Re: [Puppet Users] Re: Array of tags not applying to resource
On Friday, August 7, 2015 at 5:04:42 PM UTC-5, robert.davidson wrote: So there's no way to apply more than one tag to something at a time and have it actually act as if they are single tags? Therefore, this exported resource: @@module::hostentry{ $::fqdn: tag = [$::fqdn, $::site], } Has these tags: module hostentry module::hostentry [$::fqdn, $::site] Rather than what you might expect: module hostentry module::hostentry $::fqdn $::site That's . . . uh . . . special. I think it's probably more complicated than that, with ties to implementation details and [inconsistencies in] data model representation, but I cannot answer the question authoritatively. Upon further consideration, I agree that the observed behavior is inconsistent; I just don't know which should be considered correct. I suppose I could get around this by only having one tag added using the metaparameter, and include the other in the surrounding class using the tag function, which would add them independently, but that's ludicrous. (Is there any way to make puppet spit out the list of tags on a resource in something like a notify{}? ) Given that I'm using an old version of puppet, would I be able to get anywhere by filing a bug report on this behavior, or would it just get bitbucketed? I don't see anything in the Puppet 4 docs that would indicate it's behavior has changed, though. I suggest you do check bug tracker, and report the issue if it's not already documented. I cannot speak to how a report against Puppet 3.6 would be received, but it might at least get someone to check against other Puppet versions, especially if you can present simple, standalone, easily tested code that reproduces it for you. Even if not, there's some value just in having it documented. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/039f5f04-0f6d-439b-9d4a-d7d69ed758d2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Environments by facter
Hi, Need some help, currently have puppet setup with custom fact defined as like below, what i want to do is setup my environments in puppet based on this custom fact, how easily can i do this, anyone? Facter.add('web_environment') do setcode do case Facter.value(:hostname) when /host01|host02/ test when /host03|host04/ staging when /host09|host19/ live .. Cheers mahmed -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/ab4c4d3f-1c10-4a77-a120-f6bf3c3e8539%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Puppet agent certs: do they live in /etc/puppet/ssl or /var/lib/puppet/ssl?
Hi all, I have been trying to configure a number of puppet agents with certificates and keys that are pregenerated. In theory, this means putting the certs in the right place and starting puppet agent. In practise this seems to be hard. After installing the puppet v3.4.3 package on ubuntu 14.04, a directory tree is created under /var/lib/puppet/ssl as follows: /var/lib/puppet/ssl /var/lib/puppet/ssl/private_keys /var/lib/puppet/ssl/public_keys /var/lib/puppet/ssl/certs /var/lib/puppet/ssl/private /var/lib/puppet/ssl/certificate_requests I place the key and cert in this tree expecting puppet to do the right thing, but when I start puppet agent for the first time as below a new directory tree is created below /etc/puppet/ssl, new keys are created and all my pregenerated keys and certs are ignored: /etc/puppet/ssl /etc/puppet/ssl/private_keys /etc/puppet/ssl/private_keys/zonza-hogarth-dev-black-pup01.northeurope.azure.zonza.zone.pem /etc/puppet/ssl/public_keys /etc/puppet/ssl/public_keys/zonza-hogarth-dev-black-pup01.northeurope.azure.zonza.zone.pem /etc/puppet/ssl/certs /etc/puppet/ssl/private /etc/puppet/ssl/certificate_requests Is there a way to make puppet agent's behaviour predictable when it comes to certs and keys? Which directory is the one a puppet agent should be using, /etc/puppet/ssl or /var/lib/puppet/ssl? In all cases puppet is being run as root (with sudo). root@snip-brk01:~# sudo cat /etc/puppet/puppet.conf [main] certname = snip-pup01.snip server = snip-pup01.snip environment = dev runinterval = 1h Regards, Graham -- -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/c3da4c39-f739-4836-ae4c-b56e02b79ef4%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] PuppetDB module errors and frustrations...
