Re: [Puppet Users] Re: Adding then removing SW - best practices?
I've begun to shift to anticlass-by-default. This is driven by the need to
provide documentation to auditors and the like. I foo::remove by default,
then foo::install as needed (wrapped in appropriate logic to avoid resource
conflicts).
On Monday, October 27, 2014 1:21:55 PM UTC-7, JonY wrote:
>
> I've been using 'anti-classes' up to now.. hoping for a better way..
> alas...
>
>
> On Monday, October 27, 2014 11:17:12 AM UTC-7, Trevor Vaughan wrote:
>>
>> One day, long ago in 2008, there was a discussion on anti-classes:
>> http://comments.gmane.org/gmane.comp.sysutils.puppet.user/5884.
>>
>> Yeah, they're still irritating, but I don't really know how else to do it.
>>
>> init.pp ( $enable => true ) ==> Main Class
>> init.pp ( $enable => false ) ==> Anti Class
>>
>> Trevor
>>
>> On Mon, Oct 27, 2014 at 11:54 AM, Brian Morris
>> wrote:
>>
>>> This could be done in a stateful fashion. Start with a facter like this:
>>>
>>> Facter.add(:apache_exists) do
confine :osfamily => "Debian"
setcode do
if Facter::Util::Resolution.exec("dpkg -l | grep apache2 | grep -v
> apache2-utils | grep ^ii")
"true"
end
end
end
>>> ... and then, in a manifest, reference the facter to see if it is true:
>>>
>>> if ( $::apache_exists ) {
do something,
}
>>>
>>> Brian
>>>
>>>
>>> On Sunday, October 26, 2014 5:18:44 AM UTC-7, JonY wrote:
Let's say that I'm deploying a steady stream of identical hosts. Each
has some piece of SW on it that's managed by Puppet. I continue to
(regularly) add to and maintain this group over time.
Day comes when this SW is no longer required.
So I remove the module from Puppet to prevent it being included on
future hosts in this group.
"What about the existing hosts?" I ask.
"Add a module to remove the SW" I think.
"What about the future hosts? Won't this seem a bit odd to tell puppet
to remove SW that was never installed?" I wonder.
"Puppet is idempotent!" says the FM.
"Ok - but it still seems amiss. To a 'distant observer' it would seem
an odd practice." says I.
Should I break up the 'before' and 'after' hosts into separate groups /
environments? I use an ENC to manage the modules. Maybe a DB entry to
indicate who gets the extra module?
Some other pathway?
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Puppet Users" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to puppet-users...@googlegroups.com.
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/puppet-users/825cb051-76b9-4353-8ee7-20c7b81d2896%40googlegroups.com
>>>
>>>
>>> .
>>>
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>
>>
>>
>> --
>> Trevor Vaughan
>> Vice President, Onyx Point, Inc
>> (410) 541-6699
>> tvau...@onyxpoint.com
>>
>> -- This account not approved for unencrypted proprietary information --
>>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/eaa2c46c-8581-4a39-9725-53dee3364d73%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Can't get past Permission denied error
Do you have selinux in enforcing mode? If so, try setting it to permissive mode and see if it starts working. On Mar 14, 2013 8:09 AM, "Mike Canty" wrote: > I am running Centos 6 and was able to install Puppet 3.1.1. However, when > trying to run puppet, as root, for the first time, I get the following > message: > > # puppet master --nodaemonize --verbose --debug > > "Could not prepare for exection: Permission denied - > /etc/puppet/ssl/ca/ca_key.pem" > > I'm not sure what the next steps are to troubleshoot this. Could anyone > please provide insight and help? > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to puppet-users+unsubscr...@googlegroups.com. > To post to this group, send email to puppet-users@googlegroups.com. > Visit this group at http://groups.google.com/group/puppet-users?hl=en. > For more options, visit https://groups.google.com/groups/opt_out. > > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] how to customize hiera lookups per node?
I don't know of a way to have multiple hierarchies, but if you need central
control of parameters like profile you can use an ENC. At one point I even
experimented with a yaml- based ENC that used my hiera data files to keep
all the information in one place.
On Mar 8, 2013 10:54 AM, "Chad Huneycutt" wrote:
> Hi James,
> We are in a similar situation. I think of it slightly
> differently, though. We are trying to use the roles/profiles pattern,
> and I am having trouble figuring out how to get hiera to use the
> profile to do the lookup. So rather than explicitly listing the
> values in the hierarchy, I want:
>
> :hierarchy:
> - host/%{::fqdn}
> - profiles/%{profile}
> - common
>
> So not per node, but per profile, but it seems like that is what you
> really want anyway?
>
> I could, as Brendan suggests, distribute a fact out to all the nodes,
> but I worry about the security of that solution since it puts the node
> in control of its configuration.
>
> I have come up with a scheme that will work if I can figure out the
> class that included the class that does the hiera lookup, but that is
> a bit of a hack and probably not scalable.
>
> Ideally, I would love it it puppet supported a pattern like
> roles/profiles directly in the dsl and could expose that to hiera.
>
> - Chad
>
> On Thu, Mar 7, 2013 at 3:11 PM, James Ralston wrote:
> > We have a small and growing Puppet infrastructure we started a few months
> > ago: about 30 modules and 40 hosts.
> >
> > At this point, all of the modules we have written use parameterized
> classes.
> > That way, when we call the module from the host's node.pp file, we can
> > override defaults (if necessary).
> >
> > We knew using parameterized classes wouldn't scale. Now that we've
> upgraded
> > to Puppet 3 on the server and all of our clients, we want to do things
> the
> > Hiera way.
> >
> > The problem is, we've been unable to find any good documentation on how
> to
> > use hiera and Puppet together.
> >
> > Yes, we've read the hiera documentation on the puppetlabs web site. That
> was
> > helpful in explaining hiera general concepts, but it doesn't really
> explain
> > how to integrate hiera data lookup with Puppet.
> >
> > The main thing we're trying to understand is how each host manifest can
> > declare its own hiera hierarchy for data lookup. We can't do this with
> the
> > yaml backend, because the yaml backend will apply the same hierarchy to
> > EVERY client, because all Puppet clients use the /etc/puppet/hiera.yaml
> file
> > on the puppetmaster. Granted, we can customize the hierarchy on the
> > puppetmaster with facter facts, but that doesn't give us enough control.
> >
> > For example, host foo might want:
> >
> > :hierarchy:
> > - host/%{::fqdn}/config
> > - app/external-nameserver/config
> > - common/config
> >
> > But host bar might want:
> >
> > :hierarchy:
> > - host/%{::fqdn}/config
> > - app/internal-mailserver/config
> > - common/config
> >
> > That's what we can't figure out how to do with hiera.
> >
> > Frustratingly, the one section of the hiera documentation on the
> puppetlabs
> > web site that looks like it might explain what we need to know—the "Usage
> > with Puppet" section—just says "Coming soon".
> >
> > There's just no way we're the only site out there using Puppet who needs
> to
> > vary the hiera lookup hierarchy per node. What's the secret to it? How do
> > you actually do it?
> >
> > Thanks,
> > James
> >
> > --
> > You received this message because you are subscribed to the Google Groups
> > "Puppet Users" group.
> > To unsubscribe from this group and stop receiving emails from it, send an
> > email to puppet-users+unsubscr...@googlegroups.com.
> > To post to this group, send email to puppet-users@googlegroups.com.
> > Visit this group at http://groups.google.com/group/puppet-users?hl=en.
> > For more options, visit https://groups.google.com/groups/opt_out.
> >
> >
>
>
>
> --
> Chad M. Huneycutt
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To post to this group, send email to puppet-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Facter & Puppet disagree on RHEL 6?
Argh, never mind. It's a garden variety client-server version mismatch. I must've grabbed the wrong version when building the image. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Facter & Puppet disagree on RHEL 6?
I've checked, but there's only one set of RPMs installed and the facter binary points to those. # rpm -qa | grep puppet pe-puppet-enterprise-release-2.0.3-0.pe.el6.noarch pe-puppet-2.7.9-3.pe.el6.noarch pe-rubygem-puppet-module-0.3.4-2.pe.el6.noarch rpm -qa | grep facter pe-facter-1.6.4-2.pe.el6.noarch # which facter /usr/local/bin/facter # which puppet /usr/local/bin/puppet There's nothing installed from tarball or gem, this is a newly built box with just our standard RPM setup on it. On Thu, Feb 21, 2013 at 8:57 AM, jcbollinger wrote: > > > On Wednesday, February 20, 2013 8:11:20 PM UTC-6, Aaron Grewell wrote: >> >> It's not that simple. Puppet thinks osfamily is 'Linux' whereas facter >> returns 'RedHat' at the command prompt. >> >> > I can only assume, then, that the facter you are running from the command > line is not the same (or same-configured) facter that the agent is > running. Perhaps it is using different libdirs in the two cases, or maybe > you have two completely separate Facters on the system. > > > John > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to puppet-users+unsubscr...@googlegroups.com. > To post to this group, send email to puppet-users@googlegroups.com. > Visit this group at http://groups.google.com/group/puppet-users?hl=en. > For more options, visit https://groups.google.com/groups/opt_out. > > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Facter & Puppet disagree on RHEL 6?
It's not that simple. Puppet thinks osfamily is 'Linux' whereas facter returns 'RedHat' at the command prompt. On Feb 20, 2013 5:33 PM, "Len Rugen" wrote: > I wasn't sure, too many different languages I guess for a test you > could code it == RedHat, but we have a lot of RHEL 6 and I suspect would > have hit this somewhere. > > > On Wed, Feb 20, 2013 at 7:12 PM, Nick Fagerlund < > nick.fagerl...@puppetlabs.com> wrote: > >> >> >> On Wednesday, February 20, 2013 5:08:27 PM UTC-8, LenR wrote: >>> >>> CaSe SenSitiVe? RedHat vs. redhat? >>> >>> >>> >> Puppet's == operator is case-insensitive. >> http://docs.puppetlabs.com/puppet/3/reference/lang_expressions.html#equality >> >> If it's a case issue, it's a horrible compatibility-breaking bug. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to puppet-users+unsubscr...@googlegroups.com. >> To post to this group, send email to puppet-users@googlegroups.com. >> Visit this group at http://groups.google.com/group/puppet-users?hl=en. >> For more options, visit https://groups.google.com/groups/opt_out. >> >> >> > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to puppet-users+unsubscr...@googlegroups.com. > To post to this group, send email to puppet-users@googlegroups.com. > Visit this group at http://groups.google.com/group/puppet-users?hl=en. > For more options, visit https://groups.google.com/groups/opt_out. > > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Facter & Puppet disagree on RHEL 6?
I've run into an odd one on one of my new RHEL 6 boxes. Puppet and Facter
seem to disagree about the value of a fact.
Puppet version: 2.7.9
Facter version: 1.6.4
Module: puppetlabs-apache
apache::params falls through its if structure:
if $::osfamily == 'redhat' or $::operatingsystem == 'amazon' {
...
} elsif $::osfamily == 'debian' {
...
} else {
fail("Class['apache::params']: Unsupported operatingsystem:
$::operatingsystem or osfamily: $::osfamily")
}
The module returns the following error:
Error 400 on SERVER: Class['apache::params']: Unsupported operatingsystem:
RedHat or osfamily: Linux
Facter, however, seems to think osfamily is 'RedHat' as it should be:
facter -p osfamily
RedHat
It's very strange. Have any of you seen this one before?
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: Dynamic yum.conf 'exclude' line
Take a look at the yum versionlock plugin. It allows you to lock a
particular package at a given version for situations like this. We use the
following define to manage our locked packages. If I were writing it today
I'd probably use file_line, but it's worked well for us so I've had more
important things to do.
#
# Actions:
# Implements a versionlock define to make version locking easy
#
# Requires:
#
# Sample Usage:
#
# To lock a package version:
# packages::yum::versionlock{ kernel-uek:
# epoch => '(none)',
# version => '2.6.32',
# release => '100.26.2.el5',
# }
#
# To remove a version lock:
# packages::yum::versionlock{ kernel-uek:
# epoch => '(none)',
# version => '2.6.32',
# release => '100.26.2.el5',
# ensure => 'absent',
# }
define packages::yum::versionlock ($epoch,$version,$release,$ensure =
'present',
$version_lock_list =
'/etc/yum/pluginconf.d/versionlock.list') {
include packages::yum
case $ensure {
present: {
exec { "yum_add_versionlock_${name}":
command => "/bin/echo '${epoch}:${name}-${version}-${release}' >>
'${version_lock_list}'",
unless => "/bin/grep -q '${epoch}:${name}-${version}-${release}'
'${version_lock_list}'",
require => Package['yum-versionlock'],
} # exec
} # case 'present'
absent: {
exec { "yum_del_versionlock_${name}":
command => "sed -i -e /'${epoch}:${name}-${version}-${release}'/d
'${version_lock_list}'",
onlyif => "/bin/grep -q '${epoch}:${name}-${version}-${release}'
'${version_lock_list}'",
require => Package['yum-versionlock'],
} # exec
} # case 'absent'
} # case $ensure
} # define
On Mon, Jan 28, 2013 at 6:40 AM, jcbollinger wrote:
>
>
> On Friday, January 25, 2013 4:05:37 PM UTC-6, Gonzalo wrote:
>
>>
>> On Sat, Jan 26, 2013 at 1:38 AM, jcbollinger wrote:
>>
>>>
>>> Puppet's architecture does not lend itself to constructing values
>>> iteratively, and what Hiera brings to the table in that area does not apply
>>> to the scenario you describe. There are a couple of ways you might be able
>>> to work around Puppet's constraints there, but before you go that way I
>>> would suggest that you consider alternative strategies.
>>>
>>> Let's start with why you want to add package exclusions to yum.conf via
>>> multiple modules. I have some ideas of why you might be trying to
>>> implement such a design, but I'd prefer to avoid guessing.
>>>
>>
>> Hi John,
>>
>> Thanks for your reply.
>>
>> To be honest, I think in this particular case it's more about trying to
>> work out how to solve this type of problem, perhaps not necessarily useful
>> with this exclude line issue. One hypothetical example might be
>> constructing a "users=" line for some config file and I want to set users
>> from various modules to construct the line.
>>
>
>
> As I said, Puppet's architecture does not lend itself to that kind of
> thing. In particular, variables and resource properties can be assigned
> values only once each. Moreover, it is pretty much always a mistake for
> manifest sets to attempt introspection, as this introduces unneeded extra
> sensitivity to manifest parse order. Instead, one generally needs to step
> back and take a different approach.
>
> One such approach might be to build up your data in a custom external node
> classifier (ENC), which provides it to your classes via either a global
> Puppet variable or a class parameter.
>
> Another approach is for modules to declare independent resources instead
> of collaborating on a single resource. The Concat add-on module, for
> example, provides a way to implement that for files. You could, in
> principle, implement similar facilities to serve other purposes.
>
> Or you may find that you don't actually need quite the degree of
> flexibility you describe after all.
>
>
>>
>> For this exclude line question, I have a class that many nodes "include"
>> and they all need to exclude one particular RPM to ensure a "yum update"
>> never upgrades it. These same servers "include" another class, which also
>> have a package to be excluded. Do you have any ideas on how to solve this
>> type of problem?
>>
>>
> For packages in particular, you have additional options:
>
>1. In your Package declarations, you can use ensure => 'present' or
>even ensure => '' instead of ensure => 'latest'. That
>won't prevent a manual package update, but it will prevent Puppet from
>performing unwanted package updates. The variation where you specify a
>package version may even get Puppet to revert unwanted manual updates.
>2. You really ought to take control of your package repositories.
>Creating and curating local repositories not only ensures access and
>reduces demands on your network connection to the outside world, but it
>also allows you to exercise complete control over what packages are
>available for installation / update. Depending on your package management
Re: [Puppet Users] Re: two mounts with the same name (one present, one absent)
On Jan 18, 2013 11:31 AM, "jcbollinger" wrote: > > > > On Friday, January 18, 2013 12:11:42 PM UTC-6, iamauser wrote: >> >> What's the best practice to define two mount resources with same name, but different fstypes or ensure parameter ? In my particular case, I have the following : >> >> Two mounts defined as virtual resources with same name but different fstype. One is is ensuring present, other absent. Puppet doesn't like it, >> Looking at a bug report earlier ( http://projects.puppetlabs.com/issues/7491 ), I followed the suggestion, but it doesn't help. puppet throws this error : > > Instead, declare the resource once, and either set its parameters conditionally or override them, where needed, by one of the supported mechanisms for doing so. > > > John If I understand correctly the conditional would be based on the current fstype of the mount. It seems like a custom fact would be needed. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] function to map actual pubkeys to ssh_authorised_key {} resources?
If you move the keys into Puppet variables (ideally retrieved via Hiera) you can then use them to create both the key files and the ssh_authorized_key entries. . -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: puppet-dashboard load balanced report processing issues.
Even an nfs share will not fix this. We tried it. We had to make dashboard active - passive to fix it. Otherwise lots of dashboard errors result which must be cleared via rake task or the dashboard slows to a crawl. On Jan 2, 2013 1:56 PM, "jemmorey" wrote: > Looks like there is no current method to prevent multiple dashboard nodes > from stomping on each others reports, the delayed_jobs table does have a > locked_by, but that is only used during the actual event processing. > > mysql> describe delayed_jobs; > ++--+--+-+-++ > | Field | Type | Null | Key | Default | Extra | > ++--+--+-+-++ > | id | int(11) | NO | PRI | NULL| auto_increment | > | priority | int(11) | YES | MUL | 0 || > | attempts | int(11) | YES | | 0 || > | handler| longtext | YES | | NULL|| > | last_error | text | YES | | NULL|| > | run_at | datetime | YES | | NULL|| > | locked_at | datetime | YES | | NULL|| > | failed_at | datetime | YES | | NULL|| > | locked_by | varchar(255) | YES | | NULL|| > | created_at | datetime | YES | | NULL|| > | updated_at | datetime | YES | | NULL|| > ++--+--+-+-++ > 11 rows in set (0.00 sec) > > I suppose I will open this as an RFE. If anyone has any other ideas how > to do this (other than the dreaded NFS share) please let me know. > > Thanks! > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To view this discussion on the web visit > https://groups.google.com/d/msg/puppet-users/-/KufkHt4fpc8J. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Have Class Only Perform Actions When There Is Work To Do (i.e. Making Them Idempotent)
>>>
>>> I would highly recommend you just package your custom python and install
>>> it using a package management system, rather than doing what you're
>>> doing.
In this case you really ought to consider packaging, but there's
always *something* that doesn't work that way for whatever reason
(badly-wrapped vendor software is a favorite here). IMHO a tarball
installer is a necessary evil in certain situations. It'll probably
take a bit of tweaking to get it working in your environment , but
this works well for me.
# Define: packages::tar::install
#
# This define installs tar-based packages, including making sure they're
# only installed once and performing cleanup after the installation.
#
# Sample Usage:
# packages::tar::install { 'vmware-solaris-tools':
# package => 'vmware-solaris-tools-381511.tar.gz', # name of tarball
# repo => 'http://hostname/path', # ftp or http path minus filename
# dir => 'vmware-tools-distrib', # top-level directory in the tarball
# installer => 'vmware-install.pl', # name of install script
# options => '-d', # options to pass to install script
# tmpdir=> '/opt/tmp', # dir to extract tarball into
# }
define
packages::tar::install($repo,$package,$dir,$installer,$options,$tmpdir='/var/tmp',
$timeout='600',$dotdir='/opt/puppet/libexec'){
exec { "wget -O $tmpdir/$package $repo/$package":
unless => "/usr/bin/test -f ${dotdir}/.${package}",
path=> ["/opt/csw/bin","/usr/bin"],
alias => "wget_${package}",
require => File["$tmpdir"],
}
exec { "gunzip -c $tmpdir/$package | tar xf - ":
unless => "/usr/bin/test -f ${dotdir}/.${package}",
path=> ["/bin","/usr/bin","/usr/sbin"],
alias => "untar_${package}",
cwd => "$tmpdir",
require => Exec["wget_${package}"],
}
exec { "$tmpdir/$dir/$installer $options":
unless => "/usr/bin/test -f ${dotdir}/.${package}",
cwd => "$tmpdir/$dir",
alias => "install_${package}",
timeout => "$timeout",
require => Exec["untar_${package}"],
}
exec { "touch ${dotdir}/.${package}":
path=> ["/bin","/usr/bin"],
unless => "/usr/bin/test -f ${dotdir}/.${package}",
alias => "${package}_dotfile",
require => Exec["install_${package}"],
}
exec { "rm -rf $tmpdir/$dir":
path=> ["/bin","/usr/bin"],
onlyif => "/usr/bin/test -d $tmpdir/$dir",
cwd => "$tmpdir",
alias => "rm_${dir}",
require => Exec["install_${package}"],
}
exec { "rm -f $tmpdir/$package":
path=> ["/bin","/usr/bin"],
onlyif => "/usr/bin/test -f $tmpdir/$package",
cwd=> "$tmpdir",
alias => "rm_${package}",
require => Exec["install_${package}"],
}
}
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Static IP assignment
I'm currently experimenting with an option added in vSphere 5 that has promise: assuming your VM Template has VMware Tools preinstalled you can use the Perl API to run programs directly in the resulting VM. Assuming you have API access (vSphere or commercially licensed ESXi have this, the free version doesn't) you can address the VM by name once it's started and run whatever programs you like. No need for network, etc. See: http://www.virtuallyghetto.com/2011/07/automating-new-integrated-vixguest.html On Wed, Oct 17, 2012 at 8:19 AM, GordonJB wrote: > OK, that all makes sense, thanks for the help! > > On Wednesday, 17 October 2012 16:02:55 UTC+1, Matthew Burgess wrote: >> >> On Wed, Oct 17, 2012 at 3:49 PM, GordonJB wrote: >> > So I take it that when the new VM announces itself to the network, it >> > will >> > go off to the DHCP server and pick a static IP if there is one defined >> > already for it's MAC address in a config file somewhere? >> >> Yes, that's correct. You can also set up a generic pool of addresses >> that a VM may get one from if you don't know its MAC address, but then >> you're not guaranteed to get the same IP address every time. >> >> The problem I encountered with VMWare VMs was that the MAC address >> wasn't generated until the VM was first powered on, so configuring >> DHCP ahead of time wasn't possible. As we didn't have any automated >> provisioning set up, the process was to do an initial boot and >> interrupt the boot process fairly quickly and power the VM off. Then >> I'd grab the MAC address from VSphere and pop it into the DHCP >> server's config. >> >> > Is there a way to have a MAC address/IP pairing generated if one does >> > not exist? >> >> I think the approach I'd take with this is to have a fairly small pool >> of addresses used for temporary IPs while a box is being provisioned. >> Once the box is up, you could have another puppet module that would >> figure out, using some other policy (potentially as simple as doing a >> DNS lookup on your VM's hostname), what the IP address of the box >> should be, find the MAC address of the NIC (exposed by facter), then >> put that in to the DHCP server's config. Automated provisioning >> solutions such as Foreman or Razor >> (http://puppetlabs.com/blog/puppet-razor-module/) may have >> better/other ways of doing it, but that would be my initial approach. >> That Razor page also links to Puppetlabs' own DHCP module >> (https://github.com/puppetlabs/puppetlabs-dhcp), so I'd be prone to >> try that for your DHCP config needs first, before looking at modules >> on the Forge. >> >> Regards, >> >> Matt. > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To view this discussion on the web visit > https://groups.google.com/d/msg/puppet-users/-/UJQuzY-oj_kJ. > > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Open Source to Enterprise migration?
