[Puppet Users] Re: [foreman-users] Re: Reports not showing up in foreman.
now I'm mad at myself I must have read that doc ten times in the last week and missed that very important point. Good news is my module for managing the configuration of the Remote Masters now includes that tidbit. On Thu, Mar 5, 2015 at 9:58 AM Nick Howes nickho...@gmail.com wrote: Facts are probably coming in as Foreman is the ENC (the node.rb script). Reports definitely should work, so something seems amiss. Is there a foreman.rb in your Puppet installation on the subordinate masters? It could be in a number of places depending on your Ruby installation. This is the script that is used when reports is set to foreman. If you use foreman-installer this probably gets done for you, otherwise you need to follow the docs as per the link below. If this is the problem then I'm surprised the master didn't complain loudly. Try enabling debug logging for the master if you haven't already. http://theforeman.org/manuals/1.3/index.html#3.5.4PuppetReports # find /usr/share -name foreman.rb /usr/share/ruby/vendor_ruby/puppet/reports/foreman.rb On Wednesday, 4 March 2015 16:46:25 UTC, Salty Old Cowdawg wrote: I'm going to re-ask this question because the issue is driving me crazy even though I'm already close enough to walk. Here's the setup: [Foreman Server with Puppet/PuppetDB] ^ | V [ Subordinate (remote) Puppet Server ] (Proxy installed) ^ | V [End client[ The Puppet master running on the Foreman host's job is to manage just the remote masters. The subordinate Puppet Masters are planned to be installed in various data centers around the country. The end client's puppet.conf looks like this (with the template variables being replaced by their actual values): ### File managed with puppet ### ## Module: 'puppet' [main] # The Puppet log directory. # The default value is '$vardir/log'. logdir = /var/log/puppet # Where Puppet PID files are kept. # The default value is '$vardir/run'. rundir = /var/run/puppet # Where SSL certificates are kept. # The default value is '$confdir/ssl'. ssldir = $vardir/ssl # Allow services in the 'puppet' group to access key (Foreman + proxy) privatekeydir = $ssldir/private_keys { group = service } hostprivkey = $privatekeydir/$certname.pem { mode = 640 } # Puppet 3.0.x requires this in both [main] and [master] - harmless on agents autosign = $confdir/autosign.conf { mode = 664 } show_diff = false hiera_config = $confdir/hiera.yaml ca_server =%= foreman_host_fqdn% ### Next part of the file is managed by a different template ### ## Module: 'puppet' [agent] # The file in which puppetd stores a list of the classes # associated with the retrieved configuration. Can be loaded in # the separate ``puppet`` executable using the ``--loadclasses`` # option. # The default value is '$statedir/classes.txt'. classfile = $vardir/classes.txt # Where puppetd caches the local configuration. An # extension indicating the cache format is added automatically. # The default value is '$confdir/localconfig'. localconfig = $vardir/localconfig # Disable the default schedules as they cause continual skipped # resources to be displayed in Foreman - only for Puppet = 3.4 default_schedules = false report= true pluginsync= true masterport= 8140 environment = POC certname = %= fqdn % server= %= puppethost_fqdn % listen= false splay = false splaylimit= 1800 runinterval = 1800 noop = false configtimeout = 600 Report is turned on and the remote Puppet Master is successfully managing the client. The [master] section of the remote Puppet Master's puppet.conf looks like this: [master] storeconfigs = true storeconfigs_backend = puppetdb autosign = $confdir/autosign.conf { mode = 664 } reports= foreman external_nodes = /etc/puppet/node.rb node_terminus = exec ca = false certname = %= fqdn % strict_variables = false environmentpath = /etc/puppet/environments basemodulepath = /etc/puppet/environments/ common:/etc/puppet/modules:/usr/share/puppet/modules and I have a foreman.yaml file that looks like this: --- # Update for your Foreman and Puppet master hostname(s) :url: https://mtinjacn01.cip.att.com; :ssl_ca: /var/lib/puppet/ssl/certs/ca.pem :ssl_cert: /var/lib/puppet/ssl/certs%= fqdn %.pem :ssl_key: /var/lib/puppet/ssl/private_keys/%= fqdn %.pem #
Re: [Puppet Users] External Facts in MODULEPATH/MODULE/facts.d/
