c-4868-b774-3c348b6275ce%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [Puppet Users] HA puppetmaster in AWS

2014-07-18 Thread Matt Zagrabelny
On Fri, Jul 18, 2014 at 1:37 AM, Dejan Golja  wrote:

> We tried with yas3fs, but we abandoned that solution because was just not
> reliable enough. Also we considered GlusterFS, but again on some other
> projects the experience wasn't great.
>
> So my question is how you guys manage that ?

DRBD?

-mz

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAOLfK3VQugnNH2KubmoXyVXNHqUBtW7UiVL6H9G7K2ZRfOX9NQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.


Re: [Puppet Users] HA puppetmaster in AWS

2014-07-18 Thread Dejan Golja
Not sure if it would work always, because if using unison you can get 
conflicts on files such as serial, inventory.txt ,ca_crl.pem, etc and then 
you need to merge them manually.

Quoting:

Unlike simple mirroring or backup utilities, Unison can deal with updates 
to *both* replicas of a distributed directory structure. Updates that do 
not conflict are propagated automatically. Conflicting updates are detected 
and displayed. 


On Friday, July 18, 2014 11:03:51 PM UTC+10, Juan Sierra Pons wrote:
>
> Hi 
>
> What about this approach? [1] Sync Puppet Certs between EC2 regions 
>
> It seems very easy to implement: unison + incron +  scripts 
>
> Disclaimer: not tested yet. Hope to have a prof of concept next week. 
>
> Best regards 
>
> [1] http://blog.mague.com/?p=468 
>
> --
>  
>
> Juan Sierra Pons ju...@elsotanillo.net 
>  
> Linux User Registered: #257202 
> Web: http://www.elsotanillo.net Git: http://www.github.com/juasiepo 
> GPG key = 0xA110F4FE 
> Key Fingerprint = DF53 7415 0936 244E 9B00  6E66 E934 3406 A110 F4FE 
> --
>  
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/b7c10f69-0ebe-4d65-b38f-7bc72f55a39e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [Puppet Users] HA puppetmaster in AWS

2014-07-18 Thread Juan Sierra Pons
Hi

What about this approach? [1] Sync Puppet Certs between EC2 regions

It seems very easy to implement: unison + incron +  scripts

Disclaimer: not tested yet. Hope to have a prof of concept next week.

Best regards

[1] http://blog.mague.com/?p=468

--
Juan Sierra Pons j...@elsotanillo.net
Linux User Registered: #257202
Web: http://www.elsotanillo.net Git: http://www.github.com/juasiepo
GPG key = 0xA110F4FE
Key Fingerprint = DF53 7415 0936 244E 9B00  6E66 E934 3406 A110 F4FE
--

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CABS%3Dy9u8bdyX%3DULxrOzUVd5SshuKJn6-brJq9pnNP2TtwZKexg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.


[Puppet Users] Re: puppet master --genconfig generating deprecated features

2014-07-18 Thread Dejan Golja
Probably they are there for back compatibility or something similar and 
they will  be removed in future releases ?



On Thursday, July 17, 2014 7:31:16 AM UTC+10, Adam Chou wrote:
>
> I'm running a fresh install of 3.6.2 and when I use the config file from 
> puppet master --genconfig, there are deprecated settings in there. 
> Consequently, running puppet agent -t will throw a bunch of deprecation 
> warnings. Shouldn't the --genconfig either not include the deprecated 
> configurations or include disable_warnings = deprecations?
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/0814c330-d223-4e34-80c6-e128847a393e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [Puppet Users] HA puppetmaster in AWS

2014-07-18 Thread Dejan Golja
yas3fs is using s3 as a backend, but unfortunately did not work out.



