[Puppet Users] Could not back up /home/user/.ssh/authorized_keys: Could not find terminus file for indirection file_bucket_file

2019-06-11 Thread brian lamb 
I have an event failure, one for each user.  They use global facter 
variables for the keys, im not sure if thats relavant.  *What is terminus, 
does that insinuate endpoint?  **What is indirection, and 
file_bucket_file? *In my implementation of this, i havent seen those 
keywords yet, however its remotely possible its from residual code from a 
v3 manifest, since I am in an upgrade. 
 Event: Failure
Export data 

View run report 

Resource Ssh_authorized_key[blamb-jumped]
Resource path Stage[main]/Ssh/Ssh_authorized_key[my_user_key_var]/
Node affected ws2.vtm-ws.com
Event timestamp 2019-06-11T02:09:11.212 Z
Class Ssh
Config version ws4-cbp-7af07afca4c
File and line number -
Property 
Old Value 
New Value 
Message Could not back up /home/blamb/.ssh/authorized_keys: Could not find 
terminus file for indirection file_bucket_file

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/2970f132-3593-4142-b2e6-7beb5dd7d0ad%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: apt/yum.downloads.puppetlabs.com CDN & rsync deprecation

2017-04-26 Thread Brian Long 
I just cannot believe they would do this without any warning for the end 
user community, whether open-source or commercial customers.  Look at other 
open-source projects like Fedora and Ubuntu for an example; they would send 
warnings at least two weeks in advance before turning off a service that 
has been around for years.

/Brian/

On Monday, April 24, 2017 at 2:19:22 PM UTC-4, Christopher Wood wrote:
>
> Not sure about the rest of you, but since I have no contract with Puppet 
> Inc. specifying the maintenance of rsync services I would shrug and move to 
> using apt-mirror. I've used it before and it's nearly drop-in. 
>
> https://apt-mirror.github.io/ 
> https://packages.debian.org/jessie/apt-mirror 
> https://forge.puppet.com/jtopjian/apt_mirror 
>
> Pity about rsync service though. 
>
> On Mon, Apr 24, 2017 at 11:13:29AM -0700, Garrett Honeycutt wrote: 
> > +1 to an alternate rsync service. 
> > 
> > A lot of us already have tooling built up around rsync, so this change 
> > breaks work flows. It also comes without warning for a service that has 
> > been around for ages. 
> > 
> > Best regards, 
> > -g 
> > 
> > On 4/24/17 7:19 AM, Andreas Paul wrote: 
> > > We would also be interested in an alternative server to rsync from. 
> > > 
> > > Best regards, 
> > > Andreas Paul 
> > > 
> > > On Monday, April 24, 2017 at 2:46:24 PM UTC+2, Chris Kuehl wrote: 
> > > 
> > > Is there an alternative server we can rsync from? We've been using 
> > > ftpsync (the recommended tool 
> > > <https://www.debian.org/mirror/ftpmirror> for mirroring apt 
> > > repositories), which worked great until this was turned off. 
> ftpsync 
> > > appears to be at least somewhat superior to the other options. 
> > > 
> > > Thanks, 
> > > Chris 
> > > 
> > > On Friday, April 21, 2017 at 1:54:36 PM UTC-7, Daniel Dreier 
> wrote: 
> > > 
> > > On Wednesday we put yum.puppetlabs.com 
> > > <http://yum.puppetlabs.com> and apt.puppetlabs.com 
> > > <http://apt.puppetlabs.com> behind the CloudFront CDN in 
> order 
> > > to accelerate downloads for overseas users. Both repositories 
> > > have historically been served from the Linode Fremont 
> > > datacenter, and download performance from Australia and Asia 
> in 
> > > particular are dramatically faster with the CDN than without. 
> > > 
> > > One side effect is that we no longer support rsync. Other 
> tools 
> > > like mrepo, reposync, and apt-mirror can sync to your local 
> > > mirror via HTTP. Since you'll be accessing cached content from 
> a 
> > > local CloudFront edge location, HTTP mirroring should be very 
> > > fast for most users. 
> > > 
> > > -- 
> > > Daniel Dreier 
> > > Technical Operations Engineer 
> > > GPG: BA4379FD 
> > > 
> > > -- 
> > > You received this message because you are subscribed to the Google 
> > > Groups "Puppet Users" group. 
> > > To unsubscribe from this group and stop receiving emails from it, send 
> > > an email to puppet-users...@googlegroups.com  
> > > <mailto:puppet-users+unsubscr...@googlegroups.com >. 
> > > To view this discussion on the web visit 
> > > 
> https://groups.google.com/d/msgid/puppet-users/d1c9a550-cc51-48bb-8d5b-3c6d4c5477b8%40googlegroups.com
>  
> > > <
> https://groups.google.com/d/msgid/puppet-users/d1c9a550-cc51-48bb-8d5b-3c6d4c5477b8%40googlegroups.com?utm_medium=email&utm_source=footer>.
>  
>
> > > For more options, visit https://groups.google.com/d/optout. 
> > 
> > 
> > -- 
> > Garrett Honeycutt 
> > @learnpuppet 
> > Puppet Training with LearnPuppet.com 
> > Mobile: +1.206.414.8658 
> > 
> > -- 
> > You received this message because you are subscribed to the Google 
> Groups "Puppet Users" group. 
> > To unsubscribe from this group and stop receiving emails from it, send 
> an email to puppet-users...@googlegroups.com . 
> > To view this discussion on the web visit 
> https://groups.google.com/d/msgid/puppet-users/f49fa010-955c-e17d-2232-95d530d80c45%40garretthoneycutt.com.
>  
>
> > For more options, visit https://groups.google.com/d/optout. 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/cac5fe5d-22fd-45d8-a381-5ca24558ba99%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] puppetlabs-firewall rspec

2017-04-17 Thread brian mancuso 
Thanks Trevor! That was exactly the kind of thing we were looking for.

On Thursday, April 13, 2017 at 8:54:20 PM UTC-4, Trevor Vaughan wrote:
>
> Hi Brian,
>
> You can get ahold of the catalog directly by using the 'catalogue' object.
>
> See the following for an example:
>
>
> https://github.com/simp/pupmod-simp-auditd/blob/master/spec/classes/config/audit_profiles/simp_spec.rb#L85
>
> Thanks,
>
> Trevor
>
> On Wed, Apr 12, 2017 at 9:20 AM, brian mancuso  > wrote:
>
>> Hey guys,
>>
>> My group has been working on deploying puppet to existing servers and 
>> newer servers. During this time practices have naturally changed and we're 
>> trying to write tests to ensure that when we migrate from one way of 
>> writing firewall rules to another, we don't miss any. So here's some 
>> background and an example of what we're trying to do.
>>
>> Old rules:
>>  
>>  firewall { '018 accept TCP-1521 from 10.96.0.0/24':
>> source => '10.96.0.0/24',
>> dport  => [1521],
>> state  => 'NEW',
>> proto  => 'tcp',
>> action => 'accept',
>>   }
>>   firewall { '018 accept TCP-1521 from 10.32.0.0/11':
>> source => '10.32.0.0/11',
>> dport  => [1521],
>> state  => 'NEW',
>> proto  => 'tcp',
>> action => 'accept',
>>   }
>>   firewall { '018 accept TCP-1521 from 10.64.0.0/25':
>> source => '10.64.0.0/25',
>> dport  => [1521],
>> state  => 'NEW',
>> proto  => 'tcp',
>> action => 'accept',
>>   }
>>
>>
>> To replace repetitive stuff like this amongst the classes, we have the 
>> following method:
>>
>> define profiles::base::firewall_rule ($order = '030',
>>   $dport  = undef,
>>   $port   = undef,
>>   $proto  = 'tcp',
>>   $chain  = 'INPUT',
>>   $action = 'accept',
>>   $state  = undef,
>> )
>> {
>>   if ($dport) {
>> if ($state) {
>>   firewall { "${order} ${action} ${dport} traffic from ${name}":
>> source => $name,
>> dport  => $dport,
>> proto  => $proto,
>> action => $action,
>> chain  => $chain,
>> state  => $state,
>>   }
>> } else {
>>   firewall { "${order} ${action} ${dport} traffic from ${name}":
>> source => $name,
>> dport  => $dport,
>> proto  => $proto,
>> action => $action,
>> chain  => $chain,
>>   }
>> }
>>   } elsif ($port) {
>> if ($state) {
>>   firewall { "${order} ${action} ${port} traffic from ${name}":
>> source => $name,
>> port   => $port,
>> proto  => $proto,
>> action => $action,
>> chain  => $chain,
>>   }
>> } else {
>>   firewall { "${order} ${action} ${port} traffic from ${name}":
>> source => $name,
>> port   => $port,
>> proto  => $proto,
>> action => $action,
>> chain  => $chain,
>> state  => $state,
>>   }
>> }
>>   }
>> }
>>
>> So now in the original class we can just have this:
>>
>>   profiles::base::firewall_rule{ $db_access:
>> dport => [1521],
>> state => 'NEW',
>>   }
>>
>> With the hiera file for the node:
>>
>> profiles::banner::database::samplenode::db_access:
>>   - 10.96.0.0/24
>>   - 10.32.0.0/11
>>   - 10.64.0.0/25
>>
>> Anyway, with the background information, we need to verify (preferably 
>> with rspec) that the node has a firewall rule given a certain 
>> port/protocol/state/etc. The rspec tests examples we've found and the 
>> original tests we had are all based on the firewall name. Sure we could 
>> change the new system to try and match the old names, but that kind of 
>> testing doesn't seem as effective since the name itself could be anything. 
>> We want to test the firewall rule's parameters.
>>
>> Does anyone have an example of how we could do this? 
>>
>> This is a snippet of what we have, but like I said, it tests via name, 
>> which is not what we want. This

[Puppet Users] puppetlabs-firewall rspec

2017-04-12 Thread brian mancuso 
Hey guys,

My group has been working on deploying puppet to existing servers and newer 
servers. During this time practices have naturally changed and we're trying 
to write tests to ensure that when we migrate from one way of writing 
firewall rules to another, we don't miss any. So here's some background and 
an example of what we're trying to do.

Old rules:
 
 firewall { '018 accept TCP-1521 from 10.96.0.0/24':
source => '10.96.0.0/24',
dport  => [1521],
state  => 'NEW',
proto  => 'tcp',
action => 'accept',
  }
  firewall { '018 accept TCP-1521 from 10.32.0.0/11':
source => '10.32.0.0/11',
dport  => [1521],
state  => 'NEW',
proto  => 'tcp',
action => 'accept',
  }
  firewall { '018 accept TCP-1521 from 10.64.0.0/25':
source => '10.64.0.0/25',
dport  => [1521],
state  => 'NEW',
proto  => 'tcp',
action => 'accept',
  }


To replace repetitive stuff like this amongst the classes, we have the 
following method:

define profiles::base::firewall_rule ($order = '030',
  $dport  = undef,
  $port   = undef,
  $proto  = 'tcp',
  $chain  = 'INPUT',
  $action = 'accept',
  $state  = undef,
)
{
  if ($dport) {
if ($state) {
  firewall { "${order} ${action} ${dport} traffic from ${name}":
source => $name,
dport  => $dport,
proto  => $proto,
action => $action,
chain  => $chain,
state  => $state,
  }
} else {
  firewall { "${order} ${action} ${dport} traffic from ${name}":
source => $name,
dport  => $dport,
proto  => $proto,
action => $action,
chain  => $chain,
  }
}
  } elsif ($port) {
if ($state) {
  firewall { "${order} ${action} ${port} traffic from ${name}":
source => $name,
port   => $port,
proto  => $proto,
action => $action,
chain  => $chain,
  }
} else {
  firewall { "${order} ${action} ${port} traffic from ${name}":
source => $name,
port   => $port,
proto  => $proto,
action => $action,
chain  => $chain,
state  => $state,
  }
}
  }
}

So now in the original class we can just have this:

  profiles::base::firewall_rule{ $db_access:
dport => [1521],
state => 'NEW',
  }

With the hiera file for the node:

profiles::banner::database::samplenode::db_access:
  - 10.96.0.0/24
  - 10.32.0.0/11
  - 10.64.0.0/25

Anyway, with the background information, we need to verify (preferably with 
rspec) that the node has a firewall rule given a certain 
port/protocol/state/etc. The rspec tests examples we've found and the 
original tests we had are all based on the firewall name. Sure we could 
change the new system to try and match the old names, but that kind of 
testing doesn't seem as effective since the name itself could be anything. 
We want to test the firewall rule's parameters.

Does anyone have an example of how we could do this? 

This is a snippet of what we have, but like I said, it tests via name, 
which is not what we want. This only tests that the new rule exists. We 
can't use it against both the new rules and the old rules. We want to have 
complete coverage on the old rules, then migrate to the new rules and 
verify that the new rules meet the tests.

require 'spec_helper'
describe "profiles::samplenode" do
  on_supported_os.each do |os, facts|
context "on #{os}" do
  let(:facts) do
facts.merge({
  :hostname => 'samplenode',
  :apptier  => 'production',
  :clientcert => 'samplenode.example.com',
})
  end
  it { should create_firewall("030 accept 1521 traffic from 
10.96.0.0/24") }
  it { should create_firewall("030 accept 1521 traffic from 
10.32.0.0/11") }
  it { should create_firewall("030 accept 1521 traffic from 10.64.0.0/25
") }
end
  end
end

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/2d1c3d33-4586-4f2d-bb53-265d45305058%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Webinar on Choria.io and NATS

2017-04-03 Thread Brian Flannery 
Hi all..for those of you using Puppet 4, you may find the webinar we are 
doing later in the month with R.I. Pienaar on Choria  
(simplifies 
install/config of MCollective) interesting. 

Just thought I'd share; you can RSVP here: 
http://nats.io/blog/webinar-how-choria-significantly-improves-operability-of-mcollective-using-nats/

B

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/6089f9a7-8404-432c-b05e-df099019acbc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: Announcing Puppet Enterprise 2016.2 + New Modules & Integrations

2016-06-13 Thread Brian Fekete 
Hey Bryan,

Thanks for your response! I'm excited to see the changes to the module 
since it's one of the most important modules I use. Is there a ballpark 
estimate date for when the changes are going to be pushed? 

Awesome! I tested it out on a 2016 PE server earlier last week and saw it 
was failing. I see that you've made changes recently and plan on checking 
out the module again.

Thanks,
Brian Fekete 

On Monday, June 13, 2016 at 4:11:17 PM UTC-4, Bryan Jen wrote:
>
> Hi Brian,
>
> The new websphere_application_server module builds upon the great start 
> provided by Josh Beard and adds some important bug fixes and polish to the 
> defines, types, and providers while maintaining feature parity with the old 
> module. This is an introductory release in the puppetlabs namespace on the 
> Forge that provides a foundation for us to iterate and build towards an 
> eventual supported module.
>
> The ibm_installation_manager issue you pointed out was fixed in a recent 
> refactor I believe. The ibm_pkg provider no longer requires the 'ps' fact. 
> The PR for this can be found here: 
> https://github.com/puppetlabs/puppetlabs-ibm_installation_manager/pull/11/files#diff-da882ddff62c30975d57d19358066749L104.
>  
> With much gratitude to Corey Osman (@logicminds) for the contribution. This 
> fix has since been released to the Forge(
> https://forge.puppet.com/puppetlabs/ibm_installation_manager) and is in 
> version 0.2.0 and newer.
>
> Thanks,
> Bryan Jen
>
> On Monday, June 13, 2016 at 7:33:12 AM UTC-7, Brian Fekete wrote:
>>
>> Whats the difference between the old module and the new one? I see 
>> nothing different except that you changed the module name. 
>>
>> Old one: https://forge.puppet.com/joshbeard/websphere
>> New one: https://forge.puppet.com/puppetlabs/websphere_application_server
>>
>> Also the IBM installation manager which is a prerequisite to Websphere is 
>> broken because Puppet removed the ps fact it relied on. 
>>
>> On Thursday, June 2, 2016 at 4:23:15 PM UTC-4, Michael Olson wrote:
>>>
>>> Hi everyone - Today, we announced the latest in Puppet Enterprise 2016.2 
>>> (available beginning later this month), a new set of Puppet modules and 
>>> integrations, and more from Project Blueshift. These updates continue to 
>>> make it easier to manage today’s technology while evolving your modern 
>>> cloud and container practices, in a standard way.
>>>
>>> *Check out What’s New in Puppet Enterprise 2016.2*
>>>
>>>- *New change success reporting *- The Puppet Enterprise 2016.2 
>>>release provides a new level of granularity to show which changes that 
>>> ran 
>>>with a cached catalog were successful, which failed, and which failed 
>>> but 
>>>were able to revert to the last known, good state. This means that you 
>>> can 
>>>get a clearer sense of how failures affect the environments you are 
>>>managing.
>>>- *Classify nodes in Puppet Enterprise web UI based on structured 
>>>and trusted facts *- Without granular access to metadata about 
>>>infrastructure, it can be challenging to classify and manage servers 
>>>efficiently and make rapid changes. The Puppet Enterprise node 
>>> classifier 
>>>web UI now consumes richer metadata about infrastructure so nodes can be 
>>>segmented with more granularity to drive change more quickly, 
>>> efficiently 
>>>and with greater consistency.
>>>
>>> *You can register for our upcoming webinar to learn more about what's 
>>> new: *http://info.puppet.com/2150-Whats-New-in-PE-2016.1-Register.html
>>>
>>> *A Common Language and Data Center Standard*
>>>
>>> We've also added to the broad range of technology you can manage with 
>>> Puppet through new integrations and modules for:
>>>
>>>- *IBM z Systems and LinuxONE* - In partnership with IBM, we'll have 
>>>a new agent to manage Linux VMs on IBM z Systems and LinuxONE.
>>>- *WebSphere -* We help simplify the management of WebSphere with a 
>>>new module that provides a repeatable and consistent process for 
>>> deploying 
>>>WebSphere, including deployment managers, application servers, and IBM 
>>> HTTP 
>>>Servers (IHS) for WebSphere Application Server.
>>>- *Cisco* - With the latest release of the Puppet Supported Cisco 
>>>module, we’ve added support for the 5k, 6k, and 7k line of Cisco Nexus 
>>>switches, in addition to

[Puppet Users] Re: Announcing Puppet Enterprise 2016.2 + New Modules & Integrations

2016-06-13 Thread Brian Fekete 
Whats the difference between the old module and the new one? I see nothing 
different except that you changed the module name. 

Old one: https://forge.puppet.com/joshbeard/websphere
New one: https://forge.puppet.com/puppetlabs/websphere_application_server

Also the IBM installation manager which is a prerequisite to Websphere is 
broken because Puppet removed the ps fact it relied on. 

