[Puppet Users] aptitude provider ignores some bad package names
Hi,
for some (mistyped?) bad package names the aptitude provider does not fail.
Example manifest:
Package {
provider = 'aptitude',
ensure = 'latest',
}
package {qt4:
ensure = latest,
}
# puppet agent --test
...
notice: /Stage[main]//Package[qt4]/ensure: ensure changed 'purged' to 'latest'
...
# aptitude install qt4
Reading package lists... Done
Building dependency tree
Reading state information... Done
Reading extended state information
Initializing package states... Done
Couldn't find package qt4, and more than 40
packages contain qt4 in their name.
Couldn't find package qt4, and more than 40
packages contain qt4 in their name.
No packages will be installed, upgraded, or removed.
0 packages upgraded, 0 newly installed, 0 to remove and 11 not upgraded.
Need to get 0B of archives. After unpacking 0B will be used.
Reading package lists... Done
Building dependency tree
Reading state information... Done
Reading extended state information
Initializing package states... Done
If I use foobar as package name it complains about non-existing package.
regards, Andreas
--
Andreas Kuntzagk
SystemAdministrator
MDC Berlin / BIMSB
Tel.: +49 30 9406 2997
--
You received this message because you are subscribed to the Google Groups Puppet
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] duplicated ssh host keys
Thanks, that fixed this.
Stefan Schulte wrote:
On Fri, Aug 05, 2011 at 03:51:36PM +0200, Andreas Kuntzagk wrote:
Hi,
I'm managing hosts ssh keys by using exported resources.
I do this with this little config I found in the interWeb:
...
@@sshkey { $hostname,$ipaddress,$hostname-ext,$ipaddress_eth2: type = dsa,
key = $sshdsakey }
...
Sshkey | |
You should only use $hostname as the resource title. What you want to do
is
@@sshkey { $hostname:
ensure = present,
type = dsa,
key = $sshdsakey,
host_aliases = [ $ipaddress, $hostname-ext, $ipaddress_eth2 ],
}
The problem is, that you specified host_aliases in the title and puppet
doesnt warn you about that. This should be fixed in 2.7.0
(https://projects.puppetlabs.com/issues/2495)
-Stefan
--
Andreas Kuntzagk
SystemAdministrator
MDC Berlin / BIMSB
Tel.: +49 30 9406 2997
--
You received this message because you are subscribed to the Google Groups Puppet
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] duplicated ssh host keys
Hi,
I'm managing hosts ssh keys by using exported resources.
I do this with this little config I found in the interWeb:
...
@@sshkey { $hostname,$ipaddress,$hostname-ext,$ipaddress_eth2: type = dsa,
key = $sshdsakey }
...
Sshkey | |
Unfortunately the keys are duplicated every time puppet runs. Is this a bug in
puppet or is that config bad?
regards, Andreas
--
Andreas Kuntzagk
SystemAdministrator
MDC Berlin / BIMSB
Tel.: +49 30 9406 2997
--
You received this message because you are subscribed to the Google Groups Puppet
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] using memorysize fact in manifests
Hi,
I want some config depending on memorysize.
What I tried was
if ($memorysize = 256 * 1024*1024) {
...
}
But this fails because $memorysize is a string (and contains a G) and can't be
compared to an int.
Are all facts strings? How do I work with numbers?