On Wed, Oct 10, 2012 at 9:01 AM, Shawn Knight wrote: > Hi, > > Can any users of Puppet tell me about experiences in upgrading a Puppet Open > Source environment to Enterprise? Hi Shawn, We went through this with Puppet 2.6 and PE 2.0. It wasn't particularly painful, though we did have Puppet Labs PS on site to help. For a standalone installation of Puppet I wouldn't consider that necessary, but if you want to add HA, multiple masters, or other complex configs you may want to consider it. It depends on whether you've already done those things in your existing Puppet install. At a basic level we configured our CA's, had our old Puppet Masters configure the clients to use the PE Masters, then had the PE Masters install the PE Agent. It was easier than running the PE Installer everywhere. If your existing Puppet infrastructure is too new you may not be able to go this route since the agents can't be newer than the master. Planning elements: if you're not using the Puppet Dashboard already you'll want to think about whether the MySQL server and PE Console services need to be HA. If you're going to use the PE Console as an ENC then I'd vote yes, since the ENC becomes a single point of failure regardless of how many Masters you have. You'll also want to read up on the Puppet Certificate Authority since you'll be dealing with your existing certificates one way or another. If you're not using MCollective it's one of the nice things about PE since it comes pre-configured and you don't have to learn how to configure ActiveMQ and friends right away. Unfortunately it doesn't run arbitrary programs so in order to extend it to do new things you'll have to read up on a little bit of Ruby. All-in-all the complexity of it mostly depends upon the complexity of your existing environment. As far as downtime goes, you can easily run them side-by-side (managing different clients obviously) so you shouldn't need to worry about having completely unmanaged systems. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] How to prevent puppet clients from updating to version 3?
If you really want control over this you should build your own local repo mirror. That way you can be absolutely certain of what your systems will have access to. RHEL and friends come with all the tools to do this so it's not a major undertaking. On Oct 3, 2012 7:37 AM, "Mister Guru" wrote: > I'm sending this email to start this thread, feel free to comment as > appropriate. I'm going to assume that it's going to take a while for most > people to actually realise that the puppet update may be giving them some > issues, so, comments and suggestion please! > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Where do you store sensitive files with puppet+git approach?
We use hiera-gpg for ours. Files containing sensitive information are converted into templates so that only the necessary strings are included in gpg. If we really needed to distribute full files I would probably build a separate directory tree backed by its own repository for this. It's just never been necessary for us. On Oct 1, 2012 6:47 AM, "Vaidas Jablonskis" wrote: > > Hi People, > > I have a quick question, which hopefully you will have an answer to. > > I am slowly moving towards puppet and git with multiple branches for different environments. Things are going pretty well, but now I have a small issue. The question is where should I store sensitive files, for instance SSL private keys or some files which contain sensitive data? > > I am aware of hiera-gpg storage backend, but that is more suitable for storing plain text strings rather than actual files - correct me if I am wrong? > > I am looking forward to hear your opinion on this subject. > > Thanks in advance. > > > -- Vaidas > > -- > You received this message because you are subscribed to the Google Groups "Puppet Users" group. > To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/DjQqqdK2NJ4J. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: [Puppet-dev] Do you rely on 'param=>undef' being equal to '(nothing)'?
I'm using the current behavior in inherited classes to unset parameters set
by the parent class. If that no longer works it will definitely impact my
code.
On Sep 14, 2012 11:31 AM, "Eric Sorenson"
wrote:
> Hi, there's an issue that came up recently in the 3.0RCs -- Big thanks to
> Erik Dalén for reporting it in #16221 -- that involves a behaviour change
> to part of the DSL. In a nutshell, this code:
>
> define foobar ($param='Hello world') {
> notice($param)
> }
> foobar { 'test': param => undef }
>
> in 2.7, causes 'Hello world' in the notice. In 3.x, it's nothing. As I
> said in the bug, this seems more correct to me -- I've overriden the
> default with an explicit 'undef', taking off the default. The same thing
> goes for invoking parameterised classes with undef arguments, which is
> perhaps more ambiguous (example from matthaus):
>
> class toplevel (
>$maybe = false,
>$optional = undef ) {
>if ($maybe) {
> class { toplevel::secondlevel: optional => undef }
>}
> }
>
> In order to make use of the default for the `optional` parameter in
> toplevel::secondlevel, you'd now need to either test in `toplevel` whether
> `$optional` was passed into it, or have toplevel::secondlevel use an
> `$optional_real` value inside it, similar to what's commonly done to append
> to defaults that are array values.
>
> The closest thing to documentation around this suggests the new behaviour
> is what's intended <
> http://docs.puppetlabs.com/puppet/2.7/reference/lang_classes.html#overriding-resource-attributes
> >:
>
> You can remove an attribute’s previous value without setting a new one
> by overriding it with the special value undef:
>
> class base::freebsd inherits base::unix {
> File['/etc/passwd'] {
> group => undef,
> }
> }
>
> So, I'm trying to determine whether this is a widespread pattern or an
> edge-case. Do you expect 'param=>undef' to be the same as not specifying
> param at all, or for the receiver to "see" the undef?
>
> Eric Sorenson - eric.soren...@puppetlabs.com
> PuppetConf'12 - 27-28 Sep in SF - http://bit.ly/pcsig12
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Developers" group.
> To post to this group, send email to puppet-...@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-dev+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-dev?hl=en.
>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Problem with hiera arrays not obeying the hierachy
The hiera function works as you described and supports strings, arrays and
hashes. The hiera_array and hiera_hash functions build additive arrays and
hashes that include the values of all matching variables across the entire
hierarchy. For your use case you should use hiera() instead of
hiera_array().
On Sep 3, 2012 8:42 AM, "Josh" wrote:
> ...my hiera.conf since it would probably help. %{datacentre} is a custom
> fact that is set at build time:
>
> ---
> :hierarchy:
> - node/%{hostname}
> - common/%{datacentre}
> - common/common
> :backends:
> - yaml
> - puppet
> :yaml:
> :datadir: '/local/puppet/env/%{environment}/hieradata'
> :puppet:
> :datasource: data
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/7FV-TOufBLcJ.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] The rewritten Puppet 2.7 language reference is live
On Thu, Aug 23, 2012 at 4:32 PM, Nick Fagerlund wrote: > > > On Thursday, August 23, 2012 12:47:16 PM UTC-7, Aaron Grewell wrote: >> >> In >> http://docs.puppetlabs.com/puppet/2.7/reference/lang_datatypes.html#hashes >> it would be helpful to have a hash example that contains multiple keys >> each with multiple subkeys. > > > You're right, I'll put one in. (Although since sometime before 2.7, you can > actually use trailing commas in hashes the same way you do in resource > declarations. I'll add that to the docs too!) > That looks really good. After reviewing my code, I suspect that my issue was not that Puppet's approach was inconsistent but rather that I never use this kind of nesting in my resource declarations. It's common for hashes though, so the new examples are a definite plus. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] The rewritten Puppet 2.7 language reference is live
Hi Nick, I have a suggestion. In http://docs.puppetlabs.com/puppet/2.7/reference/lang_datatypes.html#hashes it would be helpful to have a hash example that contains multiple keys each with multiple subkeys. The way the commas are distributed in that scenario is different from how commas are handled in resources and properties which can be confusing. After reading the hash section I ended up having to google for a more complete example and I'm sure I'm not the only one. Thanks again for your work, I really like the new layout. -Aaron On Tue, Aug 21, 2012 at 1:40 PM, Nick Fagerlund wrote: > Hi all, > > I've finished the all new Puppet 2.7 language reference. EXCITING! Well, > exciting to me, at least. Table of contents: > > http://docs.puppetlabs.com/puppet/2.7/reference/ > > Visual index (for when you know what you're looking for but you don't know > what it's called): > > http://docs.puppetlabs.com/puppet/2.7/reference/lang_visual_index.html > > And of course, use the navigation in the left sidebar to jump between pages. > > Our goal here is to nail down every detail of how the Puppet language works, > then cut new versions along with major Puppet releases. We'll eventually be > expanding this versioned document with non-language details -- we've been > referring to this plan as the "Puppet reference manual." Its purpose isn't > to replace any of the guides or how-tos, but to lay down a "just the facts" > baseline that lets you get in and out fast. > > Anyway, we hope you find it useful. Thanks for using Puppet. > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To view this discussion on the web visit > https://groups.google.com/d/msg/puppet-users/-/bDBvT082CjQJ. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Hiera targetted value lookup
On Tue, Jul 24, 2012 at 8:08 AM, tomash wrote:
> Hi,
>
> I'm trying to get to grips with hiera and yaml as the backend.
>
> given a yaml file like this:
>
> ---
> user:
> dave:
> home: "/home/dave"
> shell: "/bin/bash"
> steve:
> home: "/home/steve"
> shell: "/bin/zsh"
>
> How would I do a hiera lookup for steve's shell?
> on the cli, I cannot do "hiera steve.shell" as I might expect.
Try something like this:
$user = hiera('user')
$shell = $user['dave']['shell']
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Best practice for calling commands
This sounds similar to how the router type works so that might be a good
place to start looking for ideas.
On Jul 23, 2012 6:20 AM, "jcbollinger" wrote:
>
>
> On Monday, July 23, 2012 4:16:15 AM UTC-5, Hannes Schaller wrote:
>>
>> Hello!
>>
>> I hope someone might be able to give me some directions on this
>> problem. The search didn't come up with something useful because it's
>> some kind of a corner case i think...
>>
>> I am trying to implement an integration of HP System Insight Manager
>> into Puppet. Unfortunately the HP SIM is running on a windows box to
>> which I only have SSH access and cannot install puppet on it (otherwise
>> Exec would be easy).
>>
>> My idea was to write a provider and type that i could do something like
>>
>> node server1 {
>> simnode {"$hostname":
>>ensure => present,
>>simserver => "hpsim.example.com",
>> }
>> }
>>
>> In the background the provider issues an command over ssh to make sure
>> it is in SIM:
>>
>>
>> Puppet::Type.type(:simnode).**provide(:ssh) do
>>confine :manufacturer => [ "HP", "Compaq" ]
>>commands :ssh => "ssh"
>>
>>def create
>> ssh @resource[:simserver] "mxnode -a @resource[:name]"
>>end
>>
>>def exists?
>> output = ssh @resource[:simserver] "mxnode -ld
>> @resource[:name]"
>> if output =~ /The node specified does not represent a node in
>> this system/i
>>false
>> else
>>true
>> end
>>end
>>
>>def destroy
>> ssh @resource[:simserver] "mxnode -r @resource[:name]"
>>end
>> end
>>
>>
>>
>> Of course this is more or less pseudocode but I guess you see what I am
>> intending to do.
>
>
> I think something along those lines could be made to work, but it's very
> unusual. The resource you're managing doesn't actually belong to the node
> being managed. That may be the best you can do with the constraints you're
> working under, but be aware that it will be shakier than most Puppet
> resources.
>
>
>
>> On the other hand the "mxnode -ld" command also spits
>> out some very interesting information about support status and features
>> that I would like to put into facts
>
>
> By the time your provider (or your type) enters the picture, fact
> collection is long since over and done. If you want to make facts out of
> that information then you need to write separate custom facts. Note,
> however, that doing so makes your setup a little bit shakier still, for
> then you have not only managed resources, but also facts that don't belong
> to the node being managed.
>
>
>> respectively there is an XML Output
>> of mxnode which I could use to cache the state if a node has already
>> been added to SIM.
>>
>
> I advise against doing that, as it introduces a cache validity problem.
> Puppet providers generally prefer to use the system's tools directly.
>
>
>>
>> Before I start writing this provider is there any kind of generic SSH
>> wrapper for this something i could start from?
>>
>
> I am not aware of one, but perhaps someone else can help you out. On the
> other hand, what you're trying to do is very unusual, as I already said, so
> you may be on your own.
>
>
> John
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/4VEF0zAzBQEJ.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Hiera vs LDAP
On Wed, Jul 18, 2012 at 2:09 PM, Trevor Vaughan wrote: > So, I was following the thread "how to conditionally add users to a > virtualized group?" and had a bit of a realization that I'm not quite > sure why Hiera is a better backend than LDAP. > In our environment at least, messing around with the LDAP schema is a non-starter. I can change my Hiera setup any time. That alone makes it better for me. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] file_line type issue, possible bug
Depending on your sudo version you could also put snippets in /etc/sudoers.d. This has the advantage of allowing each class to manage its own sudoers file without any Puppet conflicts. On Jun 10, 2012 3:56 AM, "Ryan Bowlby" wrote: > Hi All, > > I am using the file_line type included in stdlib to add a line to > /etc/sudoers. On each run the sudo module replaces /etc/sudoers, then > file_line resource adds the line back. It's happening on each run and I > can't seem to figure out to get the sudo module's file resource to stop > replacing the file on each run. I was hoping the file resource would ignore > any lines propagated by the file_line resource. Is this a bug or am I just > missing something? > > -Ryan > > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To view this discussion on the web visit > https://groups.google.com/d/msg/puppet-users/-/L7OtmlWKio0J. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Newbie question: what to start from?
On Fri, May 18, 2012 at 11:07 AM, Christopher Wood wrote: >> When we started using cfengine long time ago cookbooks _with_examples_ >> were available, it was very convenient. There's an integrated set of example modules here that are worth a look: http://www.example42.com/ -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Using Puppet to manage preexisting servers
On Wed, May 16, 2012 at 5:07 AM, Mister IT Guru wrote: > Ordinarily, I'd say lets upgrade your working practices while we're at it, > and properly manage your whole workflow, manage access and manage who can > make changes. Lets start by rebuilding your boxes to specification, and > migrating your existing data over. Sounds great, "Client says no" huh? - Now > I need to rethink my strategy. One of the tools that's helpful in this situation is Puppet's no-op mode. This gives you the ability to report in advance on what would change during a Puppet run. It's helpful for reassuring angsty customers as well as making a list of what might need to be reverted in an emergency. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] how best to combine business data (Hiera) and machine data (Facts)
I suppose you could create a separate class for the entries that will
be fact-driven versus Hiera-driven. You wouldn't be able to use a
single template, but either augeas or concat should work. I wouldn't
call it elegant, but the code might be less ugly.
On Fri, May 11, 2012 at 9:47 AM, Luke Bigum wrote:
> Hi Gary,
>
> Not quite... Let me go into more detail.
>
> I'm trying to handle sysctl "perfectly" which is probably my real problem.
> Hiera's ability to merge hashes together makes it perfect for arriving at
> one set of sysctl options for a server based on "business logic" (my
> hierarchy). For Hiera data on 'someserver' below which has 'some_role',
> calling hiera_hash in a Puppet manifest will give me IP forwarding set and
> rp_filter set, which is what I want:
>
> - some_role.json
> {
> "sysctl" : {
> "net.ipv4.ip_forward" : {
> "comment" : "Controls IP packet forwarding",
> "value" : "1"
> }
> }
>
> - common.json --
> {
> "sysctl" : {
> "net.ipv4.ip_forward" : {
> "comment" : "Controls IP packet forwarding",
> "value" : "0"
> },
> "net.ipv4.conf.default.rp_filter" : {
> "comment" : "Controls source route verification",
> "value" : "1"
> }
> ...
> ...
> }
> -
>
> Where it becomes difficult is trying to then incorporate pure Fact data to
> influence or modify these decisions.
>
> Lets say that I actually get back 20 keys of sysctl data, one of those is
> 'vm.swappiness'. Most of my nodes have a value of '10', but lets say
> hypothetically that I have a small set of nodes that require a different
> value because of the amount of RAM available in the machine (a decision
> needs to be made based on hardware, not business logic). This is purely a
> Fact. Introducing another level of hierarchy for Fact 'memorytotal' is a bit
> silly in this case.
>
> The sysctl class looks roughly like this:
>
> --- sysctl.pp --
> class sysctl {
> $sysctl_hash = hiera_hash('sysctl')
> create_resources('sysctl', $sysctl_hash)
> }
> --
>
> I love that simplicity, however it's difficult to introduce edge cases that
> modify the data retrieved from Hiera based on Facts. Class inheritance won't
> work because create_resources() seems to insert into the catalog in an
> uninheritable way - bug report or fixable with Ruby DSL perhaps? Filling
> this class full of "if ($fact) modify hash" to munge the data pulled from
> Hiera seems dirty too.
>
> There may be no elegant solution and as you say, 80-90% may have to do.
>
> -Luke
>
>
> On 11/05/12 16:53, Gary Larizza wrote:
>
> I see this with people looking to move to the hierarchical system that Hiera
> brings. It essentially boils down to "How do I do this without having a ton
> of hierarchy levels?". Usually we tend to recommend using the hierarchy to
> hit the 80% mark for the data you need in your modules. Anything that's
> module-specific-data should then be broken out to a data.pp or params.pp
> file with conditional logic there. I tend to ask people: "Is this something
> others are going to hit when they try to use the module too?", as in - "Are
> there path differences between operating systems?", or "Are there important
> changes to the data between RHEL 5 and 6?". If the answer to these is yes,
> then I tend to favor putting that data into a module's data class so that
> it's exposed for ANYONE who wants to use the module. Why would you want to
> hide these differences in the hierarchy - especially if others might run
> into them?
>
> Does this sound similar to the problems you're facing? Or is this a case
> where you have custom facts that are specific to your organization that
> determine how you manage sysctl?
>
>
> On Fri, May 11, 2012 at 8:42 AM, Luke Bigum wrote:
>>
>> Hi all,
>>
>> I've been improving our sysctl module and come across an interesting
>> design problem I'd like feedback on.
>>
>> I approached the re-factor with Hiera in mind - I would put all our sysctl
>> data in Hiera hash and pull that into a hiera_hash, merging the hierarchy of
>> data and allowing higher priority sysctl settings to override the baseline
>> defaults. I then use create_resources to write sysctl.conf. Works great to
>> start with, but now I come across more and more cases where the sysctl data
>> is dependent on machine logic (virtual vs physical, types of hardware, etc)
>> that doesn't seem right to put into Hiera as I'd have a complex hierarchy
>> for a bunch of edge case Facts.
>>
>> I seem to need to make decisions on two sources: business logic in Hiera
>> hierarchy (that's easy with merging hashes) as well as considering what
>> Facts or Classes applies to a node (machine logic). That's not trivial to
>> do, especially with a potentially large set of data like sysctl.conf keys.
>>
>> Does anyone ha
Re: [Puppet Users] distributing updates to multiple puppet masters (Subversion)
Our SVN repo box is shared with some other projects so I haven't implemented a post-commit hook at this point. We used to have Puppet perform the checkouts, but since a commit may break Puppet's ability to run it didn't seem like the best way. For now we're doing it via MCollective. On 05/02/2012 07:18 AM, Scott Merrill wrote: > For folks with multiple Puppet Masters, how are you pushing out > manifest and module updates to them? > > We intend to use Subversion for our version control. Obviously one > option would be to have each Puppet Master perform a checkout of the > svn repo. We could schedule periodic updates via cron. Or we could use > a post-commit hook to rsync the updates out from the repo to each > Puppet Master. > > What are you doing? What works well, and what headaches have you experienced? > > Thanks, > Scott > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] scaling puppet, skipping puppetmaster?
Note that using multiple masters is one way to solve this. On Apr 27, 2012 10:46 AM, "Philip Brown" wrote: > I've heard that after (some # of machines) x (some size of manifests) > puppet does not scale well, due to bottlenecking on the puppetmaster. > > Anyone doing large scale use by some other methods? > For example, running puppet on each machine individually using cron or > something? With the manifest distributed > (via NFS? http? something else?) > > I'd be interested to hear alternatives. > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To view this discussion on the web visit > https://groups.google.com/d/msg/puppet-users/-/ucp6vuDFbjYJ. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Does create_resources support virtual resources?
Thanks Gary. I'll go figure out how that works. :)
On 03/30/2012 12:04 PM, Gary Larizza wrote:
> Create_resources doesn't support virtual users, but Hiera DOES support
> hash-merging, so it could find all users in all hierarchies with
> hiera_hash and then declare them at once.
>
> On Friday, March 30, 2012, Aaron Grewell wrote:
>
> Hi all,
> I'm interested pushing my user list out of my users manifest and into
> Hiera. Unfortunately I haven't been able to get it to work the way I
> thought it would. The error suggests that perhaps create_resources
> cannot create virtual resources, but the docs I've read so far don't
> address it.
>
> The class (in init.pp):
> class users {
> $system_users = hiera('system_users')
> $system_groups = hiera('system_groups')
>
> create_resources("@users::mkuser",$system_users)
> create_resources("@users::mkgroup",$system_groups)
> } # class users
>
> The define (in mkuser.pp):
>
> define users::mkuser (
> $uid,
> $gid = undef,
> $group = undef,
> $shell = '/bin/bash',
> $home = undef,
> $ensure = 'present',
> $managehome = true,
> $dotssh = 'ensure',
> $comment = 'created via puppet',
> $groups = undef,
> $password = undef,
> $symlink = undef,
> $mode = undef
> ) {
>
> }
>
> The error:
> err: Could not retrieve catalog from remote server: Error 400 on SERVER:
> could not create resource of unknown type @users::mkuser at
>
> /etc/puppetlabs/puppet/configurations/se/environments/development/modules/users/manifests/init.pp:29
>
> Is this the expected behavior, or have I missed something obvious?
>
> --
> You received this message because you are subscribed to the Google
> Groups "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com
> .
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com .
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>
>
> --
>
> Gary Larizza
> Professional Services Engineer
> Puppet Labs
>
> --
> You received this message because you are subscribed to the Google
> Groups "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Does create_resources support virtual resources?
Hi all,
I'm interested pushing my user list out of my users manifest and into
Hiera. Unfortunately I haven't been able to get it to work the way I
thought it would. The error suggests that perhaps create_resources
cannot create virtual resources, but the docs I've read so far don't
address it.
The class (in init.pp):
class users {
$system_users = hiera('system_users')
$system_groups = hiera('system_groups')
create_resources("@users::mkuser",$system_users)
create_resources("@users::mkgroup",$system_groups)
} # class users
The define (in mkuser.pp):
define users::mkuser (
$uid,
$gid = undef,
$group = undef,
$shell = '/bin/bash',
$home = undef,
$ensure = 'present',
$managehome = true,
$dotssh = 'ensure',
$comment = 'created via puppet',
$groups = undef,
$password = undef,
$symlink = undef,
$mode = undef
) {
}
The error:
err: Could not retrieve catalog from remote server: Error 400 on SERVER:
could not create resource of unknown type @users::mkuser at
/etc/puppetlabs/puppet/configurations/se/environments/development/modules/users/manifests/init.pp:29
Is this the expected behavior, or have I missed something obvious?
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Going insane : Puppet PHP module for multiple distributions
If you try to handle unlike OSes in the same class you're in for lots of
debugging and logic issues. I agree with Walter, you'll want to
subclass them.
If you name your subclasses according to the results of the built-in
osfamily fact (which should return RedHat for both RHEL and CentOS) you
can do:
class php {
include "php::${::osfamily}"
}
We do RHEL, Oracle Linux, and Solaris in a similar fashion. Each would
then be handled by its own subclass, but the osfamily fact allowed for
sharing configs between like systems.
The other issue we ran into was that Solaris and Linux use different
facts to reflect their major release values. I'm not sure if something
similar would happen with Gentoo or not (hopefully not since it's also
Linux). This also got me thinking about the logic required for choosing
between major releases when they have incompatible changes. It wasn't
strictly necessary, but I wrote a custom fact to make things simpler.
It combines OS and major release into a single fact (with matching
'family' fact) so that like systems can be easily and consistently
grouped in both Puppet and Hiera regardless of which OS I'm using. It
should be pretty straightforward to extend to other systems if you find
it useful.
My main class would look like so:
class php {
include "php::${::os_build_family}"
}
With subclasses:
class php::rhel_5::fpm {
}
class php::rhel_5::cli {
}
class php::rhel_5::mod {
}
And similar subclasses for other OSes. Of course if the code needs to
be shared differently then the kernel, operatingsystem, or osfamily
facts may make more sense.
The os_build/os_build_family custom facts we use are produced in
os_build.rb:
require 'facter'
case Facter.value('operatingsystem')
when 'RedHat'
if Facter.value('operatingsystemrelease')
release = Facter.value('operatingsystemrelease').split('.')[0]
Facter.add('os_build') do
setcode {"rhel_#{release}"}
end
Facter.add('os_build_family') do
setcode {"rhel_#{release}"}
end
end
when 'OracleLinux'
if Facter.value('operatingsystemrelease')
release = Facter.value('operatingsystemrelease').split('.')[0]
Facter.add('os_build') do
setcode {"ol_#{release}"}
end
Facter.add('os_build_family') do
setcode {"rhel_#{release}"}
end
end
when 'Solaris'
if Facter.value('operatingsystemrelease')
release=Facter.value('operatingsystemrelease').split('.')[1]
Facter.add('os_build') do
setcode {"sol_#{release}"}
end
Facter.add('os_build_family') do
setcode {"sol_#{release}"}
end
end
end
On 03/29/2012 05:14 PM, Walter Heck wrote:
> From what I've seen in other modules, the more common way is to do
> something like this:
>
> class php {
>case $::operatingsystem {
> 'Gentoo': {
> include php::gentoo
> }
> /(RedHat|CentOS)/: {
> include php::redhat
> }
> }
>
> And then implement the correct packages and files inside those
> subclasses. You can still have a class called php::fpm which then
> configures fpm, it would have class parameters for the specific file
> paths that change per OS for instance.