I haven't set up puppetdb with the puppetlabs-puppetdb forge module in over 18 months, but depending on your module version you may need to tweak parameters. Quoth: The PuppetDB module now supports PuppetDB 3.0.0 by default... If you want to use 5.x of the module with PuppetDB 2.x, you'll need to use the new puppetdb::globals class to set the version of PuppetDB you're using explicitly. https://forge.puppetlabs.com/puppetlabs/puppetdb (Scroll down.) On Mon, Aug 10, 2015 at 01:01:04PM -0700, Stack Kororā wrote: Greetings, I am really stuggling here and would love another set of eyes. After a failed attempt to migrate to Puppet 4 (my crappy modules need more work then I have time for), I went back to Puppet 3. Only this time, I have the chance to improve upon where things went wonky last time. The plan I want: Puppetmaster01 runs Apache Passengermod as the puppetmaster. Puppetmaster02 runs puppetdb and postgreSQL. That shouldn't be hard right? Except I can _not_ get puppetdb to work. I have gone through countless guides and documentation and it just flat out fails. Fine. I give up doing it on my own. I will use puppetlabs puppetdb module. After many hours of the same failures as before, I decided to simplify things. Everything on puppetmaster01 with no apache, puppetmaster, no postgreSQL, and puppetdb. Fresh install! I configure EL6 to pull RPM packages from puppetlabs. $ yum install puppet-server $ cat /etc/puppet/puppet.conf [main] logdir = /var/log/puppet rundir = /var/run/puppet ssldir = $vardir/ssl server = puppetmaster01.domain.org [agent] classfile = $vardir/classes.txt localconfig = $vardir/localconfig $ cat /etc/puppet/manifests/site.pp node 'puppetmaster01.domain.org' { } $ puppet agent -t Horray! It works! Now to configure puppetdb! $ puppet module install puppetlabs-puppetdb Notice: Preparing to install into /etc/puppet/modules ... Notice: Downloading from https://forgeapi.puppetlabs.com ... Notice: Installing -- do not interrupt ... /etc/puppet/modules └─┬ puppetlabs-puppetdb (v5.0.0) ├── puppetlabs-firewall (v1.7.0) ├── puppetlabs-inifile (v1.4.1) ├─┬ puppetlabs-postgresql (v4.5.0) │ ├── puppetlabs-apt (v2.1.1) │ └── puppetlabs-concat (v1.2.4) └── puppetlabs-stdlib (v4.7.0) Now to configure the host! The documentation says: node puppetmaster { # Configure puppetdb and its underlying database class { 'puppetdb': } # Configure the puppet master to use puppetdb class { 'puppetdb::master::config': } } You can provide some parameters for these classes if you’d like more control, but that is literally all that it will take to get you up and running with the default configuration. That is obviously false to anyone that attempts it. Full of errors. Here is my site.pp $ cat /etc/puppet/manifests/site.pp node 'puppetmaster01.domain.org' { class { 'puppetdb': # Force embedded for simplicity. database = 'embedded', # Puppetlabs RPMs install to different location then the puppetdb module wants them in. confdir='/etc/puppetdb/conf.d', } class { 'puppetdb::master::config': # Once again, puppetlabs names their package one way but their module looks for something different. terminus_package='puppetdb-terminus', } } Now to run again. Snipping out the $ puppet agent -t Info: Retrieving pluginfacts Info: Retrieving plugin Info: Loading facts Info: Caching catalog for puppetmaster01.domain.org Info: Applying configuration version '1439233620' [Snip: cutting the loading of the new facts] Notice: /Stage[main]/Puppetdb::Master::Config/Package[puppetdb-terminus]/ensure: created Notice: Unable to connect to puppetdb server (https://puppetmaster01.domain.org:8081): [404] Not Found Notice: Failed to connect to puppetdb; sleeping 2 seconds before retry [Snip previous two comments another 55 times] Notice: Failed to connect to puppetdb within timeout window of 120 seconds; giving up. Error: Unable to connect to puppetdb server! (puppetmaster01.domain.org:8081) Error: /Stage[main]/Puppetdb::Master::Config/Puppetdb_conn_validator[puppetdb_conn]/ensure: change from absent to present failed: Unable to connect to puppetdb server! (puppetmaster01.domain.org:8081) Notice: /Stage[main]/Puppetdb::Master::Storeconfigs/Ini_setting[puppet.conf/master/storeconfigs]: Dependency Puppetdb_conn_validator[puppetdb_conn] has failures: true Warning: /Stage[main]/Puppetdb::Master::Storeconfigs/Ini_setting[puppet.conf/master/storeconfigs]: Skipping because of failed dependencies Notice:
[Puppet Users] PuppetDB module errors and frustrations...