regards, Andreas
--
Andreas Kuntzagk
SystemAdministrator
MDC Berlin / BIMSB
Tel.: +49 30 9406 2997
--
You received this message because you are subscribed to the Google Groups Puppet
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: howto trigger action on another client
Hi On Jun 27, 9:37 am, Andreas Kuntzagk andreas.kuntz...@mdc-berlin.de wrote: Thanks for these infos. I think I got at least a vague idea how this works and can already use it for some simple cases. One more question: If I define checks for the exported exec (like creates or onlyif will these run on the exporting agent or the executing agent? (my guess is the second but want to make sure) The 'unless' and / or 'onlyif' command will run on the same nodes that the main command runs on. Likewise the criterion implied by the 'creates' parameter is evaluated on the same nodes that the main command runs on. In all cases, that means these apply to the node(s) that *collect* the Exec resources. If this is the case is there a way to run the exec depending on some checks on the exporting agent? Certainly. Define one or more custom facts embodying the results of your tests (it's pretty easy). Distribute these via Puppet's pluginsync mechanism. Use conditionals based on the fact values to control whether the Exec's are exported, and / or to vary their parameters (e.g. setting unless = '/bin/true' is one way for the exporter to disable execution). In general, facts, including custom facts, are the Puppet means for providing nodes' state details to the puppetmaster. It's probably the clean puppet way(tm) to do it but to write custom facts you need to learn some Ruby. Currently I'd like to avoid learning yet another programming language. There are other ways the GridEngine master can test for the status of the client. regards, Andreas -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet 2.6.9 2.7.1 packages for Solaris
Mark Phillips wrote: I'm not sure what the deal is with sharing the /opt/csw space these days, so I'm afraid I can't comment on whether it will play ball or not. The dependency list isn't so large, so if you've got CSWruby on your machine you may find it all installs correctly. It's your choice I'm afraid Andreas - give it a go? I will stall this for now since my prio 1 is setting up puppet on our linux boxes. If later I'm able to config the solaris boxes as well that would be the icing on the cake. regards, Andreas Regards, --Mark On 24 Jun 2011, at 08:47, Andreas Kuntzagk wrote: For whatever reason I'm using the opensource packages from blastwave. AFAIU these are not to be mixed with opencsw. So I can't use your packages? regards, Andreas Mark Phillips wrote: CSW packages in experimental - http://buildfarm.opencsw.org/experimental.html#markp Both contain Dom Cleal's patched pkgutil[1] provider that supports 'source'[2] for -t alternative repositories. --Mark [1] https://github.com/domcleal/puppet/blob/tickets/master/8011/lib/puppet/provider/package/pkgutil.rb [2] http://projects.puppetlabs.com/issues/8011 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: howto trigger action on another client
Thanks for these infos. I think I got at least a vague idea how this works and
can already use it for some simple cases.
One more question:
If I define checks for the exported exec (like creates or onlyif will
these run on the exporting agent or the executing agent? (my guess is the second
but want to make sure)
If this is the case is there a way to run the exec depending on some checks on
the exporting agent?
regards, Andreas
jcbollinger wrote:
On Jun 24, 9:18 am, Andreas Kuntzagk andreas.kuntz...@mdc-berlin.de
wrote:
Daniel Maher wrote:
On 06/24/2011 03:39 PM, Andreas Kuntzagk wrote:
Exported resources are the Puppet means for one node to provide
resources for another. In this case, the execution host could export
an Exec resource for the master to collect and apply.
Hmm, in the (very short) time I've been working with puppet I have not
stumbled across exported resources. Any pointer where I should start
reading?
Exported resources are great fun. :)
http://docs.puppetlabs.com/guides/exported_resources.html
http://projects.puppetlabs.com/projects/1/wiki/Using_Stored_Configura...
According to these exported resources are somewhat similar to virtual resources.
Problem is until now I cannot wrap my brain arount virtual resources so I don't
understand the exported resources examples.
Exported resources are an extended version of virtual resources. It
took me a while to catch on to virtual resources, too, but once I got
it I realized how useful they are. I'll attempt to explain:
Normal resource declarations have two key aspects. First, they
describe a resource, and second, by their presence in a manifest they
indicate that that resource should be managed. For example,
user { john:
ensure = absent
}
describes a User resource whose username is john, and if it is
present in a node's manifest then that tells Puppet that the matching
user should be managed on that node -- in this case, User john must be
ensured absent from the node.
Virtual resources separate those key aspects. They allow a resource
to be declared (described) without specifying whether that resource
should be managed. For example,
@user { john:
ensure = absent
}
describes a User resource whose username is john, but by itself it
does not direct the Puppet agent to do anything about that user.
Elsewhere in the manifest, however, that user can be realized to
indicate to Puppet that yes, User [john] should indeed be managed
(in this example, poor john would then again be ensured absent).
Virtual resources that are not realized for a particular node have no
effect on that node.