>
> good luck,
>
> Walter
>
> On Fri, Mar 30, 2012 at 00:29, Matthias Saou wrote:
>> Hi,
>>
>> Before making any further changes to my existing PHP module, I'd like
>> to get a few recommendations from anyone who has already faced this
>> problem...
>>
>> My existing module supports Fedora, RHEL and clones. I'd like to extend
>> support to more distributions, by adding a typical "params" class to it.
>>
>> So far, so good. I've already done it for other modules.
>>
>> *BUT* in the case of PHP, file locations, file splitting and package
>> splitting can be extremely different from one distro to the next.
>>
>> For instance, in the case of Fedora/RHEL we have :
>> * Packages : php-cli, php-fpm, php (for mod_php)
>> * Configurations : /etc/php.ini, /etc/php.d/, /etc/php-fpm.conf,
>> /etc/php-fpm.d/
>>
>> Now in the case of Gentoo (don't ask) :
>> * Package : dev-lang/php (only this one for everything)
>> * Configurations : *lots* such as these :
>> /etc/php/cli-php${php_version}/php.ini
>> /etc/php/fpm-php${php_version}/php.ini
>> /etc/php/fpm-php${php_version}/php-fpm.conf
>> /etc/php/fpm-php${php_version}/ext/
>> /etc/php/fpm-php${php_version}/ext-active/
>>
>> I want to keep my module very flexible : Install only CLI, only FPM,
>> only Apache httpd module or any combination of those three.
>>
>> The first problem I'm facing is with package requirements, where even
>> with virtual resources I'm in a dead end. Not to mention wanting to
>> support "ensure => absent" on any of CLI/FPM/mod when there's a single
>> package for all three will no longer be easy.
>>
>> Right now, I'm going this way :
>># packages
>>case $::operatingsystem {
>>'Gentoo': {
>>@package { 'dev-lang/php': ensure => installed }
>>$package_cli = 'dev-lang/php'
>>
Re: [Puppet Users] How can I get puppet onto a closed network ?
Thanks Mike, it's great to see the improvements that have been made to the repos over the last few months. You guys have clearly been hard at work. On Mar 25, 2012 4:17 PM, "Michael Stahnke" wrote: > The EL5 repos on yum.puppetlabs.com should not require epel anymore. > If it does, please file a bug. > > On Thu, Mar 22, 2012 at 5:27 PM, Aaron Grewell > wrote: > > I would install yum-utils and use reposync on a system with internet > access > > to create a local repo. Yum.puppetlabs.com has most of what you need, > but > > you may also need a copy of the epel repo. > > > > On Mar 22, 2012 4:42 PM, "Peter Bukowinski" wrote: > >> > >> I'd copy down from the yum.puppetlabs.com site all the packages in the > >> products and dependencies repos and set up your own local repos. Point > your > >> rhel boxes at it and install that way. > >> > >> The repos would be easier to mirror locally if puppetlabs setup an rsync > >> server for them, but right now scraping them with curl/wget or manually > >> downloading is your only option. > >> > >> -- > >> Peter > >> > >> On Mar 22, 2012, at 6:52 PM, BigCod wrote: > >> > >> > I've a network of RHEL5.3 servers with no internet acess that I'd > >> > like to get puppet onto. > >> > > >> > All I have is the RHEL5.3 DVD media set up as a yum repo. > >> > > >> > Is there some way I can download puppet and all its dependencies so I > >> > can bundle them together and install them on my closed network ? > >> > > >> > I'm thinking I could install centos on a machine with net access, > >> > download and save all the puppet rpms to that ad copy accross to my > >> > closed network, is this the correct method ? > >> > > >> > -- > >> > You received this message because you are subscribed to the Google > >> > Groups "Puppet Users" group. > >> > To post to this group, send email to puppet-users@googlegroups.com. > >> > To unsubscribe from this group, send email to > >> > puppet-users+unsubscr...@googlegroups.com. > >> > For more options, visit this group at > >> > http://groups.google.com/group/puppet-users?hl=en. > >> > > >> > >> -- > >> You received this message because you are subscribed to the Google > Groups > >> "Puppet Users" group. > >> To post to this group, send email to puppet-users@googlegroups.com. > >> To unsubscribe from this group, send email to > >> puppet-users+unsubscr...@googlegroups.com. > >> For more options, visit this group at > >> http://groups.google.com/group/puppet-users?hl=en. > >> > > -- > > You received this message because you are subscribed to the Google Groups > > "Puppet Users" group. > > To post to this group, send email to puppet-users@googlegroups.com. > > To unsubscribe from this group, send email to > > puppet-users+unsubscr...@googlegroups.com. > > For more options, visit this group at > > http://groups.google.com/group/puppet-users?hl=en. > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] How can I get puppet onto a closed network ?
I would install yum-utils and use reposync on a system with internet access to create a local repo. Yum.puppetlabs.com has most of what you need, but you may also need a copy of the epel repo. On Mar 22, 2012 4:42 PM, "Peter Bukowinski" wrote: > I'd copy down from the yum.puppetlabs.com site all the packages in the > products and dependencies repos and set up your own local repos. Point your > rhel boxes at it and install that way. > > The repos would be easier to mirror locally if puppetlabs setup an rsync > server for them, but right now scraping them with curl/wget or manually > downloading is your only option. > > -- > Peter > > On Mar 22, 2012, at 6:52 PM, BigCod wrote: > > > I've a network of RHEL5.3 servers with no internet acess that I'd > > like to get puppet onto. > > > > All I have is the RHEL5.3 DVD media set up as a yum repo. > > > > Is there some way I can download puppet and all its dependencies so I > > can bundle them together and install them on my closed network ? > > > > I'm thinking I could install centos on a machine with net access, > > download and save all the puppet rpms to that ad copy accross to my > > closed network, is this the correct method ? > > > > -- > > You received this message because you are subscribed to the Google > Groups "Puppet Users" group. > > To post to this group, send email to puppet-users@googlegroups.com. > > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] net ads join
I'm not sure how much membership-specific code you have, but if it's
more than just this you may want a custom fact rather than using
unless/onlyif every time. We use QAS instead of Samba for domain
membership but the idea is the same:
--vas_status.rb--
require 'facter'
vastool = '/opt/quest/bin/vastool'
if File.exists? vastool
`#{vastool} status`
if $?.success?
Facter.add("vas_status") do
setcode { "joined" }
end
else
Facter.add("vas_status") do
setcode { "unjoined" }
end
end
else
Facter.add("vas_status") do
setcode { "uninstalled" }
end
end
On 03/05/2012 12:35 PM, Kinzel, David wrote:
>> exec {
>> path => "/usr/bin",
>> onlyif => 'test `net ads testjoin 2>&1 | grep Join | sed -e \'s/
>> *Join is OK*/1/g\' -ne 1'
>> command => 'net ads join -U %
>> createcomputer="Samba"
>> }
>>
>> The onlyif doesn't work if the result of the testjoin returns "Join is
>> OK", depending on the test syntax, it just runs or doesnt regardless.
>> There has to be a better way to do this... anyone with experience
>
> That regex doesn't look very nice. Are you sure running it from a regular
> shell produces what you want? What exactly is the net ads testjoin output
> look like?
>
> It would be much simpler to use:
>
> onlyif => "net ads testjoin 2>&1 | grep 'Join is OK'"
>
> Which will use the return code of grep.
>
> If your code is exactly as shown in this email you are also missing a ` in
> your only if test, and your command => is not closed either.
>
>> setting this up that cares to share? Anyone try using the
>> "refreshonly" option somehow? Again, my goal here is just for the net
>> ads join to run when the server is NOT joined to the domain (which
>> should be rarely). Thanks
>>
>> --
>> You received this message because you are subscribed to the
>> Google Groups "Puppet Users" group.
>> To post to this group, send email to puppet-users@googlegroups.com.
>> To unsubscribe from this group, send email to
>> puppet-users+unsubscr...@googlegroups.com.
>> For more options, visit this group at
>> http://groups.google.com/group/puppet-users?hl=en.
>>
>>
>
>
> This email communication and any files transmitted with it may contain
> confidential and or proprietary information and is provided for the use of the
> intended recipient only. Any review, retransmission or dissemination of this
> information by anyone other than the intended recipient is prohibited. If you
> receive this email in error, please contact the sender and delete this
> communication and any copies immediately. Thank you.
>
> http://www.encana.com
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet apache config for vhost
On 02/28/2012 06:45 AM, Tony G. wrote: > > You might want to use a parametrized class instead of the define, there > is a discussion in removing or not from future puppet releases[1] No, you've misunderstood. The 'defined()' function is/was under consideration for removal. That's not the same as a 'define' resource, nor is a paramaterized class a replacement for a define. As much as I hate telling people to RTFM, this explains the differences much better than I can: http://docs.puppetlabs.com/guides/language_guide.html#resource-collections -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Unresponsive Agents - PE 2.0
Are you running RHEL 5? Did you recently patch your kernel? If so, you've probably been bitten by a kernel bug. I've successfully used kernel-2.6.18-274.17.1.el5 and backrev versions from the kernel-2.6.18-238.x.x series. On 02/22/2012 12:26 PM, Robert Stinnett wrote: > Hi there, > > I am relatively new to Puppet (totally new) and had been cruising > right along for a few days until about a week ago when our puppet > agents went unresponsive. I've restarted both them and the servers > several times to no avail. Can anyone point me down the path of how > to diagnose this issue? We are currently evaluating Puppet to bring > into our Enterprise for managing server provisions/configs/etc. > > Thanks, > Robert Stinnett > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: overriding parts of a collection of defined resources
Resource defaults may help you. If you create a default file resource :
File{
owner => root,
group => root,
mode => 644,
}
The file resources in the class will assume these defaults unless their own
definition specifies otherwise. For large numbers of resources of the same
type there is also a more concise declaration style :
file {
/etc/passwd:
source => 'puppet:///someplace ';
/etc/other:
mode => 400,
source => 'puppet:///someplace/else';
}
Combining these two should be a relatively efficient way of getting there.
On Feb 19, 2012 6:12 AM, "Marc DiBlasi" wrote:
> I have a couple pointers that may help you.
>
> - The default user and group is root.
> - You can set type defaults like this: File { user => "root", group =>
> "root"} and if you put this in a class, it only applies to the class.
> If you put it in site.pp, it applies globally.
> - You can define multiple resources in the same declaration separated
> by a semi-colon. i.e. file { "/etc/passwd": source => "..."; "/etc/
> group": source => "..."}
>
> Hopefully these allow you to speed things up a bit.
>
> On Feb 19, 12:43 am, David wrote:
> > Hi-
> >
> > Being relatively new to the language, I find myself in a situation where
> it
> > seems like there must be an elegant way to handle this situation using
> the
> > DSL, but I'm not really certain what it could be.
> >
> > I'm trying to describe a configuration that contains 20-30 or so file { }
> > resources, all with the same attributes except for their mode and
> source. I
> > could write them all out explicitly like this:
> >
> > file { '/etc/passwd':
> > uid => root,
> > gid => root,
> > mode => 0644,
> > source => 'puppet:///modulename/etc/passwd',}
> >
> > ...
> > file { '/var/lib/someotherfile':
> > uid => root,
> > gid => root,
> > mode => 0400,
> > source => 'puppet:///modulename/var/lib/someotherfile',
> >
> > }
> >
> > but that seems unnecessarily repetitive. I originally started down the
> path
> > of writing something like this (ignore the difference in the mode
> attribute
> > for a moment):
> >
> > file { [ '/etc/passwd', ... , '/var/lib/someotherfile' ]:
> > uid => root,
> > gid => root,
> > mode => 0400,
> > source => "puppet:///modules/modulename/${title}",
> >
> > }
> >
> > but this bug:http://projects.puppetlabs.com/issues/5259
> > and this mailing list discussion:
> https://groups.google.com/d/topic/puppet-users/bj_uPi_WxC4/discussion
> >
> > helped me understand that that attempting to reference the title
> attribute
> > (the file's namevar) would never work and I would have to use a defined
> > resource instead. Taking Nan's advice in that thread, I then wrote:
> >
> > define basefiles::conf($mode){
> >$serversource = 'puppet:///modules/modulename'
> >
> >file { "${name}":
> >source =>"${serversource}/${name}",
> >owner => root,
> >group => root,
> >mode => "${mode}"
> >}
> >
> > }
> >
> > basefiles::conf { '/etc/passwd:' mode => 0644 }
> > ...
> > basefiles::conf { '/var/lib/otherfile:' mode => 0400 }
> >
> > and that's all groovy. The manifest looks concise and readable.
> >
> > But here's where I stare at a tree and get lost in the forrest: the
> > manifest I'm writing contains my base list of files. On some of my
> > machines, I will want to override that base and substitute a different
> copy
> > of one or two files from that list (e.g. I will want a different
> > /etc/passwd put in place).
> >
> > Further research leads me to this discussion of overriding defined
> > resources and the futility of trying:
> >
> > https://groups.google.com/d/topic/puppet-users/SDa1F817UBA/discussion
> >
> > That discussion leads me to believe it isn't possible to override defined
> > resources in the same way you might with a class. That makes me think I
> > have to either:
> >a) move the files I might want to override out to their own separate
> > class or
> >b) add some logic to the resource definition to do something magical
> for
> > certain invocations
> >
> > Both of these options seem icky to me because it means the base module
> has
> > to be coded in such a way that it has some specific knowledge about when
> > and how it might be overridden. That feels like bad coding mojo to me.
> >
> > So, is there a concise way to describe a collection of file resources,
> yet
> > be able to override parts of that collection definition in an equally
> > elegant fashion? My instinct says there must be (and it is probably
> > palm-meets-forehead simple), but I can't seem to determine what that
> might
> > be. Thanks for any help you can offer!
> >
> > -- dNb
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http
Re: [Puppet Users] Re: Strange behavior by service
On 02/09/2012 11:39 AM, Daniel Pittman wrote: >>> I would try adding "ensure => undef" to the service's parameters. If >>> that doesn't work then I can't imagine what would. >> >> Thanks John, that did the trick. I'm not sure if I've got a service >> default set somewhere I didn't realize or what but at least now it's >> doing the right thing. > > Thanks, John, indeed. I hoped to find a bit more time to dig in and > understand exactly why, but my intuition is that we have a default of > `ensure => true` for anything that doesn't explicitly mention the > value. For a service that is the equivalent of `ensure => running`, > which would explain the behaviour you saw. > > For most types that is the right thing to do, if the user is trying to > manage something about it. > If so it's not well covered in the Type docs. I tested this class under 2.6.x previously and did not experience this issue so it may be a 2.7.x change. A lot has changed about our environment since then so I can't definitively point at anything but if it's a change in the Puppet default value for 'ensure' then the docs should be updated to reflect that. Currently the type docs for 2.7.9 have the following to say about setting 'ensure' on a service: ensure Whether a service should be running. Valid values are stopped (also called false), running (also called true). -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Strange behavior by service
On 02/09/2012 06:16 AM, jcbollinger wrote: > > > On Feb 8, 5:34 pm, Aaron Grewell wrote: >> I've got a bit of a head-scratcher here, though I'm sure it must be >> something small. I'm trying to enable a service for next boot without >> starting it. That usually "just works" but for some reason this time >> around it isn't. The node keeps trying to start the service which >> will always fail because it requires a reboot in order to enable the >> necessary kernel parameters. How do I make Puppet stop trying to >> start the service? > > > I would try adding "ensure => undef" to the service's parameters. If > that doesn't work then I can't imagine what would. > > > John > Thanks John, that did the trick. I'm not sure if I've got a service default set somewhere I didn't realize or what but at least now it's doing the right thing. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Strange behavior by service
On 02/08/2012 04:29 PM, Daniel Pittman wrote: > On Wed, Feb 8, 2012 at 16:13, Aaron Grewell wrote: >> On 02/08/2012 04:11 PM, Daniel Pittman wrote: >>> You can't: if you tell Puppet to ensure the service is running, it >>> will try to start it every time it finds it "out of compliance". >> >> Look at the code. I didn't ensure => running. I set enable => true. >> AFAIK that doesn't mean 'start the service'. > > Ah. Sorry, I missed that one small - but critical - detail. My bad. > No worries. I didn't mean to sound so cranky, for a moment I was afraid I'd been whacked by the blindingly obvious again... I hate it when that happens. I looked through the manifest for errant defaults or something like that but found nothing. It's a puzzle. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Strange behavior by service
On 02/08/2012 04:11 PM, Daniel Pittman wrote: > You can't: if you tell Puppet to ensure the service is running, it > will try to start it every time it finds it "out of compliance". > Look at the code. I didn't ensure => running. I set enable => true. AFAIK that doesn't mean 'start the service'. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Strange behavior by service
I've got a bit of a head-scratcher here, though I'm sure it must be
something small. I'm trying to enable a service for next boot without
starting it. That usually "just works" but for some reason this time
around it isn't. The node keeps trying to start the service which
will always fail because it requires a reboot in order to enable the
necessary kernel parameters. How do I make Puppet stop trying to
start the service?
The error:
err: /Stage[main]/Kdump/Service[kdump]/ensure: change from stopped to
running failed: Could not start Service[kdump]: Execution of
'/sbin/service kdump start' returned 1: at
/etc/puppetlabs/puppet/configurations/se/environments/development/modules/kdump/manifests/init.pp:46
The code (minus the comments at the top):
20 class kdump {
21 include grub
22 include sysctl
23 include rebooter::enable
24
25 grub::set_kparam { 'crashkernel':
26 value => '128M',
27 } # grub::set_kparam
28
29 sysctl::conf {
30 'kernel.core_uses_pid' : value => 1;
31 'fs.suid_dumpable' : value => 1;
32 } # sysctl::conf
33
34 file { "/etc/kdump.conf":
35 mode=> "644",
36 source => "puppet:///modules/kdump/kdump.conf",
37 } # file
38
39 file { "/etc/sysconfig/kdump":
40 mode=> "644",
41 source => "puppet:///modules/kdump/sysconfig-kdump",
42 } # file
43
44 service { "kdump":
45 enable => true,
46 } # service
47 } # class kdump
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] What is the fully-qualified variable name format for external and factors variable in template erb file?
There's a couple of ways to do this, but I usually take the easy route: assign a local variable that has the global's value in the related manifest. In this case, in centrifydc's init.pp just set $domain=$::domain. This will appear as a local variable in the template and you don't have to change your ERB at all. On Mon, Feb 6, 2012 at 8:53 AM, Kenneth Lo wrote: > Trying to cleanup warning messages like the following: > > Dynamic lookup of $domain at > /etc/puppetlabs/puppet/modules/centrifydc/templates/centrifydc.conf.erb:222 > is deprecated. Support will be removed in Puppet 2.8. Use a > fully-qualified variable name (e.g., $classname::variable) or parameterized > classes. > > > Do I simply replace <%= domain %> with <%= ::domain %> ? > > Same goes with variables define via dashboard? > > Thx in advance. > > --KL > This message is for the designated recipient only and may contain > privileged, proprietary, or otherwise private information. If you have > received it in error, please notify the sender immediately and delete the > original. Any other use of the email by you is prohibited. > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet can't start service (dropbox) but init.d command works manually
> However, if I run the above command manually, it works fine and > returns 0: > > root@webhost:~# /etc/init.d/dropbox start ; echo $? > Starting dropbox... > 0 > > Any ideas why puppet can't start the dropbox daemon? I had the same problem when running ssh-keygen via an exec. It ran fine from the CLI but not via Puppet. In my case it turned out that SELinux had been left enabled, so that's one thing to check. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Mining hash field out of the /etc/shadow shadow file
Since it's the shell redirection that Puppet seems not to like, why not wrap the commands in a shell script and use generate on that? On Jan 29, 2012 6:18 PM, "Olivier" wrote: > and then lookup the hash in the /etc/shadow file > > or use the mkpasswd utility (with which I am not familiar) > > > > Once you have the hashed value of your desired clear text password > > you can copy&paste that in the user definition. > > > > -Stefan > > > > your answer is just the text of my original question. So the question > still stands: how do I get the hashed value from /etc/shadow? > > Here is the background of my problem. I have 40 puppet clients and one > master. The password of each user expires after 90 days. Instead of > changing their password manually on 40 different servers by logging > into each server,each user will have to change his/her password on the > puppet server only and Puppet will replicate the hash value on each > puppet client. Obviously I will never know the user's password and am > not interested in replicating the root password. NIS and LDAP are not > an option. > > Thank you. > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Error at the end of a puppet agent run...
Depending on your hardware and ruleset a dozen might be more than Mongrel will handle. On Tue, Jan 24, 2012 at 11:32 AM, Peter Berghold wrote: > Aaron, > > What does scalability have to do with this case? There are maybe a dozen > systems being managed in this case (soon will be more, so then scalability > may play into this) and the configs aren't that complicated. > > > > On Tue, Jan 24, 2012 at 2:21 PM, Aaron Grewell > wrote: >> >> If you didn't specifically configure Puppet to use Passenger then >> you're using Mongrel by default. Scalability => false. >> >> On Tue, Jan 24, 2012 at 8:24 AM, Peter Berghold >> wrote: >> > >> > >> > On Sun, Jan 22, 2012 at 7:54 PM, Stefan Schulte >> > wrote: >> >> >> >> >> >> What version of puppet are you using on the agent side and for your >> >> puppet master? Do you use mongrel or passenger or how do you run your >> >> puppet master? >> >> >> > >> > puppetmasterd 2.7.9 >> > puppet agent 2.7.9 >> > >> > As of right now I am using neither passenger or mongrel. Considering >> > doing >> > so in the future. >> > >> > The puppet master and the puppet agents run as daemons both on the >> > client >> > side and the master side. >> > >> > >> > -- >> > Peter L. Berghold >> > Owner, Shark River Technical Solutions LLC >> > >> > -- >> > You received this message because you are subscribed to the Google >> > Groups >> > "Puppet Users" group. >> > To post to this group, send email to puppet-users@googlegroups.com. >> > To unsubscribe from this group, send email to >> > puppet-users+unsubscr...@googlegroups.com. >> > For more options, visit this group at >> > http://groups.google.com/group/puppet-users?hl=en. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To post to this group, send email to puppet-users@googlegroups.com. >> To unsubscribe from this group, send email to >> puppet-users+unsubscr...@googlegroups.com. >> For more options, visit this group at >> http://groups.google.com/group/puppet-users?hl=en. >> > > > > -- > Peter L. Berghold > Owner, Shark River Technical Solutions LLC > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Error at the end of a puppet agent run...
If you didn't specifically configure Puppet to use Passenger then you're using Mongrel by default. Scalability => false. On Tue, Jan 24, 2012 at 8:24 AM, Peter Berghold wrote: > > > On Sun, Jan 22, 2012 at 7:54 PM, Stefan Schulte > wrote: >> >> >> What version of puppet are you using on the agent side and for your >> puppet master? Do you use mongrel or passenger or how do you run your >> puppet master? >> > > puppetmasterd 2.7.9 > puppet agent 2.7.9 > > As of right now I am using neither passenger or mongrel. Considering doing > so in the future. > > The puppet master and the puppet agents run as daemons both on the client > side and the master side. > > > -- > Peter L. Berghold > Owner, Shark River Technical Solutions LLC > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Cross-module (package) dependencies
I was thinking more in terms of an exception handler:
package { "foo": ensure => installed, exceptDefined => skip}
Or something of that nature. This could also be used in other
situations where you want to bypass default behaviors. We've seen
situations where users want to apply a file if it exists in the module
but otherwise proceed without errors. This could be done like so:
file {"$foo": ensure => present, source => "${foo}.txt", exceptAbsent => skip}
On Tue, Jan 24, 2012 at 1:28 AM, Felix Frank
wrote:
> Hi,
>
> there was a discussion in the "can we deprecate defined() in Telly"
> thread about how we can even begin to design Forge modules without it.