On 03/05/2015 11:55 PM, Dan White wrote: --external-dir=/var/lib/puppet/facts.d/ Ah. Good catch! It is not a bug. It is an Undocumented Feature :D Hah! Well I'm not convinced. UX bugs are still issues. Cheers, Felix -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/54F8E1C2.7060601%40Alumni.TU-Berlin.de. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Order class with parameter
On 03/04/2015 02:10 PM, Thomas Bendler wrote: /contain icinga::package/ /contain icinga::config/ /contain icinga::service/ / / /Class['icinga::package'] -/ /Class['icinga::config'] -/ /Class['icinga::service']/ Unfortunately the ordering isn't correct, the module try to install the service before the repository is added and usable. After the second run, everything is fine because the repository gets added during the first run and the configuration for the service could be finished. I know that require is under normal circumstances the solution for that situation, but in this case I can't call the class with the relevant parameter. Any hints? That's fine. The relationship arrows are adequate for what you want. Where is the repository declared? Is it a resource right in the icinga::package class? Can you make the whole module visible somewhere, or at least a rough sketch of it? Thanks, Felix -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/54F8D4E1.9090908%40Alumni.TU-Berlin.de. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Can't remove depreciated warning message
On 02/09/2015 05:54 AM, David LeVene wrote: Any suggestions as to where to look next? Hi, in case you're still struggling with this - you can try and locate the catalog (in $vardir/client_yaml) and examine the package resources for starters. Good luck, Felix -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/54F8DAE6.9060704%40Alumni.TU-Berlin.de. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Share data between custom functions/resources/providers?
Hi, there might be ways to achieve this, but also plenty caveats. You mention all of functions, resources and providers, but I see no indication that all of them relate to your question. Are you aware of the differences between the three? Have you implemented anything already, or are you still in the interface design phase? Will Puppet do anything besides generating XML? Do you have any code to do this already? Thanks, Felix On 03/05/2015 03:22 PM, Nick Howes wrote: Hello, I am trying to define something that would let me do this, or something like it: fw_service { elasticsearch: ports = [ '9200-9300' ], zone = work, } fw_zone { work: source_addresses = [ '10.0.0.0/16' ] } And for the fw_zone resource to be able to enumerate data from services that declared that zone name. Since it end goal is generating XML I could always use the concat module to create concat::fragments in the fw_service resource, but I wondered if there was any other way of passing data between functions within a catalog run? Going into Ruby is fine and I'm using future parser so any Puppet 4 API specific stuff would be usable. Cheers -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/54F8D3B7.2080202%40Alumni.TU-Berlin.de. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] [ANN] CMITS 1.3 released on GitHub
Configuration Management for IT Systems (CMITS) 1.3 has been released on GitHub at https://github.com/afseo/cmits. From the README: This is a toolset that makes it easier for network administrators to configure IT systems in compliance with U.S. Department of Defense requirements, and to document that compliance as automatically as possible, at several levels of detail. CMITS contains many Puppet modules that implement portions of compliance with about 1000 requirements from nine DoD-level policy documents. These modules make it easier for administrators to construct a complete Puppet manifest which tells IT systems how to configure themselves in a compliant fashion. (Puppet is IT automation software that helps system administrators manage infrastructure throughout its lifecycle http://puppetlabs.com/puppet/what-is-puppet/.) CMITS also contains scripts and extensions necessary to create a unified policy document, which lays out in complete detail how systems are configured using Puppet, and offers a single place to document IT-related processes, especially those necessary for compliance. The scripts and extensions also create automatic summaries, cross-references and indices, so that auditors can easily find assertions about compliance. -- Jared Jennings, RHCE, Network Administrator, SURVICE Engineering Co. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CA0CF73AD6465C4AA53D51FFAC7A1C8DB8AD3FB4%4052APCA-D04-05C.area52.afnoapps.usaf.mil. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] External Facts in MODULEPATH/MODULE/facts.d/