There are at least two ways in which this is useful:
1) If there are resources that must be managed only on some nodes,
then it can be clean and convenient to declare them virtually, all in
one place, for all nodes, and then realize just the needed ones on
each node. This is a good alternative to bracketing each resource
with a complicated conditional statement.
2) Although resources, including virtual ones, can only be *declared*
once, virtual resources can be *realized* any number of times. For
instance, if you had several different classes that wanted to drop
files in /etc/cron.d/, then they might all want to ensure that that
directory is present. They can't all declare it, else the
declarations would collide. One possibility would be to declare it
virtually, and let all the classes realize it. (Another would be to
declare it concretely in a separate class, and have the other classes
each include that class.)
Exported resources are much like virtual ones. The main difference is
that exported resources can be collected by any node, not just the
node that declares them. For example, suppose you want all your nodes
to be listed in each other's /etc/hosts file. Each node knows its own
name and IP address (suppose for simplicity that it has only one), but
it doesn't a priori know the others'. You can do this:
# Export a Host resource describing this node:
@@host { $fqdn:
ip = $ipaddress,
host_aliases = $hostname,
ensure = present
}
# Collect all nodes' exported Host resources
# (including this node's)
Host | |
One of the major drawbacks of exported resources is that they require
persistent storage. Puppet uses a database for that, which is a bit
heavy. That's one reason why exported resources may not be worth the
trouble if this is your only use for them.
John
--
You received this message because you are subscribed to the Google Groups Puppet
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet 2.6.9 2.7.1 packages for Solaris
For whatever reason I'm using the opensource packages from blastwave. AFAIU these are not to be mixed with opencsw. So I can't use your packages? regards, Andreas Mark Phillips wrote: CSW packages in experimental - http://buildfarm.opencsw.org/experimental.html#markp Both contain Dom Cleal's patched pkgutil[1] provider that supports 'source'[2] for -t alternative repositories. --Mark [1] https://github.com/domcleal/puppet/blob/tickets/master/8011/lib/puppet/provider/package/pkgutil.rb [2] http://projects.puppetlabs.com/issues/8011 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] howto trigger action on another client
Hi, I want to automate installation of GridEngine with puppet. GE comes with some prepared script for automatic installation. Unfortunately this is to be run on the GE master to install the executions host (=clients). (This then will run some commands on the exec host via ssh) So from puppet's perspective if an agent on an execution host notices that GE is not installed but should it has to tell the agent on the GE master to run the install script. Is there an easy (puppet) way to do it? My idea is to have the exec host write its name into a file hosts_to_install on a common NFS and have the master check that file. But maybe there are better ways. Does anybody here has some other GE related recipes? regards, Andreas -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: howto trigger action on another client
jcbollinger wrote: On Jun 24, 3:14 am, Andreas Kuntzagk andreas.kuntz...@mdc-berlin.de wrote: Hi, I want to automate installation of GridEngine with puppet. GE comes with some prepared script for automatic installation. Unfortunately this is to be run on the GE master to install the executions host (=clients). (This then will run some commands on the exec host via ssh) So from puppet's perspective if an agent on an execution host notices that GE is not installed but should it has to tell the agent on the GE master to run the install script. Is there an easy (puppet) way to do it? My idea is to have the exec host write its name into a file hosts_to_install on a common NFS and have the master check that file. But maybe there are better ways. Does anybody here has some other GE related recipes? Exported resources are the Puppet means for one node to provide resources for another. In this case, the execution host could export an Exec resource for the master to collect and apply. Hmm, in the (very short) time I've been working with puppet I have not stumbled across exported resources. Any pointer where I should start reading? The tricky part might be to come up with an 'unless' parameter for it to ensure that the master does not attempt to install the execution host twice. This has the advantage that it does not rely on a shared file or indeed on NFS at all. It does entail a delay between when the execution host's configuration is applied and when GE is actually installed, however. I can live with that delay. The solution I proposed will probably have the same delay - between the puppet run on the exec host and the puppet run on the master. Your idea has merit too. It is certainly possible to use Puppet on the execution hosts to ensure (or not) that some accessible file has a specific line. There is no native resource for this narrow purpose (augeas notwithstanding), but you can find recipes on the PuppetLabs wiki. If you have no other need for exported resources then it may be to your advantage to avoid them. Yeah, I'm aware of addifnosuchline exec's and the like. Thanks, Andreas -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: howto trigger action on another client
Daniel Maher wrote: On 06/24/2011 03:39 PM, Andreas Kuntzagk wrote: Exported resources are the Puppet means for one node to provide resources for another. In this case, the execution host could export an Exec resource for the master to collect and apply. Hmm, in the (very short) time I've been working with puppet I have not stumbled across exported resources. Any pointer where I should start reading? Exported resources are great fun. :) http://docs.puppetlabs.com/guides/exported_resources.html http://projects.puppetlabs.com/projects/1/wiki/Using_Stored_Configuration According to these exported resources are somewhat similar to virtual resources. Problem is until now I cannot wrap my brain arount virtual resources so I don't understand the exported resources examples. regards, Andreas -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] ssh_authorized_key and NIS user
Ken Barber wrote:
Its just using the Ruby Etc library to do the lookup according to
puppet/util/posix.rb. Which won't match NIS accounts. So I'd raise a
feature request if you want this support.