Greetings, I am really stuggling here and would love another set of eyes. After a failed attempt to migrate to Puppet 4 (my crappy modules need more work then I have time for), I went back to Puppet 3. Only this time, I have the chance to improve upon where things went wonky last time. The plan I want: Puppetmaster01 runs Apache Passengermod as the puppetmaster. Puppetmaster02 runs puppetdb and postgreSQL. That shouldn't be hard right? Except I can _not_ get puppetdb to work. I have gone through countless guides and documentation and it just flat out fails. Fine. I give up doing it on my own. I will use puppetlabs puppetdb module. After many hours of the same failures as before, I decided to simplify things. Everything on puppetmaster01 with no apache, puppetmaster, no postgreSQL, and puppetdb. Fresh install! I configure EL6 to pull RPM packages from puppetlabs. $ yum install puppet-server $ cat /etc/puppet/puppet.conf [main] logdir = /var/log/puppet rundir = /var/run/puppet ssldir = $vardir/ssl server = puppetmaster01.domain.org [agent] classfile = $vardir/classes.txt localconfig = $vardir/localconfig $ cat /etc/puppet/manifests/site.pp node 'puppetmaster01.domain.org' { } $ puppet agent -t Horray! It works! Now to configure puppetdb! $ puppet module install puppetlabs-puppetdb Notice: Preparing to install into /etc/puppet/modules ... Notice: Downloading from https://forgeapi.puppetlabs.com ... Notice: Installing -- do not interrupt ... /etc/puppet/modules └─┬ puppetlabs-puppetdb (v5.0.0) ├── puppetlabs-firewall (v1.7.0) ├── puppetlabs-inifile (v1.4.1) ├─┬ puppetlabs-postgresql (v4.5.0) │ ├── puppetlabs-apt (v2.1.1) │ └── puppetlabs-concat (v1.2.4) └── puppetlabs-stdlib (v4.7.0) Now to configure the host! The documentation says: node puppetmaster { # Configure puppetdb and its underlying database class { 'puppetdb': } # Configure the puppet master to use puppetdb class { 'puppetdb::master::config': } } You can provide some parameters for these classes if you’d like more control, but that is literally all that it will take to get you up and running with the default configuration. That is obviously false to anyone that attempts it. Full of errors. Here is my site.pp $ cat /etc/puppet/manifests/site.pp node 'puppetmaster01.domain.org' { class { 'puppetdb': # Force embedded for simplicity. database = 'embedded', # Puppetlabs RPMs install to different location then the puppetdb module wants them in. confdir='/etc/puppetdb/conf.d', } class { 'puppetdb::master::config': # Once again, puppetlabs names their package one way but their module looks for something different. terminus_package='puppetdb-terminus', } } Now to run again. Snipping out the $ puppet agent -t Info: Retrieving pluginfacts Info: Retrieving plugin Info: Loading facts Info: Caching catalog for puppetmaster01.domain.org Info: Applying configuration version '1439233620' [Snip: cutting the loading of the new facts] Notice: /Stage[main]/Puppetdb::Master::Config/Package[puppetdb-terminus]/ensure: created Notice: Unable to connect to puppetdb server (https://puppetmaster01.domain.org:8081): [404] Not Found Notice: Failed to connect to puppetdb; sleeping 2 seconds before retry [Snip previous two comments another 55 times] Notice: Failed to connect to puppetdb within timeout window of 120 seconds; giving up. Error: Unable to connect to puppetdb server! (puppetmaster01.domain.org:8081) Error: /Stage[main]/Puppetdb::Master::Config/Puppetdb_conn_validator[puppetdb_conn]/ensure: change from absent to present failed: Unable to connect to