Thank for the reminder, Felix I figured out what I was missing: The facts show up in a puppet manifest with no problem, but to get them to show on the facter command line, you need to add : --external-dir=/var/lib/puppet/facts.d/ So, if I do it this way: [user ]# facter --external-dir=/var/lib/puppet/facts.d/ patch_fact_1 hello I get the response I was looking for. And many thanks for the straight line Might be a bug which lets me say: It is not a bug. It is an Undocumented Feature :D On Mar 5, 2015, at 5:25 PM, Felix Frank felix.fr...@alumni.tu-berlin.de wrote: Hi Dan, interesting, I think I can reproduce, with facter 2.4.1. Might be a bug. I observe `puppet agent` opening my $vardir/facts.d files (through strace), but not `facter -p`. Cheers, Felix On 02/09/2015 05:41 PM, Dan White wrote: Puppet 3.7.3 Facter 2.3.0 running on RHEL 6 Reference: https://docs.puppetlabs.com/facter/2.2/custom_facts.html#fact-locations I put a simple fact_file.txt in one of my modules to try this new feature. When I run puppet agent, I see the fact file deployed to /var/lib/puppet/facts.d/ However, I cannot get it to come out on a command line. Here's the text file: patch_fact_1=hello patch_fact_2=there patch_fact_3=every patch_fact_4=one (Module name is patch) facter -p patch_fact_1 returns a blank line # facter -p patch_fact_1 --debug Found no suitable resolves of 1 for ec2_metadata value for ec2_metadata is still nil And a full facter -p list does not show my 4 new facts I am using /etc/facter/facts.d thru stdlib. Do the two not play nice in the same puppet-sandbox ? I tried restarting the puppetmaster and re-running the agent - no change. I copied the file to /etc/facter/facts.d/ , prefixing the file name and all the fact names with other_ to keep them separate. The other_ facts appeared immediately (no surprise), but the originals remain unavailable. A clue or two, please ? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/54F8D7E8.5010103%40Alumni.TU-Berlin.de. For more options, visit https://groups.google.com/d/optout. “Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us.” Bill Waterson (Calvin Hobbes) -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/C35EBF3C-CC71-4827-8434-C782526140F9%40icloud.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] bitbucket.org or internal git server and puppet-sync git hook
Hi everybody. I recently started using Puppet directory environments. I really like the idea of Dynamic Puppet environments with Git branches and Git hooks to sync Puppet master after any changes were pushed to the Git server. Can I use external service like Bitbucket as a Git master or do I need to have my own Git server? If I can use Bitbucket how I can add my puppet-sync post receive hook there? Can anybody point me to an article on how to do this? Thanks! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/2a02f21a-3df4-4d6c-b664-2f6c1b134f2e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Bitbucket and puppet-sync
Hi all, Is it possible to keep your central repository for Puppet modules in Bitbucket and sync it with your Puppet master with puppet-sync script (something like this one https://github.com/pdxcat/puppet-sync) I cannot find how to add your custom hooks in Bibucket. I'm curious if it's possible in general or I have to maintain my own git server? Thank you! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/00ba884b-2c1d-495f-99c3-416f83037c26%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Implement Puppet Master into our productive environment
Hello! Tthe last months I installed and tested a Puppet Master in a testing environment. But now I have to imigrate it into our Productive Environment. So I have some questions: 1. How many nodes can Puppet Master (Open Source) maximal provide? 2. If it is necessary to cluster for about 50 - 60 nodes: Is it possible to cluster Puppet Master in connection with Foreman. Thank You very much! Greets Hoize -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/b9278dec-f0ef-440d-9c65-d3abf3003e98%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] External Facts in MODULEPATH/MODULE/facts.d/