On Thursday, June 2, 2016 at 4:23:15 PM UTC-4, Michael Olson wrote:
>
> Hi everyone - Today, we announced the latest in Puppet Enterprise 2016.2 
> (available beginning later this month), a new set of Puppet modules and 
> integrations, and more from Project Blueshift. These updates continue to 
> make it easier to manage today’s technology while evolving your modern 
> cloud and container practices, in a standard way.
>
> *Check out What’s New in Puppet Enterprise 2016.2*
>
>- *New change success reporting *- The Puppet Enterprise 2016.2 
>release provides a new level of granularity to show which changes that ran 
>with a cached catalog were successful, which failed, and which failed but 
>were able to revert to the last known, good state. This means that you can 
>get a clearer sense of how failures affect the environments you are 
>managing.
>- *Classify nodes in Puppet Enterprise web UI based on structured and 
>trusted facts *- Without granular access to metadata about 
>infrastructure, it can be challenging to classify and manage servers 
>efficiently and make rapid changes. The Puppet Enterprise node classifier 
>web UI now consumes richer metadata about infrastructure so nodes can be 
>segmented with more granularity to drive change more quickly, efficiently 
>and with greater consistency.
>
> *You can register for our upcoming webinar to learn more about what's 
> new: *http://info.puppet.com/2150-Whats-New-in-PE-2016.1-Register.html
>
> *A Common Language and Data Center Standard*
>
> We've also added to the broad range of technology you can manage with 
> Puppet through new integrations and modules for:
>
>- *IBM z Systems and LinuxONE* - In partnership with IBM, we'll have a 
>new agent to manage Linux VMs on IBM z Systems and LinuxONE.
>- *WebSphere -* We help simplify the management of WebSphere with a 
>new module that provides a repeatable and consistent process for deploying 
>WebSphere, including deployment managers, application servers, and IBM 
> HTTP 
>Servers (IHS) for WebSphere Application Server.
>- *Cisco* - With the latest release of the Puppet Supported Cisco 
>module, we’ve added support for the 5k, 6k, and 7k line of Cisco Nexus 
>switches, in addition to existing support for the 3k and 9k series of 
>switches.
>
> *New Ways of Using Docker and Puppet*
>
> In April, we launched Project Blueshift, our dedicated way of engaging 
> with leading-edge technologies and their communities. So far, we’ve focused 
> on providing modules, examples and guidance to help you deliver and operate 
> modern software like CoreOS, Docker (Compose, Swarm, Network, UCP), 
> Kubernetes, Mesos and Mesosphere, and more. Today, we’re adding a new set 
> of Docker images for running Puppet in Docker, released to Docker Hub.
>
> A set of Docker images for Puppet Server, PuppetDB and Puppet agent are 
> now available on Docker Hub. Now, Puppet itself can be deployed and run 
> within Docker, making it more portable and easier to maintain, test and 
> scale. In addition to the images on the Docker Hub, we’ve created examples 
> and guidance to help shed light on ways to use Docker with Puppet.
>
> *You can read all about what’s new and find links to learn more via our 
> blog:* 
> https://puppet.com/blog/use-puppet-in-docker-manage-ibm-websphere-z-systems-with-puppet-enterprise
>
>
> Thanks,
> Michael
>
> -- 
>
> Michael Olson *| *Senior Product Marketing Manager
> 308 SW 2nd Ave., 5th Floor 
> Portland, OR 97204
> Puppet *. The shortest path to better software.*
>
> PuppetConf 2016 , October 17-21, San Diego, 
> California
> *Early Birds save $350* 
> 
>  - 
> Register by June 30th
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/5e27b5a1-503e-4124-8bb5-a887be1d2179%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Abridged summary of puppet-users@googlegroups.com - 18 updates in 7 topics

2015-07-24 Thread Brian Morris 
Alternately, you can create a small definition for this requirement. I keep
this in manifests/utils.pp:

define regex_replace ( $match, $replace ) {
exec { "ruby -i -p -e 'gsub(%r{$match}, \"$replace\")' $name":
onlyif => "grep -E '$match' $name",
logoutput => on_failure,
}
}


You can use it from a manifest like this:

regex_replace { "/etc/hosts":
match  => "template-name-placeholder",
replace => $::hostname,
}

On Fri, Jul 24, 2015 at 4:14 AM,  wrote:

> puppet-users@googlegroups.com
> 
>   Google
> Groups
> 
> 
>   Today's topic summary
>  View all topics
> 
>
>-  Advice on Puppet update to 4 <#14ebfc57e8710cb2_group_thread_0> - 1
>Update
>-  Razor and Dashboard for Puppet 4 <#14ebfc57e8710cb2_group_thread_1>
>- 2 Updates
>-  Memory leak in Passenger ? <#14ebfc57e8710cb2_group_thread_2> - 1
>Update
>-  How to enable/create environments for new puppetserver setup (not
>puppetmaster) <#14ebfc57e8710cb2_group_thread_3> - 2 Updates
>-  Puppet4, Hiera3, and environments <#14ebfc57e8710cb2_group_thread_4>
>- 6 Updates
>-  puppetserver puppetdb and storeconfigs=true
><#14ebfc57e8710cb2_group_thread_5> - 4 Updates
>-  How to search and replace a word in file
><#14ebfc57e8710cb2_group_thread_6> - 2 Updates
>
>   Advice on Puppet update to 4
> 
>   Felix Frank : Jul 24 12:59PM +0200
>
> On 07/23/2015 12:45 AM, Stack Kororā wrote:
>
> > It also appears to me that puppet dashboard is not yet ready for 4.
> > Anyone have any thoughts on that?
>
> Hi,
>
> the dashboard was discontinued, ...more
> 
>   Back to top <#14ebfc57e8710cb2_digest_top>
>   Razor and Dashboard for Puppet 4
> 
>   "Stack Kororā" : Jul 23 02:27PM -0700
>
> Greetings,
>
> I am building out a new puppet master system based on 4. Razor and
> Dashboard are two projects that I never got around to implementing before,
> but since I have some motivation (and ...more
> 
>   Stefan Heijmans : Jul 24 02:01AM -0700
>
> Hi,
> For Dashboard, Aaron Stone is doing it now @
> https://github.com/sodabrew/puppet-dashboard.
> Looking at this issue (
> https://github.com/sodabrew/puppet-dashboard/issues/320), seems that it
> ...more
> 
>   Back to top <#14ebfc57e8710cb2_digest_top>
>   Memory leak in Passenger ?
> 
>   "Michael Wörz" : Jul 24 12:56AM -0700
>
> Hello,
>
> in the past months we are observing raising memory usage on our puppet
> server and we have to restart it once a week when it starts swapping.
>
> Mainly there are 5 Passenger processes that ...more
> 
>   Back to top <#14ebfc57e8710cb2_digest_top>
>   How to enable/create environments for new puppetserver setup (not
> puppetmaster)
> 
>   Kevin Corcoran : Jul 23 09:50AM -0700
>
> Hi Gene,
>
> That looks like a problem with the permissions on that directory. I'd
> start by making sure that the 'puppet' user has read permissions on
> /etc/puppet/modules/production.
>
> - Kevin
> ...more
> 
>   Gene Fontanilla : Jul 24 12:38AM -0700
>
> Hi kevin,
>
> I already tried changing the ownership to puppet:puppet, and even change
> file permission to 777 just to be sure, I still get the same error,
> I also noticed that all puppet files are ...more
> 
>   Back to top <#14ebfc57e8710cb2_digest_top>
>   Puppet4, Hiera3, and environments
> 
>   "Stack Kororā" : Jul 23 02:23PM -0700
>
> Greetings,
>
> I need help; I have been going in circles for too long now and I am sure
> it
> is something silly that I over looked. I am attempting to use environments
> with a new server build for ...more
>

[Puppet Users] Re: No certificates in /var/lib/puppet/ssl/ca/signed

2015-06-19 Thread Brian Morris 
My signed certs are at /etc/puppet/ssl/ca/signed. Have you checked there?

Brian


On Tuesday, June 9, 2015 at 2:17:41 PM UTC-7, Alastair wrote:
>
> Hi everyone,
>
> I have noticed an unexpected change in the behaviour of my puppet 
> infrastructure that I can't explain.
>
> I am using puppet 3.8.1, puppet-server 3.8.1 and puppetdb 2.3.5 on Centos 
> 7.
>
> After making some changes to my modules, I noticed that client 
> certificates are not being stored in /var/lib/puppet/ssl/ca/signed any 
> longer, in fact they are not stored anywhere on my puppet master filesystem.
>
> They are however listed in my puppetdb tables in the certnames table.
>
> Is this expected behaviour in some setups?
>
> Best regards,
>
> Alastair
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/7bf77163-2396-4284-82c6-deee0fa3d111%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: Running classes in a certain order

2015-04-01 Thread Brian Morris 
Hello Jason,

Instead of treating each object as a separate class, what do you think 
about putting them all in one class? This would allow you to then control 
the flow of objects within the class by ordering them something like this:

Package["IIS"] -> File["site config"] -> File["site content"] -> 
Notify["IIS"]

Brian

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/c99d52d4-e213-4e86-bfe6-0da0a9685810%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: adding new users to /etc/sudoers

2015-04-01 Thread Brian Morris 
Another thing to think on is adding a group to sudoers which covers your 
users needs, and then simply adding users to that group. By proxy, this 
also allows you to dump the users belonging to that group out to a facter 
for referencing and reporting.

Brian



On Monday, March 30, 2015 at 12:50:16 PM UTC-7, manyi wrote:
>
> I'' check it out thanks Garrett
>
> On Friday, March 27, 2015 at 3:24:58 PM UTC-4, manyi wrote:
>>
>> Help needed!!
>>
>> I am trying to add 2 users to /ect/sudoers john.smith and jane.may 
>> granting privileges to all servers
>>
>> *step 1. **modules/user/manifests/init.pp *
>>
>>
>> class user {
>>
>>  user { 'john.smith':
>>
>>  ensure => present,
>>
>>  comment => 'john.smith',
>>
>>  home => '/home/john.smith',
>>
>>  managehome => true 
>>
>>} 
>>
>> } 
>>
>>
>> *Step 2  manifests/site.pp*
>>
>>  
>>
>> /etc/puppet/manifests/site.pp 
>>
>> node 'mydomain.local.org'
>>
>>  { include user } 
>>
>>
>> *step 3 :* sudo mkdir -p modules/sud
>> ...
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/02e9fc20-6e75-42d0-aac7-5d1677f404f6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: Puppet as patch management

2015-03-12 Thread Brian Morris 
I don't have enough nodes to justify running my own patch repository, but 
here is the manifest I use for patching our Debian-derived systems. First, 
though, here is the facter called "updates_already_running"

Facter.add(:updates_already_running) do
 confine :osfamily => "Debian"
 setcode do
 if Facter::Util::Resolution.exec("ps aux | grep 'dpkg\|apt-get' | grep -v 
grep")
 "yes"
 end
 end
end

And, here is the manifest:

class system_updates { 
 # ==Purpose
 # This class is used for running system updates on all Linux assets.
 #
 # ==Actions
 # * Compiles a list of available updates
 # * Ensures that any pending package problems are resolved
 # * Applies all available updates
 # * Automatically cleans up any packages that are no longer needed
 # * Empties genericadmin's mailbox

 # * Reboots the system if any updates require it
 #
 #
 if ( $::updates_already_running ) {
 }
 else {
 
 Exec["lock_prep"] -> Exec["apt_prep"] -> Exec["apt_update"] ->  Exec[
"apt_fix"] -> Exec["apt_upgrade"] -> Exec["apt_remove"] ->  Exec[
"empty_mailbox"] -> Exec["reboot"]
 #
 #
 exec { "lock_prep":
  command   => "rm -f /var/lib/dpkg/lock ; rm -f 
/var/lib/apt/lists/lock ; rm -f /var/cache/apt/archives/lock",
}
 exec { "apt_prep":
  command   => "rm -rf /var/lib/apt/lists/* ; mkdir 
/var/lib/apt/lists/partial",
 }
 exec { "apt_update":
 command => "apt-get update",
 }
 exec { "apt_fix":
 command => "apt-get -f install",
 }
 exec { "apt_upgrade":
 command => "apt-get -o Dpkg::Options::=\"--force-confdef\" -o 
Dpkg::Options::=\"--force-confold\" -y --force-yes dist-upgrade",
 }
 exec { "apt_remove":
 command => "apt-get -y autoremove",
 }
 exec { "empty_mailbox":
 command   => 'echo "" > /home/genericadmin/mbox',
 onlyif=> "test -f /home/genericadmin/mbox",
 }
 exec { "reboot":
 command => "reboot",
 onlyif => "test -f /var/run/reboot-required",
 }
 }
}

I hope this helps you.

Brian

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/27686dc5-20d0-4c49-bb49-5639a42babe4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] exec resource applied on every run

2015-03-06 Thread Brian Mathis 
Hi Tim,

The exec type has some attributes that can control this, such as "onlyif",
"unless", and "creates".

Please review the documentation here:
https://docs.puppetlabs.com/references/latest/type.html#exec


❧ Brian Mathis
@orev


On Fri, Mar 6, 2015 at 5:30 PM, Tim Dunphy  wrote:

> Hey all,
>
>  I've created a very basic puppet module to install bacula and ensure that
> it's running. However one exec statement in my manifest gets applied every
> time.
>
> Here's the manifest:
>
> class bacula::install {
>
>if $hostname == "ops" {
>
>   file { "/var/bacula":
>   ensure => directory,
>   }
>
>   file {"/backup/tapes":
> ensure => directory,
>   }
>
>   package { ["bacula-client", "bacula-common", "bacula-storage",
> "bacula-libs", "bacula-libs-sql", "bacula-director", "bacula-console"] :
>   ensure => present,
>   require => [ File["/var/bacula"], File["/backup/tapes"]]
>   }
>
> * exec { "update_mysql_alternatives":*
> * command => "alternatives --set libbaccats.so
> /usr/lib64/libbaccats-mysql.so",*
> * path=> "/usr/local/bin/:/bin/:/usr/sbin"*
> * }*
>
>   } else {
>   package { ["bacula-client", "bacula-common"] :
>   ensure => present,
>   require => [ File["/var/bacula"], File["/backup/tapes"]]
>   }
>   }
> }
>
>
> Seems pretty straight forward. But how can I get the exec command to run
> only once if it hasn't been run previously?
>
> Thanks!
> Tim
>
> Thanks
>
> --
> GPG me!!
>
> gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/CAOZy0enBbzZCq5U%2B81fGGXPcNcuGDXcsHqtizDUcavheCaOJVQ%40mail.gmail.com
> <https://groups.google.com/d/msgid/puppet-users/CAOZy0enBbzZCq5U%2B81fGGXPcNcuGDXcsHqtizDUcavheCaOJVQ%40mail.gmail.com?utm_medium=email&utm_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CALKwpExw%3DbsTpYv%3DNVU1Q80zf72%3Dk7EPM%2BK31OCSf0oSu2q3OA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Geppetto 4.x download is broken

2015-02-27 Thread Brian Morris 
When attempting to access 
*http://puppetlabs.github.io/geppetto/download.html* in any of 3 browsers 
on 2 platforms this error is generated:

(In Chrome) This webpage has a redirect loop


(In Firefox) The page isn't redirecting properly



Additionally, the alternate link given 
on https://github.com/puppetlabs/geppetto/wiki for the download:

https://downloads.puppetlabs.com/geppetto/downloads

... results in a 404:

Not Found
> The requested URL /geppetto/downloads was not found on this server.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/a2190e8e-a02c-4152-be5a-2094494bcd99%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: Have Facter always return a result

2015-01-30 Thread Brian Morris 
Thank you, Peter, twice over! That's a great Ruby shortcut that I dd not 
know existed.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/8500d1b2-b459-4dec-a2b6-81e91dde2a4b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Have Facter always return a result

2015-01-30 Thread Brian Morris 
Hello all,

I cannot seem to get Facter to always return a value. In this instance I am 
pulling the Java version from our systems, but would like there to be an 
entry that says "null" within the facts of systems that don't have any Java 
clients installed. Here is the basic facter that pulls the Java version, 
and it works as expected:

Facter.add("java_version") do
 confine :osfamily => "Debian"   
 setcode do
 Facter::Util::Resolution.exec("java -version 2>&1 | grep Runtime | sed 
s/\[\\(\\)]//g | cut -d ' ' -f6")

 end

end



However, this returns nothing at all if no Java clients are installed. This 
fact is simply absent from those system's inventories. I have tried various 
if/else cases, such as this, just for testing purposes:

Facter.add("java_version") do
 confine :osfamily => "Debian"   
 setcode do
 if :osfamily == "Debian"
Facter::Util::Resolution.exec("java -version 2>&1 | grep Runtime | sed 
s/\[\\(\\)]//g | cut -d ' ' -f6")
 else
 "null"
 end
 end
end

... but this always resolves to "null", even when run on a platform that 
shows "osfamily => Debian". Does anone have some ideas on how to return the 
JAva client version when it is present, but to populate this fact with 
"null" if no client is present?

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/d57a2885-1839-4bbc-a4a2-02cc4b1d5609%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] puppet agent question

2015-01-10 Thread Brian Lock 
If the puppet agent isn't running on a server and you issue the command  
sudo /etc/init.d/puppet stop, and you have also disables execute access on 
the file /etc/init.d/puppet by chmod -x , why does puppet run from the 
master at its pre-prescribed time? 

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/41d9666f-e13b-4170-8c56-aee4a7fab021%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] setting folders to different permissions

2014-12-18 Thread Brian Keating 
Hi,
I want to set /home dir to chmod 750 but all dirs included to 755.  Anyone 
have a solution?
Thanks,
Brian.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/1b8dabb1-64a4-4e9b-9385-a091278f2d33%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] lock *nix user accounts with no password

2014-12-18 Thread Brian Keating 
Hi,
Our security policy states we lock *nix accounts that have no passwords.  I 
wrote a bash script that does the job but my onlyif statement isn't 
working.  I want it to check and only trigger when true - not every time. 
 I'm new to puppet trying to learn how to write 'onlyif' statements - can 
someone point me in the right direction?  

Here is manifest - the onlyif statement and the bash 
lock-out-no-password-account.sh script are working in isolation.  Augeas 
would be ideal to handle this kind of task but I have yet to find one to 
suit.  Help & guidance is appreciated.

exec { 'lock-accout-no-pass' :
command => "/admin/scripts/lock-out-no-password-account.sh",
onlyif => "/bin/cat /etc/shadow | /bin/awk -F : '{ print $2 
}' | /bin/grep ^$ | tail -1 | /bin/grep -c ^$"
}

#!/bin/bash
#
# Lock out active accounts with no password

for NAME in `awk -F: '( $2 == "" ) { print $1 }' /etc/shadow`; do
MyUID=`id -u $NAME`
if [ $MyUID -gt 500 -a $NAME != 'root' ]; then
usermod -L -s /dev/null $NAME
fi
done

Thanks,
Brian.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/3dbb467c-6f00-4389-b627-46133fdafb34%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Best practice for notifying versus changing?

2014-12-03 Thread Brian Morris 
Hello all,

Due to some persnickety Windows developers I have been tasked with showing 
that Puppet can be used to alert when a known configuration has changed 
rather than correcting the change, and then notifying of the correction. I 
have tried wrapping my head around this, but it doesn't seem to be what 
Puppet was designed for at all.

I would appreciate any ideas on how to best accomplish this, or some 
information on why this won't work.

Thanks! 

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/d2fcda0b-44df-422d-9741-8c291e9078cf%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: PuppetServer Inconsistent Errors

2014-11-14 Thread Brian Wong 
On Friday, November 14, 2014 2:05:08 PM UTC-5, Chris Price wrote:
>
> On Friday, November 14, 2014 8:52:55 AM UTC-8, Brian Wong wrote:
>>
>> I am currently using version 0.4.0 of PuppetServer using the official 
>> RPM package on CentOS 7. I am running into an issue where a node's agent 
>> runs error out inconsistently. The node's agent run would sometimes 
>> successfully complete or give different errors upon other runs. Below are 
>> examples of the errors that the agent would report. The errors never show 
>> up together but instead are confined to different invocations of the agent 
>> run. It may be slightly confusing, but the node where agent runs are 
>> performed also happens to be the server which is running PuppetServer as 
>> well. I am using Puppet to manage the PuppetServer.
>>
>> - one error that would sometimes appear
>> Notice: Finished catalog run in 8.08 seconds
>> Error: Could not send report: Error 400 on SERVER: Could not create 
>> resources for managing Puppet's files and directories in sections 
>> [:reporting]: Invalid parameter ensure
>> Invalid parameter ensurelogdir = /var/log/puppet 
>>
>
> These errors are very strange.  How frequently would you say that it 
> happens?  If you are able to jump on to #puppet-dev in freenode we could 
> maybe try to suggest some debugging patches you could apply to the ruby 
> code to help us narrow it down. 
>

After debugging this issue with PupetLabs team, it was found that the 
problem was essentially the issue described at 
https://tickets.puppetlabs.com/browse/SERVER-40.

Troubleshooting was a bit difficult at first because the error messages 
produced did not seem related to the aforementioned ticket. It was 
necessary to change the log-level to DEBUG for the PuppetServer in order to 
determine that it was an issue that had already been encountered.

Thanks go to the PuppetLabs team for their quick response on this issue.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/3a50e3df-b802-4dc9-a340-65ed0dbb3e1b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] PuppetServer Inconsistent Errors

2014-11-14 Thread Brian Wong 
I am currently using version 0.4.0 of PuppetServer using the official RPM 
package on CentOS 7. I am running into an issue where a node's agent runs 
error out inconsistently. The node's agent run would sometimes successfully 
complete or give different errors upon other runs. Below are examples of 
the errors that the agent would report. The errors never show up together 
but instead are confined to different invocations of the agent run. It may 
be slightly confusing, but the node where agent runs are performed also 
happens to be the server which is running PuppetServer as well. I am using 
Puppet to manage the PuppetServer.

