Re: [Puppet Users] Re: Array of tags not applying to resource
On Friday, August 7, 2015 at 5:04:42 PM UTC-5, robert.davidson wrote:
So there's no way to apply more than one tag to something at a time and
have it actually act as if they are single tags?
Therefore, this exported resource:
@@module::hostentry{ $::fqdn:
tag = [$::fqdn, $::site],
}
Has these tags:
module
hostentry
module::hostentry
[$::fqdn, $::site]
Rather than what you might expect:
module
hostentry
module::hostentry
$::fqdn
$::site
That's . . . uh . . . special.
I think it's probably more complicated than that, with ties to
implementation details and [inconsistencies in] data model representation,
but I cannot answer the question authoritatively. Upon further
consideration, I agree that the observed behavior is inconsistent; I just
don't know which should be considered correct.
I suppose I could get around this by only having one tag added using the
metaparameter, and include the other in the surrounding class using the tag
function, which would add them independently, but that's ludicrous. (Is
there any way to make puppet spit out the list of tags on a resource in
something like a notify{}? )
Given that I'm using an old version of puppet, would I be able to get
anywhere by filing a bug report on this behavior, or would it just get
bitbucketed? I don't see anything in the Puppet 4 docs that would indicate
it's behavior has changed, though.
I suggest you do check bug tracker, and report the issue if it's not
already documented. I cannot speak to how a report against Puppet 3.6
would be received, but it might at least get someone to check against other
Puppet versions, especially if you can present simple, standalone, easily
tested code that reproduces it for you. Even if not, there's some value
just in having it documented.
John
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/039f5f04-0f6d-439b-9d4a-d7d69ed758d2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Environments by facter
Hi,
Need some help, currently have puppet setup with custom fact defined as
like below, what i want to do is setup my environments in puppet based on
this custom fact, how easily can i do this, anyone?
Facter.add('web_environment') do
setcode do
case Facter.value(:hostname)
when /host01|host02/
test
when /host03|host04/
staging
when /host09|host19/
live
..
Cheers
mahmed
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/ab4c4d3f-1c10-4a77-a120-f6bf3c3e8539%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Puppet agent certs: do they live in /etc/puppet/ssl or /var/lib/puppet/ssl?
Hi all, I have been trying to configure a number of puppet agents with certificates and keys that are pregenerated. In theory, this means putting the certs in the right place and starting puppet agent. In practise this seems to be hard. After installing the puppet v3.4.3 package on ubuntu 14.04, a directory tree is created under /var/lib/puppet/ssl as follows: /var/lib/puppet/ssl /var/lib/puppet/ssl/private_keys /var/lib/puppet/ssl/public_keys /var/lib/puppet/ssl/certs /var/lib/puppet/ssl/private /var/lib/puppet/ssl/certificate_requests I place the key and cert in this tree expecting puppet to do the right thing, but when I start puppet agent for the first time as below a new directory tree is created below /etc/puppet/ssl, new keys are created and all my pregenerated keys and certs are ignored: /etc/puppet/ssl /etc/puppet/ssl/private_keys /etc/puppet/ssl/private_keys/zonza-hogarth-dev-black-pup01.northeurope.azure.zonza.zone.pem /etc/puppet/ssl/public_keys /etc/puppet/ssl/public_keys/zonza-hogarth-dev-black-pup01.northeurope.azure.zonza.zone.pem /etc/puppet/ssl/certs /etc/puppet/ssl/private /etc/puppet/ssl/certificate_requests Is there a way to make puppet agent's behaviour predictable when it comes to certs and keys? Which directory is the one a puppet agent should be using, /etc/puppet/ssl or /var/lib/puppet/ssl? In all cases puppet is being run as root (with sudo). root@snip-brk01:~# sudo cat /etc/puppet/puppet.conf [main] certname = snip-pup01.snip server = snip-pup01.snip environment = dev runinterval = 1h Regards, Graham -- -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/c3da4c39-f739-4836-ae4c-b56e02b79ef4%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] PuppetDB module errors and frustrations...
I haven't set up puppetdb with the puppetlabs-puppetdb forge module in over 18
months, but depending on your module version you may need to tweak parameters.
Quoth:
The PuppetDB module now supports PuppetDB 3.0.0 by default... If you want to
use 5.x of the module with PuppetDB 2.x, you'll need to use the new
puppetdb::globals class to set the version of PuppetDB you're using explicitly.
https://forge.puppetlabs.com/puppetlabs/puppetdb
(Scroll down.)