On 06/03/15 00:31, Josh Cooper wrote: On Thu, Mar 5, 2015 at 3:07 PM, Felix Frank felix.fr...@alumni.tu-berlin.de mailto:felix.fr...@alumni.tu-berlin.de wrote: On 03/05/2015 11:55 PM, Dan White wrote: --external-dir=//var/lib/puppet/facts.d// Ah. Good catch! It is not a bug. It is an Undocumented Feature :D Hah! Well I'm not convinced. UX bugs are still issues. Cheers, Felix -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com mailto:puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/54F8E1C2.7060601%40Alumni.TU-Berlin.de https://groups.google.com/d/msgid/puppet-users/54F8E1C2.7060601%40Alumni.TU-Berlin.de?utm_medium=emailutm_source=footer. For more options, visit https://groups.google.com/d/optout. This issue is covered in https://tickets.puppetlabs.com/browse/FACT-696. Note that facter --puppet is deprecated, because it introduces a cyclical dependency between puppet and facter, and the same functionality can be accomplished using `puppet facts find hostname`, or more succinctly `puppet facts find .` In 4.0, it's just `puppet facts find` thanks to Erik's contribution in https://tickets.puppetlabs.com/browse/PUP-3698 Josh just in time, did notice this behaviour yesterday with PE3.7.2 :) Grts -- Josh Cooper Developer, Puppet Labs *PuppetConf 2015 http://2015.puppetconf.com/ is coming to Portland, Oregon! Join us October 5-9.* /Register now to take advantage of the Early Adopter discount https://www.eventbrite.com/e/puppetconf-2015-october-5-9-tickets-13115894995?discount=EarlyAdopter //—//save $349!/ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com mailto:puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CA%2Bu97umCAAmoY5LipE7Zoc%3D%3DO5bjE2Q4X5P0_k035boM9DnKqg%40mail.gmail.com https://groups.google.com/d/msgid/puppet-users/CA%2Bu97umCAAmoY5LipE7Zoc%3D%3DO5bjE2Q4X5P0_k035boM9DnKqg%40mail.gmail.com?utm_medium=emailutm_source=footer. For more options, visit https://groups.google.com/d/optout. -- Johan De Wit Open Source Consultant Red Hat Certified Engineer (805008667232363) Puppet Certified Professional 2013/2014 (PCP006) Puppet Certified Intstructor blog : http://johan.koewacht.net/ _ Open-Future Phone +32 (0)2/255 70 70 Zavelstraat 72 Fax +32 (0)2/255 70 71 3071 KORTENBERG Mobile+32 (0)474/42 40 73 BELGIUM http://www.open-future.be _ Next Events: Puppet Fundamentals | http://www.open-future.be/puppet-fundamentals-training-16th-till-18th-march Puppet Architect | http://www.open-future.be/puppet-architect-training-19th-till-20th-march Puppet Practitioner | http://www.open-future.be/puppet-practitioner-training-14th-till-16th-april Linux Training | http://www.open-future.be/linux-training-20th-till-24th-april Bacula Administrator 1 | http://www.open-future.be/bacula-administrator-i-training-28th-till-30th-april Zabbix Certified Specialist | http://www.open-future.be/zabbix-certified-specialist-training-4th-till-6th-may Zabbix Certified Professional | http://www.open-future.be/zabbix-certified-professional-training-7th-till-8th-may Subscribe to our newsletter | http://eepurl.com/BUG8H -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/54F94E46.3040502%40open-future.be. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] External Facts in MODULEPATH/MODULE/facts.d/
Hi Dan, interesting, I think I can reproduce, with facter 2.4.1. Might be a bug. I observe `puppet agent` opening my $vardir/facts.d files (through strace), but not `facter -p`. Cheers, Felix On 02/09/2015 05:41 PM, Dan White wrote: Puppet 3.7.3 Facter 2.3.0 running on RHEL 6 Reference: https://docs.puppetlabs.com/facter/2.2/custom_facts.html#fact-locations I put a simple fact_file.txt in one of my modules to try this new feature. When I run puppet agent, I see the fact file deployed to /var/lib/puppet/facts.d/ However, I cannot get it to come out on a command line. Here's the text file: patch_fact_1=hello patch_fact_2=there patch_fact_3=every patch_fact_4=one (Module name is patch) facter -p patch_fact_1 returns a blank line # facter -p patch_fact_1 --debug Found no suitable resolves of 1 for ec2_metadata value for ec2_metadata is still nil And a full facter -p list does not show my 4 new facts I am using /etc/facter/facts.d thru stdlib. Do the two not play nice in the same puppet-sandbox ? I tried restarting the puppetmaster and re-running the agent - no change. I copied the file to /etc/facter/facts.d/ , prefixing the file name and all the fact names with other_ to keep them separate. The other_ facts appeared immediately (no surprise), but the originals remain unavailable. A clue or two, please ? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/54F8D7E8.5010103%40Alumni.TU-Berlin.de. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] External Facts in MODULEPATH/MODULE/facts.d/