>
> A recurring problem is that multiple modules rely on certain packages,
> and there is no good model (yet) to unite their resource declarations.
> Therefore it's a common (although imho disgusting) workaround to do
> things like
> if !defined(Package[foo]) { package { "foo": ensure => installed } }
>
> On 01/20/2012 11:34 PM, Cody wrote:
>> Defining all somewhat common packages in a central location becomes
>> unrealistic when you no longer "control" the code that is in every
>> module you use. If you obtain five modules from the forge and they
>> all require a specific package and so all define that package your not
>> going to convince, nor is it a good design to require everyone to move
>> the package definitions from that collection of modules. They need to
>> function as a collection out of the box.
>
> Agreed. How can this be accomplished?
>
> Perhaps there needs to be some kind of "Forge common" module that by
> policy can only ever declare virtual resources (packages are a prominent
> example).
> A user who wishes to retain the capability of using modules from the
> Forge would be required to install this common module, and replace their
> own resource declarations with realizations of the common resources.
> For this to work, it's definitely a plus that you can override
> attributes in collections:
> Package<| title == "apache2": |> { ensure => "2.2.12" }
> ...although that does bear some caveats. Does this still work in recent
> versions?
>
> If we can take this for granted, all Forge modules can adhere to that
> same standard.
>
> This is a rough sketch of how things might possibly work, and surely has
> lots of wrinkles of its own. Still, I'm quite sure we need a proper way
> to rid ourselves of the horror that is the parse order dependent check
> for defined resources ;-)
>
> Cheers,
> Felix
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: RFC: Deprecate defined() function for Telly.
On Fri, Jan 20, 2012 at 2:49 PM, Aaron Grewell wrote: > > Are we sure it can't be fixed? What makes defined() so different from > the code that implements require? Shouldn't "if not defined" be the > same as "if a require would fail"? That seems to be what people are > expecting, why not give it to them? Never mind that last bit, it took me a second to realize the order of operations would make that Very Hard. A better question would be "do we have a proper replacement in the pipeline for Telly?" Perhaps exception handling for require? If not then something's better than nothing IMHO. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: RFC: Deprecate defined() function for Telly.
On Fri, Jan 20, 2012 at 2:34 PM, Cody wrote: > Defining all somewhat common packages in a central location becomes > unrealistic when you no longer "control" the code that is in every > module you use. If you obtain five modules from the forge and they > all require a specific package and so all define that package your not > going to convince, nor is it a good design to require everyone to move > the package definitions from that collection of modules. They need to > function as a collection out of the box. > Are we sure it can't be fixed? What makes defined() so different from the code that implements require? Shouldn't "if not defined" be the same as "if a require would fail"? That seems to be what people are expecting, why not give it to them? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Display correctly any array
This (or something like it) should be a candidate for stdlib. On Tue, Jan 17, 2012 at 10:47 AM, Krzysztof Wilczynski wrote: > Hi Aaron, > >> As long as we're lacking a builtin method for pretty-printing data >> structures during a debug session inline templates are going to >> continue to be popular in scenarios like this. > > Sadly, you are right. > > I personally dislike inline_template() hackety hacks and would rather > solve a problem by making a more appropriate newfunction etc :) > > For instance, I have this simple dump() of mine, but something like a > built-in var_dump() (a'la PHP) would be handy, indeed :) > > P.S. I am about to move dump() from Gists to a proper place on my > github. > > KW > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Display correctly any array
As long as we're lacking a builtin method for pretty-printing data
structures during a debug session inline templates are going to
continue to be popular in scenarios like this.
On Tue, Jan 17, 2012 at 10:06 AM, Krzysztof Wilczynski
wrote:
> Hi Felix,
>
>> Seeing as this has not been mentioned in the thread yet, I'm compelled
>> to add:
>>
>> $array_to_str = inline_template("<%= array * ', ' %>")
>>
>> or even
>>
>> notify { "my-notify":
>> message => inline_template("Here is the <%= array * ', ' %>.");
>>
>> }
>
> Ah, the oldie but goodie inline_template() abuse :-)
>
> We should stop endorsing this, really, hehe :)
>
> KW
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: augeas error: Could not evaluate: unknown error - Failed to initialize Augeas
The rpm-based installs of the other components probably expect different paths than the gem is providing. IMHO you shouldn't mix rpm and gem-based installs. Weirdness is virtually guaranteed. Pick one style or the other and stick with it. On Jan 12, 2012 8:03 PM, "LawrieC" wrote: > Thanks for the reply. > > I have now installed the augeas ruby bindings on the client by > getting > > wget http://augeas.net/download/ruby/ruby-augeas-0.4.1.gem > and running > > gem install ruby-augeas-0.4.1 > > Building native extensions. This could take a while... > Successfully installed ruby-augeas-0.4.1 > 1 gem installed > Installing ri documentation for ruby-augeas-0.4.1... > Installing RDoc documentation for ruby-augeas-0.4.1... > > Alas, i am still getting the same error message. > > Is there any extras i need on the server or client? > > Thanks > > > On Jan 12, 9:29 am, "R.I.Pienaar" wrote: > > - Original Message - > > > > > augeas-devel-0.8.1-7.8.2 > > > libaugeas0-0.8.1-7.8.2 > > > > > ruby-devel-1.8.7.p72-5.30.5 > > > rubygem-rake-0.8.7-0.1.4 > > > ruby-1.8.7.p72-5.30.5 > > > rubygems-1.3.7-1.3.3 > > > > also need the augeas ruby bindings > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Exec depends on ressources that are several different types
require accepts an array, so you should be able to do this:
require => [File['foo'],Exec['bar']]
On Mon, Jan 9, 2012 at 5:23 PM, Patrick Viet
wrote:
> Hi dear puppet users.
>
> I have an perl file that depends on a lib, that I want to execute.
> I have stripped the parts of config that weren't relevant here such as
> owner, group and so on
>
> In perl script : use Config::Tiny.
> Script is stored on puppet master.
>
> Manifest :
>
> file { "/path/to/file.pl": source => "puppet:///file.pl, mode =>
> "0755" }
> package { "libconfig-tiny-perl": ensure => installed }
> exec { "/path/to/file.pl": require => }
>
>
> at XX I would like to put Package['libconfig-tiny-perl"] AND
> File["/path/to/file.pl"] which doesn't work.
>
> In the docs
> ( http://docs.puppetlabs.com/guides/language_guide.html )
> it gives an example
> service { 'sshd':
> require => File['sshdconfig', 'sshconfig', 'authorized_keys']
> }
>
> But this only works for multiple dependencies that have the same
> nature, here "File"
>
> I have found a workaround which is to put the package dependency in
> the file section (file depends on package, exec depends on file, all
> solved), but while this does work in my specific case, I'm sure there
> are others where it wouldn't work.
>
> So is there any way to specify multiple resource dependency when the
> resources have a different nature ?
>
> Thanks all
>
> Patrick
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Agents seem to hang during updates, Run already in progress; skipping
That's interesting - PE isn't affected? On Thu, Jan 5, 2012 at 12:26 AM, Ger Apeldoorn wrote: > Hi Radek, > > It's a bug that acts up on a specific kernel; see: > http://projects.puppetlabs.com/issues/10819 > > I've upgraded to Puppet Enterprise and do not have this issue anymore. > > Regards, > Ger. > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To view this discussion on the web visit > https://groups.google.com/d/msg/puppet-users/-/GXaYE-tuyMUJ. > > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Another hostnames best-practice question
You must be getting the real hostname from somewhere programmatically. I
would either override $hostname and $fqdn or create a $realname custom fact
using that info. The override might be cleaner, otherwise you may want to
use either run stages or a deployment-specific environment to make sure the
hostname takes effect before the rest of your resources are instantiated.
On Jan 2, 2012 10:32 AM, "Steph Gosling" wrote:
> Hi all,
>
> In the process of converting a largish installation (around 150 hosts,
> mixed cloud and physical) to Puppet and I have a question about how
> folks manage hostnames.
>
> The TL; DR version:
>
> On first run, I can't use $hostname from facter as it's 'wrong'; for
> things like doing host { $certname: ...} that's fine as it gets
> corrected but for other things it's not. What's the best way to
> have a client set it's hostname correctly, first time?
>
> The long version:
>
> My plan has been to base all node names on $certname as provided on
> the clients by puppet.conf. Ideally, puppet will manage everything
> beyond initially being told where the puppetmaster is, then it's just
> cert, sign, let the agent do it's thing and life is all good.
>
> Some of our configurations rely on having the short hostname explicitly
> specified on the client and I initially was setting this via $hostname
> from facter. These are RH style boxes so I'm
> setting /etc/sysconfig/network via a template, /etc/hosts via the host
> resource and the hostname in the kernel either by hostname(1) or
> echo'ing to /proc/sys/kernel/hostname.
>
> That's all well and good but facter runs before the first puppet run so
> even if I set the FQDN everywhere $hostname is still the original one
> at boot. For most things this is OK as puppet corrects them on the
> second run but other things then end up with obsoleted names kicking
> around or incorrect configs for the length of the run interval.
>
>
> How is everyone else managing this? as so far I can't think of
> an elegant solution:
>
> * Set the hostname by hand/whatever sets certname in puppet.conf (seems
> ugly to me and potentially error-prone)
>
> * split() $certname and use $certname[0] (seems like a kludge, and I
> think also will have scoping issues)
>
> * Create a custom fact that basically does the split() on the client?
>
> * Would stages help? is there anyway to force facter to re-evaluate its
> variables (overriding them also seems kludgey)?
>
> Is there anything else I've missed? how do you all manage it? I've seen
> folks talking about Kickstart/Cobbler but that's not going to work for
> my environment.
>
> Thoughts, pointer and discussion welcome.
>
> --
> Steph Gosling
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] External nodes in different dirs.
Well isn't that handy! On Fri, Dec 30, 2011 at 12:57 PM, R.I.Pienaar wrote: > > > - Original Message - >> Thanks. >> >> On Fri, Dec 30, 2011 at 12:51 PM, Aaron Grewell >> wrote: >> > You get only the host name from the agent. When I did this using a >> > YAML-based ENC I checked each environment directory in turn for a >> > file matching the hostname and just made sure to only create it in the >> > proper place. > > before calling your ENC it will write out the YAML files for each node in > the vardir, so you could load that up and get the current facts - including > the environment fact > > >> > >> > On Fri, Dec 30, 2011 at 12:29 PM, Douglas Garstang >> > wrote: >> >> I'm using external nodes. I wanted to break up the node files into >> >> directories based on say, the environment, dev, prod etc. Does >> >> puppet >> >> set anything besides the host name when it calls the external node >> >> script, such as the environment? Are these variables available as >> >> environment variables ? >> >> >> >> Doug >> >> >> >> -- >> >> You received this message because you are subscribed to the Google >> >> Groups "Puppet Users" group. >> >> To post to this group, send email to >> >> puppet-users@googlegroups.com. >> >> To unsubscribe from this group, send email to >> >> puppet-users+unsubscr...@googlegroups.com. >> >> For more options, visit this group at >> >> http://groups.google.com/group/puppet-users?hl=en. >> >> >> > >> > -- >> > You received this message because you are subscribed to the Google >> > Groups "Puppet Users" group. >> > To post to this group, send email to puppet-users@googlegroups.com. >> > To unsubscribe from this group, send email to >> > puppet-users+unsubscr...@googlegroups.com. >> > For more options, visit this group at >> > http://groups.google.com/group/puppet-users?hl=en. >> > >> >> >> >> -- >> Regards, >> >> Douglas Garstang >> http://www.linkedin.com/in/garstang >> Email: doug.garst...@gmail.com >> Cell: +1-805-340-5627 >> >> -- >> You received this message because you are subscribed to the Google >> Groups "Puppet Users" group. >> To post to this group, send email to puppet-users@googlegroups.com. >> To unsubscribe from this group, send email to >> puppet-users+unsubscr...@googlegroups.com. >> For more options, visit this group at >> http://groups.google.com/group/puppet-users?hl=en. >> >> > > -- > R.I.Pienaar > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] External nodes in different dirs.
You get only the host name from the agent. When I did this using a YAML-based ENC I checked each environment directory in turn for a file matching the hostname and just made sure to only create it in the proper place. On Fri, Dec 30, 2011 at 12:29 PM, Douglas Garstang wrote: > I'm using external nodes. I wanted to break up the node files into > directories based on say, the environment, dev, prod etc. Does puppet > set anything besides the host name when it calls the external node > script, such as the environment? Are these variables available as > environment variables ? > > Doug > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppetserver error
You'll have to re-sign your node's cert using puppetca --sign On Fri, Dec 30, 2011 at 9:28 AM, Mohammad Khan wrote: > I removed ssldir from clients and ran the puppetca --clean from the server. > It ran fine finally. Now I am stuck on where client complains that > 'certificate verify failed" I dont know what to do now? > > > On Fri, Dec 30, 2011 at 11:42 AM, Aaron Grewell > wrote: >> >> Did you remove the ssldir on the server or the client? Usually to >> completely reset the cert you run clean on the server, remove the >> contents of the ssldir on the client, then re-run puppet and it should >> rebuild the cert. I wouldn't recommend removing the ssldir on the >> server except as a last resort, otherwise you'll have to rebuild all >> your client certs. >> >> If that's what you already did, make sure that your ssldir and its >> contents are owned by user & group puppet as well. >> >> On Fri, Dec 30, 2011 at 8:02 AM, Mohammad Khan >> wrote: >> > Do I need to make any changes to server or delete sl info on the server. >> > I >> > am still getting the certificate verify failed error on clients? >> > >> > >> > On Fri, Dec 30, 2011 at 8:54 AM, Mohammad Khan >> > wrote: >> >> >> >> I was able to sign the certificate to the client but still I am getting >> >> this error now on the >> >> client: >> >> >> >> Client puppet-agent[15030]: Starting Puppet client version 2.6.12 >> >> Dec 30 08:52:52 Client puppet-agent[15030]: Could not retrieve catalog >> >> from remote server: certificate verify failed >> >> Dec 30 08:52:52 Client puppet-agent[15030]: Using cached catalog >> >> Dec 30 08:52:52 Client puppet-agent[15030]: Could not retrieve catalog; >> >> skipping run >> >> >> >> >> >> >> >> >> >> On Fri, Dec 30, 2011 at 8:26 AM, Mohammad Khan >> >> wrote: >> >>> >> >>> I have gone little further nowwhat I have done is to delete the ssl >> >>> folder from one of the client and ran this command on server: puppetca >> >>> --clean clientname >> >>> it has generated new certificate but in the end I get the same error: >> >>> >> >>> err: Could not call revoke: Cannot convert into OpenSSL::BN >> >>> Further more when i restart the agent from the client now I get this >> >>> message under server message log: client has a waiting certificate >> >>> request >> >>> Under my client message log: >> >>> hostname puppet-agent[13385]: Did not receive certificate >> >>> >> >>> >> >>> >> >>> >> >>> On Fri, Dec 30, 2011 at 7:36 AM, Mohammad Khan >> >>> wrote: >> >>>> >> >>>> I have tried to deleted the ssl folder under puppet. And then tried >> >>>> to >> >>>> clean the certificate from the server but did not work. >> >>>> #puppetca --clean hostname >> >>>> notice: Revoked certificate with serial # Inventory of signed >> >>>> certificates >> >>>> # SERIAL NOT_BEFORE NOT_AFTER SUBJECT >> >>>> >> >>>> >> >>>> err: Could not call revoke: Cannot convert into OpenSSL::BN >> >>>> >> >>>> >> >>>> >> >>>> On Fri, Dec 30, 2011 at 7:23 AM, Mohammad Khan >> >>>> wrote: >> >>>>> >> >>>>> Thanks guys; I am getting closer but still some errors. I am getting >> >>>>> these errors now. >> >>>>> Starting Puppet client version 2.6.12 >> >>>>> Dec 30 07:20:40 puppet puppet-agent[19918]: Could not retrieve >> >>>>> catalog >> >>>>> from remote server: Retrieved certificate does not match private >> >>>>> key; please >> >>>>> remove certificate from server and regenerate it with the current >> >>>>> key >> >>>>> Dec 30 07:20:40 server puppet-agent[19918]: Using cached catalog >> >>>>> Dec 30 07:20:40 server puppet-agent[19918]: Could not retrieve >> >>>>> catalog; >> >>>>> skipping run >> >>>>> >> >>>>> >> >>>>> >> >>>
Re: [Puppet Users] Puppetserver error
Did you remove the ssldir on the server or the client? Usually to completely reset the cert you run clean on the server, remove the contents of the ssldir on the client, then re-run puppet and it should rebuild the cert. I wouldn't recommend removing the ssldir on the server except as a last resort, otherwise you'll have to rebuild all your client certs. If that's what you already did, make sure that your ssldir and its contents are owned by user & group puppet as well. On Fri, Dec 30, 2011 at 8:02 AM, Mohammad Khan wrote: > Do I need to make any changes to server or delete sl info on the server. I > am still getting the certificate verify failed error on clients? > > > On Fri, Dec 30, 2011 at 8:54 AM, Mohammad Khan wrote: >> >> I was able to sign the certificate to the client but still I am getting >> this error now on the >> client: >> >> Client puppet-agent[15030]: Starting Puppet client version 2.6.12 >> Dec 30 08:52:52 Client puppet-agent[15030]: Could not retrieve catalog >> from remote server: certificate verify failed >> Dec 30 08:52:52 Client puppet-agent[15030]: Using cached catalog >> Dec 30 08:52:52 Client puppet-agent[15030]: Could not retrieve catalog; >> skipping run >> >> >> >> >> On Fri, Dec 30, 2011 at 8:26 AM, Mohammad Khan >> wrote: >>> >>> I have gone little further nowwhat I have done is to delete the ssl >>> folder from one of the client and ran this command on server: puppetca >>> --clean clientname >>> it has generated new certificate but in the end I get the same error: >>> >>> err: Could not call revoke: Cannot convert into OpenSSL::BN >>> Further more when i restart the agent from the client now I get this >>> message under server message log: client has a waiting certificate request >>> Under my client message log: >>> hostname puppet-agent[13385]: Did not receive certificate >>> >>> >>> >>> >>> On Fri, Dec 30, 2011 at 7:36 AM, Mohammad Khan >>> wrote: I have tried to deleted the ssl folder under puppet. And then tried to clean the certificate from the server but did not work. #puppetca --clean hostname notice: Revoked certificate with serial # Inventory of signed certificates # SERIAL NOT_BEFORE NOT_AFTER SUBJECT err: Could not call revoke: Cannot convert into OpenSSL::BN On Fri, Dec 30, 2011 at 7:23 AM, Mohammad Khan wrote: > > Thanks guys; I am getting closer but still some errors. I am getting > these errors now. > Starting Puppet client version 2.6.12 > Dec 30 07:20:40 puppet puppet-agent[19918]: Could not retrieve catalog > from remote server: Retrieved certificate does not match private key; > please > remove certificate from server and regenerate it with the current key > Dec 30 07:20:40 server puppet-agent[19918]: Using cached catalog > Dec 30 07:20:40 server puppet-agent[19918]: Could not retrieve catalog; > skipping run > > > > > On Fri, Dec 30, 2011 at 2:31 AM, Bernd Adamowicz > wrote: >> >> I'm pretty sure that, besides the other answers already provided, your >> main problem is the wrong user for your Puppet configuration. It should >> be >> user 'puppet' and not 'root'. That's how '/etc/puppet' should look like: >> >> drwxr-xr-x 5 puppet puppet 4.0K Dec 12 17:48 . >> drwxr-xr-x 79 root root 12K Dec 26 04:03 .. >> -rw-r--r-- 1 puppet puppet 3.1K Dec 12 17:48 auth.conf >> drwxr-xr-x 6 puppet puppet 4.0K Dec 12 17:48 environments >> drwxr-xr-x 3 puppet puppet 4.0K Dec 12 17:48 manifests >> -rw-r--r-- 1 puppet puppet 838 Dec 12 17:48 namespaceauth.conf >> -rw-r--r-- 1 puppet puppet 1.8K Dec 12 17:48 puppet.conf >> drwxr-xr-x 6 puppet puppet 4.0K Dec 30 08:20 .svn >> >> So a command like 'chown -R puppet:puppet /etc/puppet' issued as >> 'root' should solve your main problem which is the 'Permission denied' >> error >> as well as the non starting Puppet process. >> >> Bernd >> >> > -Ursprüngliche Nachricht- >> > Von: puppet-users@googlegroups.com [mailto:puppet- >> > us...@googlegroups.com] Im Auftrag von Khan >> > Gesendet: Donnerstag, 29. Dezember 2011 17:37 >> > An: Puppet Users >> > Betreff: [Puppet Users] Puppetserver error >> > >> > Hello everyone, >> > I am new to puppet. I have installed on redhat Enterprise 5and seems >> > to be working fine. Couple days ago I was testing some permissions >> > on / >> > etc folder and applied 600 /etc and sub folders. Although I have >> > reverted the permission but I am having issues on puppetmaster. >> > Currently I have these permission on etc 755 and puppet folder: >> > my /etc folder is 755 and puppet folder with tese permsions: >> > >> > -rw-r--r-- 1 root root 2346 May 8 2010 auth.conf >> > -rw-r--r-- 1 root root 419 May 19 2010 fileserver.conf >> > drwxr-xr-x 3 root root 4096
Re: [Puppet Users] Re: Puppetserver error