its #8081
You can work around this by using something like:
$username = bob
ssh_authorized_key { keyfor-${username}:
key = ...,
target = /user/home/dirs/${username}/.ssh/authorized_keys,
}
Will look into this.
The issue being you need prior knowledge of path to the key.
For my simple usecase this is not a problem. (At least atm. I don't see one.)
Thanks, Andreas
glean this by producing a fact that uses something like 'getent'
instead of /etc/passwd - but this is less then optimal.
ken.
On Fri, Jun 24, 2011 at 3:13 PM, Nathan Clemons nat...@livemocha.com wrote:
I'm wondering if the User provider has the capability to look up accounts
via NIS. It's been a long time since I've used NIS, however, so I don't know
if this is the problem for sure.
--
Nathan Clemons
http://www.livemocha.com
The worlds largest online language learning community
On Fri, Jun 24, 2011 at 6:41 AM, Andreas Kuntzagk
andreas.kuntz...@mdc-berlin.de wrote:
I'm wondering if my description was not clear enough or nobody knows an
answer to this. Did I stumble across a bug here and should open a ticket?
regards, Andreas
Andreas Kuntzagk wrote:
Hi,
I have this resource definition:
ssh_authorized_key { nagios@login2:
key = [REDACTED]
user= nagios,
type= ssh-dss,
require = Service['nis'],
}
This nagios user comes from NIS, yp.conf and nsswitch.conf are handled by
puppet and configured before the key. I still get an User does not exist.
daemon.log:
...
Jun 17 14:00:57 node016 puppet-agent[1109]:
(/Stage[main]/All/File[/localhome/nagios/]/ensure) created
Jun 17 14:12:53 node016 puppet-agent[1109]:
(/Stage[main]//Ssh_authorized_key[root@node002]/ensure) created
Jun 17 14:15:14 node016 puppet-agent[1109]:
(/Stage[main]//File[/etc/idmapd.conf]/content) content changed
'{md5}3e94f238294cc61b047e7ae50115dffc' to
'{md5}6d9c69f38eca81ab0f879c2771d5d543'
Jun 17 14:15:14 node016 puppet-agent[1109]:
(/Stage[main]//Service[idmapd]/ensure) ensure changed 'stopped' to 'running'
Jun 17 14:15:14 node016 puppet-agent[1109]:
(/Stage[main]//Service[idmapd]) Triggered 'refresh' from 1 events
Jun 17 14:15:41 node016 puppet-agent[1109]:
(/Stage[main]/All/File[/etc/yp.conf]/ensure) defined content as
'{md5}9c23d37f431c0788c212d3c0ab8a48af'
Jun 17 14:15:58 node016 puppet-agent[1109]:
(/Stage[main]/All/All::Append_if_no_such_line[sudoers_nagios_smartctl]/Exec[/bin/echo
'nagios ALL=(root) NOPASSWD: /usr/sbin/smartctl' '/etc/sudoers']/returns)
executed su
ccessfully
Jun 17 14:17:03 node016 puppet-agent[1109]:
(/Stage[main]//Package[nis]/ensure) ensure changed 'purged' to 'latest'
Jun 17 14:17:39 node016 puppet-agent[1109]:
(/Stage[main]/All/File[/etc/nsswitch.conf]/content) content changed
'{md5}295c15c4bdac80e50b37689ef08f359c' to
'{md5}250a1851aec43bcc5f73e8a01b2141bd'
Jun 17 14:17:43 node016 puppet-agent[1109]:
(/Stage[main]/All/Service[nis]) Triggered 'refresh' from 4 events
Jun 17 14:17:50 node016 puppet-agent[1109]:
(/Stage[main]//Ssh_authorized_key[nagios@login2]/ensure) created
Jun 17 14:17:50 node016 puppet-agent[1109]:
(/Stage[main]//Ssh_authorized_key[nagios@login2]) Could not evaluate: User
'nagios' does not exist
Jun 17 14:18:06 node016 puppet-agent[1109]: (/Whit[last]) Dependency
Ssh_authorized_key[nagios@login2] has failures: true
...