On Thu, Mar 5, 2015 at 3:07 PM, Felix Frank felix.fr...@alumni.tu-berlin.de wrote: On 03/05/2015 11:55 PM, Dan White wrote: --external-dir=*/var/lib/puppet/facts.d/* Ah. Good catch! It is not a bug. It is an Undocumented Feature :D Hah! Well I'm not convinced. UX bugs are still issues. Cheers, Felix -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/54F8E1C2.7060601%40Alumni.TU-Berlin.de https://groups.google.com/d/msgid/puppet-users/54F8E1C2.7060601%40Alumni.TU-Berlin.de?utm_medium=emailutm_source=footer . For more options, visit https://groups.google.com/d/optout. This issue is covered in https://tickets.puppetlabs.com/browse/FACT-696. Note that facter --puppet is deprecated, because it introduces a cyclical dependency between puppet and facter, and the same functionality can be accomplished using `puppet facts find hostname`, or more succinctly `puppet facts find .` In 4.0, it's just `puppet facts find` thanks to Erik's contribution in https://tickets.puppetlabs.com/browse/PUP-3698 Josh -- Josh Cooper Developer, Puppet Labs *PuppetConf 2015 http://2015.puppetconf.com/ is coming to Portland, Oregon! Join us October 5-9.* *Register now to take advantage of the Early Adopter discount https://www.eventbrite.com/e/puppetconf-2015-october-5-9-tickets-13115894995?discount=EarlyAdopter * *—**save $349!* -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CA%2Bu97umCAAmoY5LipE7Zoc%3D%3DO5bjE2Q4X5P0_k035boM9DnKqg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Puppetdb 2.2.2 - warning in log every 2 seconds when modifying host jetty.ini
Hi All, I used the puppetlabs-puppetdb module to set up puppetdb on a new CentOS 6.5 server. When I modify /etc/puppetdb/conf.d/jetty.ini so that host = 0.0.0.0 or servername (from localhost) I get the following warning every two seconds in /var/log/puppetdb/puppetdb.log 2015-03-03 20:47:37,467 WARN [o.e.j.h.HttpParser] badMessage: 400 Illegal character for HttpChannelOverHttp@76578703{r=0,a=IDLE,uri=-} I can remotely view the dashboard ok with the change. I'd love to have the warning fixed so that my logs become more readable. Can anyone help? Thanks --Duncan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/f4b504c7-2e42-4b15-a97b-fa70f7e58110%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Puppet Open Source with own Certificates
Hello! Because I can't find anything with google search to my problem with Puppet Open Source, I hope someone of you can help me. On my masterserver there I have installed Foreman running on Apache and Puppet Master. I wanted to replace the certificates of Apache with own certificates to eradicate problems with the Browser (Certificate Trust). But then I got another problem: The nodes could not communicate with the Master. So I decided to replace all certs with own certs, on the nodes and on the master. But how could I do this? I hope you can help me. At PuppetLabs-Docs I only found the configuration for Puppet Enterprise for my issue. Thank You! Greets Manuel Holzner -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/0f8d8e8d-6d72-4065-9325-8d9630a472af%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] question about using custom types and defined types together
Hello, I'm new to puppet and puppet module writing and kindly request your help. My understanding of proper puppet module practices is still young. Being tasked to write a puppet module for a utility that configures interfaces on a cumulus switch. there are 3 main types of interfaces - physical - bridge - bond Each of these 3 types of interfaces have their own set of parameters but are ultimately configured on the system in the same way. So I definitely want to reuse as much code as possible. So the thinking is to define the user interface something like this: cumulus_iface::interface { 'eth1' # physical int attributes } cumulus_iface::bridge { 'br0' # bridge int attributes } cumulus_iface::bond { 'bond0' # bond int attributes } My question is how to implement this, if this structure is okay. My thought is as follows, create a cumulus_iface custom type that has a 'ifaceattrs' parameter. this is where all the code can be reused across all interface types. This parameter accepts a hash. Provider will be 'ruby'. Then create 3 defined types, 'interface', 'bridge', 'bond' under the cumulus_iface module manifest directory structure, each providing their own specific set of parameters. These defined types will take their parameters and combine it into a single hash and input it to the 'ifaceattrs' parameter of the cumulus_iface custom type. For example: cumulus_iface::interface {'eth1' speed = 1000 ipv4 = '10.1.1.1/24' } would in turn be inputted into cumulus_iface custom type as cumulus_iface { 'eth1' ifaceattrs = { :speed = 1000, :ipv4 = '10.1.1.1/24' } } Can this work? Does this make sense? Thanks for your help! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/6582e6a0-393c-433a-842a-88f46019d59d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Problems with a resource default definition