On Mon, Aug 10, 2015 at 01:01:04PM -0700, Stack Kororā wrote:
Greetings,
I am really stuggling here and would love another set of eyes. After a
failed attempt to migrate to Puppet 4 (my crappy modules need more work
then I have time for), I went back to Puppet 3. Only this time, I have the
chance to improve upon where things went wonky last time.
The plan I want:
Puppetmaster01 runs Apache Passengermod as the puppetmaster.
Puppetmaster02 runs puppetdb and postgreSQL.
That shouldn't be hard right? Except I can _not_ get puppetdb to work. I
have gone through countless guides and documentation and it just flat out
fails.
Fine. I give up doing it on my own. I will use puppetlabs puppetdb module.
After many hours of the same failures as before, I decided to simplify
things.
Everything on puppetmaster01 with no apache, puppetmaster, no postgreSQL,
and puppetdb.
Fresh install!
I configure EL6 to pull RPM packages from puppetlabs.
$ yum install puppet-server
$ cat /etc/puppet/puppet.conf
[main]
logdir = /var/log/puppet
rundir = /var/run/puppet
ssldir = $vardir/ssl
server = puppetmaster01.domain.org
[agent]
classfile = $vardir/classes.txt
localconfig = $vardir/localconfig
$ cat /etc/puppet/manifests/site.pp
node 'puppetmaster01.domain.org' { }
$ puppet agent -t
Horray! It works! Now to configure puppetdb!
$ puppet module install puppetlabs-puppetdb
Notice: Preparing to install into /etc/puppet/modules ...
Notice: Downloading from https://forgeapi.puppetlabs.com ...
Notice: Installing -- do not interrupt ...
/etc/puppet/modules
└─┬ puppetlabs-puppetdb (v5.0.0)
├── puppetlabs-firewall (v1.7.0)
├── puppetlabs-inifile (v1.4.1)
├─┬ puppetlabs-postgresql (v4.5.0)
│ ├── puppetlabs-apt (v2.1.1)
│ └── puppetlabs-concat (v1.2.4)
└── puppetlabs-stdlib (v4.7.0)
Now to configure the host! The documentation says:
node puppetmaster {
# Configure puppetdb and its underlying database
class { 'puppetdb': }
# Configure the puppet master to use puppetdb
class { 'puppetdb::master::config': }
}
You can provide some parameters for these classes if you’d like more
control, but that is literally all that it will take to get you up and
running with the default configuration.
That is obviously false to anyone that attempts it. Full of errors.
Here is my site.pp
$ cat /etc/puppet/manifests/site.pp
node 'puppetmaster01.domain.org' {
class { 'puppetdb':
# Force embedded for simplicity.
database = 'embedded',
# Puppetlabs RPMs install to different location then the puppetdb
module wants them in.
confdir='/etc/puppetdb/conf.d',
}
class { 'puppetdb::master::config':
# Once again, puppetlabs names their package one way but their module
looks for something different.
terminus_package='puppetdb-terminus',
}
}
Now to run again. Snipping out the
$ puppet agent -t
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Info: Caching catalog for puppetmaster01.domain.org
Info: Applying configuration version '1439233620'
[Snip: cutting the loading of the new facts]
Notice:
/Stage[main]/Puppetdb::Master::Config/Package[puppetdb-terminus]/ensure:
created
Notice: Unable to connect to puppetdb server
(https://puppetmaster01.domain.org:8081): [404] Not Found
Notice: Failed to connect to puppetdb; sleeping 2 seconds before retry
[Snip previous two comments another 55 times]
Notice: Failed to connect to puppetdb within timeout window of 120
seconds; giving up.
Error: Unable to connect to puppetdb server!
(puppetmaster01.domain.org:8081)
Error:
/Stage[main]/Puppetdb::Master::Config/Puppetdb_conn_validator[puppetdb_conn]/ensure:
change from absent to present failed: Unable to connect to puppetdb
server! (puppetmaster01.domain.org:8081)
Notice:
/Stage[main]/Puppetdb::Master::Storeconfigs/Ini_setting[puppet.conf/master/storeconfigs]:
Dependency Puppetdb_conn_validator[puppetdb_conn] has failures: true
Warning:
/Stage[main]/Puppetdb::Master::Storeconfigs/Ini_setting[puppet.conf/master/storeconfigs]:
Skipping because of failed dependencies
Notice:
[Puppet Users] PuppetDB module errors and frustrations...