I've never integrated Puppet with LDAP so I can't help much there. On Thu, Dec 29, 2011 at 12:25 PM, Mohammad Khan wrote: > I am getting these messages now at the puppetmaster start: > > > Denying access: Forbidden request: server(ip) access to > /catalog/server.domain.co [find] at line 93 > Dec 29 15:13:20 server puppet-master[3311]: Forbidden request: server (ip) > access to /catalog/server.domain.co [find] at line 93 > Dec 29 15:13:20 server puppet-agent[4382]: Could not retrieve catalog from > remote server: Error 403 on SERVER: Forbidden request: server (ip) access to > /catalog/server.domain.co [find] at line 93 > And also the same error: but on 17 line now. Which represent my ldap if i > disable ldap line then the error moves to next line and so on. > > > On Thu, Dec 29, 2011 at 2:22 PM, Aaron Grewell > wrote: >> >> Run puppet --genconfig for an example. >> >> >> On Thu, Dec 29, 2011 at 11:12 AM, Mohammad Khan >> wrote: >> > same results after changes , what should i add into master section? >> > >> > >> > On Thu, Dec 29, 2011 at 2:08 PM, Aaron Grewell >> > wrote: >> >> >> >> You'll want to change [puppetd] to [agent], as well as adding a >> >> [master] section with appropriate contents. >> >> >> >> On Thu, Dec 29, 2011 at 10:57 AM, Mohammad Khan >> >> wrote: >> >> > [main] >> >> > # Where Puppet stores dynamic and growing data. >> >> > # The default value is '/var/puppet'. >> >> > vardir = /var/lib/puppet >> >> > >> >> > # The Puppet log directory. >> >> > # The default value is '$vardir/log'. >> >> > logdir = /var/log/puppet >> >> > >> >> > # Where Puppet PID files are kept. >> >> > # The default value is '$vardir/run'. >> >> > rundir = /var/run/puppet >> >> > >> >> > # Where SSL certificates are kept. >> >> > # The default value is '$confdir/ssl'. >> >> > ssldir = $vardir/ssl >> >> > >> >> > [puppetd] >> >> > # The file in which puppetd stores a list of the classes >> >> > # associated with the retrieved configuratiion. Can be loaded in >> >> > # the separate ``puppet`` executable using the ``--loadclasses`` >> >> > # option. >> >> > # The default value is '$confdir/classes.txt'. >> >> > classfile = $vardir/classes.txt >> >> > >> >> > # Where puppetd caches the local configuration. An >> >> > # extension indicating the cache format is added automatically. >> >> > # The default value is '$confdir/localconfig'. >> >> > localconfig = $vardir/localconfig >> >> > >> >> > >> >> > >> >> > On Thu, Dec 29, 2011 at 1:43 PM, Aaron Grewell >> >> > >> >> > wrote: >> >> >> >> >> >> Can you post your config? It sounds like there may be an error in >> >> >> it. >> >> >> >> >> >> On Thu, Dec 29, 2011 at 10:35 AM, Mohammad Khan >> >> >> >> >> >> wrote: >> >> >> > Thanks for your response. >> >> >> > I have cahnge the permission to 655 on manifests and still the >> >> >> > same >> >> >> > thing. >> >> >> > My puppetmaster was not even starting then and now. The user/group >> >> >> > is >> >> >> > root >> >> >> > for this folder. Every time when I try to start puppetmaster is >> >> >> > get >> >> >> > this >> >> >> > error message: >> >> >> > >> >> >> > server puppet-master[20965]: Starting Puppet master version 2.6.12 >> >> >> > Dec 29 13:29:26 server puppet-master[20982]: You have >> >> >> > configuration >> >> >> > parameter $classfile specified in [puppetd], which is a deprecated >> >> >> > section. >> >> >> > I'm assuming you meant [agent] >> >> >> > Dec 29 13:29:26 server puppet-master[20982]: You have >> >> >> > configuration >> >> >> > parameter $loca
Re: [Puppet Users] Re: Puppetserver error
You'll want to change [puppetd] to [agent], as well as adding a [master] section with appropriate contents. On Thu, Dec 29, 2011 at 10:57 AM, Mohammad Khan wrote: > [main] > # Where Puppet stores dynamic and growing data. > # The default value is '/var/puppet'. > vardir = /var/lib/puppet > > # The Puppet log directory. > # The default value is '$vardir/log'. > logdir = /var/log/puppet > > # Where Puppet PID files are kept. > # The default value is '$vardir/run'. > rundir = /var/run/puppet > > # Where SSL certificates are kept. > # The default value is '$confdir/ssl'. > ssldir = $vardir/ssl > > [puppetd] > # The file in which puppetd stores a list of the classes > # associated with the retrieved configuratiion. Can be loaded in > # the separate ``puppet`` executable using the ``--loadclasses`` > # option. > # The default value is '$confdir/classes.txt'. > classfile = $vardir/classes.txt > > # Where puppetd caches the local configuration. An > # extension indicating the cache format is added automatically. > # The default value is '$confdir/localconfig'. > localconfig = $vardir/localconfig > > > > On Thu, Dec 29, 2011 at 1:43 PM, Aaron Grewell > wrote: >> >> Can you post your config? It sounds like there may be an error in it. >> >> On Thu, Dec 29, 2011 at 10:35 AM, Mohammad Khan >> wrote: >> > Thanks for your response. >> > I have cahnge the permission to 655 on manifests and still the same >> > thing. >> > My puppetmaster was not even starting then and now. The user/group is >> > root >> > for this folder. Every time when I try to start puppetmaster is get this >> > error message: >> > >> > server puppet-master[20965]: Starting Puppet master version 2.6.12 >> > Dec 29 13:29:26 server puppet-master[20982]: You have configuration >> > parameter $classfile specified in [puppetd], which is a deprecated >> > section. >> > I'm assuming you meant [agent] >> > Dec 29 13:29:26 server puppet-master[20982]: You have configuration >> > parameter $localconfig specified in [puppetd], which is a deprecated >> > section. I'm assuming you meant [agent] >> > Dec 29 13:29:27 server puppet-master[21035]: Reopening log files >> > Dec 29 13:29:27 server puppet-master[21035]: Starting Puppet master >> > version >> > 2.6.12 >> > >> > >> > >> > >> > On Thu, Dec 29, 2011 at 12:35 PM, Justin >> > wrote: >> >> >> >> Hello Khan, >> >> >> >> I'm fairly new to Puppet as well. >> >> I'm assuming that `manifests/classes/sysctl.pp` is being referenced by >> >> the line 3 of `manifests/site.pp` from the error msgs. >> >> My first thing would be to double check the permissions on `manifests/ >> >> classes/sysctl.pp` >> >> >> >> After that I would check the content and files being referenced by >> >> sysctl.pp and see if it's a permission issue at a lower level and >> >> Puppet is errorring at an unhelpfully high level. >> >> >> >> If that doesn't help, what the users/groups for the manifests and >> >> files being created by the manifests? Are you using filebucket? >> >> >> >> >> >> - Justin >> >> >> >> >> >> >> >> On Dec 29, 8:36 am, Khan wrote: >> >> > Hello everyone, >> >> > I am new to puppet. I have installed on redhat Enterprise 5and seems >> >> > to be working fine. Couple days ago I was testing some permissions on >> >> > / >> >> > etc folder and applied 600 /etc and sub folders. Although I have >> >> > reverted the permission but I am having issues on puppetmaster. >> >> > Currently I have these permission on etc 755 and puppet folder: >> >> > my /etc folder is 755 and puppet folder with tese permsions: >> >> > >> >> > -rw-r--r-- 1 root root 2346 May 8 2010 auth.conf >> >> > -rw-r--r-- 1 root root 419 May 19 2010 fileserver.conf >> >> > drwxr-xr-x 3 root root 4096 Dec 23 10:48 manifests >> >> > drwxr-xr-x 21 root root 4096 Oct 22 2010 modules >> >> > -rw-r--r-- 1 root root 980 May 27 2010 puppet.conf >> >> > -rw-r--r-- 1 root root 855 May 17 2010 puppet.conf.rpmnew >>
Re: [Puppet Users] Re: Puppetserver error
Run puppet --genconfig for an example. On Thu, Dec 29, 2011 at 11:12 AM, Mohammad Khan wrote: > same results after changes , what should i add into master section? > > > On Thu, Dec 29, 2011 at 2:08 PM, Aaron Grewell > wrote: >> >> You'll want to change [puppetd] to [agent], as well as adding a >> [master] section with appropriate contents. >> >> On Thu, Dec 29, 2011 at 10:57 AM, Mohammad Khan >> wrote: >> > [main] >> > # Where Puppet stores dynamic and growing data. >> > # The default value is '/var/puppet'. >> > vardir = /var/lib/puppet >> > >> > # The Puppet log directory. >> > # The default value is '$vardir/log'. >> > logdir = /var/log/puppet >> > >> > # Where Puppet PID files are kept. >> > # The default value is '$vardir/run'. >> > rundir = /var/run/puppet >> > >> > # Where SSL certificates are kept. >> > # The default value is '$confdir/ssl'. >> > ssldir = $vardir/ssl >> > >> > [puppetd] >> > # The file in which puppetd stores a list of the classes >> > # associated with the retrieved configuratiion. Can be loaded in >> > # the separate ``puppet`` executable using the ``--loadclasses`` >> > # option. >> > # The default value is '$confdir/classes.txt'. >> > classfile = $vardir/classes.txt >> > >> > # Where puppetd caches the local configuration. An >> > # extension indicating the cache format is added automatically. >> > # The default value is '$confdir/localconfig'. >> > localconfig = $vardir/localconfig >> > >> > >> > >> > On Thu, Dec 29, 2011 at 1:43 PM, Aaron Grewell >> > wrote: >> >> >> >> Can you post your config? It sounds like there may be an error in it. >> >> >> >> On Thu, Dec 29, 2011 at 10:35 AM, Mohammad Khan >> >> wrote: >> >> > Thanks for your response. >> >> > I have cahnge the permission to 655 on manifests and still the same >> >> > thing. >> >> > My puppetmaster was not even starting then and now. The user/group is >> >> > root >> >> > for this folder. Every time when I try to start puppetmaster is get >> >> > this >> >> > error message: >> >> > >> >> > server puppet-master[20965]: Starting Puppet master version 2.6.12 >> >> > Dec 29 13:29:26 server puppet-master[20982]: You have configuration >> >> > parameter $classfile specified in [puppetd], which is a deprecated >> >> > section. >> >> > I'm assuming you meant [agent] >> >> > Dec 29 13:29:26 server puppet-master[20982]: You have configuration >> >> > parameter $localconfig specified in [puppetd], which is a deprecated >> >> > section. I'm assuming you meant [agent] >> >> > Dec 29 13:29:27 server puppet-master[21035]: Reopening log files >> >> > Dec 29 13:29:27 server puppet-master[21035]: Starting Puppet master >> >> > version >> >> > 2.6.12 >> >> > >> >> > >> >> > >> >> > >> >> > On Thu, Dec 29, 2011 at 12:35 PM, Justin >> >> > wrote: >> >> >> >> >> >> Hello Khan, >> >> >> >> >> >> I'm fairly new to Puppet as well. >> >> >> I'm assuming that `manifests/classes/sysctl.pp` is being referenced >> >> >> by >> >> >> the line 3 of `manifests/site.pp` from the error msgs. >> >> >> My first thing would be to double check the permissions on >> >> >> `manifests/ >> >> >> classes/sysctl.pp` >> >> >> >> >> >> After that I would check the content and files being referenced by >> >> >> sysctl.pp and see if it's a permission issue at a lower level and >> >> >> Puppet is errorring at an unhelpfully high level. >> >> >> >> >> >> If that doesn't help, what the users/groups for the manifests and >> >> >> files being created by the manifests? Are you using filebucket? >> >> >> >> >> >> >> >> >> - Justin >> >> >> >> >> >> >> >> >> >>
Re: [Puppet Users] Re: Puppetserver error
Can you post your config? It sounds like there may be an error in it. On Thu, Dec 29, 2011 at 10:35 AM, Mohammad Khan wrote: > Thanks for your response. > I have cahnge the permission to 655 on manifests and still the same thing. > My puppetmaster was not even starting then and now. The user/group is root > for this folder. Every time when I try to start puppetmaster is get this > error message: > > server puppet-master[20965]: Starting Puppet master version 2.6.12 > Dec 29 13:29:26 server puppet-master[20982]: You have configuration > parameter $classfile specified in [puppetd], which is a deprecated section. > I'm assuming you meant [agent] > Dec 29 13:29:26 server puppet-master[20982]: You have configuration > parameter $localconfig specified in [puppetd], which is a deprecated > section. I'm assuming you meant [agent] > Dec 29 13:29:27 server puppet-master[21035]: Reopening log files > Dec 29 13:29:27 server puppet-master[21035]: Starting Puppet master version > 2.6.12 > > > > > On Thu, Dec 29, 2011 at 12:35 PM, Justin wrote: >> >> Hello Khan, >> >> I'm fairly new to Puppet as well. >> I'm assuming that `manifests/classes/sysctl.pp` is being referenced by >> the line 3 of `manifests/site.pp` from the error msgs. >> My first thing would be to double check the permissions on `manifests/ >> classes/sysctl.pp` >> >> After that I would check the content and files being referenced by >> sysctl.pp and see if it's a permission issue at a lower level and >> Puppet is errorring at an unhelpfully high level. >> >> If that doesn't help, what the users/groups for the manifests and >> files being created by the manifests? Are you using filebucket? >> >> >> - Justin >> >> >> >> On Dec 29, 8:36 am, Khan wrote: >> > Hello everyone, >> > I am new to puppet. I have installed on redhat Enterprise 5and seems >> > to be working fine. Couple days ago I was testing some permissions on / >> > etc folder and applied 600 /etc and sub folders. Although I have >> > reverted the permission but I am having issues on puppetmaster. >> > Currently I have these permission on etc 755 and puppet folder: >> > my /etc folder is 755 and puppet folder with tese permsions: >> > >> > -rw-r--r-- 1 root root 2346 May 8 2010 auth.conf >> > -rw-r--r-- 1 root root 419 May 19 2010 fileserver.conf >> > drwxr-xr-x 3 root root 4096 Dec 23 10:48 manifests >> > drwxr-xr-x 21 root root 4096 Oct 22 2010 modules >> > -rw-r--r-- 1 root root 980 May 27 2010 puppet.conf >> > -rw-r--r-- 1 root root 855 May 17 2010 puppet.conf.rpmnew >> > >> > I am getting these error in the log: >> > >> > puppet-master[3519]: Could not parse for environment production: >> > Permission denied - /etc/puppet/manifests/classes/sysctl.pp at /etc/ >> > puppet/manifests/site.pp:3 on node client1 >> > >> > Dec 27 14:25:46 server puppet-master[3519]: Could not parse for >> > environment production: Permission denied - /etc/puppet/manifests/ >> > classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on node client2 >> > >> > Dec 27 14:27:15 server puppet-master[3519]: Could not parse for >> > environment production: Permission denied - /etc/puppet/manifests/ >> > classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on node client3 >> > >> > Dec 27 14:27:15 server puppet-master[3519]: Could not parse for >> > environment production: Permission denied - /etc/puppet/manifests/ >> > classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on node client4 >> > >> > Dec 27 14:27:15 server puppet-agent[10407]: Could not retrieve catalog >> > from remote server: Error 400 on SERVER: Could not parse for >> > environment production: Permission denied - /etc/puppet/manifests/ >> > classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on node server >> > Any Help will be greatly appreciated. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To post to this group, send email to puppet-users@googlegroups.com. >> To unsubscribe from this group, send email to >> puppet-users+unsubscr...@googlegroups.com. >> For more options, visit this group at >> http://groups.google.com/group/puppet-users?hl=en. >> > > > > -- > Regards, > Mohammad > > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: packages and Solaris
We decided to distribute the pkg files the same way we do Linux
packages - via http. This define has been very useful to us:
define pkg_http($version,$source, $adminfile, $responsefile=undef){
exec {"/usr/sfw/bin/wget $source -O /var/tmp/$name-$version.pkg":
unless => "/usr/bin/test -f /var/tmp/$name-$version.pkg",
alias => "wget_$name",
} # exec
package { "$name":
ensure => 'installed',
provider => 'sun',
source => "/var/tmp/$name-$version.pkg",
adminfile => "$adminfile",
responsefile => $responsefile,
require => Exec["wget_$name"],
} # package
} # define pkg_http
Our typical admin file looks like this:
mail=
instance=unique
partial=nocheck
runlevel=nocheck
idepend=nocheck
rdepend=nocheck
space=nocheck
setuid=nocheck
conflict=nocheck
action=nocheck
networktimeout=60
networkretries=3
authentication=quit
keystore=/var/sadm/security
proxy=
basedir=default
On Wed, Dec 28, 2011 at 8:55 AM, Bill Proud wrote:
> You need to use the adminfile and source parameters - once you have
> done that the provider works just fine.
>
> On Dec 28, 4:19 pm, Peter Berghold wrote:
>> Hi folks,
>>
>> I'm about to propose to my current company that we use puppet to manage
>> releases of home grown software. The environment is a mix of Solaris
>> 8/9/10 and RHEL 5&6.
>>
>> I've got a handle on how to create recipes to release software into the
>> RHEL environment. The unknown for me is how to manipulate the pkgadd
>> provider to load the locally grown package stream. Can someone guide me in
>> the right direction.
>>
>> --
>> Peter L. Berghold
>> Owner, Shark River Technical Solutions LLC
>> Custom hosting provider.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Ruby error when running puppet agent on host
More information will be needed I suspect. Can you post: rpm -qi puppet rpm -qa | grep ruby gem list --local On Wed, Dec 28, 2011 at 3:39 AM, eRefre wrote: > Bump. > > No one that has a clue? > > On Dec 14, 4:00 am, Richard Olofsson wrote: >> Hi. >> >> We have started to receive some strange errors when running puppet agent on >> some hosts in our datacenter. >> We have about 500 clients and there are about 30 that gives us this error: >> >> /usr/lib/ruby/site_ruby/1.8/puppet/application/agent.rb:53:in >> `handle_serve': uninitialized constant Puppet::Network::Handler (NameError) >> from /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:329:in `send' >> from /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:329:in >> `parse_options' >> from /usr/lib/ruby/1.8/optparse.rb:1247:in `call' >> from /usr/lib/ruby/1.8/optparse.rb:1247:in `order!' >> from /usr/lib/ruby/1.8/optparse.rb:1205:in `catch' >> from /usr/lib/ruby/1.8/optparse.rb:1205:in `order!' >> from /usr/lib/ruby/1.8/optparse.rb:1279:in `permute!' >> from /usr/lib/ruby/1.8/optparse.rb:1300:in `parse!' >> from /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:335:in >> `parse_options' >> from /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:284:in `run' >> from /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:393:in >> `exit_on_fail' >> from /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:284:in `run' >> from /usr/lib/ruby/site_ruby/1.8/puppet/util/command_line.rb:55:in >> `execute' >> from /usr/bin/puppet:4 >> >> It has worked before and there has not been any change to the system >> configuration. >> >> This affects both Suse and Redhat servers. >> >> I have reinstalled the ruby dependencies and puppet but the error still >> persists. >> >> When checking the logs it says that the service has been executed and i can >> see that the files and configuration has been applied. >> *puppet-agent[7067]: Finished catalog run in 1.11 seconds >> * >> *puppet agent --version* >> 2.6.4 >> * >> ruby-libs-1.8.5-5.el5_4.8 >> ruby-1.8.5-5.el5_4.8 >> >> puppetmasterd --version* >> 2.6.4 >> >> Any clues what might be the problem? >> >> Regards >> Richard. > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] New variable scoping question regarding defines calling defines.
Hmm, I just thought of this. Normally when referencing an instance of
a define you would use this syntax (note the caps):
Foo::Do_stuff['name']
Did you try:
Foo::Do_stuff['name']::var1
On Tue, Dec 27, 2011 at 1:37 PM, Aaron Grewell wrote:
> Yeah, I'd file a bug against that. There may be other considerations,
> but unless there's a really good reason for the current behavior I
> would expect it to throw an error.
>
> On Tue, Dec 27, 2011 at 1:24 PM, Trevor Vaughan
> wrote:
>> In that case, it should probably just fail instead of working (and
>> yes, it works).
>>
>> Trevor
>>
>> On Tue, Dec 27, 2011 at 4:01 PM, Aaron Grewell
>> wrote:
>>> If you were actually passing the variable, yes. But you're not, you're
>>> expecting to reach into a non-class (essentially a grab-bag of resources)
>>> and extract data as though it were a class. It isn't and AFAIK you can't.
>>> You'll have to put the data in an actual class and address it from there.
>>>
>>> On Dec 27, 2011 11:21 AM, "Trevor Vaughan" wrote:
>>>>
>>>> There are actually pretty good reasons for doing it if you have a
>>>> fully modular setup.
>>>>
>>>> For example:
>>>>
>>>> Web Server module define -> Firewall code define -> ERB using higher
>>>> level variables.
>>>>
>>>> There's no reason to stuff everything into a big data store when you
>>>> can easily pass it down. *But* if you try to use the top level
>>>> variable in the second define call ERB, then you've got issues.
>>>>
>>>> I feel that this needs to be either forbidden (break the compile) or
>>>> allowed. But we'd need to know how to allow it.
>>>>
>>>> Trevor
>>>>
>>>> On Tue, Dec 27, 2011 at 11:40 AM, Aaron Grewell
>>>> wrote:
>>>> > It's an interesting question, but I wouldn't want to structure my
>>>> > modules that way. There are two methods of getting data into a define
>>>> > that are guaranteed to work: passing variables and file retrieval
>>>> > (extlookup/hiera). Especially given the changes being made to scoping
>>>> > anything else is fraught with peril.
>>>> >
>>>> > On Mon, Dec 26, 2011 at 5:56 AM, Trevor Vaughan
>>>> > wrote:
>>>> >> I just ran into an interesting scenario where I didn't know how to
>>>> >> scope my variables and I'd just like to share for the crowd.
>>>> >>
>>>> >> Suppose you have two modules 'foo' and 'bar'. You also have two
>>>> >> defines, 'foo::do_stuff' and 'bar::more_stuff'.
>>>> >>
>>>> >> define foo::do_stuff (
>>>> >> $var1 = 'a',
>>>> >> $var2 = 'b'
>>>> >> ) {
>>>> >> bar::more_stuff { 'test': }
>>>> >> }
>>>> >>
>>>> >> define bar::more_stuff (
>>>> >> $optional_var = 'ignore'
>>>> >> ) {
>>>> >> file { '/tmp/test':
>>>> >> content => template('bar/random.erb')
>>>> >> }
>>>> >>
>>>> >> +++ random.erb +++
>>>> >>
>>>> >> var1 = <%= var1 %>
>>>> >> var2 = <%= var2 %>
>>>> >>
>>>> >> So, here, puppet complains about the scope of var1 and var2 but what
>>>> >> should the correct scope be? foo::do_stuff::var1, etc...? But how does
>>>> >> that work with multiple define calls to foo::do_stuff?
>>>> >>
>>>> >> This, of course, can be avoided by putting the template under
>>>> >> foo/templates and forcing the passage of content to bar::more_stuff
>>>> >> but I'm not quite sure *why* this isn't supposed to work and what to
>>>> >> do about it with the notice that 2.8 will force the scoping of all
>>>> >> variables.
>>>> >>
>>>> >> Thanks,
>>>> >>
>>>> >> Trevor
>>>> >>
>>>> >> --
>>>> >> Trevor Vaughan
>>>> >> Vice President, Onyx Point, Inc
>>>> >> (410) 541-6699
>>>&g
Re: [Puppet Users] New variable scoping question regarding defines calling defines.
Yeah, I'd file a bug against that. There may be other considerations,
but unless there's a really good reason for the current behavior I
would expect it to throw an error.
On Tue, Dec 27, 2011 at 1:24 PM, Trevor Vaughan wrote:
> In that case, it should probably just fail instead of working (and
> yes, it works).
>
> Trevor
>
> On Tue, Dec 27, 2011 at 4:01 PM, Aaron Grewell
> wrote:
>> If you were actually passing the variable, yes. But you're not, you're
>> expecting to reach into a non-class (essentially a grab-bag of resources)
>> and extract data as though it were a class. It isn't and AFAIK you can't.
>> You'll have to put the data in an actual class and address it from there.
>>
>> On Dec 27, 2011 11:21 AM, "Trevor Vaughan" wrote:
>>>
>>> There are actually pretty good reasons for doing it if you have a
>>> fully modular setup.
>>>
>>> For example:
>>>
>>> Web Server module define -> Firewall code define -> ERB using higher
>>> level variables.
>>>
>>> There's no reason to stuff everything into a big data store when you
>>> can easily pass it down. *But* if you try to use the top level
>>> variable in the second define call ERB, then you've got issues.
>>>
>>> I feel that this needs to be either forbidden (break the compile) or
>>> allowed. But we'd need to know how to allow it.
>>>
>>> Trevor
>>>
>>> On Tue, Dec 27, 2011 at 11:40 AM, Aaron Grewell
>>> wrote:
>>> > It's an interesting question, but I wouldn't want to structure my
>>> > modules that way. There are two methods of getting data into a define
>>> > that are guaranteed to work: passing variables and file retrieval
>>> > (extlookup/hiera). Especially given the changes being made to scoping
>>> > anything else is fraught with peril.
>>> >
>>> > On Mon, Dec 26, 2011 at 5:56 AM, Trevor Vaughan
>>> > wrote:
>>> >> I just ran into an interesting scenario where I didn't know how to
>>> >> scope my variables and I'd just like to share for the crowd.
>>> >>
>>> >> Suppose you have two modules 'foo' and 'bar'. You also have two
>>> >> defines, 'foo::do_stuff' and 'bar::more_stuff'.
>>> >>
>>> >> define foo::do_stuff (
>>> >> $var1 = 'a',
>>> >> $var2 = 'b'
>>> >> ) {
>>> >> bar::more_stuff { 'test': }
>>> >> }
>>> >>
>>> >> define bar::more_stuff (
>>> >> $optional_var = 'ignore'
>>> >> ) {
>>> >> file { '/tmp/test':
>>> >> content => template('bar/random.erb')
>>> >> }
>>> >>
>>> >> +++ random.erb +++
>>> >>
>>> >> var1 = <%= var1 %>
>>> >> var2 = <%= var2 %>
>>> >>
>>> >> So, here, puppet complains about the scope of var1 and var2 but what
>>> >> should the correct scope be? foo::do_stuff::var1, etc...? But how does
>>> >> that work with multiple define calls to foo::do_stuff?
>>> >>
>>> >> This, of course, can be avoided by putting the template under
>>> >> foo/templates and forcing the passage of content to bar::more_stuff
>>> >> but I'm not quite sure *why* this isn't supposed to work and what to
>>> >> do about it with the notice that 2.8 will force the scoping of all
>>> >> variables.