- one error that would sometimes appear
Notice: Finished catalog run in 8.08 seconds
Error: Could not send report: Error 400 on SERVER: Could not create 
resources for managing Puppet's files and directories in sections 
[:reporting]: Invalid parameter ensure
Invalid parameter ensure

- another error that would sometimes appear
Error: Could not retrieve catalog from remote server: Error 400 on SERVER: 
Invalid parameter content on File[/etc/nagios/nrpe.cfg] at 
/etc/puppet/environments/development/modules_myorg/nrpe/manifests/config.pp:16 
on node i-76853297
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run

My puppet.conf and environment.conf configuration file looks like
- puppet.conf
[main]

# The Puppet log directory
# The default value is '$vardir/log'.
logdir = /var/log/puppet

# Where Puppet PID files are kept.
# The default value is '$vardir/run'.
rundir = /var/run/puppet

# Where SSL certificates are kept.
# The default value is '$confdir/ssl'.
ssldir = $vardir/ssl

environmentpath = /etc/puppet/environments

certname = puppet-dev.aws.myorg.io

[master]
autosign = true
hiera_config = /etc/puppet/environments/development/hiera.yaml
reports = store, puppetdb
storeconfigs = true
storeconfigs_backend = puppetdb
[agent]
server  = puppet-dev.aws.myorg.io
environment = development
certname = i-76853297
report = true

- environment.conf for relevant environment
manifest = manifests/site.pp
modulepath = modules_forge:modules_myorg
environment_timeout = 0

Can anyone shed light on this inconsisteny I am seeing? Thank you for your 
time.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/32e6a5f2-2401-4a7e-8dd0-ae4773b0bd3a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] With Microsoft going all in .NET & Open Source (MIT license)

2014-11-13 Thread Brian Morris 
I understand where your desire stems from, but IMHO the core problem with 
Puppet right now is that it's already fragmented too much.

PE, P-FOSS, Ruby, C, Hiera, MCollective, environments or flat, Augeas, 
Powershell, Puppet Dashboard, Foreman, etc., and no clear vision for any of it.

Adding .NET in would just make things that much more cumbersome.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/b510d752-2c5d-45d1-b2c5-16f60f45f15c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: Adding then removing SW - best practices?

2014-10-27 Thread Brian Morris 
This could be done in a stateful fashion. Start with a facter like this:

Facter.add(:apache_exists) do
>
> confine :osfamily => "Debian"
>
> setcode do
>
> if Facter::Util::Resolution.exec("dpkg -l | grep apache2 | grep -v 
>> apache2-utils | grep ^ii")
>
> "true"
>
> end
>
> end
>
> end
>
>
... and then, in a manifest, reference the facter to see if it is true:

if ( $::apache_exists ) {
>
> do something,
>
> }
>
>

Brian 
 

On Sunday, October 26, 2014 5:18:44 AM UTC-7, JonY wrote:
>
> Let's say that I'm deploying a steady stream of identical hosts. Each has 
> some piece of SW on it that's managed by Puppet.  I continue to (regularly) 
> add to and maintain this group over time.
>
> Day comes when this SW is no longer required. 
>
> So I remove the module from Puppet to prevent it being included on future 
> hosts in this group. 
>
> "What about the existing hosts?" I ask.
> "Add a module to remove the SW" I think.
> "What about the future hosts? Won't this seem a bit odd to tell puppet to 
> remove SW that was never installed?" I wonder.
> "Puppet is idempotent!" says the FM. 
> "Ok - but it still seems amiss. To a 'distant observer' it would seem an 
> odd practice." says I.
>
> Should I break up the 'before' and 'after' hosts into separate groups / 
> environments? I use an ENC to manage the modules. Maybe a DB entry to 
> indicate who gets the extra module?
>
> Some other pathway?
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/825cb051-76b9-4353-8ee7-20c7b81d2896%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: Puppet, inventory, and single sources of truth.

2014-10-27 Thread Brian Morris 
I accomplish this through a way that may fit your needs. I use facters for 
it. Here is one for looking for Apache on Debian-based distro:

 

Facter.add(:apache_exists) do

confine :osfamily => "Debian"

setcode do

if Facter::Util::Resolution.exec("dpkg -l | grep apache2 | grep -v 
> apache2-utils | grep ^ii")

"true"

end

end

end


This shows up in PuppetDB and Puppet Dashboard as "apache_exists", and 
"true" for systems that have it.

Here is one for looking for the version of SEP on a Windows server:
 

> Facter.add("app_sep_version") do
>
>   confine :osfamily => "Windows"
>
> setcode do
>
> Facter::Util::Resolution.exec('C:\Windows\sysnative\WindowsPowerShell\v1.0\powershell.exe
>  
>> -Command "& {Get-ChildItem 
>> hklm:\software\microsoft\windows\currentversion\uninstall | ForEach-Object 
>> {Get-ItemProperty $_.pspath} | Where-Object {$_.DisplayName -eq \"Symantec 
>> Endpoint Protection\"} | ForEach-Object -process {$_.DisplayVersion } }" ' )
>
> end
>
> end
>
>
That one reports the version of SEP to both Puppet DB, and Puppet Dashboard.


I hope this helps,
Brian 


On Sunday, October 26, 2014 4:47:04 PM UTC-7, Robin Powell wrote:
>
>
> So I've been using puppet for a long time, and the one thing I've 
> never solved to my satisfaction is a way to have a single source of 
> truth that acts as both instructions to puppet *and* as a system 
> inventory that I can use for general opertaions (i.e. "how many 
> tomcat hosts do we have?"). 
>
> When Hiera came along I shifted to that, believing that it was the 
> right solution here, and I've managed to hack together something 
> that works, but it's pretty inelegant.  The reason is that to get a 
> proper inventory out of hiera requires collating all the hiera data 
> from the point of view of each host, so that all the hierarchical 
> processing is correct, and then mushing all those results together. 
> I've got a system to do that, but it's pretty hacky. 
>
> Is there some better way of combining a general inventory system and 
> puppet?  Is this a Puppet Enterprise sort of thing? 
>
> -- 
> http://intelligence.org/ :  Our last, best hope for a fantastic future. 
> .i ko na cpedu lo nu stidi vau loi jbopre .i dafsku lu na go'i li'u .e 
> lu go'i li'u .i ji'a go'i lu na'e go'i li'u .e lu go'i na'i li'u .e 
> lu no'e go'i li'u .e lu to'e go'i li'u .e lu lo mamta be do cu sofybakni 
> li'u 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/3b7f0966-df19-49e1-b50b-c1b20304f4f0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] puppet-common 2.7.26 depends facter (<< 2.0)

2014-10-20 Thread Brian Witt 
I noticed today that the puppet-common 2.7.26 deb package for Ubuntu 
precise at

https://apt.puppetlabs.com/pool/precise/main/p/puppet/puppet-common_2.7.26-1puppetlabs1_all.deb

depends facter (<< 2.0) even though the facter page
https://docs.puppetlabs.com/facter/
says

"The currently supported Facter versions are 2.x and 1.7. Both versions 
work with Puppet 3.x and 2.7."

I've manually installed facter 2.2.0 (via dpkg) and it seems to work fine 
with puppet 2.7.26, so I'm confused by the dependency. Why is that there?

Thanks,
Brian





-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/b22de0a2-26f8-44a4-ab36-a1d1486fa44f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] EXEC resource fails but does not log a failure

2014-10-08 Thread Brian Morris 
Hello Paul,

I ran into this very issue recently. This happens because Powershell does not 
properly catch error events. If the PS engine is able to run the script engine 
while continuing on errors then it will exit with a code of 0. Even if your 
script utterly failed to run, if the PS engine does not experience an error of 
its own you get an exit code of 0.

There are ways to turn on better, more sane error trapping in PS, but this will 
cause you to go deep into MS' proprietary error code system. I get around all 
of this by just looking at the output of PS commands, such as checking for null 
output.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/6d45774c-f751-459c-b196-c8e66ca83823%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] vmware-vcsa module !!!

2014-10-08 Thread Brian Morris 
Hello Rakesh,

Please post your code that this error comes from.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/c56382ed-2573-4f31-ab89-e60a08b010a3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Error 500

2014-10-03 Thread Brian Morris 
I was wrong, Jonathan. That error is actually somewhere in a manifest. You can 
troubleshoot it the same way, though. Just start commenting out sections of 
code in the order that your manifests are invoked in, until you find the 
culprit.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/52544ed7-871a-452c-afb7-c4dd202990b9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Error 500

2014-10-03 Thread Brian Morris 
This is bombing on your facters. I would try commenting out successively more 
facters, from the bottom of each facter file, until you locate the source of 
the error.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/50a12b27-886a-43d8-9034-d4993938a9b8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Best way to deploy the Puppet client to a large set of Windows servers?

2014-10-02 Thread Brian Morris 
Thank you, Jim. I will research your ideas as well.

On Thu, Oct 2, 2014 at 4:05 PM, Jim Ficarra  wrote:

>   In our organization, we created a chocolatey package for the puppet
> client hosted on our internal nuget server.  We then created a powershell
> module that includes several tools for our environment, one of which
> remotely invokes the installation of chocolatey on windows systems in
> parallel, and another to invoke the installation of the chocolatey puppet
> package from our internal nuget server, also in parallel.  The chocolatey
> package contains the majority of the MSI properties for configuration, and
> we leverage the installargs option to pass in the puppet environment we
> need to point to.  The “meat” for this is just looping through a bunch of
> invoke-commands and running them as jobs after passing in one or more
> servers with a simple text file manifest.  This avoids the “patch party”
> scenario.
>
> Of course the above depends on having WinRM configured as Rob mentioned.
> If you do have WinRM enabled, you can take out the chocolatey package
> pre-requisite as in our case (e.g. if you don’t have a nuget server setup),
> and then still build a simple PowerShell script to use invoke-command kick
> off  the installation of the msi with parameters on multiple servers, as
> jobs, so they occur in parallel.  You could have the msi hosted on a share
> to access during the installation.
>
> Do you have any tools such as Microsoft System Center to package and
> deploy? That would be another way to do this, or a myriad of other tools
> that can be used to deploy.  For example, I’ve not used psexec for puppet,
> but you could try to use psexec from www.sysinternals.com to execute as
> well.  It has an option (-c) to copy the the program to the remote system
> before it executes, so that can serve to ensure the MSI is available on the
> remote node.  Note that psexec does create a windows service on the remote
> server – so there’s a trace left behind you may need to clean up (yuck).
>
> Hope this helps.
>
> -Jim
>
>
>
>
>  *From:* Brian Morris 
> *Sent:* Thursday, October 02, 2014 6:24 PM
> *To:* puppet-users@googlegroups.com
> *Subject:* Re: [Puppet Users] Best way to deploy the Puppet client to a
> large set of Windows servers?
>
>  Thank you, Rob. I have a lot of reading to do. :)
>
> On Thu, Oct 2, 2014 at 3:12 PM, Rob Reynolds  wrote:
>
>>
>>
>> On Wed, Oct 1, 2014 at 3:30 PM, Brian Morris 
>> wrote:
>>
>>> Hello all,
>>>
>>> There may come a need for me to perform a wide deployment of the Puppet
>>> client to Windows servers. I am curious to know how others have
>>> accomplished this.
>>>
>>> Concerns I have:
>>>
>>> - No other tools are in place that readily come to mind for pushing the
>>> client out. VCM is in play, but is difficult at best to deploy other
>>> applications with. The client could certainly be placed on a central file
>>> share, but pulling rather than pushing sounds like it will require direct
>>> Sysadmin involvement.
>>>
>>> - To ease the pain I could set the Puppet Master to auto-sign
>>> certificates for a small window of time, but am unsure if this would be
>>> worthwhile.
>>>
>>> - I can imagine a "patch party" where a bunch of Sysadmins each get a
>>> list of servers to go hand perform the installation on, but I am hoping for
>>> something much cleaner than this.
>>>
>>
>> I'm not sure yet if we have an official/recommended way of getting the
>> agent installed. I believe we are working on making this process easier
>> though.
>>
>> So now an alternative recommendation of going about it -
>>
>> Is WinRm configured on these servers? I'm guessing no b/c they are stock.
>> If so you have a much easier time moving forward, but it is not configured
>> by default. So the next option is Wmi calls.
>>
>> There is a really low level Wmi call you can make to
>> Win32_Process.Create[1] that you can use to create a process to install the
>> puppet agent if you have administrative privileges. You can do this
>> remotely. This works with Windows OOTB.
>>
>> If one could connect, you could pass a command to msiexec to run the
>> installer with a url to the agent msi. You would want to put it on a file
>> share that all of these servers can access (or use the official download).
>> Take a look at automated installation[2] and msi properties[3].
>>
>> So you could set your call as "msiexec" and args "/qn /i
>> \\file\share\location\of

Re: [Puppet Users] Best way to deploy the Puppet client to a large set of Windows servers?

2014-10-02 Thread Brian Morris 
Thank you, Rob. I have a lot of reading to do. :)

On Thu, Oct 2, 2014 at 3:12 PM, Rob Reynolds  wrote:

>
>
> On Wed, Oct 1, 2014 at 3:30 PM, Brian Morris 
> wrote:
>
>> Hello all,
>>
>> There may come a need for me to perform a wide deployment of the Puppet
>> client to Windows servers. I am curious to know how others have
>> accomplished this.
>>
>> Concerns I have:
>>
>> - No other tools are in place that readily come to mind for pushing the
>> client out. VCM is in play, but is difficult at best to deploy other
>> applications with. The client could certainly be placed on a central file
>> share, but pulling rather than pushing sounds like it will require direct
>> Sysadmin involvement.
>>
>> - To ease the pain I could set the Puppet Master to auto-sign
>> certificates for a small window of time, but am unsure if this would be
>> worthwhile.
>>
>> - I can imagine a "patch party" where a bunch of Sysadmins each get a
>> list of servers to go hand perform the installation on, but I am hoping for
>> something much cleaner than this.
>>
>
> I'm not sure yet if we have an official/recommended way of getting the
> agent installed. I believe we are working on making this process easier
> though.
>
> So now an alternative recommendation of going about it -
>
> Is WinRm configured on these servers? I'm guessing no b/c they are stock.
> If so you have a much easier time moving forward, but it is not configured
> by default. So the next option is Wmi calls.
>
> There is a really low level Wmi call you can make to
>  Win32_Process.Create[1] that you can use to create a process to install
> the puppet agent if you have administrative privileges. You can do this
> remotely. This works with Windows OOTB.
>
> If one could connect, you could pass a command to msiexec to run the
> installer with a url to the agent msi. You would want to put it on a file
> share that all of these servers can access (or use the official download).
> Take a look at automated installation[2] and msi properties[3].
>
> So you could set your call as "msiexec" and args "/qn /i
> \\file\share\location\of\puppet.msi PUPPET_MASTER_SERVER=
> puppet.example.com"
>
> You could run that command as fire and forget and wait for them to all
> finish up as they check in with the master. I did a little searching and
> found a couple of gems out there that are related to WMI[4][5].
>
> Note: I once worked on a tool where we did something very similar to this.
>
> [1] http://msdn.microsoft.com/en-us/library/aa389388.aspx
> [2]
> https://docs.puppetlabs.com/guides/install_puppet/install_windows.html#automated-installation
> [3]
> https://docs.puppetlabs.com/guides/install_puppet/install_windows.html#msi-properties
> [4] https://rubygems.org/gems/ruby-wmi
> [5] https://rubygems.org/gems/wmi-lite
>
>
>>  --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to puppet-users+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/puppet-users/0cb53cf7-6e6e-41c3-8855-8217cfaae923%40googlegroups.com
>> <https://groups.google.com/d/msgid/puppet-users/0cb53cf7-6e6e-41c3-8855-8217cfaae923%40googlegroups.com?utm_medium=email&utm_source=footer>
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
>
> --
> Rob Reynolds
> Developer, Puppet Labs
>
> *Join us at PuppetConf 2014 <http://www.puppetconf.com/>, September
> 20-24 in San Francisco*
>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Puppet Users" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/puppet-users/pSo5jKyezmU/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/CAMJiBK7BaHkWypqZsQA2Y6f%3D1cj9FZ4E1KTfJntXw7F_9xRAWA%40mail.gmail.com
> <https://groups.google.com/d/msgid/puppet-users/CAMJiBK7BaHkWypqZsQA2Y6f%3D1cj9FZ4E1KTfJntXw7F_9xRAWA%40mail.gmail.com?utm_medium=email&utm_source=footer>
> .
>
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAH8X0%2BFs7j-yepqMj5Xg4Xqh5pSZ_THKAwQj4PhcxadnUREAXA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: How do I install Websphere MQ using WS_MQ_SOL_ON_X86_64_7.5.0.2_IMG.tar files in a puppet master? or are there any available deb or rpm packages which puppet can recognize?

2014-10-01 Thread Brian Morris 
This is what I use to deploy VMTools, which is packaged similarly. First I 
place the tar.gz file within the manifest's "files" dir, and here is the 
code:

if ( $::virtual == vmware ) {
  
  File["/home/someuser/vmtools_package.tgz"] -> Exec["vmtools_install"]
  
file {"/home/someuser/vmtools_package.tgz":
  source=> 
"puppet:///modules/vmtools_install/VMwareTools-9.0.5-1283433.tar.gz",
  schedule  => 'hourly',
}
  exec {"vmtools_install":
command   => '/bin/sh -c "killall vmtoolsd; cd /home/someuser && tar 
xzf vmtools_package.tgz && cd vmware-tools-distrib && ./vmware-install.pl 
-d && cd .. && rm -rf vm* && /usr/sbin/vmtoolsd &"',
schedule  => 'hourly',
}
  }

Notice that the handling and installing of the packaged file all happens in 
one line. The hourly schedule insures that a client doesn't try to start 
this process again while another one is running, as the compile during 
installation can take a while. It also cleans up the installation files 
when done.

I hope this helps,
Brian



On Wednesday, October 1, 2014 9:18:55 AM UTC-7, Chayce wrote:
>
> Hi,
>
> Actually, I am trying to install Websphere MQ on agents by using puppet 
> master. I think there are two ways. One is from available .tar files, and 
> other is using rpm/deb. I also want to use rpm, but how do I create a 
> manifest to use rpm packages. I found modules for activemq, and rabbitmq 
> but not for web sphere mq in puppet forge. or What I am missing here? Thank 
> you.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/35da9354-2cb9-48cb-a770-34eb6ca07590%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Best way to deploy the Puppet client to a large set of Windows servers?

2014-10-01 Thread Brian Morris 
Hello all,

There may come a need for me to perform a wide deployment of the Puppet 
client to Windows servers. I am curious to know how others have 
accomplished this.

Concerns I have:

- No other tools are in place that readily come to mind for pushing the 
client out. VCM is in play, but is difficult at best to deploy other 
applications with. The client could certainly be placed on a central file 
share, but pulling rather than pushing sounds like it will require direct 
Sysadmin involvement.

- To ease the pain I could set the Puppet Master to auto-sign certificates 
for a small window of time, but am unsure if this would be worthwhile.

- I can imagine a "patch party" where a bunch of Sysadmins each get a list 
of servers to go hand perform the installation on, but I am hoping for 
something much cleaner than this.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/0cb53cf7-6e6e-41c3-8855-8217cfaae923%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Using Powershell in facters yields no data

2014-09-18 Thread Brian Morris 
Thank you for that, Josh, as well as for creating the Powershell module for
Puppet. I hope to meet both you and Rob at PuppetConf next week.