Greetings,
I am really stuggling here and would love another set of eyes. After a
failed attempt to migrate to Puppet 4 (my crappy modules need more work
then I have time for), I went back to Puppet 3. Only this time, I have the
chance to improve upon where things went wonky last time.
The plan I want:
Puppetmaster01 runs Apache Passengermod as the puppetmaster.
Puppetmaster02 runs puppetdb and postgreSQL.
That shouldn't be hard right? Except I can _not_ get puppetdb to work. I
have gone through countless guides and documentation and it just flat out
fails.
Fine. I give up doing it on my own. I will use puppetlabs puppetdb module.
After many hours of the same failures as before, I decided to simplify
things.
Everything on puppetmaster01 with no apache, puppetmaster, no postgreSQL,
and puppetdb.
Fresh install!
I configure EL6 to pull RPM packages from puppetlabs.
$ yum install puppet-server
$ cat /etc/puppet/puppet.conf
[main]
logdir = /var/log/puppet
rundir = /var/run/puppet
ssldir = $vardir/ssl
server = puppetmaster01.domain.org
[agent]
classfile = $vardir/classes.txt
localconfig = $vardir/localconfig
$ cat /etc/puppet/manifests/site.pp
node 'puppetmaster01.domain.org' { }
$ puppet agent -t
Horray! It works! Now to configure puppetdb!
$ puppet module install puppetlabs-puppetdb
Notice: Preparing to install into /etc/puppet/modules ...
Notice: Downloading from https://forgeapi.puppetlabs.com ...
Notice: Installing -- do not interrupt ...
/etc/puppet/modules
└─┬ puppetlabs-puppetdb (v5.0.0)
├── puppetlabs-firewall (v1.7.0)
├── puppetlabs-inifile (v1.4.1)
├─┬ puppetlabs-postgresql (v4.5.0)
│ ├── puppetlabs-apt (v2.1.1)
│ └── puppetlabs-concat (v1.2.4)
└── puppetlabs-stdlib (v4.7.0)
Now to configure the host! The documentation says:
node puppetmaster {
# Configure puppetdb and its underlying database
class { 'puppetdb': }
# Configure the puppet master to use puppetdb
class { 'puppetdb::master::config': }
}
You can provide some parameters for these classes if you’d like more
control, but that is literally all that it will take to get you up and
running with the default configuration.
That is obviously false to anyone that attempts it. Full of errors.
Here is my site.pp
$ cat /etc/puppet/manifests/site.pp
node 'puppetmaster01.domain.org' {
class { 'puppetdb':
# Force embedded for simplicity.
database = 'embedded',
# Puppetlabs RPMs install to different location then the puppetdb
module wants them in.
confdir='/etc/puppetdb/conf.d',
}
class { 'puppetdb::master::config':
# Once again, puppetlabs names their package one way but their module
looks for something different.
terminus_package='puppetdb-terminus',
}
}
Now to run again. Snipping out the
$ puppet agent -t
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Info: Caching catalog for puppetmaster01.domain.org
Info: Applying configuration version '1439233620'
[Snip: cutting the loading of the new facts]
Notice:
/Stage[main]/Puppetdb::Master::Config/Package[puppetdb-terminus]/ensure:
created
Notice: Unable to connect to puppetdb server
(https://puppetmaster01.domain.org:8081): [404] Not Found
Notice: Failed to connect to puppetdb; sleeping 2 seconds before retry
[Snip previous two comments another 55 times]
Notice: Failed to connect to puppetdb within timeout window of 120 seconds;
giving up.
Error: Unable to connect to puppetdb server!
(puppetmaster01.domain.org:8081)
Error:
/Stage[main]/Puppetdb::Master::Config/Puppetdb_conn_validator[puppetdb_conn]/ensure:
change from absent to present failed: Unable to connect to puppetdb server!