>>> >>
>>> >> Thanks,
>>> >>
>>> >> Trevor
>>> >>
>>> >> --
>>> >> Trevor Vaughan
>>> >> Vice President, Onyx Point, Inc
>>> >> (410) 541-6699
>>> >> tvaug...@onyxpoint.com
>>> >>
>>> >> -- This account not approved for unencrypted proprietary information --
>>> >>
>>> >> --
>>> >> You received this message because you are subscribed to the Google
>>> >> Groups "Puppet Users" group.
>>> >> To post to this group, send email to puppet-users@googlegroups.com.
>>> >> To unsubscribe from this group, send email to
>>> >> puppet-users+unsubscr...@googlegroups.com.
>>> >> For more options, visit this group at
>&
Re: [Puppet Users] New variable scoping question regarding defines calling defines.
If you were actually passing the variable, yes. But you're not, you're
expecting to reach into a non-class (essentially a grab-bag of resources)
and extract data as though it were a class. It isn't and AFAIK you can't.
You'll have to put the data in an actual class and address it from there.
On Dec 27, 2011 11:21 AM, "Trevor Vaughan" wrote:
> There are actually pretty good reasons for doing it if you have a
> fully modular setup.
>
> For example:
>
> Web Server module define -> Firewall code define -> ERB using higher
> level variables.
>
> There's no reason to stuff everything into a big data store when you
> can easily pass it down. *But* if you try to use the top level
> variable in the second define call ERB, then you've got issues.
>
> I feel that this needs to be either forbidden (break the compile) or
> allowed. But we'd need to know how to allow it.
>
> Trevor
>
> On Tue, Dec 27, 2011 at 11:40 AM, Aaron Grewell
> wrote:
> > It's an interesting question, but I wouldn't want to structure my
> > modules that way. There are two methods of getting data into a define
> > that are guaranteed to work: passing variables and file retrieval
> > (extlookup/hiera). Especially given the changes being made to scoping
> > anything else is fraught with peril.
> >
> > On Mon, Dec 26, 2011 at 5:56 AM, Trevor Vaughan
> wrote:
> >> I just ran into an interesting scenario where I didn't know how to
> >> scope my variables and I'd just like to share for the crowd.
> >>
> >> Suppose you have two modules 'foo' and 'bar'. You also have two
> >> defines, 'foo::do_stuff' and 'bar::more_stuff'.
> >>
> >> define foo::do_stuff (
> >> $var1 = 'a',
> >> $var2 = 'b'
> >> ) {
> >> bar::more_stuff { 'test': }
> >> }
> >>
> >> define bar::more_stuff (
> >> $optional_var = 'ignore'
> >> ) {
> >> file { '/tmp/test':
> >>content => template('bar/random.erb')
> >> }
> >>
> >> +++ random.erb +++
> >>
> >> var1 = <%= var1 %>
> >> var2 = <%= var2 %>
> >>
> >> So, here, puppet complains about the scope of var1 and var2 but what
> >> should the correct scope be? foo::do_stuff::var1, etc...? But how does
> >> that work with multiple define calls to foo::do_stuff?
> >>
> >> This, of course, can be avoided by putting the template under
> >> foo/templates and forcing the passage of content to bar::more_stuff
> >> but I'm not quite sure *why* this isn't supposed to work and what to
> >> do about it with the notice that 2.8 will force the scoping of all
> >> variables.
> >>
> >> Thanks,
> >>
> >> Trevor
> >>
> >> --
> >> Trevor Vaughan
> >> Vice President, Onyx Point, Inc
> >> (410) 541-6699
> >> tvaug...@onyxpoint.com
> >>
> >> -- This account not approved for unencrypted proprietary information --
> >>
> >> --
> >> You received this message because you are subscribed to the Google
> Groups "Puppet Users" group.
> >> To post to this group, send email to puppet-users@googlegroups.com.
> >> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> >> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
> >>
> >
> > --
> > You received this message because you are subscribed to the Google
> Groups "Puppet Users" group.
> > To post to this group, send email to puppet-users@googlegroups.com.
> > To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> > For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
> >
>
>
>
> --
> Trevor Vaughan
> Vice President, Onyx Point, Inc
> (410) 541-6699
> tvaug...@onyxpoint.com
>
> -- This account not approved for unencrypted proprietary information --
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] New variable scoping question regarding defines calling defines.
It's an interesting question, but I wouldn't want to structure my
modules that way. There are two methods of getting data into a define
that are guaranteed to work: passing variables and file retrieval
(extlookup/hiera). Especially given the changes being made to scoping
anything else is fraught with peril.
On Mon, Dec 26, 2011 at 5:56 AM, Trevor Vaughan wrote:
> I just ran into an interesting scenario where I didn't know how to
> scope my variables and I'd just like to share for the crowd.
>
> Suppose you have two modules 'foo' and 'bar'. You also have two
> defines, 'foo::do_stuff' and 'bar::more_stuff'.
>
> define foo::do_stuff (
> $var1 = 'a',
> $var2 = 'b'
> ) {
> bar::more_stuff { 'test': }
> }
>
> define bar::more_stuff (
> $optional_var = 'ignore'
> ) {
> file { '/tmp/test':
> content => template('bar/random.erb')
> }
>
> +++ random.erb +++
>
> var1 = <%= var1 %>
> var2 = <%= var2 %>
>
> So, here, puppet complains about the scope of var1 and var2 but what
> should the correct scope be? foo::do_stuff::var1, etc...? But how does
> that work with multiple define calls to foo::do_stuff?
>
> This, of course, can be avoided by putting the template under
> foo/templates and forcing the passage of content to bar::more_stuff
> but I'm not quite sure *why* this isn't supposed to work and what to
> do about it with the notice that 2.8 will force the scoping of all
> variables.
>
> Thanks,
>
> Trevor
>
> --
> Trevor Vaughan
> Vice President, Onyx Point, Inc
> (410) 541-6699
> tvaug...@onyxpoint.com
>
> -- This account not approved for unencrypted proprietary information --
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] file for specific os question
The $::operatingsystem fact may be what you're looking for. Alternatively take a look at $::kernel. One of these combined with an if or case statement should allow you to do whatever you need to by OS. On Tue, Dec 20, 2011 at 10:47 AM, Stuart Cracraft wrote: > anyone know how, in puppet, you would include a file only on a specific > operating system? > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Can Puppet be configured to one-time deployment for modules?
If you really don't want ongoing configuration management then Puppet
may not be your tool of choice. Cobbler perhaps?
On Tue, Dec 20, 2011 at 10:41 AM, Craig White wrote:
>
> On Dec 20, 2011, at 9:49 AM, Swampcritter wrote:
>
>> We are developing in-house RHEL VM provisioning (similar to Satellite/
>> Spacewalk) along with a customized kickstart template, but also
>> including Puppet to handle the actual configuration of the
>> environment. One thing we need to see is does Puppet have a variable
>> that will deploy one module only once and not check against it just in
>> case the configuration file it has created has been altered or not and
>> try to revert back.
>>
>> Example: Boot using PXEBoot w/ DHCP, build RHEL VM using custom
>> kickstart configuration, create local repo file with pointers to in-
>> house repository and comment out the variables to use the RHN driven
>> one, download from the repo and apply the RHN/Errata updates, then
>> reconfigure the rc.local to install Puppet on the reboot and apply the
>> actual environment requirements (i.e. check to see if its a Apache web
>> server, Oracle database, Weblogic/JBoss portal, etc).
>>
>> The last part is the deciding factor -- as this part of the
>> requirements are quite possibly going to change via the developers
>> that are actually using the environment for testing and tweaking the
>> RHEL OS memory and TCP communication needs (/etc/sysctl.conf) or the
>> Apache /etc/httpd/httpd.conf code. We don't want Puppet to revert back
>> the code variables as these are being modified by hand and not using
>> SVN or any other type of code version control at this time.
>>
>> Anyone know if module exclusion is possible for a "deploy once, don't
>> touch again" scenario?
>
> this sort of goes against the grain of what puppet intends but this is what I
> do for a few things... (watch out for mail driven line wrapping)
>
> class mod_puppet::deployment_files {
> exec{ "Make /etc/puppet/deployment_files":
> command => "/bin/mkdir /etc/puppet/deployment_files",
> unless => "/bin/ls -l /etc/puppet/deployment_files",
> }
> }
>
> class postfix::configure {
> include mod_puppet::deployment_files
> file{"/etc/puppet/deployment_files/postfix-main.cf":
> ensure => present,
> owner => postfix,
> group => postfix,
> mode => 0664,
> content => template("postfix/main.cf.erb"),
> require => Class["postfix::install", "mod_puppet::deployment_files"],
> notify => Class["postfix::service"],
> }
> exec{"Deploy postfix/main.cf from template":
> command => "/bin/cp /etc/postfix/main.cf /etc/postfix/main.cf-backup;
> /bin/cat /etc/puppet/deployment_files/postfix-main.cf > /etc/postfix/main.cf;
> /bin/touch /etc/puppet/deployment_files/postfix-main.cf-deployed",
> unless => "/bin/ls -l
> /etc/puppet/deployment_files/postfix-main.cf-deployed",
> require => File["/etc/puppet/deployment_files/postfix-main.cf"] ,
> }
> }
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] certificate sync methods?
In our case the ssldir is on a shared filesystem. On Mon, Dec 19, 2011 at 5:15 PM, Ryan Bowlby wrote: > Hi All, > > We are going to setup two puppet masters, each will include the full > stack of services. Apache as the frontend on both load balancing to > the backend services on both. We will be using keepalived and VIP > whose A record is puppet.domain. > > We would like to have the CA in active/active on the two servers. The > question then is what is the best method for synchronizing certs > between these hosts bi-directionally? My first thought was doing > something with inotify but then there is also unison. > > While we may end up doing as Pro Puppet suggests and having only one > be active and the other CA a hot standby, it would still be best to > sync bi-directionally. What are others doing? > > -Ryan > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Modules in Environments
Ours are completely independent. It creates management overhead to do it that way but ensures that changes to dev can't break prod. On Dec 18, 2011 10:27 AM, "Douglas Garstang" wrote: > Question... for those that have multiple environments, dev, prod > etc... do you share your modules directory, or does each environment > have it's own copy of the modules directory? Which one has worked > better? > > Doug > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [SPAM] Re: [Puppet Users] problem with fund service
SL is an RHEL derivative, so it's still using the traditional init system. No need to worry about upstart or systemd until 7.x hits. On Fri, Dec 9, 2011 at 7:54 AM, Jeffrey Watts wrote: > Not sure if you're aware, but 'init' is no longer init. Upstart is the > default init in many distributions, though Fedora/RHEL (and others) are now > moving to systemd, which is much better. > > rpm -qf /sbin/init > > Jeffrey. > > > On Fri, Dec 9, 2011 at 9:38 AM, David Alden wrote: >> >> >> I'm running Scientific Linux 6.1. What do you mean by "upstart script"? >> I get the same think with "/etc/init.d/funcd status" as I do "service funcd >> status" -- both return "funcd is not running and the exit status is 3. >> > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Any way to have exclusive classes?
I suppose if you really want it to fail if more than one option class is
used you could define a 'canary resource' that would be the same in each
option class. Then you would get an error if you tried to use more than
one. The thing is, you would still have to document why you did that since
it's non-obvious. Better to just document that only one should be used I
suspect.
On Dec 9, 2011 6:16 AM, "jcbollinger" wrote:
>
>
> On Dec 8, 5:05 pm, Len Rugen wrote:
> > I have a group of classes (about 6 now) that I want to allow a host to
> use
> > none or at most one of them. This just a "guard rail" for admins. :-)
> >
> > Basically like this:
> >
> > base
> > base::opt1
> > base::opt2
> > ...
> > base::opt6
> >
> > base is default to all nodes.
> >
> > We use Puppet and Foreman :-)
>
>
> So you want Puppet to *enforce* that nodes have at most one of the
> base::optX classes? I'd recommend instead prominently documenting
> that policy and verifying it in your QA process if it doesn't
> naturally fall out of the classes themselves.
>
> If you must do this, however, then you can structure the classes so
> that they are mutually exclusive. Here's a trivial example:
>
> class base::opt1 {
> notify { 'base::option': message => 'opt1' }
> }
>
> class base::opt2 {
> notify { 'base::option': message => 'opt1' }
> }
>
>
> No node can include both of those classes, because catalog compilation
> would fail on the duplicate Notify['base::option'] resource. You can
> also approach the problem via class inheritance if it makes sense to
> do so:
>
>
> class base2 {
> notify { 'base2::option': message => 'base' }
> }
>
> class base2::opt1 inherits base2 [
> Notify['base2::option'] { message => 'opt1' }
> }
>
> class base2::opt1 inherits base2 [
> Notify['base2::option'] { message => 'opt2' }
> }
>
>
> Nodes may then include (or not) base2, plus at most one of base2::opt1
> and base2::opt2. If they try to include both of the subclasses then
> catalog compilation will fail because of the conflicting overrides.
>
> Either approach is much more sensible if there is at least one
> resource that naturally fills the role of the Notify than if you need
> an artificial one (such as in the examples). Indeed, if there is such
> a natural fit, then you get the desired behavior for free.
>
> Warning: there is a potential issue in all this if you foresee ever
> changing which option is applies to a given node. If there is
> imperfect overlap of the resources managed by the various option
> classes, then switching from one to another can leave previously
> managed resources unmanaged instead of removing them. That's by no
> means particular to the kind of setup you asked about, but I attribute
> to it a greater likelihood of being problematic for you.
>
>
> John
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] module can't find other modules
Hi Berry,
create_resources doesn't have an init.pp so you can't 'include' it
AFAIK. As long as you've enabled pluginsync you shouldn't have to
include it, it should just work.
On Tue, Dec 6, 2011 at 12:13 PM, Berry Sizemore
wrote:
> I have these three modules with the following structure:
>
> |-- modules
> | |-- create_resources
> | | |-- LICENSE
> | | |-- Modulefile
> | | |-- README
> | | |-- lib
> | | | `-- puppet
> | | | `-- parser
> | | | `-- functions
> | | | `-- create_resources.rb
> | | |-- spec
> | | | |-- spec.opts
> | | | |-- spec_helper.rb
> | | | `-- unit
> | | | `-- puppet
> | | | `-- parser
> | | | `-- functions
> | | | `-- create_resources_spec.rb
> | | `-- tests
> | | `-- users.pp
> | |-- hiera
> | | |-- CHANGES.txt
> | | |-- COPYING
> | | |-- README.md
> | | |-- Rakefile
> | | |-- bin
> | | | `-- extlookup2hiera
> | | |-- example
> | | | |-- README.md
> | | | |-- etc
> | | | | |-- hiera.yaml
> | | | | |-- hieradb
> | | | | | |-- common.yaml
> | | | | | |-- dc1.yaml
> | | | | | `-- development.yaml
> | | | | `-- puppet.conf
> | | | |-- modules
> | | | | |-- data
> | | | | | `-- manifests
> | | | | | `-- common.pp
> | | | | |-- ntp
> | | | | | |-- manifests
> | | | | | | |-- config.pp
> | | | | | | `-- data.pp
> | | | | | `-- templates
> | | | | | `-- ntp.conf.erb
> | | | | `-- users
> | | | | `-- manifests
> | | | | |-- common.pp
> | | | | |-- dc1.pp
> | | | | `-- development.pp
> | | | `-- site.pp
> | | |-- lib
> | | | |-- hiera
> | | | | |-- backend
> | | | | | `-- puppet_backend.rb
> | | | | `-- scope.rb
> | | | `-- puppet
> | | | `-- parser
> | | | `-- functions
> | | | |-- hiera.rb
> | | | |-- hiera_array.rb
> | | | |-- hiera_hash.rb
> | | | `-- hiera_include.rb
> | | `-- spec
> | | |-- spec.opts
> | | |-- spec_helper.rb
> | | `-- unit
> | | |-- puppet_backend_spec.rb
> | | `-- scope_spec.rb
> | `-- tomcat
> | |-- files
> | | `-- war
> | | |-- jenkins_1.423.war
> | | |-- jenkins_1.424.war
> | | |-- jenkins_1.425.war
> | | |-- snoop-servlet.war
> | | |-- snoop-servlet_1.0.war
> | | `-- snoop-servlet_2.0.war
> | |-- manifests
> | | |-- demo.pp
> | | |-- init.pp
> | | |-- instance.pp
> | | `-- war.pp
> | |-- templates
> | | |-- server.xml.erb
> | | |-- start.sh.erb
> | | `-- stop.sh.erb
> | `-- tests
> | `-- init.pp
>
>
>
> Puppet apply gives the following:
>
>
> [root@puppetmaster puppet]# puppet apply -vd --noop modules/tomcat/
> tests/init.pp
> info: Loading facts in facter_dot_d
> info: Loading facts in facter_dot_d
> warning: Could not retrieve fact fqdn
> warning: Host is missing hostname and/or domain: puppetmaster
> debug: importing '/etc/puppetlabs/puppet/modules/tomcat/manifests/
> init.pp' in environment production
> debug: Automatically imported tomcat from tomcat into production
> debug: Failed to load library 'selinux' for feature 'selinux'
> debug: hiera(): Hiera YAML backend starting
> debug: hiera(): Looking up tomcat_instance in YAML backend
> debug: hiera(): Looking for data source puppetmaster
> debug: importing '/etc/puppetlabs/puppet/modules/tomcat/manifests/
> instance.pp' in environment production
> debug: Automatically imported tomcat::instance from tomcat/instance
> into production
> warning: Could not find class create_resources for puppetmaster
> Could not find class create_resources at /etc/puppetlabs/puppet/
> modules/tomcat/tests/init.pp:3 on node puppetmaster
>
>
>
> Init.pp looks like this in tests:
>
> [root@puppetmaster puppet]# cat modules/tomcat/tests/init.pp
> node default {
> include tomcat
> include create_resources
> include hiera
> }
>
> I don't understand why my class doesn't find the other classes. Can
> anyone shed some light?
>
> Thanks,
> Berry Sizemore
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this g
Re: [Puppet Users] Puppet for Oracle Enterprise Linux
Make sure you've set 'provider => yum'. Last I checked OEL defaulted
to up2date.
On Fri, Dec 2, 2011 at 10:39 AM, Rayson Ho wrote:
> AFAIK, the yum & rpm backends for "package" are versionable, and you
> should not see the "Provider must have features 'versionable' to set
> 'ensure' to '9.5.3-1' at" message.
>
> Rayson
>
> =
> Grid Engine / Open Grid Scheduler
> http://gridscheduler.sourceforge.net/
>
> Scalable Grid Engine Support Program
> http://www.scalablelogic.com/
>
>
>
> On Thu, Dec 1, 2011 at 9:58 PM, Douglas Garstang
> wrote:
>> Sure...
>>
>> package {
>> 'forgerock-openam':
>> ensure => '9.5.3-1',
>> before => Class['tomcat::enable'];
>> }
>>
>> Doug.
>>
>>
>> On Thu, Dec 1, 2011 at 6:41 PM, Matthew Black wrote:
>>> Can you provide the resource defined in the error message?
>>>
>>> On Thu, Dec 1, 2011 at 8:38 PM, Douglas Garstang
>>> wrote:
Finally got the dependancies sorted out, and on the first run on the
client, I am seeing:
Dec 1 20:37:35 ip-10-123-21-192 puppet-agent[2562]: Failed to apply
catalog: Parameter ensure failed: Provider must have features
'versionable' to set 'ensure' to '9.5.3-1' at
/etc/puppet/devmp/modules/openam/manifests/common.pp:9
I thought puppet on OEL was identical to Redhat? Don't see this error on
redhat.
Doug.
On Thu, Dec 1, 2011 at 5:21 PM, Douglas Garstang
wrote:
> Rayson,
>
> Thanks. Having all sorts of issues with that. Our server is running
> 2.6.2, which means that the client packages needs to have 2.6.2 or
> older, but when I try and install older versions of puppet, I get
> dependancy failures :(
>
> Doug.
>
> On Thu, Dec 1, 2011 at 4:37 PM, Rayson Ho wrote:
>> There are only a few minor differences between RHEL, CentOS, and
>> Oracle Linux... so if a package works on RHEL, then it also works on
>> Oracle Linux.
>>
>> IIRC, if you point to the correct repo, you can even update Oracle
>> Linux with CentOS repo. Further, Oracle has a public yum for Oracle
>> Linux even for users not paying for the "Oracle Unbreakable Linux
>> Support" subscription:
>>
>> http://public-yum.oracle.com/
>>
>> BTW, "Puppet Enterprise 2.0" officially supports Oracle Linux:
>>
>> http://docs.puppetlabs.com/pe/2.0/install_system_requirements.html
>>
>> Rayson
>>
>> =
>> Grid Engine / Open Grid Scheduler
>> http://gridscheduler.sourceforge.net/
>>
>> Scalable Grid Engine Support Program
>> http://www.scalablelogic.com/
>>
>>
>> On Thu, Dec 1, 2011 at 7:16 PM, Douglas Garstang
>> wrote:
>>> My bad had to do a yum clean all. D'oh.
>>>
>>> On Thu, Dec 1, 2011 at 4:15 PM, Douglas Garstang
>>> wrote:
Gonzalo,
Nope. Ran:
rpm -Uvh
http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-4.noarch.rpm
and got the epel repo. Then I ran:
$ yum repolist
Loaded plugins: security
http://epel.mirror.freedomvoice.com/5/x86_64/repodata/d7e9a86e48be583371a8d5a3055017b313dd6cc92d57147c6c8ee03b50a0312b-primary.sqlite.bz2:
[Errno 14] HTTP Error 404: Not Found
Trying other mirror.
http://mirror.its.uidaho.edu/pub/epel/5/x86_64/repodata/d7e9a86e48be583371a8d5a3055017b313dd6cc92d57147c6c8ee03b50a0312b-primary.sqlite.bz2:
[Errno 14] HTTP Error 404: Not Found
Trying other mirror.
http://ftp.linux.ncsu.edu/pub/epel/5/x86_64/repodata/d7e9a86e48be583371a8d5a3055017b313dd6cc92d57147c6c8ee03b50a0312b-primary.sqlite.bz2:
[Errno 14] HTTP Error 404: Not Found
Trying other mirror.
http://mirror.us.leaseweb.net/epel/5/x86_64/repodata/d7e9a86e48be583371a8d5a3055017b313dd6cc92d57147c6c8ee03b50a0312b-primary.sqlite.bz2:
[Errno 14] HTTP Error 404: Not Found
Trying other mirror.
epel/primary_db
| 0 B 00:00
ftp://mirror.cs.princeton.edu/pub/mirrors/fedora-epel/5/x86_64/repodata/d7e9a86e48be583371a8d5a3055017b313dd6cc92d57147c6c8ee03b50a0312b-primary.sqlite.bz2:
[Errno -3] Error performing checksum
Trying other mirror.
and so on and so on. Funny cuz that long number file
d7e9a86e48be583371a8d5a3055017b313dd6cc92d57147c6c8ee03b50a0312b-primary.sqlite.bz2
doesn't exist when I look at it with a web browser...
Doug.
On Thu, Dec 1, 2011 at 4:09 PM, Gonzalo Servat
wrote:
> Try the EPEL repo -- http://fedoraproject.org/wiki/EPEL.
