Re: [Puppet Users] Re: Open Source Team planning meeting summary
On 5/31/2011 7:19 PM, Nigel Kersten wrote: On Tue, May 31, 2011 at 5:08 PM, Jacob Helwig ja...@puppetlabs.com mailto:ja...@puppetlabs.com wrote: On Thu, 26 May 2011 09:38:28 -0700, Jacob Helwig wrote: As promised yesterday, here are the results of our first planning meeting. Right now, we're loosely following a Scrum style of development. With the current one-week iteration's backlog outlined below. * #2128 - Allow arbitrary fact as node_name identifier * #7224 - Bad english: hostname was not match with the server certificate * #4416 - Resources cannot be used on the run where they are synced * Package type V2 (apt) * Package type V2 (dpkg) * Package type V2 (aptitude) We're trying to work on things that we know have annoyed people using Puppet. We are very open to any suggestions on what to add to the following iterations, so please vote on tickets in Redmine[1], and comment on these updates. The Package type V2 items don't currently have any tickets in Redmine, but the goal will be to clean up the current package type in the hopes of having a clean, modern and well tested type, and set of providers that people can use as a reference when writing their own. If the experiment in refactoring the package type, and the apt, aptitude, and dpkg providers goes well, we plan on continuing on to the rest of the providers. In addition to the iteration backlog, #7670 and #7681 have become priorities that we will be addressing as soon as we can. * #7670 - operatingsystem fact incorrect after clear on Ubuntu * #7681 - Regression, arrays and variables [1] http://projects.puppetlabs.com Just a quick reminder that we're going to have our planning meeting tomorrow. If you'd like to influence what we end up prioritizing for ourselves for the coming week, please speak up. I could be wrong, but I imagine people would quite like to see this issue fixed: http://projects.puppetlabs.com/issues/7127 where the prerun_command exiting non-zero doesn't block the run, and I believe the postrun_command doesn't change the report status to failed. #7670, and #7681 have both been fixed, and merged into the appropriate branches to be released. I've had one suggestion of working on #650 (Puppet replaces conf directories when they are symlinks). Right now, the back-log looks the same as it did last wednesday due to the two blockers popping up, and the long holiday weekend here in the States. Apologize for not having a bug number for this, but I recall that web-of-trust (intermediate CAs) did not work with Puppet as is. If that's true, that's a long-standing one I'd like to see fixed... -Alan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Open Source Team planning meeting summary
On 5/31/2011 9:07 PM, Jacob Helwig wrote: On Tue, 31 May 2011 20:56:47 -0600, Alan Sparks wrote: On Tue, May 31, 2011 at 5:08 PM, Jacob Helwig ja...@puppetlabs.com mailto:ja...@puppetlabs.com wrote: Just a quick reminder that we're going to have our planning meeting tomorrow. If you'd like to influence what we end up prioritizing for ourselves for the coming week, please speak up. Apologize for not having a bug number for this, but I recall that web-of-trust (intermediate CAs) did not work with Puppet as is. If that's true, that's a long-standing one I'd like to see fixed... -Alan I think you're talking about #3143. http://projects.puppetlabs.com/issues/3143 Looks right... we need that where I work, is a killer if that has to wait for a 2.7ish.mumble release... -Alan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Definitions in External Nodes
On 8/30/2010 9:44 AM, Nigel Kersten wrote: This is much clearer now. Can you not solve this problem with extlookup now rather than having to write custom functions? Either key the relevant data off a base variable, or set the key to lookup info for in the external node provider? I like this approach because it keeps the data and the model nicely separated, rather than whacking data into the external node provider. If the extlookup() function supported other than just CSV files now, it would be more attractive. My instance, most of this information has to be derived in the external node classifier, this would entail some sort of periodic extraction to generate the extra data source. Besides, isn't the node classifier intended to provide the driving data (e.g., parameters) for the models? As well as calling out the nodes classes? -Alan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] parameterized class, external nodes?
How do you (if you can) represent a parameterized class reference in an external node YAML description (exec terminus)? -Alan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] 2.6, parameterized classes, external nodes
The release notes do not mention whether the external node classifier system now supports parameterized classes, and if so, what the syntax expected would be to use it. Is this supported? Also, the release notes indicate with respect to parameterized classes: with the significant difference that definitions have multiple instances whilst classes remain singletons. Many of us have the problem of needing to simulate the instantiation of definitions via external nodes (e.g., the multiple Apache vhosts situation, or multiple service instantiations with unique configurations). Since these are singletons, I'm guessing parameterized classes won't help in solving this problem... Does 2.6 provide any new support toward solving it? Thanks. -Alan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] 0.24.8: puppetd --onetime and schedules?