puppetdb server! (puppetmaster01.domain.org:8081) Notice: /Stage[main]/Puppetdb::Master::Storeconfigs/Ini_setting[puppet.conf/master/storeconfigs]: Dependency Puppetdb_conn_validator[puppetdb_conn] has failures: true Warning: /Stage[main]/Puppetdb::Master::Storeconfigs/Ini_setting[puppet.conf/master/storeconfigs]: Skipping because of failed dependencies Notice: /Stage[main]/Puppetdb::Master::Storeconfigs/Ini_setting[puppet.conf/master/storeconfigs_backend]: Dependency Puppetdb_conn_validator[puppetdb_conn] has failures: true Warning: /Stage[main]/Puppetdb::Master::Storeconfigs/Ini_setting[puppet.conf/master/storeconfigs_backend]: Skipping because of failed dependencies Notice: /Stage[main]/Puppetdb::Master::Routes/File[/etc/puppet/routes.yaml]: Dependency Puppetdb_conn_validator[puppetdb_conn] has failures: true Warning: /Stage[main]/Puppetdb::Master::Routes/File[/etc/puppet/routes.yaml]: Skipping because of failed dependencies Notice: /Stage[main]/Puppetdb::Master::Puppetdb_conf/Ini_setting[puppetdbserver_urls]: Dependency Puppetdb_conn_validator[puppetdb_conn] has failures: true Warning: /Stage[main]/Puppetdb::Master::Puppetdb_conf/Ini_setting[puppetdbserver_urls]: Skipping because of failed dependencies Notice:
Re: [Puppet Users] PuppetDB module errors and frustrations...
On Monday, August 10, 2015 at 3:23:46 PM UTC-5, Christopher Wood wrote: I haven't set up puppetdb with the puppetlabs-puppetdb forge module in over 18 months, but depending on your module version you may need to tweak parameters. Quoth: The PuppetDB module now supports PuppetDB 3.0.0 by default... If you want to use 5.x of the module with PuppetDB 2.x, you'll need to use the new puppetdb::globals class to set the version of PuppetDB you're using explicitly. https://forge.puppetlabs.com/puppetlabs/puppetdb Greetings, AH HA!!! THANK YOU!!! I knew it was something simple. I had that when I was trying to get the puppetdb working across multiple systems, but when I got annoyed and decided to simplify the process by wipping the server for a fresh install and building on one host only, I completly forgot to add that parameter back in. Doh! Thank you so much!! Now that i have it working on one server, time to try getting it working on multiple servers. :-) -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/b273aeb6-6e39-47a9-a4b5-67648b7bfe01%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Help with NTP module provided by puppetlabs
On 10/08/15 20:12, Martin Alfke wrote: You need to create a hiera.yaml config file. The config file may look like this: :backends: - yaml :yaml: :datadir: ‘/etc/puppet/data’ :hierachy: - “nodes/#{::certname}” - “location/#{::timezone}” - global Further to Martin's comment, you may be interested to know that the Foreman location and environment are available to Hiera, so you might prefer to use those rather than the timezone fact. E.g. :backends: - yaml :yaml: :datadir: ‘/etc/puppet/data’ :hierachy: - “nodes/#{::certname}” - “location/#{::location}” - global -- *Richard Gray* | Senior Operations Engineer *DDI:* +64 9 950 2196 *Fax:* +64 9 302 0518 *Mobile:* +64 21 050 8178 *Freephone:*0800 SMX SMX (769 769) *SMX Limited:* Level 15, 19 Victoria Street West, Auckland, New Zealand *Web:* http://smxemail.com SMX | Cloud Email Hosting Security _ This email has been filtered by SMX. For more info visit http://smxemail.com _ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/55C9229C.4010605%40smxemail.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] PuppetDB module errors and frustrations...