>
> - Gonzalo
>
> On Fri, Dec 2, 2011 at 11:07 AM, Douglas Garstang
>
> wrote:
>>
>>
Re: [Puppet Users] Re: Using puppet+augeas to modify multiple files
I'm not the OP Nigel, I think you meant Graham. It sounds like Augeas has some capabilities that I just wasn't aware of. In any case Augeas is not something I use if I can avoid it. Templates and concat are my preferred methods for managing config files. Straightforward > clever for the general case. On Mon, Nov 28, 2011 at 12:47 PM, Nigel Kersten wrote: > > > On Mon, Nov 28, 2011 at 9:59 AM, Aaron Grewell > wrote: >> >> I'm not aware of any file editing method in Puppet that will modify >> multiple files as part of the same resource. The usual approach would >> be to create multiple resources, one for each file, and then cause >> each resource to notify the postfix service to restart. > > > Note that you can wrap these multiple resources in a single defined resource > so that it "looks" like a single resource from the point of view of the > person editing the manifest code. > > > > >> >> Puppet's >> smart enough to only restart it once. As far as setting up the files >> the way you want them, if you need to edit the files in place Augeas >> is your only built-in option. You can also do hacky things with exec >> but it's not pleasant. Most folks don't edit in place, they replace >> the file with known good contents. For that you can use templates or >> something like puppet-concat (a third-party module that allows you to >> build files from fragments). >> >> On Mon, Nov 28, 2011 at 6:17 AM, Graham Leggett wrote: >> > On 27 Nov 2011, at 20:04, Graham Leggett wrote: >> > >> >> I have a task to convince puppet and augeas to modify multiple postfix >> >> files, most specifically /etc/postfix/main.cf and /etc/postifx/ >> >> acceptdomains.cf (and other LDAP related files), and I'm struggling to >> >> find out how to do that. I have found examples on how to use augeas to >> >> modify just one file at a time, but no information seems to be >> >> available when multiple files are involved. >> >> >> >> I started with the config published here, and have no idea what to >> >> change to convince puppet+augeas to edit both /etc/postfix/main.cf >> >> and /etc/postfix/acceptdomains.cf at the same time: >> >> >> >> >> >> https://github.com/camptocamp/puppet-postfix/blob/master/manifests/config.pp >> >> >> >> Does anyone have a sample configuration on how you would modify >> >> multiple files at once, or have a clue on where to start? >> > >> > Answering my own question, I've discovered that augeas doesn't support >> > multiple files at all without a custom lens being created to support it. >> > >> > Or to declare it more accurately, augeas only knows about specific files >> > defined in specific locations, it has no concept of a general file in a >> > general location that you might want to apply a lens to. >> > >> > I eventually worked around the issue by making a custom lens copied from >> > the augeas postfix_main.aug lens that listed the extra ldap templates as >> > matching a wildcard, at this point augeas started working correctly. >> > >> > Something else I discovered is that augeas has no error handling of any >> > kind - if it doesn't recognise a file as matching one of the predetermined >> > locations built into the lens, it will silently ignore the file, and not >> > tell you why. > > > Do you get the same results with the command line 'augtool' Aaron? > > If not, please bug report that we need to fix this in the Puppet Augeas > integration. > > -- > Nigel Kersten > Product Manager, Puppet Labs > > > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Using puppet+augeas to modify multiple files
I'm not aware of any file editing method in Puppet that will modify multiple files as part of the same resource. The usual approach would be to create multiple resources, one for each file, and then cause each resource to notify the postfix service to restart. Puppet's smart enough to only restart it once. As far as setting up the files the way you want them, if you need to edit the files in place Augeas is your only built-in option. You can also do hacky things with exec but it's not pleasant. Most folks don't edit in place, they replace the file with known good contents. For that you can use templates or something like puppet-concat (a third-party module that allows you to build files from fragments). On Mon, Nov 28, 2011 at 6:17 AM, Graham Leggett wrote: > On 27 Nov 2011, at 20:04, Graham Leggett wrote: > >> I have a task to convince puppet and augeas to modify multiple postfix >> files, most specifically /etc/postfix/main.cf and /etc/postifx/ >> acceptdomains.cf (and other LDAP related files), and I'm struggling to >> find out how to do that. I have found examples on how to use augeas to >> modify just one file at a time, but no information seems to be >> available when multiple files are involved. >> >> I started with the config published here, and have no idea what to >> change to convince puppet+augeas to edit both /etc/postfix/main.cf >> and /etc/postfix/acceptdomains.cf at the same time: >> >> https://github.com/camptocamp/puppet-postfix/blob/master/manifests/config.pp >> >> Does anyone have a sample configuration on how you would modify >> multiple files at once, or have a clue on where to start? > > Answering my own question, I've discovered that augeas doesn't support > multiple files at all without a custom lens being created to support it. > > Or to declare it more accurately, augeas only knows about specific files > defined in specific locations, it has no concept of a general file in a > general location that you might want to apply a lens to. > > I eventually worked around the issue by making a custom lens copied from the > augeas postfix_main.aug lens that listed the extra ldap templates as matching > a wildcard, at this point augeas started working correctly. > > Something else I discovered is that augeas has no error handling of any kind > - if it doesn't recognise a file as matching one of the predetermined > locations built into the lens, it will silently ignore the file, and not tell > you why. > > Regards, > Graham > -- > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Multiple nodes.pp files
Curly braces perhaps?
content => file("/home/${realuser}/puppet/files/smb.conf"),
On Tue, Nov 22, 2011 at 10:15 AM, Alexander Fortin
wrote:
> On 11/21/11 9:28 PM, jcbollinger wrote:
>>
>> What if you spell it like so:
>>
>> mysersource { "/etc/$::myvariable": ensure => present }
>>
>> ?
>
> This is the actual code now:
>
> file { "/etc/samba/smb.conf":
> ensure => "present",
> content => file("/home/$::realuser/puppet/files/smb.conf"),
> require => Package["samba"],
> notify => Service[$sambaservices],
> }
>
> but I get the same output from apply:
>
> Could not find any files from /home//puppet/files/smb.conf at
> /home/alex/puppet/manifests/samba.pp:7 on node blah
>
>
> --
> Alexander Fortin
> http://about.me/alexanderfortin/
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet Windows: Should I use dedicated "environment" ?
I wouldn't expect a lot of class overlap, so it might be simpler to do
it that way, but it also means a completely different directory tree.
It's going to come down to the personal taste of the admins I expect.
On Mon, Nov 21, 2011 at 11:31 AM, Mohamed Lrhazi wrote:
> Thanks guys. We do use environments already, and we also do use this
> pattern for separating operating system specific details to sub
> classes... but we only had to deal with Red Hat/CentOS/Oracle
> Enterprise Linux, and Solaris
>
> I guess I was thinking that "windows" is so different that it should
> be totally separate :)
>
> Thanks.
> Mohamed.
>
> On Mon, Nov 21, 2011 at 1:26 PM, Aaron Grewell
> wrote:
>> Another way to handle this is to have class-level logic:
>> class something {
>> if ( $operatingsystem == "windows" ) { include something::windows }
>> if ( $operatingsystem == "redhat" ) { include something::redhat }
>> }
>>
>> Then put your resources in something::windows, something::redhat, etc.
>> You may duplicate some code this way, but when the OS'es are very
>> different you'll ultimately save coding time and increase readability
>> by avoiding resource-level logic.
>>
>> On Mon, Nov 21, 2011 at 10:11 AM, Evan Hisey wrote:
>>> On Sun, Nov 20, 2011 at 8:05 PM, Mohamed Lrhazi wrote:
>>>> I stated tweaking my puppet modules and site.pp to support the new
>>>> OS.. things like:
>>>>
>>>> if ( $operatingsystem == "windows" ) {
>>>> Exec { path =>
>>>> "C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\;C:\\Ruby187\\bin"
>>>> }
>>>> } else {
>>>>
>>>> And now am thinking, would be better to just have an independent
>>>> "environment" for all my Windows clients? what would be the draw backs
>>>> of that?
>>>>
>>>> Thanks a lot,
>>>> Mohamed.
>>>>
>>>
>>> I use multiple environments for separating development and production
>>> systems. The only really draw back I encounter is the need to make the
>>> same change twice for certain things that are shared between both
>>> environments. I ma sure there is wa way around that, but it has not
>>> become enough of an issue to make me find it.
>>>
>>> evan
>>>
>>> --
>>> You received this message because you are subscribed to the Google Groups
>>> "Puppet Users" group.
>>> To post to this group, send email to puppet-users@googlegroups.com.
>>> To unsubscribe from this group, send email to
>>> puppet-users+unsubscr...@googlegroups.com.
>>> For more options, visit this group at
>>> http://groups.google.com/group/puppet-users?hl=en.
>>>
>>>
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To post to this group, send email to puppet-users@googlegroups.com.
>> To unsubscribe from this group, send email to
>> puppet-users+unsubscr...@googlegroups.com.
>> For more options, visit this group at
>> http://groups.google.com/group/puppet-users?hl=en.
>>
>>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet Windows: Should I use dedicated "environment" ?
Another way to handle this is to have class-level logic:
class something {
if ( $operatingsystem == "windows" ) { include something::windows }
if ( $operatingsystem == "redhat" ) { include something::redhat }
}
Then put your resources in something::windows, something::redhat, etc.
You may duplicate some code this way, but when the OS'es are very
different you'll ultimately save coding time and increase readability
by avoiding resource-level logic.
On Mon, Nov 21, 2011 at 10:11 AM, Evan Hisey wrote:
> On Sun, Nov 20, 2011 at 8:05 PM, Mohamed Lrhazi wrote:
>> I stated tweaking my puppet modules and site.pp to support the new
>> OS.. things like:
>>
>> if ( $operatingsystem == "windows" ) {
>> Exec { path =>
>> "C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\;C:\\Ruby187\\bin"
>> }
>> } else {
>>
>> And now am thinking, would be better to just have an independent
>> "environment" for all my Windows clients? what would be the draw backs
>> of that?
>>
>> Thanks a lot,
>> Mohamed.
>>
>
> I use multiple environments for separating development and production
> systems. The only really draw back I encounter is the need to make the
> same change twice for certain things that are shared between both
> environments. I ma sure there is wa way around that, but it has not
> become enough of an issue to make me find it.
>
> evan
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] [foreman-users] dropping support for ruby 1.85?
I'm not sure about the Ruby packages specifically, but Fedora has diverged so much from RHEL5 that building recent packages is a major undertaking. You'd probably be better off with tarballs and FPM. On Thu, Nov 17, 2011 at 2:42 PM, Michael Stahnke wrote: > On Thu, Nov 17, 2011 at 11:34 AM, Jo Rhett wrote: >> On Nov 17, 2011, at 11:02 AM, Ohad Levy wrote: >> >> On Thu, Nov 17, 2011 at 8:55 PM, Jo Rhett wrote: >> >> On Nov 17, 2011, at 10:30 AM, Ohad Levy wrote: >> >> if its not clear, what it means, is that if you want to run it on >> >> RHEL5, you can either keep running the current 0.4.x versions or >> >> upgrade your ruby stack. otherwise use a more recent distribution. >> >> Given that "upgrading the ruby stack" means either "build your own RPMs from >> >> scratch" or "download from a random internet site" this is going to limit >> >> the number of sites which can do this. >> >> Since we understand its a pain upgrading to a newer distribution, >> we've built a puppet module which helps with foreman installation... >> if you have any better ideas of how we can try helping our ruby >> community… >> >> Um… as I suggested, provide el5 rpms of ruby 1.8.7 and the various gems? >> Myself, I'm looking at this right now -- but open to better options: >> https://github.com/largon/centos-ruby-spec_files >> -- >> Jo Rhett >> Net Consonance : consonant endings by net philanthropy, open source and >> other randomness >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To post to this group, send email to puppet-users@googlegroups.com. >> To unsubscribe from this group, send email to >> puppet-users+unsubscr...@googlegroups.com. >> For more options, visit this group at >> http://groups.google.com/group/puppet-users?hl=en. >> > > A while back you could just take the srpms from Fedora's 1.8.7 and > they would build pretty easily on EL5. I haven't tried that for a > while, but you can at least get the RPMs from a known source that way. > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: How to use built-in resource in custom provider?
Any parameters you don't always want to provide have to have sensible
defaults in the define.
define dostuff (ImOptional="true", ImRequired){}
On Mon, Nov 14, 2011 at 12:12 PM, tmpup wrote:
> An update - I went with a define as you suggested, and just made had
> my type/provider handle s3 only. This is working great, so I guess
> this is the method I'll go with.
>
> Only issue I'm having now - all the parameters available with file()
> type. Sometimes we may want to specify owner, sometimes not, but it
> seems I have to predefine all the variables in the define (), and then
> if I DON'T use one of those variables, the puppet run fails.
> Conversely, if I do use a parameter but don't have it as a variable in
> the define, it fails.
>
> So, basically, I need a way to specify optional parameters with
> defines(). I'll keep looking around, but if anyone has any quick
> tips, it would be appreciated.
>
> On Nov 14, 6:32 am, jcbollinger wrote:
>> On Nov 13, 11:28 pm, tmpup wrote:
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> > I'm trying to use the existing type: file in a custom provider. I've
>> > tried about every single thing I can find, and each way presents a
>> > different problem.
>>
>> > Here's how it looks now:
>>
>> > ---
>> > require 'puppet/file_serving/configuration'
>> > require 'puppet/file_serving/fileset'
>> > require 'puppet/type'
>> > require 'fileutils'
>>
>> > Puppet::Type.type(:tmfile).provide(:pupfile) do
>> > def create
>> > @catalog.add_resource Puppet::Type.type(:file).new({
>> > :name => @resource.value(:path),
>> > :path => @resource.value(:path),
>> > :source => @resource.value(:source),
>> > :ensure => 'present',
>> > })
>> > @catalog.apply
>> > #def generate
>> > #Puppet::Type.type(:file).new(:path =>
>> > resource[:path], :source => resource[:path], :ensure => 'present')
>> > #end
>> > end
>>
>> > def destroy
>> > FileUtils.rm_rf resource[:path]
>> > end
>>
>> > def exists?
>> > File.exists?(@resource[:path])
>> > end
>>
>> > end
>> >
>>
>> > As you can see, another method I tried is commented out:
>> > Puppet::Type.type(:file).new(:path => resource[:path], :source =>
>> > resource[:path], :ensure => 'present'). With this method, the puppet
>> > run actually succeeds and it says it created the resource. However,
>> > the file doesn't actually get created, and next run, it simply creates
>> > the resource again without error. However, the file is never there.
>>
>> > With the current method (not commented out), I get:
>> > ".. ensure: change from absent to present failed: Could not set
>> > 'present on ensure: undefined method `add_resource' for nil:NilClass
>> > at .."
>>
>> > I will admit that I'm pretty new at custom types and providers. I
>> > have researched as much as I can but can't really find any clear
>> > documentation on how to do this. Any ideas/suggestions would be
>> > greatly appreciated!
>>
>> For what you appear to be doing, a Ruby custom type is too heavy. If
>> that's all you need to do then you should use a definition (a.k.a.
>> defined type) instead, or perhaps just a bare File resource.
>>
>> I think it unlikely that any variation on your approach will work,
>> inasmuch as it is surely incorrect for a provider to invoke
>> @catalog.apply. The agent will invoke that method, so you'll get
>> duplicate invocations, and anyway the provider's invocation(s) cannot
>> help but be timed wrongly. You could try just removing that, but I
>> suspect that also a provider's create() method is too late for
>> catalog.add_resource(). In general, I don't think that the catalog
>> API is intended to be used by types or providers at all.
>>
>> It is far more typical for providers that want to manage files to do
>> so via the standard Ruby APIs (e.g. class File). If you want to use
>> Puppet's File resouce then you should do so from within your
>> manifests, not within a custom provider. If a Puppet defined type
>> isn't powerful enough to do all of what you want, then perhaps your
>> design concept needs to be reconsidered. We might be able to help
>> with that if you'll give us the big picture.
>>
>> John
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Need a second set of eyes... cannot find a class..
Try removing the hyphen from the class name. If that fixes it then you've
hit this:
http://projects.puppetlabs.com/issues/5268
On Nov 12, 2011 3:14 PM, "Peter Berghold" wrote:
>
> In one of my modules I have the following :
>
> postfix/
>manifests/
> conf.pp
> conf/access-all.pp
> (as well as the obligatory init.pp and a few others)
>
> and the access-all.pp file contains:
>
> class postfix::conf::access-all inherits postfix::conf {
> $hosts = $all_hosts
> $domains = $all_domains
> $ips = $all_ips
>
> @file {
> postfix-access-file:
> path => "/etc/postfix/access",
> owner => root, group => root, mode => 0644,
> content => template("postfix/templates/access.erb"),
> notify => Exec[ hash-access]
> }
> exec {
> hash-access:
> path=>"/usr/bin:/usr/sbin:/usr/local/bin:/bin:/sbin",
> cwd => "/etc/postfix",
> command => "postmap access"
> }
> realize File[postfix-access-file]
>
> }
>
>
> and yet when I run puppetd on my configured host:
>
> err: Could not retrieve catalog from remote server: Error 400 on SERVER:
> Could not find class postfix::conf::access-all for
> chicweb0.chi.sharkrivertech.com at
> /etc/puppet/manifests/nodes/chicweb0.pp:2 on node
> chicweb0.chi.sharkrivertech.com
>
> Can anybody spot anything I'm fat fingering?
>
>
> --
> Peter L. Berghold
> Owner, Shark River Technical Solutions LLC
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Concat module
As far as concat goes, I wouldn't call my concat resource and my
concat::fragment resource by the same name. In theory it shouldn't
break anything, but...
On Thu, Nov 3, 2011 at 12:20 PM, Douglas Garstang
wrote:
> Actually I can. That's sweet! Thanks!
>
> On Thu, Nov 3, 2011 at 12:10 PM, Douglas Garstang
> wrote:
>> Just from looking at the example there, it doesn't appear that I can
>> call sysctl::conf more than once That's what I like about concat,
>> ie each module that needs to add to it can do so individually.
>>
>> Doug.
>>
>> On Thu, Nov 3, 2011 at 12:04 PM, Mark Christian wrote:
>>> Can't speak to concat, but you might consider using augeas for managing
>>> /etc/sysctl.conf. There is an excellent example of this at:
>>> http://projects.puppetlabs.com/projects/1/wiki/Puppet_Augeas , see "Working
>>> Examples"
>>>
-Original Message-
From: puppet-users@googlegroups.com [mailto:puppet-users@googlegroups.com]
On Behalf Of Douglas Garstang
Sent: Thursday, November 03, 2011 11:59 AM
To: Puppet Users
Subject: [Puppet Users] Concat module
All,
Trying to use the concat module with:
class sysctl::common {
include concat::setup
concat {
'/etc/sysctl.conf':
owner => 'root',
group => 'root',
mode => '0644';
}
concat::fragment {
'/etc/sysctl.conf':
target => '/etc/sysctl.conf',
content => 'kernel.sem=250 32000 32 2048',
order => '99';
}
}
Getting this error:
Nov 3 14:54:04 dev-c3-app-90 puppet-agent[8143]: Failed to apply
catalog: Parameter path failed: File paths must be fully qualified,
not 'undef' at /etc/puppet/devmp/modules/concat/manifests/setup.pp:37
What am I doing wrong?
Doug.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to puppet-
users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
>>>
>>>
>>> Confidentiality Notice.
>>> This message may contain information that is confidential or otherwise
>>> protected from disclosure. If you are not the intended recipient, you are
>>> hereby notified that any use, disclosure, dissemination, distribution, or
>>> copying of this message, or any attachments, is strictly prohibited. If
>>> you have received this message in error, please advise the sender by reply
>>> e-mail, and delete the message and any attachments. Thank you.
>>>
>>> --
>>> You received this message because you are subscribed to the Google Groups
>>> "Puppet Users" group.
>>> To post to this group, send email to puppet-users@googlegroups.com.
>>> To unsubscribe from this group, send email to
>>> puppet-users+unsubscr...@googlegroups.com.
>>> For more options, visit this group at
>>> http://groups.google.com/group/puppet-users?hl=en.
>>>
>>>
>>
>>
>>
>> --
>> Regards,
>>
>> Douglas Garstang
>> http://www.linkedin.com/in/garstang
>> Email: doug.garst...@gmail.com
>> Cell: +1-805-340-5627
>>
>
>
>
> --
> Regards,
>
> Douglas Garstang
> http://www.linkedin.com/in/garstang
> Email: doug.garst...@gmail.com
> Cell: +1-805-340-5627
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet certificate
What version of Puppet are you using? The old method of doing this had a serious security problem, so the newer releases have a different config method for assigning the acceptable aliases for a cert. On Wed, Nov 2, 2011 at 11:26 AM, TFML wrote: > I'm curious... the server FQDN is puppetmaster.lagged.com but I have the > server as puppet.lagged.com, can that be the cause of the problem? If so how > would I create the certificate to be valid for puppet.lagged.com and not be > puppetmaster.lagged.com > On Nov 2, 2011, at 2:01 PM, Aaron Grewell wrote: > >> When I did this in my test environment I removed the entire contents >> of the ssldir from the client to make sure that both the client & >> server cert were pulled down anew. >> >> On Wed, Nov 2, 2011 at 10:25 AM, TFML wrote: >>> I'm running in circles with this issue... I accidentally did a 'puppetca >>> --clean --all' and lost all certificates. I was able to get the >>> puppetmaster running and re-created certificates for the client system, but >>> I get the following error: >>> >>> warning: peer certificate won't be verified in this SSL session >>> info: Caching certificate for w0f.lagged.com >>> info: Retrieving plugin >>> err: /File[/var/lib/puppet/lib]: Failed to generate additional resources >>> using 'eval_generate': certificate verify failed >>> err: /File[/var/lib/puppet/lib]: Failed to retrieve current state of >>> resource: certificate verify failed Could not retrieve file metadata for >>> puppet://puppet.lagged.com/plugins: certificate verify failed >>> info: Loading facts in snmpd >>> info: Loading facts in diskdrives >>> info: Loading facts in snmpd >>> info: Loading facts in diskdrives >>> err: Could not retrieve catalog from remote server: certificate verify >>> failed >>> warning: Not using cache on failed catalog >>> err: Could not retrieve catalog; skipping run >>> >>> -- >>> You received this message because you are subscribed to the Google Groups >>> "Puppet Users" group. >>> To post to this group, send email to puppet-users@googlegroups.com. >>> To unsubscribe from this group, send email to >>> puppet-users+unsubscr...@googlegroups.com. >>> For more options, visit this group at >>> http://groups.google.com/group/puppet-users?hl=en. >>> >>> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To post to this group, send email to puppet-users@googlegroups.com. >> To unsubscribe from this group, send email to >> puppet-users+unsubscr...@googlegroups.com. >> For more options, visit this group at >> http://groups.google.com/group/puppet-users?hl=en. >> > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet certificate
When I did this in my test environment I removed the entire contents of the ssldir from the client to make sure that both the client & server cert were pulled down anew. On Wed, Nov 2, 2011 at 10:25 AM, TFML wrote: > I'm running in circles with this issue... I accidentally did a 'puppetca > --clean --all' and lost all certificates. I was able to get the puppetmaster > running and re-created certificates for the client system, but I get the > following error: > > warning: peer certificate won't be verified in this SSL session > info: Caching certificate for w0f.lagged.com > info: Retrieving plugin > err: /File[/var/lib/puppet/lib]: Failed to generate additional resources > using 'eval_generate': certificate verify failed > err: /File[/var/lib/puppet/lib]: Failed to retrieve current state of > resource: certificate verify failed Could not retrieve file metadata for > puppet://puppet.lagged.com/plugins: certificate verify failed > info: Loading facts in snmpd > info: Loading facts in diskdrives > info: Loading facts in snmpd > info: Loading facts in diskdrives > err: Could not retrieve catalog from remote server: certificate verify failed > warning: Not using cache on failed catalog > err: Could not retrieve catalog; skipping run > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Module Dependency with a service
True. But your 'before' already creates that dependency. Instead try
using 'require' in tomcat::enable. tomcat::enable should depend upon
tomcat::server but not vice-versa in order to make this work.
On Fri, Oct 21, 2011 at 1:50 PM, Douglas Garstang
wrote:
> Isn't the net result of including something the same as it's really
> there already? If so, the final result is the same... the service
> resource ends up in the tomcat::server class no?
>
> Doug.
>
> On Fri, Oct 21, 2011 at 10:25 AM, Aaron Grewell
> wrote:
>> If tomcat::enable is in a separate file you'll want to 'include' it in
>> tomcat::server to ensure it's in scope.
>>
>> On Thu, Oct 20, 2011 at 4:27 PM, Douglas Garstang
>> wrote:
>>> Thanks, tried that. I moved the tomcat service out of tomcat::server
>>> into tomcat::enable, but...
>>>
>>> I had this in my tomcat::server class:
>>>
>>> File {
>>> require => Package['apache-tomcat6'],
>>> before => Service['tomcat']
>>> }
>>>
>>> which now doesn't work, because it can't find the tomcat service. I tried
>>> this:
>>>
>>> File {
>>> require => Package['apache-tomcat6'],
>>> before => Class['tomcat::enable'] #Service['tomcat']
>>> }
>>>
>>> but puppet complains "Could not find dependent Class[Tomcat::Enable]".
>>>
>>> Any ideas?