On Thu, Sep 18, 2014 at 4:24 PM, Josh Cooper  wrote:

>
>
> On Thu, Sep 18, 2014 at 2:17 PM, Brian Morris 
> wrote:
>
>> Holy cow, Rob... that was great info! All I did was change "System32" to
>> "sysnative", and it worked on the first try. All of that frustration boiled
>> down to one part of one path...
>>
>> Thank you for the link, too. It helps to understand why this happens.
>> Cheers to you!
>>
>
> I filed https://tickets.puppetlabs.com/browse/FACT-710. as facter should
> use 64-bit powershell when available.
>
>
>> On Thu, Sep 18, 2014 at 1:59 PM, Rob Reynolds  wrote:
>>
>>>
>>>
>>> On Thu, Sep 18, 2014 at 3:54 PM, Rob Reynolds 
>>> wrote:
>>>
>>>>
>>>>
>>>> On Thu, Sep 18, 2014 at 2:11 PM, Brian Morris <
>>>> nomadicextre...@gmail.com> wrote:
>>>>
>>>>> Hello all,
>>>>>
>>>>> I have been banging my head against this one for a couple of days. I
>>>>> am trying to use Powershell to comb the Windows registry for installed
>>>>> applications, such as VMware Tools, to create a custom facter. If I run
>>>>> this code from a PS prompt it works, and returns the expected data:
>>>>>
>>>>> PS C:\> Get-ChildItem
>>>>> hklm:\software\microsoft\windows\currentversion\uninstall | ForEach-Object
>>>>> {Get-ItemProperty $_.ps
>>>>> path} | Where-Object {$_.DisplayName -eq "VMware Tools"} |
>>>>> ForEach-Object -process {$_.DisplayVersion }
>>>>> *9.4.6.1770165*
>>>>>
>>>>>
>>>> This is running in a 64bit process.
>>>>
>>>>
>>>>
>>>>> However, running the same thing through Puppet as a facter yields zero
>>>>> data:
>>>>>
>>>>> --
>>>>> Facter.add("vmtools_version") do
>>>>> confine :osfamily => "Windows"
>>>>>   setcode do
>>>>> 
>>>>> Facter::Util::Resolution.exec('C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
>>>>> -Command
>>>>>
>>>>
>>> C:\Windows\System32 is also subject to File system redirection, which is
>>> also talked about in that post. Likely fixing only this as sysnative will
>>> return the right data because PowerShell will run in 64bit mode. But I
>>> would explore the ruby only way to speed up the fact.
>>>
>>>
>>>> "& {Get-ChildItem
>>>>> hklm:\software\microsoft\windows\currentversion\uninstall | ForEach-Object
>>>>> {Get-ItemProperty $_.pspath} | Where-Object {$_.DisplayName -eq \"VMware
>>>>> Tools\"} | ForEach-Object -process {$_.DisplayVersion } } "')
>>>>> end
>>>>> end
>>>>> --
>>>>>
>>>>
>>>> This is in a 32bit process unless you are on the newest 3.7.0 or 3.7.1
>>>> x64 builds of Puppet. You are hitting registry redirection.  Be sure to
>>>> checkout Common Gotchas[1] especially for how to turn off registry
>>>> redirection in a 32 bit process.
>>>>
>>>>
>>>> [1] http://puppetlabs.com/blog/how-avoid-common-windows-gotchas-puppet
>>>>
>>>>
>>>> More detail:
>>>>
>>>> When a 32 bit process calls the registry and is subject to redirection,
>>>> it only sees the Wow6432Node under software. Check out that link above, it
>>>> explains quite a bit in more detail.
>>>>
>>>>
>>>>
>>>>>
>>>>> The left side shows up in the facters as "vmtools_version", but the
>>>>> right side is always empty. I have tried using the  GetItem module 
>>>>> instead,
>>>>> and tried various combinations of the "-Command" switch, removed the
>>>>> "For-Each" handler to see if would spit out a huge block of text, and even
>>>>> tried wrapping the whole thing in a "try & catch" to see if any error
>>>>> states are generated, but have never gotten any right side output at all.
>>>>>
>>>>> Does anyone have an idea that might make this work?
>>>>

Re: [Puppet Users] Using Powershell in facters yields no data

2014-09-18 Thread Brian Morris 
Holy cow, Rob... that was great info! All I did was change "System32" to
"sysnative", and it worked on the first try. All of that frustration boiled
down to one part of one path...

Thank you for the link, too. It helps to understand why this happens.
Cheers to you!

On Thu, Sep 18, 2014 at 1:59 PM, Rob Reynolds  wrote:

>
>
> On Thu, Sep 18, 2014 at 3:54 PM, Rob Reynolds  wrote:
>
>>
>>
>> On Thu, Sep 18, 2014 at 2:11 PM, Brian Morris 
>> wrote:
>>
>>> Hello all,
>>>
>>> I have been banging my head against this one for a couple of days. I am
>>> trying to use Powershell to comb the Windows registry for installed
>>> applications, such as VMware Tools, to create a custom facter. If I run
>>> this code from a PS prompt it works, and returns the expected data:
>>>
>>> PS C:\> Get-ChildItem
>>> hklm:\software\microsoft\windows\currentversion\uninstall | ForEach-Object
>>> {Get-ItemProperty $_.ps
>>> path} | Where-Object {$_.DisplayName -eq "VMware Tools"} |
>>> ForEach-Object -process {$_.DisplayVersion }
>>> *9.4.6.1770165*
>>>
>>>
>> This is running in a 64bit process.
>>
>>
>>
>>> However, running the same thing through Puppet as a facter yields zero
>>> data:
>>>
>>> --
>>> Facter.add("vmtools_version") do
>>> confine :osfamily => "Windows"
>>>   setcode do
>>> 
>>> Facter::Util::Resolution.exec('C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
>>> -Command
>>>
>>
> C:\Windows\System32 is also subject to File system redirection, which is
> also talked about in that post. Likely fixing only this as sysnative will
> return the right data because PowerShell will run in 64bit mode. But I
> would explore the ruby only way to speed up the fact.
>
>
>> "& {Get-ChildItem
>>> hklm:\software\microsoft\windows\currentversion\uninstall | ForEach-Object
>>> {Get-ItemProperty $_.pspath} | Where-Object {$_.DisplayName -eq \"VMware
>>> Tools\"} | ForEach-Object -process {$_.DisplayVersion } } "')
>>> end
>>> end
>>> --
>>>
>>
>> This is in a 32bit process unless you are on the newest 3.7.0 or 3.7.1
>> x64 builds of Puppet. You are hitting registry redirection.  Be sure to
>> checkout Common Gotchas[1] especially for how to turn off registry
>> redirection in a 32 bit process.
>>
>>
>> [1] http://puppetlabs.com/blog/how-avoid-common-windows-gotchas-puppet
>>
>>
>> More detail:
>>
>> When a 32 bit process calls the registry and is subject to redirection,
>> it only sees the Wow6432Node under software. Check out that link above, it
>> explains quite a bit in more detail.
>>
>>
>>
>>>
>>> The left side shows up in the facters as "vmtools_version", but the
>>> right side is always empty. I have tried using the  GetItem module instead,
>>> and tried various combinations of the "-Command" switch, removed the
>>> "For-Each" handler to see if would spit out a huge block of text, and even
>>> tried wrapping the whole thing in a "try & catch" to see if any error
>>> states are generated, but have never gotten any right side output at all.
>>>
>>> Does anyone have an idea that might make this work?
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Puppet Users" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to puppet-users+unsubscr...@googlegroups.com.
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/puppet-users/a76b897f-9f1f-4e82-ab18-344ae9a6e2c7%40googlegroups.com
>>> <https://groups.google.com/d/msgid/puppet-users/a76b897f-9f1f-4e82-ab18-344ae9a6e2c7%40googlegroups.com?utm_medium=email&utm_source=footer>
>>> .
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>
>>
>>
>> --
>> Rob Reynolds
>> Developer, Puppet Labs
>>
>> *Join us at PuppetConf 2014 <http://www.puppetconf.com/>, September
>> 20-24 in San Francisco*
>>
>
>
>
> --
> Rob Reynolds
> Developer, Puppet Labs
>
> *Join us at PuppetConf 2014 <http://www.puppetconf.com/>, September
> 20-24 in San Francisco*
>
> --
> You received this message because you are subscribed

[Puppet Users] Re: Using Powershell in facters yields no data

2014-09-18 Thread Brian Morris 
I almost forgot. I have also tried setting the exec line up as a variable, 
and returning that variable, to no effect.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/0f3bf46f-7b96-4035-80a7-2293a0e2e30a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Using Powershell in facters yields no data

2014-09-18 Thread Brian Morris 
Hello all,

I have been banging my head against this one for a couple of days. I am 
trying to use Powershell to comb the Windows registry for installed 
applications, such as VMware Tools, to create a custom facter. If I run 
this code from a PS prompt it works, and returns the expected data:

PS C:\> Get-ChildItem 
hklm:\software\microsoft\windows\currentversion\uninstall | ForEach-Object 
{Get-ItemProperty $_.ps
path} | Where-Object {$_.DisplayName -eq "VMware Tools"} | ForEach-Object 
-process {$_.DisplayVersion }
*9.4.6.1770165*

However, running the same thing through Puppet as a facter yields zero data:

--
Facter.add("vmtools_version") do
confine :osfamily => "Windows"
  setcode do

Facter::Util::Resolution.exec('C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
 
-Command "& {Get-ChildItem 
hklm:\software\microsoft\windows\currentversion\uninstall | ForEach-Object 
{Get-ItemProperty $_.pspath} | Where-Object {$_.DisplayName -eq \"VMware 
Tools\"} | ForEach-Object -process {$_.DisplayVersion } } "')
end
end
--

The left side shows up in the facters as "vmtools_version", but the right 
side is always empty. I have tried using the  GetItem module instead, and 
tried various combinations of the "-Command" switch, removed the "For-Each" 
handler to see if would spit out a huge block of text, and even tried 
wrapping the whole thing in a "try & catch" to see if any error states are 
generated, but have never gotten any right side output at all.

Does anyone have an idea that might make this work?

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/a76b897f-9f1f-4e82-ab18-344ae9a6e2c7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: client not seeing changes made on puppetmaster

2014-09-04 Thread Brian Wilkins 
You might want to file a bug, as this was supposed to be fixed in Puppet 2.7

http://projects.puppetlabs.com/issues/5318


On Thursday, September 4, 2014 3:28:10 PM UTC-4, Mike Reed wrote:
>
> Greetings,
>
> I have a class for which I would like to simply print a few parameters 
> about a node, before actually running any additional modules on the client 
> itself.  The problem I'm seeing is that after making changes to the class, 
> I don't see them being propagated to the puppet client.  Occasionally if I 
> restart puppet services on both client and master, the changes will get 
> pulled down.  In other occasions, after a certain amount of time, the 
> changes will just magically appear to get pulled down by the client.  Does 
> anybody know why this may be occurring?  It's driving me mad.
>
> I have a vanilla puppet client running puppet 3.6.2 and a puppet master 
> running version 3.6.2. and both have been recently built.
>
> *Site.pp:*
>
> # test node
> node seanconnery-01 {
>   include role
> }
>
> class role {
>   include profile::base
> }
>
> class profile::base {
>   include sys_ident
> }
>
>
> *sys_ident/init.pp*
>
> class sys_ident {
>   notify { 'system hostname':
> withpath => true,
> name => "my fqdn is $fqdn",
> }
>
>   notify {'network location':
> withpath => true,
> name => "my network is ${network}",
>   }
> }
>
> *Upon running the client, I get the expected output:*
> seanconnery-01:~$ sudo puppet agent -tv
> Info: Retrieving pluginfacts
> Info: Retrieving plugin
> Info: Loading facts in /var/lib/puppet/lib/facter/network.rb
> Info: Caching catalog for seanconnery-01.domain
> Info: Applying configuration version '1409858463'
> Notice: /Stage[main]/Sys_ident/Notify[network location]/message: my 
> network is greenzone
> Notice: /Stage[main]/Sys_ident/Notify[network location]/message: defined 
> 'message' as 'my network is greenzone'
> Notice: /Stage[main]/Sys_ident/Notify[system hostname]/message: my fqdn is 
> seanconnery-01.domain
> Notice: /Stage[main]/Sys_ident/Notify[system hostname]/message: defined 
> 'message' as 'my fqdn is seanconnery-01.domain
> Notice: Finished catalog run in 0.04 seconds
>
> *However, if I add another notify to the sys_ident/init.pp like so:*
>
> class sys_ident {
>   notify { 'system hostname':
> withpath => true,
> name => "my fqdn is $fqdn",
> }
>
>   notify {'network location':
> withpath => true,
> name => "my network is ${network}",
>   }
>
>   notify {'swapfree':
> withpath => true,
> name => "my swap is ${swapfree}",
>   }
> }
>
> *I get the following on my client:*
> seanconnery-01:~$ sudo puppet agent -tv
> Info: Retrieving pluginfacts
> Info: Retrieving plugin
> Info: Loading facts in /var/lib/puppet/lib/facter/network.rb
> Info: Caching catalog for seanconnery-01.domain
> Info: Applying configuration version '1409858679'
> Notice: /Stage[main]/Sys_ident/Notify[network location]/message: my 
> network is greenzone
> Notice: /Stage[main]/Sys_ident/Notify[network location]/message: defined 
> 'message' as 'my network is greenzone'
> Notice: /Stage[main]/Sys_ident/Notify[system hostname]/message: my fqdn is 
> seanconnery-01.domain'
> Notice: /Stage[main]/Sys_ident/Notify[system hostname]/message: defined 
> 'message' as 'my fqdn is seanconnery-01.domain'
> Notice: Finished catalog run in 0.04 seconds
>
> After a certain amount of undetermined time, the client will finally 
> pickup the changes but there's no rhyme or reason to it.
> Has anybody else ever seen this behavior?  I can't for the life of me 
> figure it out.
>
> As always, your help is much appreciated.
>
> m.
>
>
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/7e5f73bc-6050-4db6-803c-ac7d3a62a09c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: Puppet 'node data' when using common node_names?

2014-09-02 Thread Brian Wilkins 
Matt,

There is a better way and that is to use the roles and profiles pattern. I 
use that and I have a custom facter ruby script that reads the fqdn from a 
yaml and assigns it's role. Puppet takes over from there. 

On Saturday, August 23, 2014 1:46:59 PM UTC-4, Matt W wrote:
>
> Will,
>   Thanks for the response. I know its a bit of a unique model -- but when 
> you think about it, it makes a decent amount of sense. We run hundreds of 
> nodes that are fundamentally similar .. i.e. "this is a web server, it gets 
> the XYZ package installed" and "this is a web server, it gets the ABC 
> package installed". Using hostnames to identify the systems node-definition 
> makes very little sense and leaves quite a bit of room for error. 
> Explicitly setting the node-type as a fact allows us to re-use the same 
> node types but for many different environments and keeps host-names out of 
> the mix. For example, I can quickly boot up a 
> "prod-mwise-dev-test-web-sever-thingy" using the same node definition as 
> our "prod-frontend-host" for some testing, without worrying about the 
> hostname regex structure.
>
>   Anyways that said ... what I'm really interested in knowing is why the 
> puppet-agents are pulling DOWN their "node information" from the puppet 
> masters? Is it possible that they do an upload of node information, then 
> ask for that information back, then somehow use the downloaded information 
> for their catalog request? I could see some interesting race conditions if 
> that was the case.
>
> Matt Wise
> Sr. Systems Architect
> Nextdoor.com
>
>
> On Fri, Aug 22, 2014 at 7:11 PM, Wil Cooley  > wrote:
>
>>
>> On Aug 22, 2014 7:37 AM, "Matt W" > 
>> wrote:
>> >
>> > Anyone have any thoughts on this?
>> >
>>
>> I have to say, using an identical node name as a way of assigning the 
>> node's role is an "interesting" approach. I would not be surprised if you 
>> run into other difficulties with this approach; some even harder to find. 
>> Even something like an appended unique identifier, such as from the host 
>> ID, MAC address, serial number, hashed SHA1, etc would have been better.
>>
>> Be that as it may, life would be dull if we didn't have to live with the 
>> sins of the past. You might check the config guide 
>> https://docs.puppetlabs.com/references/3.6.latest/configuration.html but 
>> in thinking about it, if you found a setting and tried to use a fact in it, 
>> you'd probably just get the master's fact.
>>
>> The reports, at least, should be easy - since they're pluggable, you 
>> could copy the existing "lib/puppet/reports/store.rb" to a new name & 
>> module and tweak the storage location.
>>
>> Wil
>>
>> > On Thursday, August 14, 2014 10:39:16 AM UTC-7, Matt W wrote:
>> >>
>> >> We noticed that our puppet reports and our puppet node data stored on 
>> our puppet servers is always written out in the form of the 'node name'. So 
>> when we use a node name like 'prod_webserver' across many webserver 
>> machines, we get a tree of reports and node data like this:
>> >>
>> >>> /var/lib/puppet/yaml/node/prod_web.yaml
>> >>> /var/lib/puppet/yaml/facts/prod_web.yaml
>> >>> /var/lib/puppet/reports/prod_web
>> >>> /var/lib/puppet/reports/prod_web/201408130200.yaml
>> >>> /var/lib/puppet/reports/prod_web/201408140811.yaml
>> >>> /var/lib/puppet/reports/prod_web/201408121328.yaml
>> >>> /var/lib/puppet/reports/prod_web/201408130743.yaml
>> >>> /var/lib/puppet/reports/prod_web/201408140454.yaml
>> >>
>> >>
>> >> Where each of those reports likely reflects a compilation run for a 
>> different host... and the facts/node files at the top are getting 
>> constantly re-written as new clients come in.
>> >>
>> >> Is there a way to change the behavior of the data there to be written 
>> out based on the ${::fqdn} of the host (or certname) rather than its node 
>> name?
>> >>
>> >> (our client puppet configs ...)
>> >>>
>> >>> [main]
>> >>> ...
>> >>> node_name = facter
>> >>> node_name_fact = puppet_node
>> >>
>> >>
>> >> (a client puppet fact file...)
>> >>>
>> >>> puppet_node=prod_web
>> >>> puppet_environment=production
>> >>> package=frontend=some-version-here
>> >>> app_group=us1
>> >
>> > -- 
>> > You received this message because you are subscribed to the Google 
>> Groups "Puppet Users" group.
>> > To unsubscribe from this group and stop receiving emails from it, send 
>> an email to puppet-users...@googlegroups.com .
>> > To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/puppet-users/40c0048d-fc90-4006-99da-98bfa9ba94a7%40googlegroups.com
>> .
>> >
>> > For more options, visit https://groups.google.com/d/optout.
>>  
>> -- 
>> You received this message because you are subscribed to a topic in the 
>> Google Groups "Puppet Users" group.
>> To unsubscribe from this topic, visit 
>> https://groups.google.com/d/topic/puppet-users/adxt68xO210/unsubscribe.
>> To unsubscribe from this group and all its topics, send an email to 
>> puppet-users...@googlegroups.c

Re: [Puppet Users] puppet dead but pid file exists

2014-09-02 Thread Brian Wilkins 
It probably died (either ps -ef | grep puppetmaster | awk '{print $2}' | 
xargs kill -9) or otherwise. Just remove the pid file and continue. You can 
examine the pid file to see if a process with that PID and named 
puppetmasterd exists. More than likely not.

On Tuesday, September 2, 2014 10:56:59 AM UTC-4, Spriya wrote:
>
> Hi John
>
> This is the way i am doing:
>
>
>
>
>
>
>
>
>
> *service puppetmaster stopStopping 
> puppetmaster: [FAILED][root@cluster2 
> puppet]# service puppetmaster startStarting 
> puppetmaster: [  OK  ][root@cluster2 
> puppet]# service puppetmaster statuspuppet dead but pid file existsLet me 
> know*
>
>
> On Tuesday, September 2, 2014 7:50:12 AM UTC-7, JohnK wrote:
>>
>> How are you stopping Puppetmaster? If you are not gracefully shutting 
>> puppetmaster down then the PID file will not be deleted.
>>
>>
>> John Kennedy  (_8(|)
>> I have a yellow dog:
>> http://www.theyellowdogproject.com/The_Yellow_Dog_Project/About.html
>>
>> Why would anyone foster a dog/cat?
>> I would rather cry watching them leave our home to live a life of 
>> happiness and joy in a loving home than cry because no one stepped up to 
>> help them and they died alone, frightened, and sad in a shelter.
>>
>>
>> On Tue, Sep 2, 2014 at 10:47 AM, Spriya  wrote:
>>
>>> Hi,
>>>
>>> I am having an issue when restarting puppetmaster.
>>> *$service puppetmaster status*
>>> *puppet dead but pid file exists*
>>>
>>>
>>> Let me know what might be the issue.
>>>
>>> -- 
>>> You received this message because you are subscribed to the Google 
>>> Groups "Puppet Users" group.
>>> To unsubscribe from this group and stop receiving emails from it, send 
>>> an email to puppet-users...@googlegroups.com.
>>> To view this discussion on the web visit 
>>> https://groups.google.com/d/msgid/puppet-users/667caddf-93a3-4f3e-97bb-87c42996b727%40googlegroups.com
>>>  
>>> 
>>> .
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/b9e4f4fd-eb18-45f0-b936-0e012c9920ed%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Using puppet with Apache mod_disk_cache and passenger over SSL

2014-09-02 Thread Brian Wilkins 
I turned off high performance, but every request still hits the 
puppetmaster. Any more ideas?

On Friday, August 29, 2014 5:57:30 PM UTC-4, Wil Cooley wrote:
>
> On Fri, Aug 29, 2014 at 9:50 AM, Brian Wilkins  > wrote:
>
>> # RHEL/CentOS:
>> # And the passenger performance tuning settings:
>> PassengerHighPerformance On
>>
>
> The Passenger doc says that this bypasses several layers of Apache 
> processing, so it is incompatible with mod_rewrite and others -- I would 
> not be surprised if it also was the source of your trouble.
>  
> Wil
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/24ba6a00-15ac-46de-be37-f002c2ab7a1c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Using puppet with Apache mod_disk_cache and passenger over SSL

2014-08-29 Thread Brian Wilkins 
I have tried to setup Apache with passenger to host the puppetmaster but I 
also want to cache. I have no problems running puppet within Passenger with 
httpd. I also enabled mod_disk_cache within Apache. However, I still see my 
puppet client htting the puppetmaster and the puppetmaster compiles the 
manifest every time. In /var/cache/mod_cache, I can see that the data was 
properly cached. 

What is wrong with my configuration that still allows httpd to serve up the 
request from the puppetmaster rather than using the cache? I was looking at 
lessening the load on the puppetmaster and have the cache handle common 
requests.