This is Ubuntu 10.04 with puppet 2.6.8
regards, Andreas
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
--
You received this message because you are subscribed to the Google Groups Puppet
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] installing puppet client
CHEBRIAN wrote: Hi, how to install puppet client thru puppet master . My requirement is to install puppet client nearly 400 client servers. its difficult to install puppet client in all the servers by apt- get . share u r suggestions . Regards chebrian We only (will) have about 100 clients. We install puppet clients during initial Ubuntu installation. A postinstall script that comes in preseed file. This downloads and installs puppet and facter gems. But if you want to add puppet to already installed systems then I don't see much beside using the rsh/ssh approach already proposed. Maybe using pdsh if your servernames make for looping difficult. regards, Andreas -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] puppet resource for group
Nigel Kersten wrote:
On Fri, May 13, 2011 at 11:41 PM, Nan Liu n...@puppetlabs.com wrote:
On Fri, May 13, 2011 at 4:20 PM, Corey Osman co...@logicminds.biz wrote:
Hi,
Why doesn't puppet resource group tell me who belongs to the group?
Given the group such as:
mg_team:x:501:smruph, cosman, msmith, mhankey
With the command:
puppet resource group mg_team
only returns:
group { 'mg_team':
gid = '501',
ensure = 'present'
}
I was expecting:
group { 'mg_team':
gid = '501',
ensure = 'present'
members = ['smruph', 'cosman', 'msmith', 'mhankey'],
}
Am I missing a parameter or something?
Manage member is limited to specific providers:
http://docs.puppetlabs.com/references/latest/type.html#group-2
I feel we've produced inconsistencies here, and given I added the
group membership support for OS X, it's largely my fault :)
We've too closely modelled the tools for managing users/groups on
various platforms, and I actually feel like we should break group
membership out into a separate type, so it's easier to express
semantics like:
* ensure nigel is not a member of group admin, leave group alone otherwise
* ensure nigel is a member of group admin, leave group alone otherwise
without requiring that the user nigel or group admin are even managed by Puppet.
That would be useful to us.
--
You received this message because you are subscribed to the Google Groups Puppet
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] ssh_authorized_key and NIS user
Hi,
I have this resource definition:
ssh_authorized_key { nagios@login2:
key = [REDACTED]
user= nagios,
type= ssh-dss,
require = Service['nis'],
}
This nagios user comes from NIS, yp.conf and nsswitch.conf are handled by puppet
and configured before the key. I still get an User does not exist.
daemon.log:
...