Hi folks, i want to declare a resource default globally for all available classes. I searched google and found this site: https://ask.puppetlabs.com/question/396/howto-force-systemd-as-service-provider-globally/ These guys suggest this solution: Service { provider = systemd, } *If you write this in a class, the resource default will only be valid within that class, so if you want to have a global default you should probably place that into your site.pp file.* So i tested it. I wrote in my $environment/manifests/site.pp under default: *node default {* * if $::operatingsystem == 'Sles12.0' {* *Service {* *provider = systemd,* * }* * notify{SLES 12: Systemd als Service-Provideer:}* * }* *}* But i didn't see anything in the debug output on my testystem. https://lh3.googleusercontent.com/-mOSugk7Ff1o/VPRxuSiNCXI/AA0/wD6FxIkp5bg/s1600/2015-03-02%2B15_19_21-mgtwts001%2B-%2Bmgtwts001%2B-%2BRemotedesktopverbindung.png The i created a class called services::providerdefault which had the same content like the site.pp in the above. Just the line node.. was exchanged with class services::providerdefault { so to get a class. I made a requirement in a class for autofs and i got this output. https://lh6.googleusercontent.com/-tDrB9y1ango/VPRypklDWHI/ABA/oxmiZ_ccZaU/s1600/require%2Bclass%2Bproviderdefault.png Now i get the notify in this run But the service wants to check with chkconfig and thats wrong. I'm asuming now that my default definition is not typed the right way or in a wrong place. When i declare the provider directly in the resource declaration its working. Can someone tell me how i have to declare a resource default that it is working for i.e. 5 services wich i include in the nodedefinition ? Thanks in Advance Christian Hase (Yes thats my real name ^-^ its german and means rabbit) -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/086b09d9-ce52-41e7-aa85-1fd9ba533164%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Using puppet for an Arris C4c CMTS
Hey guys, I'm new to this mailing list so go easy! I'm looking at setting up a complete headend via puppet, at the moment my attentions focussed on an Arris C4c CMTS; for people who aren't familiar - this is a network device used for terminating cable modems. Does anyone have any advice on where to start? It has an IOS like cisco (different command set), as far as I'm aware, no web gui, but telnet and ssh configurable once it has an IP, also TFTP send/receive - out the box though, just console connectivity I believe. Should I begin by looking at a proxy as seems to be the norm with F5 or is there a better way? Perhaps looking at copying configs via TFTP and linking in DHCP, any thoughts? Thanks -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/010ad3c6-de24-44e4-a9c9-f43b48d152d1%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] puppet 2.7.26 certificate verify failed master and client the same
I am building a new puppet master server and trying to get it to run puppet on itself. I deleted everything in the /var/lib/puppet/ssl directory and generated a new cert. I get this error: err: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA: puppetmaster.internal.ZZZ.com] The system name is gso0puppet01. Running puppet cert -la gives this output: + gso0puppet01.internal.ZZZ.com (F9:B1:00:23:FD:72:6C:F9:51:B9:CC:D8:BF:8B:25:9B) (alt names: DNS:gso0puppet01.internal.ZZZ.com, DNS:puppet, DNS:puppet.internal.ZZZ.com) and openssl x509 -issuer -subject -noout -in /var/lib/puppet/ssl/certs/ca.pem issuer= /CN=Puppet CA: gso0puppet01.internal.ZZZ.com subject= /CN=Puppet CA: gso0puppet01.internal.ZZZ.com So it looks like the agent is trying to contact the old master server, puppetmaster. How can I make it use the new master server? Thanks, Ed -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/366849ca-31a9-4266-841d-ceeac29d39b0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Could not retrieve file metadata ... end of file reached