LoadModule ssl_module modules/mod_ssl.so

ServerName hostname

# RHEL/CentOS:
# And the passenger performance tuning settings:
PassengerHighPerformance On
PassengerUseGlobalQueue On
# Set this to about 1.5 times the number of CPU cores in your master:
PassengerMaxPoolSize 6
# Recycle master processes after they service 1000 requests
PassengerMaxRequests 1000
# Stop processes if they sit idle for 10 minutes
PassengerPoolIdleTime 600
PassengerTempDir /var/run/passenger

# Add %D for "The time taken to serve the request, in microseconds."

LogFormat "%h %l %u %t \"%r\" %>s %b %D \"%{Referer}i\" \"%{User-Agent}i\"" 
puppet

Listen 8140

SSLEngine On

# Only allow high security cryptography. Alter if needed for 
compatibility.
SSLProtocol All -SSLv2
SSLCipherSuite  HIGH:!ADH:RC4+RSA:-MEDIUM:-LOW:-EXP
SSLCertificateFile  /var/lib/puppet/ssl/certs/hostname.pem
SSLCertificateKeyFile   /var/lib/puppet/ssl/private_keys/hostname.pem
SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem
SSLCACertificateFile/var/lib/puppet/ssl/ca/ca_crt.pem
SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem
SSLVerifyClient optional
SSLVerifyDepth  1
SSLOptions  +StdEnvVars +ExportCertData

# These request headers are used to pass the client certificate
# authentication information on to the puppet master process
RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e

RackAutoDetect On
DocumentRoot /usr/share/puppet/rack/puppetmasterd/public/

Options Indexes
AllowOverride None
Order Allow,Deny
Allow from All



   
  ExpiresActive On
  ExpiresDefault "access plus 30 minutes"
   


   CacheEnable disk /production/file_metadata/
   CacheEnable disk /production/file_metadatas/
   CacheRoot "/var/cache/mod_cache"
   CacheDefaultExpire 1800
   CacheIgnoreNoLastMod On




mod_cache]# ls -la
total 40
drwxr-xr-x  10 apache apache 4096 Aug 29 12:37 .
drwxr-xr-x. 18 root   root   4096 Aug 29 12:36 ..
drwx--   3 apache apache 4096 Aug 29 12:37 Hk
drwx--   3 apache apache 4096 Aug 29 12:37 K5
drwx--   3 apache apache 4096 Aug 29 12:37 Q9
drwx--   3 apache apache 4096 Aug 29 12:37 Rl
drwx--   3 apache apache 4096 Aug 29 12:37 St
drwx--   3 apache apache 4096 Aug 29 12:37 ui
drwx--   3 apache apache 4096 Aug 29 12:37 wV
drwx--   3 apache apache 4096 Aug 29 12:37 _Z


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/e5761830-21de-4400-879e-218caa2fd004%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: Using yaml to create custom array fact

2014-08-28 Thread Brian Wilkins 
I would actually put role higher than node simply because you will assign 
the common role parameters first and then node specific parameters last. 
This is how I do it in my hiera.yaml:

---
:backends:
  - yaml
:hierarchy:
  - common
  - "role/%{::system_role}"
  - node/%{::fqdn}
  - "%{environment}"
  - global

:yaml:
  :datadir: /etc/puppet/data

then in my common.yaml:

classes:
  - profiles::common

profiles::nagios_resource::hostgroups: %{::system_role}

profiles::nagios_resource::allowed_hosts:
  - '127.0.0.1'
  - 'hostname'
  - 'hostname'

profiles::logstash::brokers:
  - ip
  - ip

profiles::nagios_resource::connection_to_redis_check::check_host:
  - 'hostname'
  - 'hostname'

profiles::collectd::graphite_host: 'hostname'
profiles::collectd::graphite_port: '2103'

Then I auto assign my roles using facter:

/etc/puppet/modules/roles/lib/facter/system_role.rb

Facter.add(:system_role) do
  setcode do
host = Facter.value(:fqdn)
declared_role = Facter.value(host)
declared_role.nil? ? 'general' : declared_role
  end
end

Under /etc/puppet/modules/roles/files/system_role_fact.yaml

---
host1: admin
host2: servicemix
host3: logstash_indexer
etc


On Thursday, August 28, 2014 10:33:47 AM UTC-4, Mark Rosedale wrote:
>
> Hello,
>
> So I'm using stlib with the /etc/facter/facts.d/ to set up some custom 
> facts of some of my nodes. What I want to do is use yaml to set an array in 
> facter that will then get interpreted by Hiera. 
>
> Let me give an example. I have the following hierarchy. 
> :hierarchy:
>   - "node/%{::fqdn}"
>   - "cust/%{::cust}"
>   - "role/%{::role}"
>   - base
>
> I can set the cust fact and that should just be one customer. But the role 
> may not be. So what I'd like to do is set the role fact to be an array and 
> have that interpreted by hiera. Is this possible? 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/892484f7-2643-4608-91ef-06086296ebfe%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Challenge: who am i and what do i do

2014-08-28 Thread Brian Wilkins 
We do the same thing as Ramin. Essentially have a custom role fact that is 
based on hostname. After initial "check-in" with the puppetmaster, the 
agent knows it role and is provisioned as such. We use the role/profile 
design pattern.

On Wednesday, August 27, 2014 1:41:25 AM UTC-4, Ramin K wrote:
>
> On 8/26/2014 12:41 PM, Alex Demitri wrote: 
> > Hi guys - i am fairly new to puppet and i am trying to figure out ways 
> > to implement it in my organization to make good use of it. One thing we 
> > thought would be useful to better our deployment process, is to add a 
> > mechanism that would have a vanilla server getting installed on a VM, 
> > boot up, check into puppet and figure out these three questions: 
> > 
> > 1) Where am I? 
> >  - in what Datacenter/Availability zone am I? Based on that, what 
> > syslog servers do i have to use, NTP servers, etc.. 
> > 2) Who am I? 
> >  - what server am i? What files do i need for basic functions? 
> > 3) What am I supposed to do? 
> >  - based on what server I am, what am i supposed to do? do i have to 
> > run Tomcat? Apache? And if yes, where are my configuration files? 
> > 
> > In short, find a holistic way for a system to come up to speed by 
> > itself. I already thought of using meaningful hostnames for the roles of 
> > the servers but that does not work well in the cloud... 
> > 
> > Thoughts? 
> > 
> > Thanks! 
> > Alex 
>
> When we provision machines the system passes a few flags that do the 
> equivalent of 
>
> sudo FACTER_role=frontend puppet agent --environment stage --certname 
> fe34.usw1.example.com 
>
> role is a custom fact that needs to be set the first time as shown 
> above. Puppet does the Hiera lookup based on $role and $env with 
> $certname or nodename as the final arbiter. That's as much config as we 
> need, but no reason you couldn't add various ec2 facts to the hierarchy. 
>
> Ramin 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/4e888f46-5e95-455f-8027-d3f0667e2b86%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: Report processor failed: wrong status line: ""

2014-08-28 Thread Brian Wilkins 
Fixed by removing https from puppet.conf and changing puppet_dashboard.rb:

require 'puppet'

HOST = 'hostname'
PORT = 443

Puppet::Reports.register_report(:puppet_dashboard) do
  desc "Send report information to Puppet-Dashboard"

  def process
https = Net::HTTP.new(HOST, PORT)
https.use_ssl = true
https.verify_mode = OpenSSL::SSL::VERIFY_NONE
https.start do |conn|
  conn.post "/reports/upload", "report=" + CGI.escape(self.to_yaml)
end
  end
end


On Wednesday, August 27, 2014 5:17:07 PM UTC-4, Brian Wilkins wrote:
>
> I am seeing this issue every time puppet runs. I am using Puppet 
> Dashboard. I have reports being delivered via https and my puppetmaster 
> runs in Passenger. I see to have configured everything correctly and even 
> copied over the proper ruby scripts to their directories to get https to 
> work. Any ideas?
>
> puppet.conf
> ---
> [main]
> # The Puppet log directory.
> # The default value is '$vardir/log'.
> logdir = /var/log/puppet
>
> # Where Puppet PID files are kept.
> # The default value is '$vardir/run'.
> rundir = /var/run/puppet
>
> # Where SSL certificates are kept.
> # The default value is '$confdir/ssl'.
> ssldir = $vardir/ssl
>
> # PuppetDB settings to store configurations
> storeconfigs = true
> storeconfigs_backend = puppetdb
>
> pluginsync = true
>
> [master]
> certname = puppetmaster
> # forward reports to puppet dashboard
>
> reports = store, https, puppet_dashboard
> reporturl = https://host/reports/upload
> storeconfigs = true
> storeconfigs_backend = puppetdb
>
> [agent]
> certname = puppetmaster
> # The file in which puppetd stores a list of the classes
> # associated with the retrieved configuratiion.  Can be loaded in
> # the separate ``puppet`` executable using the ``--loadclasses``
> # option.
> # The default value is '$confdir/classes.txt'.
> classfile = $vardir/classes.txt
>
> # Where puppetd caches the local configuration.  An
> # extension indicating the cache format is added automatically.
> # The default value is '$confdir/localconfig'.
> localconfig = $vardir/localconfig
>
> server = host
>
> reports = false
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/167b9d51-5fd5-47e3-b3ae-9b2afdb3c5e7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Report processor failed: wrong status line: ""

2014-08-27 Thread Brian Wilkins 
I am seeing this issue every time puppet runs. I am using Puppet Dashboard. 
I have reports being delivered via https and my puppetmaster runs in 
Passenger. I see to have configured everything correctly and even copied 
over the proper ruby scripts to their directories to get https to work. Any 
ideas?

puppet.conf
---
[main]
# The Puppet log directory.
# The default value is '$vardir/log'.
logdir = /var/log/puppet

# Where Puppet PID files are kept.
# The default value is '$vardir/run'.
rundir = /var/run/puppet

# Where SSL certificates are kept.
# The default value is '$confdir/ssl'.
ssldir = $vardir/ssl

# PuppetDB settings to store configurations
storeconfigs = true
storeconfigs_backend = puppetdb

pluginsync = true

[master]
certname = puppetmaster
# forward reports to puppet dashboard

reports = store, https, puppet_dashboard
reporturl = https://host/reports/upload
storeconfigs = true
storeconfigs_backend = puppetdb

[agent]
certname = puppetmaster
# The file in which puppetd stores a list of the classes
# associated with the retrieved configuratiion.  Can be loaded in
# the separate ``puppet`` executable using the ``--loadclasses``
# option.
# The default value is '$confdir/classes.txt'.
classfile = $vardir/classes.txt

# Where puppetd caches the local configuration.  An
# extension indicating the cache format is added automatically.
# The default value is '$confdir/localconfig'.
localconfig = $vardir/localconfig

server = host

reports = false

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/3db31ebf-e152-414d-8409-cb223bda%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Unrecognised escape sequence '\[' in file

2014-08-27 Thread Brian Wilkins 

>
> Have you tried with two backslashes '\\' ?
>

Ah, that was it :)

Also, but why not manage multiple files in /etc/nagios/nrpe.d/ based on 
> templates instead of managing a single file, since that's much trickier? 
>

Oh, that is how I am doing it (sort of):

 class profiles::nagios_resource::vsftpd_check (
  $check_interval = $profiles::nagios_resource::settings::check_interval,
  $group = $profiles::nagios_resource::settings::group,
  $mode = $profiles::nagios_resource::settings::mode ) {

  profiles::nagios_resource::service_check { 'vsftpd': }
}

You don't need the '.*' at the end of your regexp if you're not ending it 
> with '$'. 
>

Hmm, will have to try that and see the effects. 

Thanks for the reply.


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/9674caf5-b44e-4b4e-8277-8744eedb49a6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Unrecognised escape sequence '\[' in file

2014-08-27 Thread Brian Wilkins 
I am having to escape a regular expression in my match and puppet complains 
on the puppetmaster of an "Unrecognised escape sequence". How do I fix this 
so the logs don't get cluttered with this message? I am using Puppet 3.6.2.

 file_line { "nagios_monitor_check_${title}":
path   => '/etc/nagios/nrpe.cfg',
line   => 
"command[check_${title}]=/usr/lib64/nagios/plugins/check_procs 
${proc_check} ${proc_count}",
match  => "^command\[check_${title}\]=.*",
notify => Service[nrpe],
  }

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/c6b404de-b241-4fd0-a052-5142925ab8be%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Encrypting /var/lib/puppet directory on clients

2014-08-20 Thread Brian Mathis 
The only way to mount an encrypted volume on boot is if the password is
stored somewhere on the server itself, such as in /etc/crypttab.  Maybe you
could come up with a system that uses ssh to login and "manually" mount the
volume with a password after the system is booted.

One thing to be aware of is that disk encryption at this level provides no
additional security within the system -- anyone logged in can see and
access all the files (subject to standard file permissions).  It does help
with data on the underlying disk, which is only really of use when the
machine is completely turned off, protecting it from an administrator on
the VM host (though they would have full access to your system anyway), or
from a SAN admin.


❧ Brian Mathis
@orev


On Wed, Aug 20, 2014 at 1:07 PM, Eugene Sapozhnikov 
wrote:

> I have been given a project to secure our client hosts.
>
> One of the requirements was to setup an encrypted volume and mount it over
> /var/puppet/lib .
>
> the other requirement was to have the encryption key reside only on the
> puppet master.
>
> I have been able to use cryptsetup to have puppet configure and mount the
> encrypted volume successfully.
>
> But I am running into a roadblock when the client server reboots and the
> volume is unmounted. I can't use puppet to mount the volume as the puppet
> agent will not connect successfully without the /var/lib/puppet being
> mounted so it can use original SSl cert.
>
>
> Wanted to see if anyone here have tried any similar setups to what i am
> trying to achieve.
>
>
> Thanks.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/a532006d-e3cd-4c1b-bd6f-91a388e68fb0%40googlegroups.com
> <https://groups.google.com/d/msgid/puppet-users/a532006d-e3cd-4c1b-bd6f-91a388e68fb0%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CALKwpEz7kjusMxbqGPDv%2B10u-AwHd2O_xvfMVVvgyweYJjQPrw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Globally ignore .svn

2014-08-07 Thread Brian Wilkins 
Hmm, it's working now! Thanks

On Thursday, August 7, 2014 6:11:41 PM UTC-4, Garrett Honeycutt wrote:
>
> On 8/7/14 9:10 AM, Brian Wilkins wrote: 
> > In Puppet 3.6.2, how do you globally ignore .svn directories? Links on 
> > the internet state to put File { ignore => '.svn' } in site.pp but that 
> > does not work. I tried putting it in nodes.pp, but I receive the error: 
> > "Invalid parameter ignore on File[etc_facter_folder] at  > manifest> on node " 
> > 
>
> Hi Brian, 
>
> Putting that in your site.pp should do it. Perhaps you are using the 
> wrong site.pp. 
>
> I use the following 
>
>
>   # Ignoring version control artifacts 
>   File { 
> backup => 'main', 
> ignore => [ '.svn', 
> '.git', 
> 'CVS', 
> '.bzr' ], 
>   } 
>
>
> https://github.com/transforia/puppet-modules/blob/master/manifests/site.pp#L7-14
>  
>
> Best regards, 
> -g 
>
> -- 
> Garrett Honeycutt 
> @learnpuppet 
> Puppet Training with LearnPuppet.com 
> Mobile: +1.206.414.8658 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/f24619bd-5dcc-4a1b-ae58-602cff1279ea%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Globally ignore .svn

2014-08-07 Thread Brian Wilkins 
In Puppet 3.6.2, how do you globally ignore .svn directories? Links on the 
internet state to put File { ignore => '.svn' } in site.pp but that does 
not work. I tried putting it in nodes.pp, but I receive the error: "Invalid 
parameter ignore on File[etc_facter_folder] at  on node 
"


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/0087976b-2094-48c5-8610-d4fc6eaf90c1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Set ACLs on Files Logstash Must Monitor

2014-08-04 Thread Brian Wilkins 
Rather than typing out hundreds of files that logstash has to monitor and 
put it into my profiles::logstash::acl class, how are others maintaining 
the actions to set the ACLs on files that logstash has to monitor? Right 
now, I am doing this for every file that logstash has to monitor:

exec { 'allow_input_file_read':
  command => "/usr/bin/setfacl -R -m u:logstash:rwx ",
  subscribe   => File_concat['ls-config'],
  refreshonly => true,
}

I monitor the changes to the configuration template that is maintained by 
the puppet forge logstash class so that the ACL is applied or re-applied 
when the logstash configuration changes.

How are others doing this?

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/fdd179e7-a3e4-4819-9173-b749d2540121%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] use client_data/catalog/.json for nagios check?

2014-07-30 Thread Brian Wilkins 
We use this one : 
https://github.com/liquidat/nagios-icinga-checks/blob/master/check_puppetagent

But you have to modify it if you are using an earlier version of Python for 
the date time code to get the difference. 

It's also good if you check the report file for errors. Rather than just 
the summary. We check both.


On Wednesday, July 30, 2014 9:01:48 AM UTC-4, Jason Antman wrote:
>
> I've used two different ways of doing this, depending on whether or not 
> you have this stuff installed/running:
> (1) if you have PuppetDB, just use that. I probably have a (Python) check 
> plugin for this somewhere if you need it.
> (2) use `mco puppet status` and parse the output of that
>
> These also have the advantage that they can be run as cron'ed passive 
> checks, and submit the results very efficiently.
>
>
> On Tue, Jul 22, 2014 at 6:20 PM, Denmat > 
> wrote:
>
>> This one from RIP works ok for me:
>>
>> https://github.com/ripienaar/monitoring-scripts/blob/master/puppet/check_puppet.rb
>>
>>
>> On 23 Jul 2014, at 5:47, Atom Powers > 
>> wrote:
>>
>> I use a script that checks if the puppet client is running and parses the 
>> lastrunreport for last run time and if any errors were reported applying 
>> the catalog.
>>
>>
>> On Tue, Jul 22, 2014 at 12:36 PM, Bernard Clark > > wrote:
>>
>>> We need to be alerted whenever a puppet report from any puppet client is 
>>> late. We were thinking of having Nagios monitor the last modification time 
>>> of a client's /var/lib/puppet/client_data/catalog/.json and alert us 
>>> when that file ages too much. Anyone have a better idea?
>>>  
>>> -- 
>>> You received this message because you are subscribed to the Google 
>>> Groups "Puppet Users" group.
>>> To unsubscribe from this group and stop receiving emails from it, send 
>>> an email to puppet-users...@googlegroups.com .
>>> To view this discussion on the web visit 
>>> https://groups.google.com/d/msgid/puppet-users/5d8181b7-6911-4af1-95dd-24331425d80e%40googlegroups.com
>>>  
>>> 
>>> .
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>
>>
>>
>> -- 
>> Perfection is just a word I use occasionally with mustard.
>> --Atom Powers-- 
>>
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to puppet-users...@googlegroups.com .
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/puppet-users/CAF-H%3DOkfzUo9JD9Jt_s8z3zr-w5f5M%3DGrZACWc_s%2B52E0DrE4g%40mail.gmail.com
>>  
>> 
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>>  -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to puppet-users...@googlegroups.com .
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/puppet-users/FF386C74-4A77-4EE4-BE09-62D0ACB129A1%40gmail.com
>>  
>> 
>> .
>>
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/de6ac3cc-e46e-4b9e-aa1b-962b6382dc3c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Wrap Package in a define

2014-07-21 Thread Brian Wilkins 
Thanks David. We have taken the route of downloading the necessary 
dependencies and then explicitly setting the source for each package 
statement. We have an FTP server for our yum repo so we just added a pip 
directory and provide the ftp:// URL to pip. That seems to work.