(puppetmaster01.domain.org:8081)
Notice:
/Stage[main]/Puppetdb::Master::Storeconfigs/Ini_setting[puppet.conf/master/storeconfigs]:
Dependency Puppetdb_conn_validator[puppetdb_conn] has failures: true
Warning:
/Stage[main]/Puppetdb::Master::Storeconfigs/Ini_setting[puppet.conf/master/storeconfigs]:
Skipping because of failed dependencies
Notice:
/Stage[main]/Puppetdb::Master::Storeconfigs/Ini_setting[puppet.conf/master/storeconfigs_backend]:
Dependency Puppetdb_conn_validator[puppetdb_conn] has failures: true
Warning:
/Stage[main]/Puppetdb::Master::Storeconfigs/Ini_setting[puppet.conf/master/storeconfigs_backend]:
Skipping because of failed dependencies
Notice:
/Stage[main]/Puppetdb::Master::Routes/File[/etc/puppet/routes.yaml]:
Dependency Puppetdb_conn_validator[puppetdb_conn] has failures: true
Warning:
/Stage[main]/Puppetdb::Master::Routes/File[/etc/puppet/routes.yaml]:
Skipping because of failed dependencies
Notice:
/Stage[main]/Puppetdb::Master::Puppetdb_conf/Ini_setting[puppetdbserver_urls]:
Dependency Puppetdb_conn_validator[puppetdb_conn] has failures: true
Warning:
/Stage[main]/Puppetdb::Master::Puppetdb_conf/Ini_setting[puppetdbserver_urls]:
Skipping because of failed dependencies
Notice:
Re: [Puppet Users] PuppetDB module errors and frustrations...
On Monday, August 10, 2015 at 3:23:46 PM UTC-5, Christopher Wood wrote: I haven't set up puppetdb with the puppetlabs-puppetdb forge module in over 18 months, but depending on your module version you may need to tweak parameters. Quoth: The PuppetDB module now supports PuppetDB 3.0.0 by default... If you want to use 5.x of the module with PuppetDB 2.x, you'll need to use the new puppetdb::globals class to set the version of PuppetDB you're using explicitly. https://forge.puppetlabs.com/puppetlabs/puppetdb Greetings, AH HA!!! THANK YOU!!! I knew it was something simple. I had that when I was trying to get the puppetdb working across multiple systems, but when I got annoyed and decided to simplify the process by wipping the server for a fresh install and building on one host only, I completly forgot to add that parameter back in. Doh! Thank you so much!! Now that i have it working on one server, time to try getting it working on multiple servers. :-) -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/b273aeb6-6e39-47a9-a4b5-67648b7bfe01%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Help with NTP module provided by puppetlabs
On 10/08/15 20:12, Martin Alfke wrote:
You need to create a hiera.yaml config file.
The config file may look like this:
:backends:
- yaml
:yaml:
:datadir: ‘/etc/puppet/data’
:hierachy:
- “nodes/#{::certname}”
- “location/#{::timezone}”
- global
Further to Martin's comment, you may be interested to know that the
Foreman location and environment are available to Hiera, so you might
prefer to use those rather than the timezone fact. E.g.
:backends:
- yaml
:yaml:
:datadir: ‘/etc/puppet/data’
:hierachy:
- “nodes/#{::certname}”
- “location/#{::location}”
- global
--
*Richard Gray* | Senior Operations Engineer
*DDI:* +64 9 950 2196 *Fax:* +64 9 302 0518
*Mobile:* +64 21 050 8178 *Freephone:*0800 SMX SMX (769 769)
*SMX Limited:* Level 15, 19 Victoria Street West, Auckland, New Zealand
*Web:* http://smxemail.com
SMX | Cloud Email Hosting Security
_
This email has been filtered by SMX. For more info visit http://smxemail.com
_
--
You received this message because you are subscribed to the Google Groups Puppet
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/55C9229C.4010605%40smxemail.com.
For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] PuppetDB module errors and frustrations...