On 2015-05-03 12:02, James Green wrote: We occasionally have an agent fail because of this. I'm told by others running the agents more frequently that it appears to be at random and not on anything particularly large. If you are using webrick then it is most likely a concurrency problem (more than one agent calling in at the same time). Webrick is not recommended for production use because of this. - henrik -- Visit my Blog Puppet on the Edge http://puppet-on-the-edge.blogspot.se/ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/md9sfc%24r1e%241%40ger.gmane.org. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Could not retrieve file metadata ... end of file reached
We occasionally have an agent fail because of this. I'm told by others running the agents more frequently that it appears to be at random and not on anything particularly large. Looks like server and agents are 3.7.4, both Ubuntu. Can't see much in the way of server logs. Any ideas where to go to debug this? A few minutes on, and the agent in this case has now succeeded... Thanks, James -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAMH6%2Bax-gWpyZLWHpB19_EWtD3OnG8U%3DHEvkJFtyK1HGzkAHHA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Could not retrieve file metadata ... end of file reached
It seems like other people have had this issue, and maybe it's when the puppetmaster process restarts in the middle of somebody's agent run? https://projects.puppetlabs.com/issues/3019 https://projects.puppetlabs.com/issues/4808 In your place I would probably do the following: a) turn up the log level a bit on the master and agent b) packet capture on agent-master connections (You have the keys/certs for both ends so you can decrypt the traffic: http://wiki.wireshark.org/SSL) Then when it happens again I would correlate the time in the logs with the packet capture to find the message that discussed the end of file. Then I would see if the agent actually received an EOF character or similar oddity from the master. If the logs are detailed enough I might be able to track that down to something happening on the master. I tried grepping through my local puppet installation for those error messages but I'm not skilled enough to tell how the things I found are relevant. On Thu, Mar 05, 2015 at 11:02:23AM +, James Green wrote: We occasionally have an agent fail because of this. I'm told by others running the agents more frequently that it appears to be at random and not on anything particularly large. Looks like server and agents are 3.7.4, both Ubuntu. Can't see much in the way of server logs. Any ideas where to go to debug this? A few minutes on, and the agent in this case has now succeeded... Thanks, James -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to [1]puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit [2]https://groups.google.com/d/msgid/puppet-users/CAMH6%2Bax-gWpyZLWHpB19_EWtD3OnG8U%3DHEvkJFtyK1HGzkAHHA%40mail.gmail.com. For more options, visit [3]https://groups.google.com/d/optout. References Visible links 1. mailto:puppet-users+unsubscr...@googlegroups.com 2. https://groups.google.com/d/msgid/puppet-users/CAMH6%2Bax-gWpyZLWHpB19_EWtD3OnG8U%3DHEvkJFtyK1HGzkAHHA%40mail.gmail.com?utm_medium=emailutm_source=footer 3. https://groups.google.com/d/optout -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/20150305141954.GA12691%40iniquitous.heresiarch.ca. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Share data between custom functions/resources/providers?
Hello, I am trying to define something that would let me do this, or something like it: fw_service { elasticsearch: ports = [ '9200-9300' ], zone = work, } fw_zone { work: source_addresses = [ '10.0.0.0/16' ] } And for the fw_zone resource to be able to enumerate data from services that declared that zone name. Since it end goal is generating XML I could always use the concat module to create concat::fragments in the fw_service resource, but I wondered if there was any other way of passing data between functions within a catalog run? Going into Ruby is fine and I'm using future parser so any Puppet 4 API specific stuff would be usable. Cheers -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/bbc31e06-ebc9-4d0f-a552-55452b037c22%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Re: Reports not showing up in foreman.