Jun 17 14:00:57 node016 puppet-agent[1109]:
(/Stage[main]/All/File[/localhome/nagios/]/ensure) created
Jun 17 14:12:53 node016 puppet-agent[1109]:
(/Stage[main]//Ssh_authorized_key[root@node002]/ensure) created
Jun 17 14:15:14 node016 puppet-agent[1109]:
(/Stage[main]//File[/etc/idmapd.conf]/content) content changed
'{md5}3e94f238294cc61b047e7ae50115dffc' to '{md5}6d9c69f38eca81ab0f879c2771d5d543'
Jun 17 14:15:14 node016 puppet-agent[1109]:
(/Stage[main]//Service[idmapd]/ensure) ensure changed 'stopped' to 'running'
Jun 17 14:15:14 node016 puppet-agent[1109]: (/Stage[main]//Service[idmapd])
Triggered 'refresh' from 1 events
Jun 17 14:15:41 node016 puppet-agent[1109]:
(/Stage[main]/All/File[/etc/yp.conf]/ensure) defined content as
'{md5}9c23d37f431c0788c212d3c0ab8a48af'
Jun 17 14:15:58 node016 puppet-agent[1109]:
(/Stage[main]/All/All::Append_if_no_such_line[sudoers_nagios_smartctl]/Exec[/bin/echo
'nagios ALL=(root) NOPASSWD: /usr/sbin/smartctl' '/etc/sudoers']/returns)
executed su
ccessfully
Jun 17 14:17:03 node016 puppet-agent[1109]: (/Stage[main]//Package[nis]/ensure)
ensure changed 'purged' to 'latest'
Jun 17 14:17:39 node016 puppet-agent[1109]:
(/Stage[main]/All/File[/etc/nsswitch.conf]/content) content changed
'{md5}295c15c4bdac80e50b37689ef08f359c' to '{md5}250a1851aec43bcc5f73e8a01b2141bd'
Jun 17 14:17:43 node016 puppet-agent[1109]: (/Stage[main]/All/Service[nis])
Triggered 'refresh' from 4 events
Jun 17 14:17:50 node016 puppet-agent[1109]:
(/Stage[main]//Ssh_authorized_key[nagios@login2]/ensure) created
Jun 17 14:17:50 node016 puppet-agent[1109]:
(/Stage[main]//Ssh_authorized_key[nagios@login2]) Could not evaluate: User
'nagios' does not exist
Jun 17 14:18:06 node016 puppet-agent[1109]: (/Whit[last]) Dependency
Ssh_authorized_key[nagios@login2] has failures: true
...
This is Ubuntu 10.04 with puppet 2.6.8
regards, Andreas
--
You received this message because you are subscribed to the Google Groups Puppet
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] puppet not working after switch to passenger - permissions issue?
Hi, Nan Liu wrote: On Wed, May 4, 2011 at 8:26 AM, Andreas Kuntzagk andreas.kuntz...@mdc-berlin.de wrote: Hi, as suggested on the list I switched from the standalone puppetmaster to Passenger. I have passenger installed now and edited the apache config as far as I understood. I restarted apache. Now when I run an agent I get: /var/lib/gems/1.8/bin/puppet agent --server node002 --test err: Could not retrieve catalog from remote server: Error 403 on SERVER: Forbidden request: node039(192.168.73.39) access to /catalog/node039 [find] at line 0 warning: Not using cache on failed catalog err: Could not retrieve catalog; skipping run In the server log I find this: May 4 14:13:08 node002 puppet-master[14489]: Denying access: Forbidden request: node039(192.168.73.39) access to /catalog/node039 [find] at line 0 May 4 14:13:08 node002 puppet-master[14489]: Forbidden request: node039(192.168.73.39) access to /catalog/node039 [find] at line 0 Not sure I can pinpoint your problem, is this all the output with debugging enabled in config.ru? No. I just enabled debugging (did not see this option before). Now I get many more lines. I suspect these to be the important ones: May 5 08:59:36 node002 puppet-master[16796]: (access[/]) adding authentication any May 5 08:59:36 node002 puppet-master[16796]: Inserting default '/status'(auth) acl because none where found in '/etc/puppet/auth.conf' May 5 08:59:36 node002 puppet-master[16796]: (access[/]) defaulting to no access for node002 [...] It doesn't map to a filepath. Access is controlled via auth.conf. You should have a section similar to: # allow nodes to retrieve their own catalog (ie their configuration) path ~ ^/catalog/([^/]+)$ method find allow $1 Ok, auth.conf was missing. But I copied the gems default conf file and it's still not working. Since you should not need to change it, I'm wondering do you have the following [master] section in puppet.conf? ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY No. There is no [master] section at all. And also in all example confs there is no [master] section. Btw. this is version 2.6.4. regards, Andreas -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] puppet not working after switch to passenger - permissions issue?