On Monday, July 21, 2014 5:53:01 AM UTC-4, David Schmitt wrote:
>
>
> Hi Brian, 
>
> On 2014-07-18 14:32, Brian Wilkins wrote: 
> > Hello, 
> > 
> > We are trying to use the puppet-forge graphite module located here: 
> > 
> https://github.com/echocat/puppet-graphite/blob/master/manifests/install.pp 
> > and our servers will not have access to the Internet. So we are 
> > downloading all the pip packages to a local repository and will point 
> > pip to each package. I would like to wrap the Package type so I can 
> > provide the source. How would I do this so that the package name is 
> > passed to the defined type? My intent is to not change much of the code 
> > here: 
> > 
> https://github.com/echocat/puppet-graphite/blob/master/manifests/install.pp 
> > 
> > Otherwise, I will have to comment out alot of the manifest and replace 
> > with exec statements pointing to each individual package. 
>
> As far as I understand the current pip provider code, it won't work 
> anyways without access to the pypi repository. 
>
> Since pip provides a way to globally configure a different index, I 
> think that would be a much better way to achieve your goal: 
>
> > http://pip.readthedocs.org/en/latest/user_guide.html#configuration 
>
>  From a cursory glance over the possibilities, setting an environment 
> variable to override your index location might be another way to avoid 
> poisoning the global pip config. 
>
>
> Regards, David 
> -- 
> * Always looking for people I can help with awesome projects * 
> G+: https://plus.google.com/+DavidSchmitt 
> Blog: http://club.black.co.at/log/ 
> LinkedIn: http://at.linkedin.com/in/davidschmitt 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/f24ebad4-f27d-41aa-978a-33ca56a9b541%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Wrap Package in a define

2014-07-18 Thread Brian Wilkins 
Hello,

We are trying to use the puppet-forge graphite module located here: 
https://github.com/echocat/puppet-graphite/blob/master/manifests/install.pp 
and our servers will not have access to the Internet. So we are downloading 
all the pip packages to a local repository and will point pip to each 
package. I would like to wrap the Package type so I can provide the source. 
How would I do this so that the package name is passed to the defined type? 
My intent is to not change much of the code here: 
https://github.com/echocat/puppet-graphite/blob/master/manifests/install.pp

Otherwise, I will have to comment out alot of the manifest and replace with 
exec statements pointing to each individual package.


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/7bbc783a-589a-42b3-aaa5-993d43f2026b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] multiple VMs from a single node.pp file

2014-07-15 Thread Brian Mathis 
Off the top of my head I would think that you could either use the
'default' node, which would apply to all clients, or use a regular
expression to match the node names.  With the regex you'll need to ensure
that each VM follows a naming convention and you probably also want to make
sure you don't have multiple machines with identical names.  You can read
more about that here:

http://docs.puppetlabs.com/puppet/latest/reference/lang_node_definitions.html#the-default-node

You really don't need to do anything special with the certname -- they can
all be different.  You'll have to sign the cert for each new node as a
developer brings it online, unless you use the autosign option (which has
potential security implications).  After all, Puppet is meant to manage
many nodes with the same configuration.


❧ Brian Mathis
@orev


On Tue, Jul 15, 2014 at 3:09 PM, randal cobb  wrote:

> Hello, all...
>
> I have a scenario where all of our developers (spread geographically
> around the world) use a VMWare or VirtualBox VM on their local desktop to
> develop portions of a single product.  I've seemed to inherit this
> nightmare of a process and believe I can make it much simpler, quicker, and
> cleaner using Puppet.  Currently, they have to download an 80Gb VM image
> from a single server in the US; so, because of the massive size of the VM,
> most developers never upgrade their VMs to the latest image.   I know that
> Puppet can fix this for me, but I have a few questions I'm hoping y'all can
> help answer (I've used puppet for a few months to manage some
> infrastructure servers, so concepts aren't alien to me).  Here are my
> questions:
>
> Supposed I have 200 different machines (VMs) sitting on each developer's
> desktop (rather in their VMware hypervisor)...
> 1) can they all have the same certname, so I only have to maintain a
> single node.pp manifest?
> 2) If so, how are SSL certs maintained, given there would be 200 different
> VMs trying to use the same set of certs.  Or, does that even matter from a
> node perspective?
> 3) If not, do I REALLY have to maintain 200 different manifests; all
> identical to each other?
>
> I've been able to put together a single node.pp file that sets up
> everything for them, so they only download a 2.8Gb bare VM image and puppet
> does the rest.  But, when firing up subsequent VMs, of course the client
> gets all confused because the generated certs don't match up.
>
> Any suggestions for a better solution, or workaround to this one?  (I've
> thought about using NAT and a fixed MAC address, but with so many
> developers out there, I'm sure some will re-create MAC addresses at some
> point during their initial setup, or change their networking type for the
> VM and start flooding the network with duplicated mac errors).
>
> I'm sure I'm not the first person who's wanted to do something like this,
> so I turn to the seasoned puppet veterans for guidance!   I HAVE googled
> for solutions, but I may just not be using the right terminology to search
> with; because I keep coming up blank on how best to tackle this.
>
> Thanks in advance!
> Randy
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/be08e15f-44da-43f4-9f6a-8d10630ebefa%40googlegroups.com
> <https://groups.google.com/d/msgid/puppet-users/be08e15f-44da-43f4-9f6a-8d10630ebefa%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CALKwpEw20MY9raz%3D%2BQpNcmdy_Ws4-wo%3D3zRqiCfRGYYbtEEk5g%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Stop and Start Services running on Puppet Master or Agent Machine

2014-06-26 Thread Brian Mathis 
Your "source" line needs 3 slashes after "puppet:"
source => "puppet:///$puppetserver/modules/httpd/ParserService-1.0.esb",


❧ Brian Mathis
@orev


On Thu, Jun 26, 2014 at 2:47 PM, Satish Katuru 
wrote:

> Hi Brian Mathis,
>
> I tired to copy the jar files and Zip files from Master to agent machine
> but i am unable to do this.
> My init.pp looks like below:
>
> class httpd
> {
>
>
> file {
> "/home/katusa02/soa/jboss-soa-p-5/jboss-as/server/default/deploy/ParserService-1.0.esb":
> ensure => present,
> owner => "katusa02",
> group => "katusa02",
> mode => "0777",
> source => "puppet://$puppetserver/modules/httpd/ParserService-1.0.esb",
>
> }
>
> }
>
> I tired with ensure => file and ensure =>"present" but didn't work.
> Can you please guide me how to do this?
>
> Moreover I got following error message:
>
>
> Error:
> /Stage[main]/Httpd/File[/home/katusa02/soa/jboss-soa-p-5/jboss-as/server/default/deploy/ParserService]:
> Could not evaluate: Could not retrieve information from environment
> production source(s) puppet://
> dayrhetamp076.enterprisenet.org/modules/httpd/ParserService
>
> Regards,
> Sathish.
>
> On Saturday, June 21, 2014 3:56:43 AM UTC+5:30, Brian Mathis wrote:
>
>> Summary: Do not try to control processes directly with Puppet and instead
>> properly integrate your service into your operating system.
>>
>> -
>>
>> It sounds like you are misunderstanding how Puppet integrates into the
>> rest of the system.  Puppet should not "kill processes" directly like you
>> would with the 'kill' command (actually, it can, but this is almost
>> certainly NOT what you want).  I think you may also be misunderstanding
>> some basic concepts of running a Linux/Unix server.
>>
>> A process is not the same thing as a service.  A single service may have
>> many processes, and they are typically controlled by a script in the
>> /etc/init.d directory (or maybe somewhere else if you are on a newfangled
>> system running systemd).  If your process does not have a control script in
>> /etc/init.d, then is is NOT a "service", it's just a process you happen to
>> have running for a long time.  For Puppet to consider it a service, it must
>> be controllable using the 'service' command (on RedHat based systems), or
>> the equivalent for your version of Linux/Unix.
>>
>> What you really want is to be making and installing a bash script to
>> control your java process in /etc/init.d.  Once written, you can use Puppet
>> to install the script by using the "file" resource.  After you have that
>> done, then you can use the "service" resource to control the service as you
>> are tying to do.  The name of the service will be the name that you call
>> your script in /etc/init.d, for example: /etc/init.d/my_service.  Please do
>> not call your service "java", as it makes no sense to name a service after
>> the programming language it is written in.  If it's an accounting system
>> for example, call the service "accounting_system", or something like that.
>>
>>
>> You are bound to get some other replies telling you how to use an 'exec'
>> resource to call the "kill" command, etc..., since this is *possible* with
>> Puppet, but it is grossly abusive of its capabilities and you really should
>> not be doing that.  Please do this correctly by setting up your software as
>> a real service and then control it correctly with the "service" resource in
>> Puppet.
>>
>> I strongly suggest you walk through the Puppet tutorials at
>> https://puppetlabs.com/learn before trying to control your own custom
>> applications with it.
>>
>>
>> ❧ Brian Mathis
>> @orev
>>
>>
>> On Fri, Jun 20, 2014 at 6:02 AM, Satish Katuru 
>> wrote:
>>
>>> Hi,
>>>
>>> I am new to Puppet and We are trying to stop and start any one of the
>>> services running on the Puppet master /agent machine.
>>>
>>> Here is the Scenario:
>>>
>>>
>>> 1. we have a Jboss service running on Puppet master and I am trying to
>>> kill this service thru puppet.(this service is runnning with my userid)
>>>
>>> Service name is "java".
>>>
>>> 2. In /etc/puppet/manifests/nodes.pp I have written code like this
>>>
>>> node "servername"
>>> {
>>>
>>>

Re: [Puppet Users] Stop and Start Services running on Puppet Master or Agent Machine

2014-06-20 Thread Brian Mathis 
Summary: Do not try to control processes directly with Puppet and instead
properly integrate your service into your operating system.

-

It sounds like you are misunderstanding how Puppet integrates into the rest
of the system.  Puppet should not "kill processes" directly like you would
with the 'kill' command (actually, it can, but this is almost certainly NOT
what you want).  I think you may also be misunderstanding some basic
concepts of running a Linux/Unix server.

A process is not the same thing as a service.  A single service may have
many processes, and they are typically controlled by a script in the
/etc/init.d directory (or maybe somewhere else if you are on a newfangled
system running systemd).  If your process does not have a control script in
/etc/init.d, then is is NOT a "service", it's just a process you happen to
have running for a long time.  For Puppet to consider it a service, it must
be controllable using the 'service' command (on RedHat based systems), or
the equivalent for your version of Linux/Unix.

What you really want is to be making and installing a bash script to
control your java process in /etc/init.d.  Once written, you can use Puppet
to install the script by using the "file" resource.  After you have that
done, then you can use the "service" resource to control the service as you
are tying to do.  The name of the service will be the name that you call
your script in /etc/init.d, for example: /etc/init.d/my_service.  Please do
not call your service "java", as it makes no sense to name a service after
the programming language it is written in.  If it's an accounting system
for example, call the service "accounting_system", or something like that.


You are bound to get some other replies telling you how to use an 'exec'
resource to call the "kill" command, etc..., since this is *possible* with
Puppet, but it is grossly abusive of its capabilities and you really should
not be doing that.  Please do this correctly by setting up your software as
a real service and then control it correctly with the "service" resource in
Puppet.

I strongly suggest you walk through the Puppet tutorials at
https://puppetlabs.com/learn before trying to control your own custom
applications with it.


❧ Brian Mathis
@orev


On Fri, Jun 20, 2014 at 6:02 AM, Satish Katuru 
wrote:

> Hi,
>
> I am new to Puppet and We are trying to stop and start any one of the
> services running on the Puppet master /agent machine.
>
> Here is the Scenario:
>
>
> 1. we have a Jboss service running on Puppet master and I am trying to
> kill this service thru puppet.(this service is runnning with my userid)
>
> Service name is "java".
>
> 2. In /etc/puppet/manifests/nodes.pp I have written code like this
>
> node "servername"
> {
>
> Service {
>
> "java":
> ensure = >"Stopped",
>
> }
> }
>
> after this I ran this command
>
> puppet apply nodes.pp
>
> Nothing has happend.Still the process is running.(I am able to see the
> process id : ps -ef|grep java)
>
> 3.After this i created a module and place this code in init.pp in
> /etc/puppet/modues/httpd/
>
> node "servername"
> {
> inlcude httpd
> }
>
> puppet apply nodes.pp
>
>
> Nothing happend.
>
> Can you please guide us how to kill a process?
>
>
>
>
>
>
>
>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/c81e168e-38f0-416c-b0c2-bd0124c9e760%40googlegroups.com
> <https://groups.google.com/d/msgid/puppet-users/c81e168e-38f0-416c-b0c2-bd0124c9e760%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CALKwpEzK-VLedCmo69J25eNPXRS2zsqbSy%3DErzar5fVftJ-dgA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Is anyone using Puppet for RHEL Patch management ?

2014-06-12 Thread Brian Mathis 
Package updates to RHEL systems do not touch config files if they have been
changed, so it's rare that a simple update would cause any configuration to
become invalid (of course, anything is possible).  And you tested updates
and their possible config changes before deployment, right?


❧ Brian Mathis
@orev


On Thu, Jun 12, 2014 at 4:19 AM, Tim Connors 
wrote:

>
> Which means you're running with an invalid config for up to 30 minutes
> before your services are restarted back with your desired config?
>
> On Wed, 11 Dec 2013, Dan White wrote:
>
> > I am using Puppet on RHEL systems.
> >
> > I do not use Puppet to patch the servers. I use Red Hat Network and yum
> update. Puppet then fixes config changes that package updates break.
> >
> >
> > "Sometimes I think the surest sign that intelligent life exists
> elsewhere in the universe is that none of it has tried to contact us."
> > Bill Waterson (Calvin & Hobbes)
> >
> > - Original Message -
> > From: "Unix SA" 
> > To: puppet-users@googlegroups.com
> > Sent: Wednesday, December 11, 2013 11:15:19 AM
> > Subject: [Puppet Users] Is anyone using Puppet for RHEL Patch management
> ?
> >
> >
> > Hello Guys,
> >
> >
> > want to know if anyone is using puppet to apply patches to RedHat
> systems ? i would like to understand architecture of it .. how do you guys
> use it to get patches from RedHat, how do you test and deploy it on prod
> servers ?
> >
> >
> > Regards,
> > DJ
> >
> >
>
> --
> Tim Connors
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/alpine.DEB.2.02.1406121818570.19118%40dirac.rather.puzzling.org
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CALKwpExn_Qv0vEMJ4CsQkit%2BvHU1A5fyD5ujpDKsz-Lx3ZK%2BiA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Using Puppet to roll out Windows Updates

2014-06-11 Thread Brian Mathis 
Why not use WSUS?  This is what it's made for, it's already part of
Windows, and can be easily managed from the WSUS console.  Once you're
operating in a Windows world, your life will be far better by doing things
the "Windows Way" instead of resisting it.

Sounds like a case of: "*if the only tool you have is a hammer, to treat
everything as if it were a nail"*

Incidentally, you typically wouldn't use Puppet to handle OS updates either
(apt-get upgrade, yum update), which is the same thing, so it's not even a
case of a Windows-specific thing.

That's not to say that Puppet couldn't be abused into doing it.


❧ Brian Mathis
@orev


On Wed, Jun 11, 2014 at 12:35 PM, Pskov Shurik 
wrote:

> Hello everyone,
>
> We have recently started using Puppet to do initial system prep on new
> servers, such as Apache, Java installs, hosts file updates etc. However, we
> are now exploring the possibility of extending Puppet to manage Windows
> Updates. Er... has anyone done it?
>
> The requirements are simple: give Puppet a list of KB items to download
> and it would go and deploy these on whatever servers Puppet Agent is
> running on. We are happy for servers to go download a copy of patches, so
> we won't be using Puppet's central repository of installers (since Windows
> update installers are different depending on OS and architecture).
>
> I found a PowerHell script here -
> http://www.flobee.net/programmatically-run-windows-update-as-part-of-a-broader-patch-and-reboot-process/
> - that could probably be, somehow, integrated into Puppet but if there's an
> easier way or modules that do it already, then I would appreciate a pointer.
>
> Thanks
> Alex
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/87d8f0d8-8c47-4236-843a-5b5f1aa5d1b9%40googlegroups.com
> <https://groups.google.com/d/msgid/puppet-users/87d8f0d8-8c47-4236-843a-5b5f1aa5d1b9%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CALKwpEzSwtjPR4rfZp1wR9kQboDjWbWnhAjgj0e1DTSOg1_DVg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Exception LoadErrror with Passenger and Apache httpd

2014-06-10 Thread Brian Wilkins 
I have been running my puppetmaster with passenger and apache httpd 
successfully for sometime now. During a recent upgrade to Puppet 3.6.1, I 
am seeing this following exception in /var/log/httpd/error_log :

 *** Exception LoadError in PhusionPassenger::Rack::ApplicationSpawner (no 
such file to load -- rack) (process 3072, thread #):

I tried setting my gem environment in the config.ru, but that didn't seem 
to help. I see that the puppet 3.6.1 gem is installed. I installed puppet 
3.6.1 via RPM not gem. I also ran gem clean to no avail.

Any idea how to get past this error? I see that the puppet 3.6.1 gem has a 
rack - maybe it can't be found in my path?

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/bcd4ecb0-5126-45c7-ae9f-b451da6a6dcc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] rspec - Unable to find class ::logstash

2014-06-04 Thread Brian Wilkins 
Thanks Johan. It turns out that I had to set my path's explicitly in my 
spec_helper.rb. For some reason, the automatically created spec_helper.rb 
created by rspec-puppet-init did not create a usuable file. My tests are 
running successfully now.

Brian

On Wednesday, June 4, 2014 5:05:05 PM UTC-4, Johan De Wit wrote:
>
>  Hi, 
>
> the scoping of the class is indeed needed, but i believe that is a parser 
> issue.
>
> I did the test wit class { '::vim': version => '7.4' }
>
> on my master with puppet master --compile  i got following :
>
> {
>   "metadata": {
> "api_version": 1
>   },
>   "data": {
> "classes": [
>   "settings",
>
>   
>
>  "vim",
>
> 
>
> And that is what you should check in your rspec file.  
>
> In your manifests, you need indeed the scoping, in your spec, you don't
>
> hth
>
> jo   
>
>
> On 04/06/14 21:56, Brian Wilkins wrote:
>  
> It is needed to disambiguate from profiles::logstash and just logstash 
> classes. If I remove it, then it will complain that logstash is already 
> loaded when it tries to load profiles::logstash.
>
> On Wednesday, June 4, 2014 3:52:01 PM UTC-4, Garrett Honeycutt wrote: 
>>
>> On 6/4/14, 3:13 PM, Brian Wilkins wrote: 
>> > I think you missed the part where it is complaining about line 10 in my 
>> > profiles::logstash::install module 
>> > 
>> > class { '::logstash': 
>> > 
>> > Removing ::logstash from the spec file has the same complaint. 
>> > 
>> > Brian 
>> > 
>> > On Wednesday, June 4, 2014 3:11:14 PM UTC-4, Garrett Honeycutt wrote: 
>> > 
>> > On 6/4/14, 2:30 PM, Brian Wilkins wrote: 
>> > > I am trying to write unit tests of my puppet modules. In my 
>> > > profiles::logstash::install, I disambiguate the call to 
>> > > /etc/puppet/modules/logstash by using ::logstash in my class 
>> > definition 
>> > > like so: 
>> > > 
>> > > class profiles::logstash::install() { 
>> > >   $ensure = $profiles::logstash::enable ? {true => present, 
>> > default => 
>> > > absent} 
>> > >   $status = $profiles::logstash::start ? {true => enabled, 
>> default => 
>> > > disabled} 
>> > > 
>> > >   class { '::logstash': 
>> > > ensure  => $ensure, 
>> > > status  => $status, 
>> > > version => $profiles::logstash::version 
>> > >   } 
>> > > } 
>> > > 
>> > > However, when I run my spec file: 
>> > > 
>> > > require 'spec_helper' 
>> > > 
>> > > describe "profiles::logstash" do 
>> > >   it { should contain_class("::logstash") } 
>> > >   it { should contain_class("profiles::logstash::install") } 
>> > >   it { should contain_class("profiles::logstash::config") } 
>> > > end 
>> > > 
>> > > I get the errors: 
>> > > 
>> > > 1) profiles::logstash 
>> > >  Failure/Error: it { should contain_class("::logstash") } 
>> > >  Puppet::Error: 
>> > >Puppet::Parser::AST::Resource failed with error 
>> ArgumentError: 
>> > > Could not find declared class ::logstash at 
>> > > 
>> > 
>> /etc/puppet/modules/profiles/spec/fixtures/modules/profiles/manifests/logstash/install.pp:10
>>  
>>
>> > 
>> > > on node els4167.els.dev 
>> > >  # ./spec/classes/logstash_spec.rb:4 
>> > > 
>> > >   2) profiles::logstash 
>> > >  Failure/Error: it { should 
>> > > contain_class("profiles::logstash::install") } 
>> > >  Puppet::Error: 
>> > >Puppet::Parser::AST::Resource failed with error 
>> ArgumentError: 
>> > > Could not find declared class ::logstash at 
>> > > 
>> > 
>> /etc/puppet/modules/profiles/spec/fixtures/modules/profiles/manifests/logstash/install.pp:10
>>  
>>
>> > 
>> > > on node els4167.els.dev 
>> > >  # ./spec/classes/logstash_spec.rb:5 
>> > > 
>>

Re: [Puppet Users] rspec - Unable to find class ::logstash

2014-06-04 Thread Brian Wilkins 
It is needed to disambiguate from profiles::logstash and just logstash 
classes. If I remove it, then it will complain that logstash is already 
loaded when it tries to load profiles::logstash.