I have a custom schedule to apply changes to various classes (e.g., File { schedule = normal }). This works fine for puppetd running as a daemon. However, I note that if I run puppetd with the --onetime option, it applies none of my actions. puppetd --test will apply them, and the normal puppetd run by the daemon will as well (just a few minutes later). Is there an issue with --onetime and schedules? Is there something else that needs to be supplied to make --onetime work as expected (aside from --ignoreschedules; I don't want to ignore schedule limitations, I'd like to apply whatever would apply that the schedule would permit). If I can provide more details, please let me know. -Alan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] 2.6, parameterized classes, external nodes
Patrick Mohr wrote: On Jul 21, 2010, at 5:44 PM, Alan Sparks wrote: Many of us have the problem of needing to simulate the instantiation of definitions via external nodes (e.g., the multiple Apache vhosts situation, or multiple service instantiations with unique configurations). Since these are singletons, I'm guessing parameterized classes won't help in solving this problem... Does 2.6 provide any new support toward solving it? Now I'm confused. Isn't a parameterized class the same as a define except for the class being a singleton? So what does that mean exactly? Can you do: class { myclass: name = foo, myval = one } class { myclass: name = baz, myval = two } And instantiate a set of unique resources? -Alan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] 0.24.8: puppetd --onetime and schedules?
Ryan Dooley wrote: Howdy Alan, On 7/21/2010 6:04 PM, Alan Sparks wrote: Is there an issue with --onetime and schedules? Is there something else that needs to be supplied to make --onetime work as expected (aside from --ignoreschedules; I don't want to ignore schedule limitations, I'd like to apply whatever would apply that the schedule would permit). I pretty much use this setup. My clients run randomly once an hour for most operations. Disk intensive operations (package installs) are dealt with during the configured schedule. My configuration has something that looks like this: class Foo { package { bar: schedule = daily, ensure = present; } } any operation that I want to restrict includes the schedule. Cheers, Ryan And are you using --onetime to trigger these random runs, via cron or something? -Alan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Export resource issue - more than one of content, source, target
Alan Sparks wrote: I'm trying to create an exported file resource and receiving a vague error message: Apr 5 18:01:04 ny4-dev-util01 puppetd[12860]: Could not run Puppet configuration client: You cannot specify more than one of content, source, target at line 102 A puppet client (it's 0.24.8) is creating the following resource: @@file { mlwormbackup_$fqdn: mode= 644, owner = root, group = root, ensure = $worm_backup_enabled, path= /root/ml_backup_hosts/$fqdn, content = HOST=$fqdn\nCLEAR=$my_clear_shortname\nCLIENT=$my_bd_shortname\n, tag = mlwormbackup, } Another server (this is a 0.25.4 puppet) has the following in its node definition: File | tag == mlwormbackup | All are running against a 0.25.4 puppetmaster. We're in process of testing migration of all to 0.25. The message makes no sense to me. The resource only has a content parameter, no source or target. Why is the 0.25 puppet (or the puppetmaster?) complaining about more than one of anything? I've looked for duplicate instances of this resource, emptied the storeconfigs database completely, and still cannot locate the source of this message. Is there some incompatibility in stored configs between 0.24 and 0.25 clients? Thanks in advance for any advice. -Alan Actually the problem was the value of ensure. That was getting set to true or false (set by a boolean test). Puppet saw true, and threw that error message (not very helpful, oh well). Fixing it to a conditional file or absent helped. Thanks Ken for making me think in that direction. -Alan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Export resource issue - more than one of content, source, target
I'm trying to create an exported file resource and receiving a vague error message: Apr 5 18:01:04 ny4-dev-util01 puppetd[12860]: Could not run Puppet configuration client: You cannot specify more than one of content, source, target at line 102 A puppet client (it's 0.24.8) is creating the following resource: @@file { mlwormbackup_$fqdn: mode= 644, owner = root, group = root, ensure = $worm_backup_enabled, path= /root/ml_backup_hosts/$fqdn, content = HOST=$fqdn\nCLEAR=$my_clear_shortname\nCLIENT=$my_bd_shortname\n, tag = mlwormbackup, } Another server (this is a 0.25.4 puppet) has the following in its node definition: File | tag == mlwormbackup | All are running against a 0.25.4 puppetmaster. We're in process of testing migration of all to 0.25. The message makes no sense to me. The resource only has a content parameter, no source or target. Why is the 0.25 puppet (or the puppetmaster?) complaining about more than one of anything? I've looked for duplicate instances of this resource, emptied the storeconfigs database completely, and still cannot locate the source of this message. Is there some incompatibility in stored configs between 0.24 and 0.25 clients? Thanks in advance for any advice. -Alan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Quiesce Puppet?
Douglas Garstang wrote: Is there a way to quiesce the puppet daemon, such that it stays running, but does not run updates, until instructed again to do so? We have puppet deploying our software, and would like to quiesce puppetd so that it doesn't restart services etc until after the upgrade is done. Doug. Use puppetd --disable and puppetd --enable. -Alan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] tidy -- ignoring sockets?
Luke Kanies wrote: On Feb 26, 2010, at 12:07 PM, Alan Sparks wrote: Since tidy does not have a parameter for directories or files to ignore, and there's no option to specify the types of files to consider, is there any way short of hacking the code to eliminate these errors? I don't think so. I basically threw that failure in there because I wasn't sure what the behaviour should be for anything other than the standard file types. It'd be pretty easy to fix tidy to behave appropriately if you can describe how it should actually behave. Well, if it can be deleted, I'd think it is fair game. I'd say I really need, at least, /some/ exclusionary mechanism. If I had a complementary exclude pattern filter, I could probably solve most (if not all) of this issues. Some means of regex matching a basename... a potentially useful consideration might be a pruning mechanism, like -prune on find. -Alan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] ssh_authorized_key - same key, different accounts?