Ok, seems that I have an authentication issue here. when I set (for all paths) auth no in auth.conf, it's working again. Maybe I set these options wrong in the apache.conf: SSLCertificateFile /etc/puppet/ssl/certs/node002.pem SSLCertificateKeyFile /etc/puppet/ssl/private_keys/node002.pem As far as I can tell these files match. regards, Andreas Andreas Kuntzagk wrote: Hi, Nan Liu wrote: On Wed, May 4, 2011 at 8:26 AM, Andreas Kuntzagk andreas.kuntz...@mdc-berlin.de wrote: Hi, as suggested on the list I switched from the standalone puppetmaster to Passenger. I have passenger installed now and edited the apache config as far as I understood. I restarted apache. Now when I run an agent I get: /var/lib/gems/1.8/bin/puppet agent --server node002 --test err: Could not retrieve catalog from remote server: Error 403 on SERVER: Forbidden request: node039(192.168.73.39) access to /catalog/node039 [find] at line 0 warning: Not using cache on failed catalog err: Could not retrieve catalog; skipping run In the server log I find this: May 4 14:13:08 node002 puppet-master[14489]: Denying access: Forbidden request: node039(192.168.73.39) access to /catalog/node039 [find] at line 0 May 4 14:13:08 node002 puppet-master[14489]: Forbidden request: node039(192.168.73.39) access to /catalog/node039 [find] at line 0 Not sure I can pinpoint your problem, is this all the output with debugging enabled in config.ru? No. I just enabled debugging (did not see this option before). Now I get many more lines. I suspect these to be the important ones: May 5 08:59:36 node002 puppet-master[16796]: (access[/]) adding authentication any May 5 08:59:36 node002 puppet-master[16796]: Inserting default '/status'(auth) acl because none where found in '/etc/puppet/auth.conf' May 5 08:59:36 node002 puppet-master[16796]: (access[/]) defaulting to no access for node002 [...] It doesn't map to a filepath. Access is controlled via auth.conf. You should have a section similar to: # allow nodes to retrieve their own catalog (ie their configuration) path ~ ^/catalog/([^/]+)$ method find allow $1 Ok, auth.conf was missing. But I copied the gems default conf file and it's still not working. Since you should not need to change it, I'm wondering do you have the following [master] section in puppet.conf? ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY No. There is no [master] section at all. And also in all example confs there is no [master] section. Btw. this is version 2.6.4. regards, Andreas -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] puppet not working after switch to passenger - permissions issue?
Hi, as suggested on the list I switched from the standalone puppetmaster to Passenger. I have passenger installed now and edited the apache config as far as I understood. I restarted apache. Now when I run an agent I get: /var/lib/gems/1.8/bin/puppet agent --server node002 --test err: Could not retrieve catalog from remote server: Error 403 on SERVER: Forbidden request: node039(192.168.73.39) access to /catalog/node039 [find] at line 0 warning: Not using cache on failed catalog err: Could not retrieve catalog; skipping run In the server log I find this: May 4 14:13:08 node002 puppet-master[14489]: Denying access: Forbidden request: node039(192.168.73.39) access to /catalog/node039 [find] at line 0 May 4 14:13:08 node002 puppet-master[14489]: Forbidden request: node039(192.168.73.39) access to /catalog/node039 [find] at line 0 Here is my apache config: = # you probably want to tune these settings PassengerHighPerformance on PassengerMaxPoolSize 12 PassengerPoolIdleTime 1500 PassengerMaxRequests 1000 PassengerStatThrottleRate 120 RackAutoDetect Off RailsAutoDetect Off Listen 8140 VirtualHost *:8140 SSLEngine on SSLProtocol -ALL +SSLv3 +TLSv1 SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP SSLCertificateFile /etc/puppet/ssl/certs/node002.pem SSLCertificateKeyFile /etc/puppet/ssl/private_keys/node002.pem SSLCertificateChainFile /etc/puppet/ssl/ca/ca_crt.pem SSLCACertificateFile/etc/puppet/ssl/ca/ca_crt.pem # If Apache complains about invalid signatures on the CRL, you can try disabling # CRL checking by commenting the next line, but this is not recommended. SSLCARevocationFile /etc/puppet/ssl/ca/ca_crl.pem SSLVerifyClient optional SSLVerifyDepth 1 SSLOptions +StdEnvVars DocumentRoot /etc/puppet/rack/public/ RackBaseURI / Directory /etc/puppet/rack/ Options None AllowOverride None Order allow,deny allow from all /Directory /VirtualHost Is that a permissions problem? I dont know how that /catalog/node039 URL maps to a file path. regards, Andreas -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] facter command does not show some facts