Facts are probably coming in as Foreman is the ENC (the node.rb script). Reports definitely should work, so something seems amiss. Is there a foreman.rb in your Puppet installation on the subordinate masters? It could be in a number of places depending on your Ruby installation. This is the script that is used when reports is set to foreman. If you use foreman-installer this probably gets done for you, otherwise you need to follow the docs as per the link below. If this is the problem then I'm surprised the master didn't complain loudly. Try enabling debug logging for the master if you haven't already. http://theforeman.org/manuals/1.3/index.html#3.5.4PuppetReports # find /usr/share -name foreman.rb /usr/share/ruby/vendor_ruby/puppet/reports/foreman.rb On Wednesday, 4 March 2015 16:46:25 UTC, Salty Old Cowdawg wrote: I'm going to re-ask this question because the issue is driving me crazy even though I'm already close enough to walk. Here's the setup: [Foreman Server with Puppet/PuppetDB] ^ | V [ Subordinate (remote) Puppet Server ] (Proxy installed) ^ | V [End client[ The Puppet master running on the Foreman host's job is to manage just the remote masters. The subordinate Puppet Masters are planned to be installed in various data centers around the country. The end client's puppet.conf looks like this (with the template variables being replaced by their actual values): ### File managed with puppet ### ## Module: 'puppet' [main] # The Puppet log directory. # The default value is '$vardir/log'. logdir = /var/log/puppet # Where Puppet PID files are kept. # The default value is '$vardir/run'. rundir = /var/run/puppet # Where SSL certificates are kept. # The default value is '$confdir/ssl'. ssldir = $vardir/ssl # Allow services in the 'puppet' group to access key (Foreman + proxy) privatekeydir = $ssldir/private_keys { group = service } hostprivkey = $privatekeydir/$certname.pem { mode = 640 } # Puppet 3.0.x requires this in both [main] and [master] - harmless on agents autosign = $confdir/autosign.conf { mode = 664 } show_diff = false hiera_config = $confdir/hiera.yaml ca_server =%= foreman_host_fqdn% ### Next part of the file is managed by a different template ### ## Module: 'puppet' [agent] # The file in which puppetd stores a list of the classes # associated with the retrieved configuration. Can be loaded in # the separate ``puppet`` executable using the ``--loadclasses`` # option. # The default value is '$statedir/classes.txt'. classfile = $vardir/classes.txt # Where puppetd caches the local configuration. An # extension indicating the cache format is added automatically. # The default value is '$confdir/localconfig'. localconfig = $vardir/localconfig # Disable the default schedules as they cause continual skipped # resources to be displayed in Foreman - only for Puppet = 3.4 default_schedules = false report= true pluginsync= true masterport= 8140 environment = POC certname = %= fqdn % server= %= puppethost_fqdn % listen= false splay = false splaylimit= 1800 runinterval = 1800 noop = false configtimeout = 600 Report is turned on and the remote Puppet Master is successfully managing the client. The [master] section of the remote Puppet Master's puppet.conf looks like this: [master] storeconfigs = true storeconfigs_backend = puppetdb autosign = $confdir/autosign.conf { mode = 664 } reports= foreman external_nodes = /etc/puppet/node.rb node_terminus = exec ca = false certname = %= fqdn % strict_variables = false environmentpath = /etc/puppet/environments basemodulepath = /etc/puppet/environments/common:/etc/puppet/modules:/usr/share/puppet/modules and I have a foreman.yaml file that looks like this: --- # Update for your Foreman and Puppet master hostname(s) :url: https://mtinjacn01.cip.att.com; :ssl_ca: /var/lib/puppet/ssl/certs/ca.pem :ssl_cert: /var/lib/puppet/ssl/certs%= fqdn %.pem :ssl_key: /var/lib/puppet/ssl/private_keys/%= fqdn %.pem # Advanced settings :user: :password: :puppetdir: /var/lib/puppet :puppetuser: puppet :facts: true :timeout: 10 :threads: null Now the *facts* are showing up on the Foreman server for the remote client but just not the reports. First obvious question: should they or am I chasing
[Puppet Users] Re: Get list of nodes where resource is used
If you've got PuppetDB set up already then this is fairly simple. We use the puppetdbquery module (https://github.com/dalen/puppet-puppetdbquery) to do something like $collectors = query_nodes('Package[A]', 'fqdn') Which would return an array of the FQDNs of all nodes that declared package a - the second argument can be any fact name. The query string can also be as complex as you like, matching resources with certain attributes or fact values. We use it to manage ElasticSearch clusters of which we have multiple, so we use a tag containing the cluster name to narrow down queries. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/b54a75e3-47b6-41d7-b067-14b95e2ffe76%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.