>>>
>>> Doug.
>>>
>>>
>>> On Thu, Oct 20, 2011 at 2:46 PM, Aaron Grewell
>>> wrote:
>>>> I suspect you may want a separate class, something like tomcat::enable
>>>> to handle the service independently.
>>>>
>>>> On Thu, Oct 20, 2011 at 1:55 PM, Douglas Garstang
>>>> wrote:
>>>>> All,
>>>>>
>>>>> I have a tomcat module, and another module, containing a tomcat
>>>>> application called OpenAM. In the OpenAM module, I 'require' the
>>>>> tomcat module, which ensures that all the tomcat bits are in place
>>>>> before trying to install the OpenAM bits.
>>>>>
>>>>> That works great except the tomcat bits includes the tomcat
>>>>> service. I want the OpenAM module to require the tomcat module, but I
>>>>> don't want the tomcat service to start until the OpenAM module is
>>>>> complete.
>>>>>
>>>>> What's the best practice way to arrange this?
>>>>>
>>>>> Doug.
>>>>>
>>>>> --
>>>>> You received this message because you are subscribed to the Google Groups
>>>>> "Puppet Users" group.
>>>>> To post to this group, send email to puppet-users@googlegroups.com.
>>>>> To unsubscribe from this group, send email to
>>>>> puppet-users+unsubscr...@googlegroups.com.
>>>>> For more options, visit this group at
>>>>> http://groups.google.com/group/puppet-users?hl=en.
>>>>>
>>>>>
>>>>
>>>> --
>>>> You received this message because you are subscribed to the Google Groups
>>>> "Puppet Users" group.
>>>> To post to this group, send email to puppet-users@googlegroups.com.
>>>> To unsubscribe from this group, send email to
>>>> puppet-users+unsubscr...@googlegroups.com.
>>>> For more options, visit this group at
>>>> http://groups.google.com/group/puppet-users?hl=en.
>>>>
>>>>
>>>
>>>
>>>
>>> --
>>> Regards,
>>>
>>> Douglas Garstang
>>> http://www.linkedin.com/in/garstang
>>> Email: doug.garst...@gmail.com
>>> Cell: +1-805-340-5627
>>>
>>> --
>>> You received this message because you are subscribed to the Google Groups
>>> "Puppet Users" group.
>>> To post to this group, send email to puppet-users@googlegroups.com.
>>> To unsubscribe from this group, send email to
>>> puppet-users+unsubscr...@googlegroups.com.
>>> For more options, visit this group at
>>> http://groups.google.com/group/puppet-users?hl=en.
>>>
>>>
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To post to this group, send email to puppet-users@googlegroups.com.
>> To unsubscribe from this group, send email to
>> puppet-users+unsubscr...@googlegroups.com.
>> For more options, visit this group at
>> http://groups.google.com/group/puppet-users?hl=en.
>>
>>
>
>
>
> --
> Regards,
>
> Douglas Garstang
> http://www.linkedin.com/in/garstang
> Email: doug.garst...@gmail.com
> Cell: +1-805-340-5627
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Module Dependency with a service
If tomcat::enable is in a separate file you'll want to 'include' it in
tomcat::server to ensure it's in scope.
On Thu, Oct 20, 2011 at 4:27 PM, Douglas Garstang
wrote:
> Thanks, tried that. I moved the tomcat service out of tomcat::server
> into tomcat::enable, but...
>
> I had this in my tomcat::server class:
>
> File {
> require => Package['apache-tomcat6'],
> before => Service['tomcat']
> }
>
> which now doesn't work, because it can't find the tomcat service. I tried
> this:
>
> File {
> require => Package['apache-tomcat6'],
> before => Class['tomcat::enable'] #Service['tomcat']
> }
>
> but puppet complains "Could not find dependent Class[Tomcat::Enable]".
>
> Any ideas?
>
> Doug.
>
>
> On Thu, Oct 20, 2011 at 2:46 PM, Aaron Grewell
> wrote:
>> I suspect you may want a separate class, something like tomcat::enable
>> to handle the service independently.
>>
>> On Thu, Oct 20, 2011 at 1:55 PM, Douglas Garstang
>> wrote:
>>> All,
>>>
>>> I have a tomcat module, and another module, containing a tomcat
>>> application called OpenAM. In the OpenAM module, I 'require' the
>>> tomcat module, which ensures that all the tomcat bits are in place
>>> before trying to install the OpenAM bits.
>>>
>>> That works great except the tomcat bits includes the tomcat
>>> service. I want the OpenAM module to require the tomcat module, but I
>>> don't want the tomcat service to start until the OpenAM module is
>>> complete.
>>>
>>> What's the best practice way to arrange this?
>>>
>>> Doug.
>>>
>>> --
>>> You received this message because you are subscribed to the Google Groups
>>> "Puppet Users" group.
>>> To post to this group, send email to puppet-users@googlegroups.com.
>>> To unsubscribe from this group, send email to
>>> puppet-users+unsubscr...@googlegroups.com.
>>> For more options, visit this group at
>>> http://groups.google.com/group/puppet-users?hl=en.
>>>
>>>
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To post to this group, send email to puppet-users@googlegroups.com.
>> To unsubscribe from this group, send email to
>> puppet-users+unsubscr...@googlegroups.com.
>> For more options, visit this group at
>> http://groups.google.com/group/puppet-users?hl=en.
>>
>>
>
>
>
> --
> Regards,
>
> Douglas Garstang
> http://www.linkedin.com/in/garstang
> Email: doug.garst...@gmail.com
> Cell: +1-805-340-5627
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Module Dependency with a service
I suspect you may want a separate class, something like tomcat::enable to handle the service independently. On Thu, Oct 20, 2011 at 1:55 PM, Douglas Garstang wrote: > All, > > I have a tomcat module, and another module, containing a tomcat > application called OpenAM. In the OpenAM module, I 'require' the > tomcat module, which ensures that all the tomcat bits are in place > before trying to install the OpenAM bits. > > That works great except the tomcat bits includes the tomcat > service. I want the OpenAM module to require the tomcat module, but I > don't want the tomcat service to start until the OpenAM module is > complete. > > What's the best practice way to arrange this? > > Doug. > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Puppet on Centos 6.0
It also depends on how many machines you're managing. If you've got very many I'm with John: don't cross the streams. It's so easy to make RPMs from gems that there's really no reason not to if you need a newer version than what's provided. On Tue, Oct 18, 2011 at 10:14 AM, Craig White wrote: > > On Oct 18, 2011, at 6:19 AM, jcbollinger wrote: > >> >> >> On Oct 17, 3:03 pm, Russell Van Tassell wrote: >>> Personally, I've had better luck letting gem managed its own gems, rather >>> than depending on Yum repositories (specifically on CentOS). >>> >>> I'd take a list of the Ruby gems you've installed via rpm (rpm -q -a | grep >>> ruby) and then consider installing them directly, as so: >>> >>> % sudo gem install mysql >>> % sudo gem list >> >> >> I, on the other hand, would recommend avoiding gems altogether if >> you're using the system's Ruby (i.e. one you installed from an RPM, >> whether via yum or otherwise). Ruby modules installed via RPM are not >> (should not be) gems. Using both gem and rpm to manage the same Ruby >> installation is begging for trouble. > > probably depends upon your ruby needs. If all you need is puppet then this > might be reasonable but if you are actually doing anything else with ruby, > you are going to need access to many gems that aren't going to be available > in rpm packages or like many other things with OS distribution packages, may > be very outdated. > > The ruby community has been extremely active in solving the complexities > involved in deploying all things ruby and things like bundler and gem clearly > are more versatile on virtually every platform. > > Craig > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet node fails to pass facts to master
Make sure you have all the lsb packages installed. That's usually
what causes LSB facts not to resolve.
On Tue, Oct 18, 2011 at 6:22 AM, Yann H wrote:
> Hello Puppet list,
>
> I am taking over the puppet configuration of a sysadmin who left, and
> am having troubles deploying puppet to a new node. We are using puppet
> v2.7.3 both on the client and the puppetmaster, on Ubuntu 10.10.
> The node asks for a certificate fine, and I signed it on the
> puppetmaster.
> For the following logs extract I ve replaced the FQDN of my node by
> puppet.example.com.
>
> When doing a puppet run I am getting the following error:
>
> err: Could not retrieve catalog from remote server: Error 400 on
> SERVER: Failed to parse template linux/dput.cf.erb: Could not find
> value for 'lsbdistid' at 2:/etc/puppet/modules/linux/templates/
> dput.cf.erb at /etc/puppet/modules/linux/manifests/dput.pp:7 on node
> puppetnode.example.com
>
> The line in dput.cf.erb is this one:
> # packages for <%= lsbdistid %> to a private repository (not the
> official
>
> So I guess there is a problem passing the $lsbdistid variable.
> Before I had another related error, it was complaining here:
>
> content => template($operatingsystem ? {
> Debian => "root/profile-linux.erb",
> Ubuntu => "root/profile-linux.erb",
> OpenBSD => "root/profile-openbsd.erb",
> default => "root/profile.erb" }),
>
> That root/profile.erb didn´ t exist. It is true it didn´ t exist, but
> being an Ubuntu node, it should ave picked the root/profile-linux.erb
> one, so I guess the $operatingsystem variable is not being passed
> correctly.
>
> On the puppetmaster I can see this:
>
> Oct 18 14:49:41 p41 puppet-master[6001]: Host is missing hostname and/
> or domain: puppetnode.example.com
>
> So I guess it is complaining because the puppet node is not passing
> the appropriate facts...
> However on the puppet node:
>
> root@plista47 /etc/puppet # sudo facter -p | egrep "(operatingsystem|
> lsbdistid|hostname|domain)"
> domain => example.com
> hostname => puppetnode
> lsbdistid => Ubuntu
> operatingsystem => Ubuntu
> operatingsystemrelease => 10.10
>
> There is no file for that node in /var/lib/puppet/yaml/facts/ .
> "Puppetnode.example.com" resolves both on the server and the client,
> as well as "puppetnode", to the external IP address of the puppet
> node.
>
> My best guess is that for some reason, the client fails to send its
> facts to the master, and the master fails to compile because of this.
> I am out of ideas as to why this is happening though...
>
> Hope someone here will be more inspired!
> Thanks
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] file server not right directory?
IIRC the mysql user gets created by the mysql rpm, so your file will have to
require Package['mysql-server'] and possibly mysql-client as well.
On Wed, Oct 12, 2011 at 3:09 PM, olympus stance wrote:
> Hello Nathan,
>
> I tried that:
> here is mysql-server.pp
> ---
>
> class mysql-server {
>
> package { "mysql-server": ensure => installed }
> package { "mysql-client": ensure => installed }
> service { "mysql":
> enable => true,
>
> require => Package["mysql-server"],
> }
>
> file { "/etc/mysql":
> ensure => directory,
> mode => 0755,
> owner => root,
> group => root,
> }
>
> file { "/etc/mysql/my.cnf":
> source => "puppet:///modules/mysql-server/my.cnf",
> owner => "mysql", group => "mysql",
> mode => 644,
> notify => Service["mysql"],
> require => File["/etc/mysql"]
> }
>
>
> exec { "set-mysql-password":
> path => ["/bin", "/usr/bin"],
> command => "mysqladmin -uroot password secret",
> }
>
>
> exec { "set-nagios-password":
> path => ["/bin", "/usr/bin"],
> command => "/usr/bin/mysql -u root -e \"CREATE USER 'nagios'@'%'
> IDENTIFIED BY 'secret';\"",
> }
>
>
> }
>
>
>
>
> Here is is the output on the client:
> ---
> root@pclient:~# puppetd --no-daemonize --verbose
> notice: Starting Puppet client version 2.7.5
> info: Caching catalog for pclient.local.net
> info: Applying configuration version '1318457031'
> notice: /Stage[main]/Mysql-server/File[/etc/mysql]/ensure: created
> err: /Stage[main]/Mysql-server/File[/etc/mysql/my.cnf]/ensure: change from
> absent to file failed: Could not set 'file on ensure: Could not find user
> mysql at /etc/puppet/modules/mysql-server/manifests/init.pp:23
> notice: /Stage[main]/Mysql-server/Package[mysql-client]/ensure: ensure
> changed 'purged' to 'present'
> notice: /Stage[main]/Mysql-server/Package[mysql-server]/ensure: ensure
> changed 'purged' to 'present'
> notice: /Stage[main]/Mysql-server/Exec[set-nagios-password]/returns:
> executed successfully
> info: FileBucket adding {md5}1090e28a70ebaae872c2ec78894f49eb
> info: /Stage[main]/Sudo/File[/etc/sudoers]: Filebucketed /etc/sudoers to
> main with sum 1090e28a70ebaae872c2ec78894f49eb
> notice: /Stage[main]/Sudo/File[/etc/sudoers]/content: content changed
> '{md5}1090e28a70ebaae872c2ec78894f49eb' to
> '{md5}36bd2385741a3f03c08b7b6729ae8df5'
> notice: /Stage[main]/Mysql-server/Exec[set-mysql-password]/returns:
> executed successfully
> notice: /Stage[main]/Mysql-server/Service[mysql]: Dependency
> File[/etc/mysql/my.cnf] has failures: true
> warning: /Stage[main]/Mysql-server/Service[mysql]: Skipping because of
> failed dependencies
> info: Creating state file /var/lib/puppet/state/state.yaml
> notice: Finished catalog run in 28.63 seconds
>
>
>
> Note that mysql does run and i am able to log into it, but my.cnf does not
> get imported
>
>
>
>
>
> On Wed, Oct 12, 2011 at 5:55 PM, Nathan Clemons wrote:
>
>> Try:
>>
>> file { "/etc/mysql":
>> ensure => directory,
>> mode => 0755,
>> owner => root,
>> group => root,
>> }
>>
>> file { "/etc/mysql/my.cnf":
>> source => "puppet:///modules/mysql-server/my.cnf",
>> owner => "mysql", group => "mysql",
>> mode => 644,
>> notify => Service["mysql"],
>> require => File["/etc/mysql"]
>> }
>>
>> --
>> Nathan Clemons
>> http://www.livemocha.com
>> The worlds largest online language learning community
>>
>>
>>
>> On Wed, Oct 12, 2011 at 2:49 PM, olympus stance > > wrote:
>>
>>> Hi Jacob,
>>>
>>> My init.pp file is a symbolic link to the mysql-server.pp in the classes
>>> directory. It looks like this:
>>>
>>> ---
>>> class mysql-server {
>>>
>>> package { "mysql-server": ensure => installed }
>>> package { "mysql-client": ensure => installed }
>>> service { "mysql":
>>> enable => false,
>>> require => Package["mysql-server"],
>>>
>>> }
>>>
>>> file { "/etc/mysql/my.cnf":
>>> source => "puppet:///modules/mysql-server/my.cnf",
>>> owner => "mysql", group => "mysql",
>>> mode => 644,
>>> notify => Service["mysql"],
>>> }
>>>
>>>
>>>
>>> exec { "run-mysqld":
>>> path => ["/bin", "/usr/sbin"],
>>> command => "/usr/sbin/mysqld &",
>>> }
>>>
>>> exec { "set-mysql-password":
>>> path => ["/bin", "/usr/bin"],
>>> command => "mysqladmin -uroot password secret",
>>> }
>>>
>>>
>>> exec { "set-nagios-password":
>>> path => ["/bin", "/usr/bin"],
>>> command => "/usr/bin/mysql -u root -e \"CREATE USER 'nagios'@'%'
>>> IDENTIFIED BY 'secret';\"",
>>> }
>>>
>>>
>>> }
>>> ---
>>>
>>>
>>> It looks like it does indeed try to create the my.cnf file before mysql
>>> gets installed. How can i rectify that
>>>
>>> Thanks!!
>>>
>>>
>>> On Wed, Oct 12, 2011 at 5:37 PM, Jacob Helwig wrote:
>>>
Re: [Puppet Users] Issues switching over to using environments
No, as I understand it environments are designed to be completely
independent of one another. The idea is that you wouldn't want changes in
testing or qa to be able to affect production for any reason. So it's
expected that there would be duplication across environments due to SLA
differences between the environments.
On Tue, Oct 11, 2011 at 6:29 PM, Gonzalo Servat wrote:
> Thanks Dan. I thought Puppet may have a way to automagically search for a
> file based on environment first (e.g. modules/nfs/$environment/foo), then a
> default as specified by source (e.g. modules/nfs/foo). I can see how what
> you pasted helps, but it could become tedious having to specify the search
> path in various places.
>
>
> On Wed, Oct 12, 2011 at 12:14 PM, Dan White wrote:
>
>> http://docs.puppetlabs.com/references/stable/type.html#file
>>
>> under "source"
>>
>> If you specify multiple file sources for a file, then the first source
>> that exists will be used. This allows you to specify what amount to search
>> paths for files:
>>
>> file { "/path/to/my/file":
>> source => [
>> "/modules/nfs/files/file.$host",
>> "/modules/nfs/files/file.$operatingsystem",
>> "/modules/nfs/files/file"
>> ]
>> }
>>
>> This will use the first found file as the source.
>>
>> On Oct 11, 2011, at 5:43 PM, Gonzalo Servat wrote:
>>
>> Somewhat related to this, is there a way for Puppet to source files in
>> this manner:
>>
>> First: /etc/puppet/modules//$environment/
>> Default: /etc/puppet/modules//
>>
>> Just to avoid having the same directory structure under
>> /etc/puppet/$environment/ as Deven has done.
>>
>> Best regards,
>> Gonzalo
>>
>> On Wed, Oct 12, 2011 at 8:26 AM, Deven Phillips > > wrote:
>>
>>> Jacob,
>>>
>>>That was the problem!! Thanks so much for the help. And Aaron and
>>> everyone else as well. Much appreciated!!
>>>
>>> Deven
>>>
>>> On Tue, Oct 11, 2011 at 3:56 PM, Deven Phillips
>>> wrote:
>>> > Trying that out now.. I will respond back in a bit with results.
>>> >
>>> > Thanks!!!
>>> >
>>> > Deven
>>> >
>>> > On Tue, Oct 11, 2011 at 3:42 PM, Jacob Helwig
>>> wrote:
>>> >> The layout should look something more like this:
>>> >>
>>>
>>> /etc/puppet/prod/modules/$module_name/files/generic_node/etc/ssh/sshd_config
>>> >>
>>> >> With the source lines looking like:
>>> >> puppet://lou1/modules/$module_name/generic_node/etc/ssh/sshd_config
>>> >>
>>> >>
>>> >> If you wanted 'generic_node' to be the name of the module, then you'd
>>> >> have the layout as
>>> >>
>>> >> /etc/puppet/prod/modules/generic_node/files/etc/ssh/sshd_config
>>> >>
>>> >> and the source line as
>>> >>
>>> >> puppet://lou1/modules/generic_node/etc/ssh/sshd_config
>>> >>
>>> >> --
>>> >> Jacob Helwig
>>> >>
>>> >> On Tue, 11 Oct 2011 15:26:16 -0400, Deven Phillips wrote:
>>> >>> Date: Tue, 11 Oct 2011 15:26:16 -0400
>>> >>> From: Deven Phillips
>>> >>> To: puppet-users@googlegroups.com
>>> >>> Subject: Re: [Puppet Users] Issues switching over to using
>>> environments
>>> >>> Message-ID: <
>>> cajw+4nd2kwpgc5-mre1k23of_ym9equbaa+09xmukzkou-o...@mail.gmail.com>
>>> >>>
>>> >>> The manifest which calls this looks like:
>>> >>>
>>> >>> file {"/etc/ssh/sshd_config":
>>> >>> owner => "root",
>>> >>> group => "root",
>>> >>> mode=> "0644",
>>> >>> ensure => "present",
>>> >>> source =>
>>> >>> "puppet://lou1/modules/files/generic_node/etc/ssh/sshd_config",
>>> >>> require => Package['openssh'],
>>> >>> notify => Service['ssh'],
>>> >>> }
>>> >>>
>>> >>> And the current error on the agent node shows:
>>> >>>
>>> >>> err: /Stage[main]/Secureshell/File[/etc/ssh/sshd_config]: Could not
>>> >>> evaluate: Could not retrieve information from environment production
>>> >>> source(s)
>>> puppet://lou1/modules/files/generic_node/etc/ssh/sshd_config
>>> >>> at /etc/puppet/prod/manifests/classes/ssh.pp:55
>>> >>>
>>> >>>
>>> >>> TIA,
>>> >>>
>>> >>> Deven
>>> >>>
>>> >>> On Tue, Oct 11, 2011 at 3:23 PM, Deven Phillips
>>> >>> wrote:
>>> >>> > Nope, that didn't seem to help the way I tried it... So, here's my
>>> layout:
>>> >>> >
>>> >>> > /etc/puppet/
>>> >>> > prod/
>>> >>> > modules/
>>> >>> > files/
>>> >>> > generic_node/
>>> >>> >
>>> etc/
>>> >>> >
>>> ssh/
>>> >>> >
>>> >>> > sshd_config
>>> >>> >
>>> >>> > From a machine which is using "production" as it's environment, and
>>> >>> > production points to "prod/modules" for it's modules; I still get
>>> >>> > errors trying to get the sshd_config file.
>>> >>> >
>>> >>> > TIA!!
>>> >>> >
>>> >>> > Deven
>>> >>> >
>>> >>
>>> >
>>>
>>> --
>>> You received this message because you are subscribed to the Google Groups
>>> "Puppet Users" group.
>>> To post to this group, send email to puppet-users@googlegroups.com.
Re: [Puppet Users] update vulnerable packages only if installed
How annoying. You could hack it up after installing yum-changelog with 'yum changelog 1 | grep CVE' I guess. Not pretty. On Mon, Oct 10, 2011 at 2:36 PM, Jo Rhett wrote: > yum-security doesn't work with CentOS. > > On Oct 10, 2011, at 1:18 PM, Aaron Grewell wrote: > > AFAIK there's no native way. I would do this with a set of defines wrapped > around the yum-security package (which allows you to list and operate on > security updates only). > > On Mon, Oct 10, 2011 at 12:22 PM, Jo Rhett wrote: > >> Am I overlooking a native way to update vulnerable packages only if they >> are already installed? There's no option to set a package to 'latest' only >> if installed. OnlyIf and Unless don't operate on package resources. >> (Yum/CentOS but I imagine the issue is the same for all platforms) >> >> No, running a "yum upgrade all" is not plausible. Maintaining a list of >> packages which should be upgraded is plausible and expected. >> >> The obvious thing seems to be creatinga ruby fact that loads all packages >> into facts and then doing the logic based around that, but Luke and other >> have expressed concerns over doing this in the past. Is there a better way? >> >> -- >> Jo Rhett >> Net Consonance : consonant endings by net philanthropy, open source and >> other randomness >> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To post to this group, send email to puppet-users@googlegroups.com. >> To unsubscribe from this group, send email to >> puppet-users+unsubscr...@googlegroups.com. >> For more options, visit this group at >> http://groups.google.com/group/puppet-users?hl=en. >> > > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > > -- > Jo Rhett > Net Consonance : consonant endings by net philanthropy, open source and > other randomness > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] update vulnerable packages only if installed
AFAIK there's no native way. I would do this with a set of defines wrapped around the yum-security package (which allows you to list and operate on security updates only). On Mon, Oct 10, 2011 at 12:22 PM, Jo Rhett wrote: > Am I overlooking a native way to update vulnerable packages only if they > are already installed? There's no option to set a package to 'latest' only > if installed. OnlyIf and Unless don't operate on package resources. > (Yum/CentOS but I imagine the issue is the same for all platforms) > > No, running a "yum upgrade all" is not plausible. Maintaining a list of > packages which should be upgraded is plausible and expected. > > The obvious thing seems to be creatinga ruby fact that loads all packages > into facts and then doing the logic based around that, but Luke and other > have expressed concerns over doing this in the past. Is there a better way? > > -- > Jo Rhett > Net Consonance : consonant endings by net philanthropy, open source and > other randomness > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Dealing with sensitive data
Now that sounds cool. On Mon, Oct 3, 2011 at 3:42 PM, R.I.Pienaar wrote: > > > it would be pretty trivial to create an encrypted hiera backend that > can only be decrypted by machines that have a key stored on their disks. > > You'd check into SCM the encrypted file and on your masters store the > decrypt > key > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