Now that I have a working example to figure out what puppetdb is doing, I was able to figure out the other issues with ssl and connections. Thanks again!! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/0db659b1-b53d-4373-b9fd-1b25a2f3b8cd%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Help with hiera.yaml config
Hi Patrick, On 10/08/15 17:10, Patrick G. wrote: parameters: sudoroles: 'root_users' sudoroles: 'dba_users' That reads to me like you've overwritten the first sudoroles value with the second entry. If you want both, it would need to be e.g. an array: parameters: sudoroles: - 'root_users' - 'dba_users' ... with relevant logic in the module to handle an array. HTH, Greg. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/55C94F97.4020405%40calorieking.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] upgrade to 3.8
Hello all, I am intrested in upgrading puppet to 3.8.2 and currently on 3.3.1 and looks like i will first have to go to 3.3.2 and then to 3.8. Below are some of the links that i am following...but any time i click on upgrade links(Read the docs) it takes me to the version called 2015.2... https://puppetlabs.com/upgrade-puppet-enterprise-pre-3.3-to-3.8 so my question is where are the docs for 3.3.2 and also 3.8.2 upgrade ?? also the main thing i wanted to find out is where would i download the zip file that contains all software/installer...as looking at the download like, all we have is the rpm file...any idea where i can find the zip file that has files required for upgrade https://downloads.puppetlabs.com/enterprise/sources/3.8.2/el/6/ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/cbfb2c49-26da-4d8e-af4e-7bdde4493cd1%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Help with NTP module provided by puppetlabs
On 10 Aug 2015, at 09:54, Eddie Mashayev eddie...@gmail.com wrote: Hi Martin, Thanks for the help. I used the second approach. 1) I’ve created custom fact to identify the server location (I’m using the timezone fact) – Now I’m able to identify all my servers by location. 2) I’m not sure about the second part “put ntp::servers into the appropriate hiera data hierarchy” – I’m using Foreman and NOT Puppet enterprise if it matters. Can you elaborate more how to implement it right, maybe add some code if possible. Hiera is not related to Puppet Enterprise. Hiera is a data backend for automatic parameter lookups. see http://docs.puppetlabs.com/hiera/latest/ You need to create a hiera.yaml config file. The config file may look like this: :backends: - yaml :yaml: :datadir: ‘/etc/puppet/data’ :hierachy: - “nodes/#{::certname}” - “location/#{::timezone}” - global In your hiera data directory you can provide yaml files for hierarchies (you don’t have to, but you can!) /etc/puppet/data/ - nodes/foo.bar.domain.com.yaml # has host specific parameters - location/CEST.yaml # has parameters for CEST timezone - location/PDT.yaml# has parameters for PDT timezone systems - global.yaml # has global parameters Hiera parses the data hierarchy and uses the first match. To allow dynamic data lookup the variable names from the module have to be prefixed with the class name where they are used. Note: this only works with parameterised classes, not with normal variables inside a manifest. With foreman you should also be able to create a group setting based on timezone fact (I don’t have access to foreman right now, so I can not verify). Best, Martin Thanks, EddieM On Sunday, August 9, 2015 at 5:35:07 PM UTC+3, Martin Alfke wrote: Hi Eddie, On 09 Aug 2015, at 16:25, Eddie Mashayev eddi...@gmail.com wrote: Hi All, I have many servers spread in 3 different time zones USA (NY and San Francisco) and also in ISR. Have 3 NTP servers, one NTP server in each location. https://forge.puppetlabs.com/puppetlabs/ntp module is letting you to insert an array of NTP servers class { '::ntp': servers = [ 'ntp1.corp.com', 'ntp2.corp.com' ], } I can override this array but the problem is how to fit the correct NTP server to each server in the different location. In other words, how can I modified the puppet module to fit server to the correct NTP Server by locations. For example - I thought using the server prefix name to choose the right NTP server, for example if this server is located in NY so it prefix name is ny-{server name} so I can fit it to NY NTP server but it look like a headache to do it. Do you have any idea how can it be done in most efficient way with the NTP module provided by puppetlabs. Several solutions: 