Now that I have a working example to figure out what puppetdb is doing, I was able to figure out the other issues with ssl and connections. Thanks again!! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/0db659b1-b53d-4373-b9fd-1b25a2f3b8cd%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Help with hiera.yaml config
Hi Patrick, On 10/08/15 17:10, Patrick G. wrote: parameters: sudoroles: 'root_users' sudoroles: 'dba_users' That reads to me like you've overwritten the first sudoroles value with the second entry. If you want both, it would need to be e.g. an array: parameters: sudoroles: - 'root_users' - 'dba_users' ... with relevant logic in the module to handle an array. HTH, Greg. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/55C94F97.4020405%40calorieking.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] upgrade to 3.8
Hello all, I am intrested in upgrading puppet to 3.8.2 and currently on 3.3.1 and looks like i will first have to go to 3.3.2 and then to 3.8. Below are some of the links that i am following...but any time i click on upgrade links(Read the docs) it takes me to the version called 2015.2... https://puppetlabs.com/upgrade-puppet-enterprise-pre-3.3-to-3.8 so my question is where are the docs for 3.3.2 and also 3.8.2 upgrade ?? also the main thing i wanted to find out is where would i download the zip file that contains all software/installer...as looking at the download like, all we have is the rpm file...any idea where i can find the zip file that has files required for upgrade https://downloads.puppetlabs.com/enterprise/sources/3.8.2/el/6/ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/cbfb2c49-26da-4d8e-af4e-7bdde4493cd1%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Help with NTP module provided by puppetlabs
On 10 Aug 2015, at 09:54, Eddie Mashayev eddie...@gmail.com wrote:
Hi Martin,
Thanks for the help. I used the second approach.
1) I’ve created custom fact to identify the server location (I’m using the
timezone fact) – Now I’m able to identify all my servers by location.
2) I’m not sure about the second part “put ntp::servers into the appropriate
hiera data hierarchy” – I’m using Foreman and NOT Puppet enterprise if it
matters. Can you elaborate more how to implement it right, maybe add some
code if possible.
Hiera is not related to Puppet Enterprise.
Hiera is a data backend for automatic parameter lookups.
see http://docs.puppetlabs.com/hiera/latest/
You need to create a hiera.yaml config file.
The config file may look like this:
:backends:
- yaml
:yaml:
:datadir: ‘/etc/puppet/data’
:hierachy:
- “nodes/#{::certname}”
- “location/#{::timezone}”
- global
In your hiera data directory you can provide yaml files for hierarchies (you
don’t have to, but you can!)
/etc/puppet/data/
- nodes/foo.bar.domain.com.yaml # has host specific parameters
- location/CEST.yaml # has parameters for CEST timezone
- location/PDT.yaml# has parameters for PDT timezone systems
- global.yaml # has global parameters
Hiera parses the data hierarchy and uses the first match.
To allow dynamic data lookup the variable names from the module have to be
prefixed with the class name where they are used.
Note: this only works with parameterised classes, not with normal variables
inside a manifest.
With foreman you should also be able to create a group setting based on
timezone fact (I don’t have access to foreman right now, so I can not verify).
Best,
Martin
Thanks,
EddieM
On Sunday, August 9, 2015 at 5:35:07 PM UTC+3, Martin Alfke wrote:
Hi Eddie,
On 09 Aug 2015, at 16:25, Eddie Mashayev eddi...@gmail.com wrote:
Hi All,
I have many servers spread in 3 different time zones USA (NY and San
Francisco) and also in ISR. Have 3 NTP servers, one NTP server in each
location.
https://forge.puppetlabs.com/puppetlabs/ntp module is letting you to insert
an array of NTP servers
class { '::ntp':
servers = [ 'ntp1.corp.com', 'ntp2.corp.com' ],
}
I can override this array but the problem is how to fit the correct NTP
server to each server in the different location.
In other words, how can I modified the puppet module to fit server to the
correct NTP Server by locations.
For example - I thought using the server prefix name to choose the right
NTP server, for example if this server is located in NY so it prefix name
is ny-{server name} so I can fit it to NY NTP server but it look like a
headache to do it.
Do you have any idea how can it be done in most efficient way with the NTP
module provided by puppetlabs.
Several solutions:
1. write wrapper module per data center:
class ny_ntp {
class { ‘::ntp’:
server = [‘ny_ntp.corp.com’],
}
}
class sf_ntp {
class { ‘::ntp’:
servers = [‘sf_ntp.corp.com’],
}
}
class isr_ntp {
class { ‘::ntp’:
servers = [‘isr_ntp.corp.com’],
}
}
use one of the the wrapper class within node classification
2. use hiera
provide a custom fact to identify location per server and put ntp::servers
into the appropriate hiera data hierarchy.
Best,
Martin
Thanks,
EddieM
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an
email to puppet-users...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/8cdf1ae0-46c8-4de6-bb06-9f42bdbd31ed%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an
email to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/d7398ad5-9b31-42e5-b3ee-d1eb889a8356%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/DD001BB3-D530-4509-AFDE-051381F58E29%40gmail.com.