On Wednesday, June 4, 2014 3:52:01 PM UTC-4, Garrett Honeycutt wrote:
>
> On 6/4/14, 3:13 PM, Brian Wilkins wrote: 
> > I think you missed the part where it is complaining about line 10 in my 
> > profiles::logstash::install module 
> > 
> > class { '::logstash': 
> > 
> > Removing ::logstash from the spec file has the same complaint. 
> > 
> > Brian 
> > 
> > On Wednesday, June 4, 2014 3:11:14 PM UTC-4, Garrett Honeycutt wrote: 
> > 
> > On 6/4/14, 2:30 PM, Brian Wilkins wrote: 
> > > I am trying to write unit tests of my puppet modules. In my 
> > > profiles::logstash::install, I disambiguate the call to 
> > > /etc/puppet/modules/logstash by using ::logstash in my class 
> > definition 
> > > like so: 
> > > 
> > > class profiles::logstash::install() { 
> > >   $ensure = $profiles::logstash::enable ? {true => present, 
> > default => 
> > > absent} 
> > >   $status = $profiles::logstash::start ? {true => enabled, default 
> => 
> > > disabled} 
> > > 
> > >   class { '::logstash': 
> > > ensure  => $ensure, 
> > > status  => $status, 
> > > version => $profiles::logstash::version 
> > >   } 
> > > } 
> > > 
> > > However, when I run my spec file: 
> > > 
> > > require 'spec_helper' 
> > > 
> > > describe "profiles::logstash" do 
> > >   it { should contain_class("::logstash") } 
> > >   it { should contain_class("profiles::logstash::install") } 
> > >   it { should contain_class("profiles::logstash::config") } 
> > > end 
> > > 
> > > I get the errors: 
> > > 
> > > 1) profiles::logstash 
> > >  Failure/Error: it { should contain_class("::logstash") } 
> > >  Puppet::Error: 
> > >Puppet::Parser::AST::Resource failed with error 
> ArgumentError: 
> > > Could not find declared class ::logstash at 
> > > 
> > 
> /etc/puppet/modules/profiles/spec/fixtures/modules/profiles/manifests/logstash/install.pp:10
>  
>
> > 
> > > on node els4167.els.dev 
> > >  # ./spec/classes/logstash_spec.rb:4 
> > > 
> > >   2) profiles::logstash 
> > >  Failure/Error: it { should 
> > > contain_class("profiles::logstash::install") } 
> > >  Puppet::Error: 
> > >Puppet::Parser::AST::Resource failed with error 
> ArgumentError: 
> > > Could not find declared class ::logstash at 
> > > 
> > 
> /etc/puppet/modules/profiles/spec/fixtures/modules/profiles/manifests/logstash/install.pp:10
>  
>
> > 
> > > on node els4167.els.dev 
> > >  # ./spec/classes/logstash_spec.rb:5 
> > > 
> > >   3) profiles::logstash 
> > >  Failure/Error: it { should 
> > > contain_class("profiles::logstash::config") } 
> > >  Puppet::Error: 
> > >Puppet::Parser::AST::Resource failed with error 
> ArgumentError: 
> > > Could not find declared class ::logstash at 
> > > 
> > 
> /etc/puppet/modules/profiles/spec/fixtures/modules/profiles/manifests/logstash/install.pp:10
>  
>
> > 
> > > on node els4167.els.dev 
> > >  # ./spec/classes/logstash_spec.rb:6 
> > > 
> > > How do I get rspec to find my class /etc/puppet/modules/logstash 
> > and get 
> > > it to reference ::logstash as a disambiguation? 
> > 
> > Hi Brian, 
> > 
> > Using ::class is not needed and should not be done. If you still 
> > want to 
> > do that in your class, try changing the spec by dropping the 
> preceding 
> > double colons. 
> > 
> > Best regards, 
> > -g 
> > 
> > -- 
> > Garrett Honeycutt 
> > @learnpuppet 
> > Puppet Training with LearnPuppet.com 
> > Mobile: +1.206.414.8658 
> > 
>
> Hi Brian, 
>
> Recommend dropping the preceding double colons all around. It is not 
> needed at all. 
>
> Br, 
> -g 
>
>
>
> -- 
> Garrett Honeycutt 
> @learnpuppet 
> Puppet Training with LearnPuppet.com 
> Mobile: +1.206.414.8658 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/141ee867-2464-4187-9e55-5aab364c1700%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] rspec - Unable to find class ::logstash

2014-06-04 Thread Brian Wilkins 
I think you missed the part where it is complaining about line 10 in my 
profiles::logstash::install module

class { '::logstash': 

Removing ::logstash from the spec file has the same complaint.

Brian

On Wednesday, June 4, 2014 3:11:14 PM UTC-4, Garrett Honeycutt wrote:
>
> On 6/4/14, 2:30 PM, Brian Wilkins wrote: 
> > I am trying to write unit tests of my puppet modules. In my 
> > profiles::logstash::install, I disambiguate the call to 
> > /etc/puppet/modules/logstash by using ::logstash in my class definition 
> > like so: 
> > 
> > class profiles::logstash::install() { 
> >   $ensure = $profiles::logstash::enable ? {true => present, default => 
> > absent} 
> >   $status = $profiles::logstash::start ? {true => enabled, default => 
> > disabled} 
> > 
> >   class { '::logstash': 
> > ensure  => $ensure, 
> > status  => $status, 
> > version => $profiles::logstash::version 
> >   } 
> > } 
> > 
> > However, when I run my spec file: 
> > 
> > require 'spec_helper' 
> > 
> > describe "profiles::logstash" do 
> >   it { should contain_class("::logstash") } 
> >   it { should contain_class("profiles::logstash::install") } 
> >   it { should contain_class("profiles::logstash::config") } 
> > end 
> > 
> > I get the errors: 
> > 
> > 1) profiles::logstash 
> >  Failure/Error: it { should contain_class("::logstash") } 
> >  Puppet::Error: 
> >Puppet::Parser::AST::Resource failed with error ArgumentError: 
> > Could not find declared class ::logstash at 
> > 
> /etc/puppet/modules/profiles/spec/fixtures/modules/profiles/manifests/logstash/install.pp:10
>  
>
> > on node els4167.els.dev 
> >  # ./spec/classes/logstash_spec.rb:4 
> > 
> >   2) profiles::logstash 
> >  Failure/Error: it { should 
> > contain_class("profiles::logstash::install") } 
> >  Puppet::Error: 
> >Puppet::Parser::AST::Resource failed with error ArgumentError: 
> > Could not find declared class ::logstash at 
> > 
> /etc/puppet/modules/profiles/spec/fixtures/modules/profiles/manifests/logstash/install.pp:10
>  
>
> > on node els4167.els.dev 
> >  # ./spec/classes/logstash_spec.rb:5 
> > 
> >   3) profiles::logstash 
> >  Failure/Error: it { should 
> > contain_class("profiles::logstash::config") } 
> >  Puppet::Error: 
> >Puppet::Parser::AST::Resource failed with error ArgumentError: 
> > Could not find declared class ::logstash at 
> > 
> /etc/puppet/modules/profiles/spec/fixtures/modules/profiles/manifests/logstash/install.pp:10
>  
>
> > on node els4167.els.dev 
> >  # ./spec/classes/logstash_spec.rb:6 
> > 
> > How do I get rspec to find my class /etc/puppet/modules/logstash and get 
> > it to reference ::logstash as a disambiguation? 
>
> Hi Brian, 
>
> Using ::class is not needed and should not be done. If you still want to 
> do that in your class, try changing the spec by dropping the preceding 
> double colons. 
>
> Best regards, 
> -g 
>
> -- 
> Garrett Honeycutt 
> @learnpuppet 
> Puppet Training with LearnPuppet.com 
> Mobile: +1.206.414.8658 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/213a161f-c1a4-4524-a0e0-d798fde6ef82%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] rspec - Unable to find class ::logstash

2014-06-04 Thread Brian Wilkins 
I am trying to write unit tests of my puppet modules. In my 
profiles::logstash::install, I disambiguate the call to 
/etc/puppet/modules/logstash by using ::logstash in my class definition 
like so:

class profiles::logstash::install() {
  $ensure = $profiles::logstash::enable ? {true => present, default => 
absent}
  $status = $profiles::logstash::start ? {true => enabled, default => 
disabled}

  class { '::logstash':
ensure  => $ensure,
status  => $status,
version => $profiles::logstash::version
  }
}

However, when I run my spec file:

require 'spec_helper'

describe "profiles::logstash" do
  it { should contain_class("::logstash") }
  it { should contain_class("profiles::logstash::install") }
  it { should contain_class("profiles::logstash::config") }
end

I get the errors:

1) profiles::logstash
 Failure/Error: it { should contain_class("::logstash") }
 Puppet::Error:
   Puppet::Parser::AST::Resource failed with error ArgumentError: Could 
not find declared class ::logstash at 
/etc/puppet/modules/profiles/spec/fixtures/modules/profiles/manifests/logstash/install.pp:10
 
on node els4167.els.dev
 # ./spec/classes/logstash_spec.rb:4

  2) profiles::logstash
 Failure/Error: it { should 
contain_class("profiles::logstash::install") }
 Puppet::Error:
   Puppet::Parser::AST::Resource failed with error ArgumentError: Could 
not find declared class ::logstash at 
/etc/puppet/modules/profiles/spec/fixtures/modules/profiles/manifests/logstash/install.pp:10
 
on node els4167.els.dev
 # ./spec/classes/logstash_spec.rb:5

  3) profiles::logstash
 Failure/Error: it { should contain_class("profiles::logstash::config") 
}
 Puppet::Error:
   Puppet::Parser::AST::Resource failed with error ArgumentError: Could 
not find declared class ::logstash at 
/etc/puppet/modules/profiles/spec/fixtures/modules/profiles/manifests/logstash/install.pp:10
 
on node els4167.els.dev
 # ./spec/classes/logstash_spec.rb:6

How do I get rspec to find my class /etc/puppet/modules/logstash and get it 
to reference ::logstash as a disambiguation?

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/a47b6fdb-519a-453c-92ec-40787c7d2470%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Using Hiera to Populate Defined Type in Puppet 3.6

2014-06-02 Thread Brian Wilkins 
FWIW, this is my working solution and I think it is much better:

/etc/puppet/modules/profiles/manifests/logstash/config.pp:

class profiles::logstash::config {
  $brokers = $profiles::logstash::brokers
  $cluster = $profiles::logstash::cluster

  if (!empty($brokers)) and (empty($cluster)) {
notice("This is a shipper.")
logstash::configfile { 'output_broker':
  content => template('profiles/logstash/output_broker.erb'),
  order   => 100
}
  } elsif (!empty($cluster)) and (!empty($brokers)) {
  notice("This is a central indexer.")
  logstash::configfile { 'input_broker':
content => template('profiles/logstash/input_broker.erb'),
order   => 10
  }
  logstash::configfile { 'output_es':
content => template('profiles/logstash/output_es.erb'),
order   => 100
  }
  }
}

/etc/puppet/modules/profiles/manifests/logstash/install.pp

class profiles::logstash::install() {
  $ensure = $profiles::logstash::enable ? {true => present, default => 
absent}
  $status = $profiles::logstash::start ? {true => enabled, default => 
disabled}

  class { '::logstash':
ensure  => $ensure,
status  => $status,
version => $profiles::logstash::version
  }
}

/etc/puppet/modules/profiles/manifests/logstash.pp:

# == Class: profiles::logstash
#
# A basic module to manage logstash
#
# === Parameters
# [*version*]
#   The package version to install
#
# [*brokers*]
#   An array of brokers to use on this node
#
# [*enable*]
#   Should the service be enabled during boot time?
#
# [*start*]
#   Should the service be started by Puppet?
#
# Note: Values here are defaults and can be overriden by Hiera
#   see - /etc/puppet/data/node/.yaml

class profiles::logstash(
   $version = "1.4.1-1_bd507eb",
   $brokers = ["172.16.14.30", "172.16.14.60"],
   $cluster = undef,
   $enable  = true,
   $start   = true
) {
   class{'profiles::logstash::install': } ->
   class{'profiles::logstash::config': } ->
   Class["profiles::logstash"]
}

And my YAML:

classes:
  - roles::logshipper

profiles::logstash::version: '1.4.1-1_bd507eb'
profiles::logstash::enable: true
profiles::logstash::start: false
profiles::logstash::brokers:
  - hostname1
  - hostname2

And my ERB files

/etc/puppet/modules/profiles/templates/logstash/

<% for @host in @brokers %>

input {
  redis {
host  => "<%= @host %>"
type  => "redis-input"
data_type => "list"
key   => "logstash"
  }
}

<% end %>

/etc/puppet/modules/profiles/templates/logstash/output_broker.erb:

<%
# iterate over brokers array passed in via Hiera and concatenate
# redis hosts for logstash configuration
host_string = "["
@brokers.each_with_index { |host,idx|
   host_string << "\"#{host}\"";
   host_string << "," if idx < @brokers.length-1
}
host_string << "]"
%>

output {
  redis {
host => <%= host_string %>
data_type => "list"
key => "logstash"
  }
}

/etc/puppet/modules/profiles/templates/logstash/output_es.erb:

output {
  elasticsearch {
cluster   => "<%= cluster %>"
index => "logstash-%{+.MM.dd.HH}"
  }
}



On Monday, June 2, 2014 11:11:32 AM UTC-4, jcbollinger wrote:
>
>
>
> On Thursday, May 29, 2014 2:39:15 PM UTC-5, Brian Wilkins wrote:
>>
>> Solved it using this tip.. it's odd but it works: 
>> http://serverfault.com/a/538877/26514
>>
>>
>
> That's odd only inasmuch as the original problem in that serverfault 
> question was different from yours.  The OP was trying to achieve a similar 
> structure to the one you are working on, though, so it is natural that what 
> worked for him also works for you.
>
> For what it's worth, I think your original problem was here:
>
> [...]
>
>   profiles::logstash::config { $name:
>content => $content,
>order   => $order,
>   }
>
> [...]
>
> The variables $content and $order had not been assigned any values in that 
> scope (class profiles::logstash::shipper), which is exactly what the error 
> message said.
>
> I think that create_resources() was a red herring.  It should have been 
> possible to use create_resources() more or less as you originally attempted 
> to do, though you should have specified the fully-qualified name of the 
> resource type ("profiles::logstash::config"), which you did not do.  
> Indeed, your final data structure appears still amenable to use with 
> create_resources().
>
>  
>
>> shipper.pp
>>
>&g

Re: [Puppet Users] params.pp/inheritance/defaults/hiera/hiera functions?

2014-06-01 Thread Brian Mathis 
On Sat, May 31, 2014 at 4:46 PM, Robin Bowes  wrote:

> On Sat, 2014-05-31 at 07:12 -0700, Daniele Sluijters wrote:
> > > - Don't use automatic hiera lookups.  This removes the magic and
> > makes it more clear to everyone that the data is coming from hiera.
> >
> >
> > Hold on a sec; if you mean data bindings with 'automatic hiera
> > lookups', most certainly use them. Do not ever hardcode hiera()
> > functions in parameter lookups in your module as you module can now
> > _only_ work with Hiera and not everyone uses or wants to use hiera.
> > Instead let data bindings take care of it so that everyone can benefit
> > from your code, Hiera, ENC or by explicitly passing data in.
>
> I think the most important thing is to not hardcode hiera() functions in
> modules. That gives the flexibility for the users of the modules to
> either rely on automatic parameter lookup (APL) or explicitly pass in
> the parameters.
>
> My own preference is to use explicit hiera lookups in "profiles" and
> pass in the data to modules. APL is just a bit too magic, in my
> experience, and avoiding it makes it easier to work out where data comes
> from.
>
> R.
>


Yes, this is what I mean.  Don't use or access hiera from with *component*
modules.  You do need to use it from profile modules.  This assumes that
one is using the profile/roles pattern, which seems to be the current best
practice anyway.


❧ Brian Mathis
@orev

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CALKwpEx1S4Cx2OA9SKRWH94LxQ3Ash-AYwJXMgrdj5dwPYYKDg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: Puppet 3.6.0... and scaling?

2014-05-31 Thread Brian Wilkins 
What about staggering your runs? It seems trivial but at least it would reduce 
your load I think.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/97a9d7b0-45a0-468c-b981-34ac9221aa40%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Disamiguate Profiles::Logstash and Logstash

2014-05-31 Thread Brian Wilkins 
Thanks! That worked. I am still learning. I have an additional error. Is 
there a way around this or just combine my service.pp and install.pp 
together?

Error: Could not retrieve catalog from remote server: Error 400 on SERVER: 
Duplicate declaration: Class[Logstash] is already declared in file 
/etc/puppet/modules/profiles/manifests/logstash/install.pp:8; cannot 
redeclare at /etc/puppet/modules/profiles/manifests/logstash/service.pp:7

This is my service.pp:

class profiles::logstash::service() {
  $status = $profiles::logstash::start ? {true => enabled, default => 
disabled}

  class { '::logstash':
status  => $status,
  }
}


On Saturday, May 31, 2014 8:26:54 AM UTC-4, Robin Bowes wrote:
>
> Fully-qualify the class name, ie. use '::logstash'. 
>
> R. 
> On 31 May 2014 13:17, "Brian Wilkins" > 
> wrote:
>
>> I am using the puppet logstash module from Forge installed at 
>> /etc/puppet/modules/logstash
>>
>> I am trying to setup my profile class as profiles::logstash. My manifest 
>> is at /etc/puppet/modules/profiles/manifests/logstash.pp
>>
>> In my /etc/puppet/modules/profiles/manifests/logstash directory I have:
>>
>> install.pp
>> config.pp
>> service.pp
>>
>> In my install.pp:
>>
>> class profiles::logstash::install() {
>>   $ensure = $profiles::logstash::enable ? {true => present, default => 
>> absent}
>>
>>   class { 'logstash':
>> ensure  => $ensure,
>> version => $profiles::logstash::version
>>   }
>> }
>>
>> Here, class refers to the /etc/puppet/modules/logstash  not 
>> /etc/puppet/modules/profiles/manifests/logstash
>>
>> However, when I do a run, it tells me
>>
>> Could not retrieve catalog from remote server: Error 400 on SERVER: 
>> Duplicate declaration: Class[Profiles::Logstash] is already declared; 
>> cannot redeclare at 
>> /etc/puppet/modules/profiles/manifests/logstash/install.pp:8
>>
>> It is referring to the "class {'logstash'" line. 
>>
>> What's the proper way to disambiguate so I can still tell the puppet 
>> logstash module to install logstash and ensure the right version?
>>  
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to puppet-users...@googlegroups.com .
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/puppet-users/137a4a4d-46f9-4e1f-841a-cda87c7e8229%40googlegroups.com
>>  
>> <https://groups.google.com/d/msgid/puppet-users/137a4a4d-46f9-4e1f-841a-cda87c7e8229%40googlegroups.com?utm_medium=email&utm_source=footer>
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/e8af8d24-21ca-4415-8d30-9a5f8e435477%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: Disamiguate Profiles::Logstash and Logstash

2014-05-31 Thread Brian Wilkins 
Here is my logstash.pp at 
/etc/puppet/modules/profiles/manifests/logstash.pp:

class profiles::logstash(
   $version = "1.4.1-1_bd507eb",
   $enable  = true,
   $start   = true
) {
   class{'profiles::logstash::install': } ->
   class{'profiles::logstash::config': } ~>
   class{'profiles::logstash::service': } ->
   Class["profiles::logstash"]
}


On Saturday, May 31, 2014 8:17:34 AM UTC-4, Brian Wilkins wrote:
>
> I am using the puppet logstash module from Forge installed at 
> /etc/puppet/modules/logstash
>
> I am trying to setup my profile class as profiles::logstash. My manifest 
> is at /etc/puppet/modules/profiles/manifests/logstash.pp
>
> In my /etc/puppet/modules/profiles/manifests/logstash directory I have:
>
> install.pp
> config.pp
> service.pp
>
> In my install.pp:
>
> class profiles::logstash::install() {
>   $ensure = $profiles::logstash::enable ? {true => present, default => 
> absent}
>
>   class { 'logstash':
> ensure  => $ensure,
> version => $profiles::logstash::version
>   }
> }
>
> Here, class refers to the /etc/puppet/modules/logstash  not 
> /etc/puppet/modules/profiles/manifests/logstash
>
> However, when I do a run, it tells me
>
> Could not retrieve catalog from remote server: Error 400 on SERVER: 
> Duplicate declaration: Class[Profiles::Logstash] is already declared; 
> cannot redeclare at 
> /etc/puppet/modules/profiles/manifests/logstash/install.pp:8
>
> It is referring to the "class {'logstash'" line. 
>
> What's the proper way to disambiguate so I can still tell the puppet 
> logstash module to install logstash and ensure the right version?
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/b28a3239-f0eb-4ca8-aa35-cb12e2e0ee44%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Disamiguate Profiles::Logstash and Logstash

2014-05-31 Thread Brian Wilkins 
I am using the puppet logstash module from Forge installed at 
/etc/puppet/modules/logstash

I am trying to setup my profile class as profiles::logstash. My manifest is 
at /etc/puppet/modules/profiles/manifests/logstash.pp

In my /etc/puppet/modules/profiles/manifests/logstash directory I have:

install.pp
config.pp
service.pp

In my install.pp:

class profiles::logstash::install() {
  $ensure = $profiles::logstash::enable ? {true => present, default => 
absent}

  class { 'logstash':
ensure  => $ensure,
version => $profiles::logstash::version
  }
}

Here, class refers to the /etc/puppet/modules/logstash  not 
/etc/puppet/modules/profiles/manifests/logstash

However, when I do a run, it tells me

Could not retrieve catalog from remote server: Error 400 on SERVER: 
Duplicate declaration: Class[Profiles::Logstash] is already declared; 
cannot redeclare at 
/etc/puppet/modules/profiles/manifests/logstash/install.pp:8

It is referring to the "class {'logstash'" line. 