Hi, When I run root@node002:/opt/sge# /var/lib/gems/1.8/bin/facter productname it comes back empty. But: root@node002:/opt/sge# /var/lib/gems/1.8/bin/facter |grep productname productname = Sun Fire X2200 M2 facter is version 1.5.7 regards, Andreas -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] at which size to use a real webserver
Hi, I'm currently using puppet with the buildin server for testing on a few nodes (~5). But in the future my installation will be bigger. It will have about 110 nodes of our compute cluster and maybe some additional servers (~20). Currently I don't use very complicated manifests and want to manage only a few config files, nfs mounts and the list of installed packages. But maybe this list will grow with my love for puppet. Should I already plan on using a different server? What would you recommend? I will be using apache on one headnode anyway for ganglia nagios. Should I also move puppet to apache? How complicated is this? I'm not familar with Ruby or Rails. Btw. any suggestions for my bootstrapping install of puppet on Ubuntu? Here is my procedure: 1. minimal Ubuntu install using pxeboot with preseed file (from web-URL) 2. some postinstall config: - install facter and puppet from gems (loaded from web server) - install pre-created certs (loaded from web server) - edit /etc/hosts to make puppet server known 3. start puppet for remaining configuration: - additional packages - nfsmount ... regards, Andreas -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] scope of default values
Hi,
Since I also have many nfsmounts and want to make sure that the mountpoint
exist, I'd like to use require. Is there a way I can reference the name of
the mountpoint in the require? Like so.
mount {test2:
device = server1:/test2,
require = File[$name]
}
If you have a file resource dependent on a Mount['test2'], the require
attribute should be in the file resource.
No, it's the other way around. The mount is depending on the existence of the
mountpoint otherwise the mount command fails. I can write
mount { /test2:
device = server1:/test2,
require = File[/test2],
}
but to make this test default for all nfs mounts I want something like
Mount { ...
require = File[$mountpoint]
}
where $mountpoint is automatically set to the correct mountpoint of the current
mount.
regards, Andreas
--
You received this message because you are subscribed to the Google Groups Puppet
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] exec resource: negate onlyif condition
Hi, today I'm stupid. How can I negate the test for execs onlyif? I want to run the exec onlyif command returns 1. regards, Andreas -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] exec resource: negate onlyif condition
Stupid me! Did not see this. Thanks. Felix Frank wrote: On 05/02/2011 03:37 PM, Andreas Kuntzagk wrote: Hi, today I'm stupid. How can I negate the test for execs onlyif? I want to run the exec onlyif command returns 1. regards, Andreas Hi, use unless instead of onlyif. Cheers, Felix -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] scope of default values
Hi,
I'm still quite new to puppet so forgive me if I ask stupid questions or use
wrong terminology.
I have default values for mount defined inside a class. Are these defaults only
valid for mounts of this class or for all?
class test {
Mount {
fstype = nfs4,
}
mount{test1:
device = server1:/test,
}
}
Since I also have many nfsmounts and want to make sure that the mountpoint
exist, I'd like to use require. Is there a way I can reference the name of the
mountpoint in the require? Like so.
mount {test2:
device = server1:/test2,
require = File[$name]
}
regards, Andreas
--
You received this message because you are subscribed to the Google Groups Puppet
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