On Friday, July 18, 2014 6:00:02 PM UTC+10, ankush grover wrote:
>
> Hi Dejan,
>
> You can try using S3 for this purpose.  So keep all the data like SSL or 
> CA on S3 and ask all the puppet masters to pickup the ssl or any other data 
> from S3. 
>
>
>
>
> On Fri, Jul 18, 2014 at 12:07 PM, Dejan Golja  > wrote:
>
>> Hello guys,
>>
>> so puppet community I seek some guidance. I am rebuilding our company 
>> Puppet 3 AWS infrastructure from scratch. Right now the design is to have a 
>> multiple availability ELB balancer and behind 2-4 puppet masters, so in 
>> case one AZ fails we still have a running puppet environment and also at 
>> the same time we can distribute the load. 
>>
>> For module/environment synchronization we are using  r10 + mcollective + 
>> post-commit git hooks, however we have one main issue and that is how to 
>> properly share the /var/lib/puppet/ssl folder. The thing is with Amazon ELB 
>> you have limited control over the load balance policy, so we need to make 
>> sure that SSL certs are in sync all the time. 
>>
>> We tried with yas3fs, but we abandoned that solution because was just not 
>> reliable enough. Also we considered GlusterFS, but again on some other 
>> projects the experience wasn't great. 
>>
>> So my question is how you guys manage that ? 
>>
>> I know we could run an external PuppetCA, however we would still need to 
>> share the SSL certs and for as is really important that we have the HA 
>> between different zones.
>>
>> So any experience to share ?
>>
>> regards,
>> Dejan
>>
>>
>>
>>
>>
>>  -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to puppet-users...@googlegroups.com .
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/puppet-users/efbc0980-c0a0-44e4-a1eb-ac0743a2b5b5%40googlegroups.com
>>  
>> 
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/111b399f-8e66-4726-9148-9ada2298299d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[Puppet Users] Wrap Package in a define

2014-07-18 Thread Brian Wilkins
Hello,

We are trying to use the puppet-forge graphite module located here: 
https://github.com/echocat/puppet-graphite/blob/master/manifests/install.pp 
and our servers will not have access to the Internet. So we are downloading 
all the pip packages to a local repository and will point pip to each 
package. I would like to wrap the Package type so I can provide the source. 
How would I do this so that the package name is passed to the defined type? 
My intent is to not change much of the code here: 
https://github.com/echocat/puppet-graphite/blob/master/manifests/install.pp

Otherwise, I will have to comment out alot of the manifest and replace with 
exec statements pointing to each individual package.


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/7bbc783a-589a-42b3-aaa5-993d43f2026b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [Puppet Users] Puppet module 'issue' with sysctl provider (augeasproviders)

2014-07-18 Thread Stefan Heijmans
Hi John/Felix,
 
thanks for the suggestions, will try them out next week and come back with 
the results
 
Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/15035553-e091-48d3-aae2-7dd027220427%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[Puppet Users] user authentication with proxyserver

2014-07-18 Thread robert api
Hi,

i was trying to configure my client with a proxy that requires user 
authentication, upon looking through the configuration reference page, i 
only found the settings for proxy hostname/port.
as long as the proxy server permits every user without further 
authentication everything runs good, but i may need to configure a user 
authentication for some nodes, to be able to access to internet and 
communicate with my puppetmaster.

any idea how i would achieve that or is such a feature not implemented yet? 
i cant seem to find google hits for my searches.

greetings 
Robert

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/dc8d0133-f2df-4a0a-b669-5d0636300fca%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [Puppet Users] HA puppetmaster in AWS

2014-07-18 Thread Ankush Grover
Hi Dejan,

You can try using S3 for this purpose.  So keep all the data like SSL or CA
on S3 and ask all the puppet masters to pickup the ssl or any other data
from S3.




On Fri, Jul 18, 2014 at 12:07 PM, Dejan Golja  wrote:

> Hello guys,
>
> so puppet community I seek some guidance. I am rebuilding our company
> Puppet 3 AWS infrastructure from scratch. Right now the design is to have a
> multiple availability ELB balancer and behind 2-4 puppet masters, so in
> case one AZ fails we still have a running puppet environment and also at
> the same time we can distribute the load.
>
> For module/environment synchronization we are using  r10 + mcollective +
> post-commit git hooks, however we have one main issue and that is how to
> properly share the /var/lib/puppet/ssl folder. The thing is with Amazon ELB
> you have limited control over the load balance policy, so we need to make
> sure that SSL certs are in sync all the time.
>
> We tried with yas3fs, but we abandoned that solution because was just not
> reliable enough. Also we considered GlusterFS, but again on some other
> projects the experience wasn't great.
>
> So my question is how you guys manage that ?
>
> I know we could run an external PuppetCA, however we would still need to
> share the SSL certs and for as is really important that we have the HA
> between different zones.
>
> So any experience to share ?
>
> regards,
> Dejan
>
>
>
>
>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/efbc0980-c0a0-44e4-a1eb-ac0743a2b5b5%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CACe638ThmEkGNNcUvKGdo5PjXVAxPCtiAjc%3DMhsdzyxgUuXXcQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.