For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Help with hiera.yaml config
Hi,
I have the following config.
:backends:
- yaml
- json
:yaml:
:datadir: /etc/puppet/hieradata
:hierarchy:
- nodes/%{::fqdn}
- sudoroles/%{::sudoroles}
- common
In sudorules I have twho files with root users en dba users.
On a server I want both root user and dba user and on the other server only
the root user.
In enc/nodes/server1 i have:
---
classes:
- sudoroles
parameters:
sudoroles:
- root
- dba
But only root users are created.
Can someone please help how to do this?
Regards, Patrick.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/7168837c-be92-4bf9-95b1-3b515caa3b71%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Help with hiera.yaml config
Hi,
I have the following config.
:backends:
- yaml
:yaml:
:datadir: /etc/puppet/hieradata
:hierarchy:
- nodes/%{::fqdn}
- sudoroles/%{::sudoroles}
- common
In sudorules I have twho files with root users en dba users.
On a server I want both root users and dba users and on the other server
only the root user.
In enc/nodes/server1 i have:
---
classes:
- sudoroles
parameters:
sudoroles: 'root_users'
sudoroles: 'dba_users'
But only dba_users are created and the root_users removed.
Can someone please help how to do this?
Regards, Patrick.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/89853145-16a4-4ad7-86b6-893607c64f01%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Cannot schedule without a schedule-containing catalog
Hi all,
Giving the following code:
https://github.com/Inuits/puppet-acl/commit/7bf09e329dc08641089780f0104b9b93101f8ddc
And the following file tree:
# mkdir -p /tmp/foobar/bar
# touch /tmp/foobar/{,foo,barfoo,bar/foo}
When I run the following command:
# puppet apply -e acl {'/tmp/foobar': permission = 'u:puppet:rwx',
recursemode = 'deep', recursive = true}
I get the following output:
Notice: Compiled catalog for foo.example.com in environment production in 0.53
seconds
Notice: /Stage[main]/Main/Acl[/tmp/foobar]/permission: permission changed
'group::r-x,other::r-x,user::rwx' to 'user:puppet:rwx'
Notice: /Stage[main]/Main/Acl[/tmp/foobar/bar]/permission: permission changed
'group::r-x,other::r-x,user::rwx' to 'user:puppet:rwx'
Notice: /Stage[main]/Main/Acl[/tmp/foobar/barfoo]/permission: permission
changed 'group::r--,other::r--,user::rw-' to 'user:puppet:rwx'
Notice: /Stage[main]/Main/Acl[/tmp/foobar/foo]/permission: permission changed
'group::r--,other::r--,user::rw-' to 'user:puppet:rwx'
Warning: /Acl[/tmp/foobar/bar]: Cannot schedule without a schedule-containing
catalog
Warning: /Acl[/tmp/foobar/barfoo]: Cannot schedule without a
schedule-containing catalog
Warning: /Acl[/tmp/foobar/foo]: Cannot schedule without a schedule-containing
catalog
Notice: Applied catalog in 0.25 seconds
It does the same with:
def generate instead of def eval_generate (L222)
Puppet::Type.type(:acl) instead of self.class.new (L219)
The warnings also appear when the ressource is already applied.
My questions:
1. Why do I get those Cannot schedule without a schedule-containing catalog ?
2. Are the generate and eval_generate functions public? Are they
recommended to be used in custom types? If not, how can I achieve the same
thing?
gr,
--
(o-Julien Pivotto
//\Open-Source Consultant
V_/_ Inuits - https://www.inuits.eu
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/20150810064433.GA2281%40nitrogen.
For more options, visit https://groups.google.com/d/optout.
signature.asc
Description: PGP signature
Re: [Puppet Users] Cannot schedule without a schedule-containing catalog
On Mon, Aug 10, 2015 at 08:44:33AM +0200, Julien Pivotto wrote: Hi all, Giving the following code: https://github.com/Inuits/puppet-acl/commit/7bf09e329dc08641089780f0104b9b93101f8ddc My questions: 1. Why do I get those Cannot schedule without a schedule-containing catalog ? Because resource are generated twice. Solved by https://github.com/Inuits/puppet-acl/commit/81d7360da55953978e304a0b0901c176efcef2d8 - Dir['**', '*'].each do |path| + Dir['**/*'].each do |path| 2. Are the generate and eval_generate functions public? Are they recommended to be used in custom types? If not, how can I achieve the same thing? I am still interested in that question. -- (o-Julien Pivotto //\Open-Source Consultant V_/_ Inuits - https://www.inuits.eu -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/20150810073238.GA26200%40nitrogen. For more options, visit https://groups.google.com/d/optout. signature.asc Description: PGP signature
Re: [Puppet Users] Help with NTP module provided by puppetlabs
Hi Martin,
Thanks for the help. I used the second approach.