Puppet 0.24.8... I am trying to use ssh_authorized_key to create passwordless logins for a couple of accounts. The important thing to note is I'm trying to get the source (r...@somehost below) as part of the key, and the same key needs to be added to two different accounts on the system. It appears that the resource name is the only place I can set the originating source (whatever the correct term is) for the key. ssh_authorized_key { r...@somehost: ensure = present, type= ssh-rsa, target = '/home/xx/.ssh/authorized_keys', key = ' removed for brevity xxx', user= xx, require = User[xx] } So the above will create an authorized_keys value like: ssh-rsa removed for brevity xxx r...@somehost But if I need the same key installed for a different user, I'm stuck -- I can't use the same resource name to create the r...@somehost restriction. And I can't see another way to specify that value. Is there any way to accomplish this, without abandoning ssh_authorized_key? Thanks in advance. -Alan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] tidy -- ignoring sockets?
I've a tidy resource for /tmp under 0.24.8, which throws errors each run due to a socket file created by xfs under /tmp/.font-unix/. It's relatively harmless, but it fills the logs with error messages... /var/log/messages.4:Jan 31 04:01:34 vm03 puppetd[15362]: (//Node[vm03]/Tidy::Olderthan[/tmp]/Tidy[/tmp/.font-unix/fs7100]/ensure) change from /tmp/.font-unix/fs7100(age)1264176925 to anything failed: Cannot tidy files of type socket Since tidy does not have a parameter for directories or files to ignore, and there's no option to specify the types of files to consider, is there any way short of hacking the code to eliminate these errors? -Alan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] What does it take to use a second fileserver?
I've a manifest that is trying to use a fileserver resource I've configured on a second puppetmaster. The second puppetmaster is actually working as the main puppetmaster for my domain - this new puppetmaster is one I've set up to test migrating to new manifests. Unfortunately, I've re-entered SSL hell trying to access the software fileserver on the second puppetmaster: Failed to retrieve current state of resource: Certificates were not trusted: certificate verify failed Could not describe /software/stock-rx-db.sql: Certificates were not trusted: certificate verify failed Trying to use a reference like: source = puppet://$my_sw_fileserver/software/stock-rx-db.sql This is on Puppet 0.24.8. Is there something special that needs to be done to have a Puppet client trust a second fileserver/puppetmaster? Thanks in advance for any advice. -Alan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] What does it take to use a second fileserver?
Dan Bode wrote: On Sun, Jan 31, 2010 at 11:13 AM, Alan Sparks aspa...@doublesparks.net mailto:aspa...@doublesparks.net wrote: I've a manifest that is trying to use a fileserver resource I've configured on a second puppetmaster. The second puppetmaster is actually working as the main puppetmaster for my domain - this new puppetmaster is one I've set up to test migrating to new manifests. To simplify an environment with multi puppetmasters, your primary puppetmaster should serve as the CA for all clients as well the secondary puppet masters. you can disable the CA functionality on the secondary puppet masters as follows. [puppetmasterd] ca = false Since the secondary puppetmaster in this case is running as a primary legacy puppetmaster for clients, this will likely break them, correct? then the clients should specify which CA they will use [puppetd] ca_server = primarypuppetmaster.blah.net http://primarypuppetmaster.blah.net the secondary puppet masters should authenticate with the primary puppetmaster before any clients connect. I don't understand this statement - authenticate how? Thanks for the response. -Alan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Puppetrun with parameters
Are there any examples of how something like this would work? Can't seem to grasp it from documentation, how I could creat a tag like apache_broken and apply that to something that would force a restart of the service. The issue is, ensure is not adequate, since the service could appear to be running but is actually failing... Thanks for the hint. -Alan RijilV wrote: 2008/11/24 Alan Sparks [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] This is a sort of open-ended question, to find out if the concept is possible or has been done... I have used cfengine in the past to do assisted autorecovery of systems, by integrating Hobbit paging with cfrun. In those cases, I've added classes to cfengine rules to use dynamically-defined classes as hints to cfengine that a problem exists, and to run appropriate recovery actions (like force-restarting a service). Is such a concept feasible with Puppet, and with puppetrun? I'm not sure how I could pass something (a fact?) through puppetrun and trigger some action on a puppet instance on a remote host. Interested in any comments, experience, or thoughts anyone has on this. Thanks in advance. -Alan You could do this a number of ways. puppetrun allows you to just specify the 'tag' you want to run. Every class also creates a tag of the same name, so for instance lets say apache croaks for whatever reason, and you have a class for apache that says the service aught to be running, you'd just do puppetrun -t apache and presto. There are a couple of other options for puppetrun you might find useful, I suggest you take a glance at that manual page for it, some useful examples in there too. .r' --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---