1. write wrapper module per data center: class ny_ntp { class { ‘::ntp’: server = [‘ny_ntp.corp.com’], } } class sf_ntp { class { ‘::ntp’: servers = [‘sf_ntp.corp.com’], } } class isr_ntp { class { ‘::ntp’: servers = [‘isr_ntp.corp.com’], } } use one of the the wrapper class within node classification 2. use hiera provide a custom fact to identify location per server and put ntp::servers into the appropriate hiera data hierarchy. Best, Martin Thanks, EddieM -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/8cdf1ae0-46c8-4de6-bb06-9f42bdbd31ed%40googlegroups.com. For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/d7398ad5-9b31-42e5-b3ee-d1eb889a8356%40googlegroups.com. For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/DD001BB3-D530-4509-AFDE-051381F58E29%40gmail.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Help with hiera.yaml config
Hi, I have the following config. :backends: - yaml - json :yaml: :datadir: /etc/puppet/hieradata :hierarchy: - nodes/%{::fqdn} - sudoroles/%{::sudoroles} - common In sudorules I have twho files with root users en dba users. On a server I want both root user and dba user and on the other server only the root user. In enc/nodes/server1 i have: --- classes: - sudoroles parameters: sudoroles: - root - dba But only root users are created. Can someone please help how to do this? Regards, Patrick. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/7168837c-be92-4bf9-95b1-3b515caa3b71%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Help with hiera.yaml config
Hi, I have the following config. :backends: - yaml :yaml: :datadir: /etc/puppet/hieradata :hierarchy: - nodes/%{::fqdn} - sudoroles/%{::sudoroles} - common In sudorules I have twho files with root users en dba users. On a server I want both root users and dba users and on the other server only the root user. In enc/nodes/server1 i have: --- classes: - sudoroles parameters: sudoroles: 'root_users' sudoroles: 'dba_users' But only dba_users are created and the root_users removed. Can someone please help how to do this? Regards, Patrick. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/89853145-16a4-4ad7-86b6-893607c64f01%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Cannot schedule without a schedule-containing catalog
Hi all, Giving the following code: https://github.com/Inuits/puppet-acl/commit/7bf09e329dc08641089780f0104b9b93101f8ddc And the following file tree: # mkdir -p /tmp/foobar/bar # touch /tmp/foobar/{,foo,barfoo,bar/foo} When I run the following command: # puppet apply -e acl {'/tmp/foobar': permission = 'u:puppet:rwx', recursemode = 'deep', recursive = true} I get the following output: Notice: Compiled catalog for foo.example.com in environment production in 0.53 seconds Notice: /Stage[main]/Main/Acl[/tmp/foobar]/permission: permission changed 'group::r-x,other::r-x,user::rwx' to 'user:puppet:rwx' Notice: /Stage[main]/Main/Acl[/tmp/foobar/bar]/permission: permission changed 'group::r-x,other::r-x,user::rwx' to 'user:puppet:rwx' Notice: /Stage[main]/Main/Acl[/tmp/foobar/barfoo]/permission: permission changed 'group::r--,other::r--,user::rw-' to 'user:puppet:rwx' Notice: /Stage[main]/Main/Acl[/tmp/foobar/foo]/permission: permission changed 'group::r--,other::r--,user::rw-' to 'user:puppet:rwx' Warning: /Acl[/tmp/foobar/bar]: Cannot schedule without a schedule-containing catalog Warning: /Acl[/tmp/foobar/barfoo]: Cannot schedule without a schedule-containing catalog Warning: /Acl[/tmp/foobar/foo]: Cannot schedule without a schedule-containing catalog Notice: Applied catalog in 0.25 seconds It does the same with: def generate instead of def eval_generate (L222) Puppet::Type.type(:acl) instead of self.class.new (L219) The warnings also appear when the ressource is already applied. My questions: 1. Why do I get those Cannot schedule without a schedule-containing catalog ? 2. Are the generate and eval_generate functions public? Are they recommended to be used in custom types? If not, how can I achieve the same thing? gr, -- (o-Julien Pivotto //\Open-Source Consultant V_/_ Inuits - https://www.inuits.eu -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/20150810064433.GA2281%40nitrogen. For more options, visit https://groups.google.com/d/optout. signature.asc Description: PGP signature
Re: [Puppet Users] Cannot schedule without a schedule-containing catalog