1) I’ve created custom fact to identify the server location (I’m using the
timezone fact) – Now I’m able to identify all my servers by location.
2) I’m not sure about the second part “put ntp::servers into the
appropriate hiera data hierarchy” – I’m using Foreman and NOT Puppet
enterprise if it matters. Can you elaborate more how to implement it right,
maybe add some code if possible.
Thanks,
EddieM
On Sunday, August 9, 2015 at 5:35:07 PM UTC+3, Martin Alfke wrote:
Hi Eddie,
On 09 Aug 2015, at 16:25, Eddie Mashayev eddi...@gmail.com javascript:
wrote:
Hi All,
I have many servers spread in 3 different time zones USA (NY and San
Francisco) and also in ISR. Have 3 NTP servers, one NTP server in each
location.
https://forge.puppetlabs.com/puppetlabs/ntp module is letting you to
insert an array of NTP servers
class { '::ntp':
servers = [ 'ntp1.corp.com', 'ntp2.corp.com' ],
}
I can override this array but the problem is how to fit the correct NTP
server to each server in the different location.
In other words, how can I modified the puppet module to fit server to
the correct NTP Server by locations.
For example - I thought using the server prefix name to choose the right
NTP server, for example if this server is located in NY so it prefix name
is ny-{server name} so I can fit it to NY NTP server but it look like a
headache to do it.
Do you have any idea how can it be done in most efficient way with the
NTP module provided by puppetlabs.
Several solutions:
1. write wrapper module per data center:
class ny_ntp {
class { ‘::ntp’:
server = [‘ny_ntp.corp.com’],
}
}
class sf_ntp {
class { ‘::ntp’:
servers = [‘sf_ntp.corp.com’],
}
}
class isr_ntp {
class { ‘::ntp’:
servers = [‘isr_ntp.corp.com’],
}
}
use one of the the wrapper class within node classification
2. use hiera
provide a custom fact to identify location per server and put ntp::servers
into the appropriate hiera data hierarchy.
Best,
Martin
Thanks,
EddieM
--
You received this message because you are subscribed to the Google
Groups Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send
an email to puppet-users...@googlegroups.com javascript:.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/8cdf1ae0-46c8-4de6-bb06-9f42bdbd31ed%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/d7398ad5-9b31-42e5-b3ee-d1eb889a8356%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] puppetlabs-firewall and removing a parameter
Hi,
So... no answers... bug report filed! :-)
https://tickets.puppetlabs.com/browse/MODULES-2376
Matthias
On Mon, 3 Aug 2015 13:26:07 +0200
Matthias Saou matth...@saou.eu wrote:
Hi,
I had this applied to my nodes :
firewall { ${prenumber}7 portknock let connections through:
action = 'accept',
chain= 'INPUT',
dport= $dports,
proto= 'tcp',
recent = 'rcheck',
rname= ${prefix}_heaven,
rseconds = $seconds,
}
With $seconds set to '3'. Now I want to remove it entirely, which will
mean forever, but I just can't figure out how to do it, or even if
it's possible at all.
When I set to undef, false or even remove the $rseconds line entirely,
puppet just leaves the previous value on existing nodes. For new nodes
or if I manually remove all iptables rules first, then the new rule
gets created without any --seconds 3 as expected.
How can I tell puppet to actually remove that parameter from existing
rules instead of stop caring about the value?
Matthias
--
Matthias Saou ██ ██
██ ██
Web: http://matthias.saou.eu/ ██
Mail/XMPP: matth...@saou.eu ██
██
GPG: 4096R/E755CC63██ ██ ██
8D91 7E2E F048 9C9C 46AF ██ ██ ██ ██
21A9 7A51 7B82 E755 CC63
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/20150810133509.16e8af53%40r2d2.marmotte.net.
For more options, visit https://groups.google.com/d/optout.