On Mon, Aug 10, 2015 at 08:44:33AM +0200, Julien Pivotto wrote: Hi all, Giving the following code: https://github.com/Inuits/puppet-acl/commit/7bf09e329dc08641089780f0104b9b93101f8ddc My questions: 1. Why do I get those Cannot schedule without a schedule-containing catalog ? Because resource are generated twice. Solved by https://github.com/Inuits/puppet-acl/commit/81d7360da55953978e304a0b0901c176efcef2d8 - Dir['**', '*'].each do |path| + Dir['**/*'].each do |path| 2. Are the generate and eval_generate functions public? Are they recommended to be used in custom types? If not, how can I achieve the same thing? I am still interested in that question. -- (o-Julien Pivotto //\Open-Source Consultant V_/_ Inuits - https://www.inuits.eu -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/20150810073238.GA26200%40nitrogen. For more options, visit https://groups.google.com/d/optout. signature.asc Description: PGP signature
Re: [Puppet Users] Help with NTP module provided by puppetlabs
Hi Martin, Thanks for the help. I used the second approach. 1) I’ve created custom fact to identify the server location (I’m using the timezone fact) – Now I’m able to identify all my servers by location. 2) I’m not sure about the second part “put ntp::servers into the appropriate hiera data hierarchy” – I’m using Foreman and NOT Puppet enterprise if it matters. Can you elaborate more how to implement it right, maybe add some code if possible. Thanks, EddieM On Sunday, August 9, 2015 at 5:35:07 PM UTC+3, Martin Alfke wrote: Hi Eddie, On 09 Aug 2015, at 16:25, Eddie Mashayev eddi...@gmail.com javascript: wrote: Hi All, I have many servers spread in 3 different time zones USA (NY and San Francisco) and also in ISR. Have 3 NTP servers, one NTP server in each location. https://forge.puppetlabs.com/puppetlabs/ntp module is letting you to insert an array of NTP servers class { '::ntp': servers = [ 'ntp1.corp.com', 'ntp2.corp.com' ], } I can override this array but the problem is how to fit the correct NTP server to each server in the different location. In other words, how can I modified the puppet module to fit server to the correct NTP Server by locations. For example - I thought using the server prefix name to choose the right NTP server, for example if this server is located in NY so it prefix name is ny-{server name} so I can fit it to NY NTP server but it look like a headache to do it. Do you have any idea how can it be done in most efficient way with the NTP module provided by puppetlabs. Several solutions: 1. write wrapper module per data center: class ny_ntp { class { ‘::ntp’: server = [‘ny_ntp.corp.com’], } } class sf_ntp { class { ‘::ntp’: servers = [‘sf_ntp.corp.com’], } } class isr_ntp { class { ‘::ntp’: servers = [‘isr_ntp.corp.com’], } } use one of the the wrapper class within node classification 2. use hiera provide a custom fact to identify location per server and put ntp::servers into the appropriate hiera data hierarchy. Best, Martin Thanks, EddieM -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com javascript:. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/8cdf1ae0-46c8-4de6-bb06-9f42bdbd31ed%40googlegroups.com. For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/d7398ad5-9b31-42e5-b3ee-d1eb889a8356%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] puppetlabs-firewall and removing a parameter
Hi, So... no answers... bug report filed! :-) https://tickets.puppetlabs.com/browse/MODULES-2376 Matthias On Mon, 3 Aug 2015 13:26:07 +0200 Matthias Saou matth...@saou.eu wrote: Hi, I had this applied to my nodes : firewall { ${prenumber}7 portknock let connections through: action = 'accept', chain= 'INPUT', dport= $dports, proto= 'tcp', recent = 'rcheck', rname= ${prefix}_heaven, rseconds = $seconds, } With $seconds set to '3'. Now I want to remove it entirely, which will mean forever, but I just can't figure out how to do it, or even if it's possible at all. When I set to undef, false or even remove the $rseconds line entirely, puppet just leaves the previous value on existing nodes. For new nodes or if I manually remove all iptables rules first, then the new rule gets created without any --seconds 3 as expected. How can I tell puppet to actually remove that parameter from existing rules instead of stop caring about the value? Matthias -- Matthias Saou ██ ██ ██ ██ Web: http://matthias.saou.eu/ ██ Mail/XMPP: matth...@saou.eu ██ ██ GPG: 4096R/E755CC63██ ██ ██ 8D91 7E2E F048 9C9C 46AF ██ ██ ██ ██ 21A9 7A51 7B82 E755 CC63 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/20150810133509.16e8af53%40r2d2.marmotte.net. For more options, visit https://groups.google.com/d/optout.