What's the proper way to disambiguate so I can still tell the puppet 
logstash module to install logstash and ensure the right version?

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/137a4a4d-46f9-4e1f-841a-cda87c7e8229%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] how to fork a Windows exe

2014-05-30 Thread Brian Mathis 
AFAIK, Windows does not have a true "fork" capability.  Here are some ideas
that might help:

- Use srvany (or something else) to define a custom service.  It sounds
like this is probably what you really should be doing anyway.  Puppet is
not meant to control programs over a long term (i.e. services), it's meant
to setup other things that control them.  The Windows service framework is
meant to do that.

- Create a schedule task to run your command

- Use the "start" command to start the process.


❧ Brian Mathis
@orev


On Fri, May 30, 2014 at 12:11 PM, Bill N  wrote:

> Hi,
>
> Just wrote my first puppet module for Windows  provisioning. All is
> working well except I am having a problem running a windows exe file in
> that Puppet appears to wait for the exe to complete. At least this is the
> case when I run Puppet agent --test from the Windows Server command line.
>
> What I want to do here is install a set of files for a Riemann monitoring
> client on several Windows Server 2008 R1 VMs. These files include an exe,
> which I want to start and run in perpetuity. I don't want Puppet to wait
> for this process to complete. It appears I could run the exe in a separate
> shell using cmd.exe, but when I try that on the command line I do not see
> the named process running in the Resource Monitor. I only see cmd.exe
> running. This is not very informative.
>
> My question is, what is the best way to run this executable via Puppet?
> Should I convert the exe to a Windows service, install that and run it as a
> service? Should I use shell cmd and live with the unhelpful Resource
> Monitor listing? Or should I use Power Shell to fork the process like I
> would in linux?
>
> Any help would be most appreciated.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/07c840a9-4c52-4b99-b24c-ffc10c1f19a9%40googlegroups.com
> <https://groups.google.com/d/msgid/puppet-users/07c840a9-4c52-4b99-b24c-ffc10c1f19a9%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CALKwpEwEOoTvVcPRypNSHF%3DZGkw6o6SwtRe_Eafz0uJ6Pzk7ug%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] params.pp/inheritance/defaults/hiera/hiera functions?

2014-05-30 Thread Brian Mathis 
It sounds like you need to read through these:
http://garylarizza.com/blog/2014/02/17/puppet-workflow-part-1/
http://garylarizza.com/blog/2014/02/17/puppet-workflow-part-2/

I don't see why you'd want to remove parameters from classes.  They are
pretty critical to having a flexible infrastructure.

Some of the smaller points in those posts which I think are important (in
addition to the general pattern):
- Don't use default values in hiera.  If you don't supply (or typo) a
variable name, then the puppet run should fail.
- Don't use automatic hiera lookups.  This removes the magic and makes it
more clear to everyone that the data is coming from hiera.

For your config data showing up in other modules, I think you probably want
role or profile modules, and pass in the data as a parameter.  Your
roles/profiles should have all the custom stuff in it, not the component
modules.

Also make liberal use of the validate_* functions from stdlib to further
check your parameters have been supplied correctly.

Don't set default values to anything that is inappropriate.  If you don't
want a default for your SuperDaemon config and it needs to be explicitly
configured, then you want it to fail if no parameter is given.


❧ Brian Mathis
@orev


On Thu, May 29, 2014 at 1:58 PM, Christopher Wood <
christopher_w...@pobox.com> wrote:

> (I'm not sure how to phrase my question precisely, so this may not all be
> totally clear.)
>
> Has anybody else successfully moved away from using params.pp and default
> values, and if so, what did you do and how did it go? If not, what made you
> go back?
>
> The only answer I can come up with is to stop using class parameters,
> change to hiera functions, and put all my data defaults in common.yaml.
>
> The background:
>
> I've had a couple of odd (lab) situations where much troubleshooting was
> occasioned by how I misspelled a key name in hiera and thus configuration
> data was pulled from a default value (either params.pp or the parameter
> default value). If there was no default value I would simply have gotten an
> error about the lookup failure and fixed that quickly.
>
> In a related matter, sometimes I need a piece of configuration data from
> one module to appear in another module. Faked-up example, my SuperDaemon
> configuration data has to be used by monit to supervise all the worker
> daemons and by logrotate to rotate their individual log files. Some things
> are data bindings, some are hiera()/hiera_array()/hiera_hash() on a case by
> case basis, and it's messy.
>
> In another related matter, explaining the combination of puppet
> inheritance from params.pp, default values, hiera, and hiera functions
> makes people's eyes glaze over. It would be easier to point people at hiera
> and say "source of data, learn these three functions".
>
> Things are mostly fine, I may just be wanting to tweak things, but it
> strikes me there's a way to do all this with much less effort.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/20140529175818.GA4308%40iniquitous.heresiarch.ca
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CALKwpEw0SPUjxYv1v2HAruacEP1XKUyvUn3dnhaE1No65ix9mQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Puppet agent unable to pull files with puppetmaster setup in httpd with passenger

2014-05-30 Thread Brian Wilkins 
I have my puppetmaster setup with httpd and mod_passenger. My agents can 
successfully pull manifests, but they are unable to pull files. As far as I 
can tell, I do not have any rewrite rules setup in my puppetmaster.conf 
(see below). In my httpd access log, I see that the agent tries to request 
the following:

GET /production/file_content/modules/company/logstash/banner? HTTP/1.1" 404 
69 "-" "-"

But that fails with "Could not find file_content 
modules/company/logstash/banner"

What should be different in my puppetmaster.conf? This is from the 
puppetlabs documentation also:

# RHEL/CentOS:
# And the passenger performance tuning settings:
PassengerHighPerformance On
PassengerUseGlobalQueue On
# Set this to about 1.5 times the number of CPU cores in your master:
PassengerMaxPoolSize 6
# Recycle master processes after they service 1000 requests
PassengerMaxRequests 1000
# Stop processes if they sit idle for 10 minutes
PassengerPoolIdleTime 600
PassengerTempDir /var/run/passenger

Listen 8140

SSLEngine On

# Only allow high security cryptography. Alter if needed for 
compatibility.
SSLProtocol All -SSLv2
SSLCipherSuite  HIGH:!ADH:RC4+RSA:-MEDIUM:-LOW:-EXP
SSLCertificateFile  /var/lib/puppet/ssl/certs/puppetmasterhost.pem
SSLCertificateKeyFile   
/var/lib/puppet/ssl/private_keys/puppetmasterhost.pem
SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem
SSLCACertificateFile/var/lib/puppet/ssl/ca/ca_crt.pem
SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem
SSLVerifyClient optional
SSLVerifyDepth  1
SSLOptions  +StdEnvVars +ExportCertData

# These request headers are used to pass the client certificate
# authentication information on to the puppet master process
RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e

RackAutoDetect On
DocumentRoot /usr/share/puppet/rack/puppetmasterd/public/

Options None
AllowOverride None
Order Allow,Deny
Allow from All



-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/a41e1d79-c17d-4f60-8725-9ba8ae9c0409%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Using Hiera to Populate Defined Type in Puppet 3.6

2014-05-29 Thread Brian Wilkins 
Solved it using this tip.. it's odd but it works: 
http://serverfault.com/a/538877/26514

shipper.pp

class profiles::logstash::shipper() {

  $shipper_array = hiera_array('profiles::logstash::config_array')

  define hash_extract() {
$shipper_hash = hiera_hash('profiles::logstash::config_settings')
$shipper_config = $shipper_hash[$name]

profiles::logstash::config {'shipper':
   content => $shipper_config['content'],
   order   => $shipper_config['order'],
}
notice($shipper_config['content'])
notice($shipper_config['order'])
  }

  hash_extract{$shipper_array:}

  class { 'logstash':
ensure  => 'present',
version => '1.4.1-1_bd507eb',
status  => 'enabled',
  }
  include logstash
}


And in my hostname.yaml:

classes:
  - os::repo
  - profiles::logstash::shipper

profiles::logstash::config_array:
  - inputfile

profiles::logstash::config_settings:
  inputfile:
content: 'this is a test'
order: '10'


On Thursday, May 29, 2014 2:37:31 PM UTC-4, Brian Wilkins wrote:
>
> Yep!
>
> $ sudo hiera --debug profiles::logstash::config_settings ::fqdn=hostname
>
> DEBUG: Thu May 29 14:24:29 -0400 2014: Hiera YAML backend starting
> DEBUG: Thu May 29 14:24:29 -0400 2014: Looking up 
> profiles::logstash::config_settings in YAML backend
> DEBUG: Thu May 29 14:24:29 -0400 2014: Looking for data source 
> node/hostname
> DEBUG: Thu May 29 14:24:29 -0400 2014: Found 
> profiles::logstash::config_settings in node/hostname
> {"input_file"=>{"content"=>"this is a test", "order"=>"10"}}
>
>
> On Thursday, May 29, 2014 2:12:32 PM UTC-4, Doug_F wrote:
>>
>> Does it show up properly if you lookup on the server?
>>
>>
>> On Thu, May 29, 2014 at 12:09 PM, Brian Wilkins wrote:
>>
>>> Hmm, that's not working either. Doesn't look like it is populating my 
>>> define now. Hmm
>>>
>>>
>>> On Thursday, May 29, 2014 1:56:43 PM UTC-4, Doug_F wrote:
>>>
>>>> I think I figured out what was wrong. Dynamic data bindings may be 
>>>> mapping the inputs to the profiles::logstash::config defined type. Also I 
>>>> was in error in modifying your hiera data. 
>>>>
>>>> Try this: 
>>>>
>>>> create_resources('profiles::logstash::config', hiera_hash('profiles::
>>>> logstash::config_settings'))
>>>>
>>>> In Hiera:
>>>> profiles::logstash::config_settings:
>>>>input_file:
>>>>  content: 'this is a test'
>>>>  order: '10'
>>>>
>>>> Add a notice line in your profiles::logstash::config type to:
>>>> notify("name is ${name}") 
>>>> notify("content is ${content}") 
>>>> notify("order is ${order}") 
>>>>
>>>>
>>>> On Thu, May 29, 2014 at 11:25 AM, Brian Wilkins wrote:
>>>>
>>>>> Same problem. It seems like I am close. If only it didn't put all the 
>>>>> data together as one string.
>>>>>
>>>>>
>>>>> On Thursday, May 29, 2014 1:17:07 PM UTC-4, Doug_F wrote:
>>>>>
>>>>>> Maybe try your hiera command right inside your create_resources. 
>>>>>>
>>>>>>
>>>>>> On Thu, May 29, 2014 at 11:13 AM, Brian Wilkins wrote:
>>>>>>
>>>>>>> On puppetmaster:
>>>>>>>
>>>>>>> $ sudo hiera --debug profiles::logstash::config ::fqdn=hostname
>>>>>>>
>>>>>>> DEBUG: Thu May 29 13:12:56 -0400 2014: Hiera YAML backend starting
>>>>>>> DEBUG: Thu May 29 13:12:56 -0400 2014: Looking up 
>>>>>>> profiles::logstash::config in YAML backend
>>>>>>> DEBUG: Thu May 29 13:12:56 -0400 2014: Looking for data source 
>>>>>>> node/hostname
>>>>>>> DEBUG: Thu May 29 13:12:56 -0400 2014: Found 
>>>>>>> profiles::logstash::config in node/hostname
>>>>>>> {"order"=>"10", "content"=>"this is a test"}
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Thursday, May 29, 2014 1:11:20 PM UTC-4, Doug_F wrote:
>>>>>>>
>>>>>>>> If you use hiera on the server does it show

Re: [Puppet Users] Using Hiera to Populate Defined Type in Puppet 3.6

2014-05-29 Thread Brian Wilkins 
Yep!

$ sudo hiera --debug profiles::logstash::config_settings ::fqdn=hostname

DEBUG: Thu May 29 14:24:29 -0400 2014: Hiera YAML backend starting
DEBUG: Thu May 29 14:24:29 -0400 2014: Looking up 
profiles::logstash::config_settings in YAML backend
DEBUG: Thu May 29 14:24:29 -0400 2014: Looking for data source node/hostname
DEBUG: Thu May 29 14:24:29 -0400 2014: Found 
profiles::logstash::config_settings in node/hostname
{"input_file"=>{"content"=>"this is a test", "order"=>"10"}}


On Thursday, May 29, 2014 2:12:32 PM UTC-4, Doug_F wrote:
>
> Does it show up properly if you lookup on the server?
>
>
> On Thu, May 29, 2014 at 12:09 PM, Brian Wilkins 
> 
> > wrote:
>
>> Hmm, that's not working either. Doesn't look like it is populating my 
>> define now. Hmm
>>
>>
>> On Thursday, May 29, 2014 1:56:43 PM UTC-4, Doug_F wrote:
>>
>>> I think I figured out what was wrong. Dynamic data bindings may be 
>>> mapping the inputs to the profiles::logstash::config defined type. Also I 
>>> was in error in modifying your hiera data. 
>>>
>>> Try this: 
>>>
>>> create_resources('profiles::logstash::config', hiera_hash('profiles::
>>> logstash::config_settings'))
>>>
>>> In Hiera:
>>> profiles::logstash::config_settings:
>>>input_file:
>>>  content: 'this is a test'
>>>  order: '10'
>>>
>>> Add a notice line in your profiles::logstash::config type to:
>>> notify("name is ${name}") 
>>> notify("content is ${content}") 
>>> notify("order is ${order}") 
>>>
>>>
>>> On Thu, May 29, 2014 at 11:25 AM, Brian Wilkins wrote:
>>>
>>>> Same problem. It seems like I am close. If only it didn't put all the 
>>>> data together as one string.
>>>>
>>>>
>>>> On Thursday, May 29, 2014 1:17:07 PM UTC-4, Doug_F wrote:
>>>>
>>>>> Maybe try your hiera command right inside your create_resources. 
>>>>>
>>>>>
>>>>> On Thu, May 29, 2014 at 11:13 AM, Brian Wilkins wrote:
>>>>>
>>>>>> On puppetmaster:
>>>>>>
>>>>>> $ sudo hiera --debug profiles::logstash::config ::fqdn=hostname
>>>>>>
>>>>>> DEBUG: Thu May 29 13:12:56 -0400 2014: Hiera YAML backend starting
>>>>>> DEBUG: Thu May 29 13:12:56 -0400 2014: Looking up 
>>>>>> profiles::logstash::config in YAML backend
>>>>>> DEBUG: Thu May 29 13:12:56 -0400 2014: Looking for data source 
>>>>>> node/hostname
>>>>>> DEBUG: Thu May 29 13:12:56 -0400 2014: Found 
>>>>>> profiles::logstash::config in node/hostname
>>>>>> {"order"=>"10", "content"=>"this is a test"}
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Thursday, May 29, 2014 1:11:20 PM UTC-4, Doug_F wrote:
>>>>>>
>>>>>>> If you use hiera on the server does it show up as a hash? 
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Thu, May 29, 2014 at 11:08 AM, Brian Wilkins 
>>>>>>> wrote:
>>>>>>>
>>>>>>>> Same problem. I see it concatenated in the notice.
>>>>>>>>
>>>>>>>>
>>>>>>>> On Thursday, May 29, 2014 1:05:39 PM UTC-4, Doug_F wrote:
>>>>>>>>
>>>>>>>>> Just a thought try changing 
>>>>>>>>>   $shipper_config = hiera('profiles::logstash::config', {}) => 
>>>>>>>>> $shipper_config = hiera_hash('profiles::logstash::config', {})
>>>>>>>>>  
>>>>>>>>>
>>>>>>>>> On Thu, May 29, 2014 at 11:01 AM, Brian Wilkins >>>>>>>> > wrote:
>>>>>>>>>
>>>>>>>>>>  It prints out:
>>>>>>>>>>
>>>>>>>>>> order10contentthis is a test
>>>>>>>>>>
>>>>>>>>>> It concatenated it all together.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>&g

Re: [Puppet Users] Using Hiera to Populate Defined Type in Puppet 3.6

2014-05-29 Thread Brian Wilkins 
Hmm, that's not working either. Doesn't look like it is populating my 
define now. Hmm

On Thursday, May 29, 2014 1:56:43 PM UTC-4, Doug_F wrote:
>
> I think I figured out what was wrong. Dynamic data bindings may be mapping 
> the inputs to the profiles::logstash::config defined type. Also I was in 
> error in modifying your hiera data. 
>
> Try this: 
>
> create_resources('profiles::logstash::config', 
> hiera_hash('profiles::logstash::config_settings'))
>
> In Hiera:
> profiles::logstash::config_settings:
>input_file:
>  content: 'this is a test'
>  order: '10'
>
> Add a notice line in your profiles::logstash::config type to:
> notify("name is ${name}") 
> notify("content is ${content}") 
> notify("order is ${order}") 
>
>
> On Thu, May 29, 2014 at 11:25 AM, Brian Wilkins 
> 
> > wrote:
>
>> Same problem. It seems like I am close. If only it didn't put all the 
>> data together as one string.
>>
>>
>> On Thursday, May 29, 2014 1:17:07 PM UTC-4, Doug_F wrote:
>>
>>> Maybe try your hiera command right inside your create_resources. 
>>>
>>>
>>> On Thu, May 29, 2014 at 11:13 AM, Brian Wilkins wrote:
>>>
>>>> On puppetmaster:
>>>>
>>>> $ sudo hiera --debug profiles::logstash::config ::fqdn=hostname
>>>>
>>>> DEBUG: Thu May 29 13:12:56 -0400 2014: Hiera YAML backend starting
>>>> DEBUG: Thu May 29 13:12:56 -0400 2014: Looking up 
>>>> profiles::logstash::config in YAML backend
>>>> DEBUG: Thu May 29 13:12:56 -0400 2014: Looking for data source 
>>>> node/hostname
>>>> DEBUG: Thu May 29 13:12:56 -0400 2014: Found profiles::logstash::config 
>>>> in node/hostname
>>>> {"order"=>"10", "content"=>"this is a test"}
>>>>
>>>>
>>>>
>>>> On Thursday, May 29, 2014 1:11:20 PM UTC-4, Doug_F wrote:
>>>>
>>>>> If you use hiera on the server does it show up as a hash? 
>>>>>
>>>>>
>>>>>
>>>>> On Thu, May 29, 2014 at 11:08 AM, Brian Wilkins wrote:
>>>>>
>>>>>> Same problem. I see it concatenated in the notice.
>>>>>>
>>>>>>
>>>>>> On Thursday, May 29, 2014 1:05:39 PM UTC-4, Doug_F wrote:
>>>>>>
>>>>>>> Just a thought try changing 
>>>>>>>   $shipper_config = hiera('profiles::logstash::config', {}) => 
>>>>>>> $shipper_config = hiera_hash('profiles::logstash::config', {})
>>>>>>>  
>>>>>>>
>>>>>>> On Thu, May 29, 2014 at 11:01 AM, Brian Wilkins 
>>>>>>> wrote:
>>>>>>>
>>>>>>>>  It prints out:
>>>>>>>>
>>>>>>>> order10contentthis is a test
>>>>>>>>
>>>>>>>> It concatenated it all together.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> On Thursday, May 29, 2014 12:59:09 PM UTC-4, Doug_F wrote:
>>>>>>>>
>>>>>>>>> Try setting your notice("${shipper_config}") before create 
>>>>>>>>> resources and see what it prints out. 
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Thu, May 29, 2014 at 10:47 AM, Brian Wilkins >>>>>>>> > wrote:
>>>>>>>>>
>>>>>>>>>> Oh ok, makes sense. I did that and now I get "can't convert 
>>>>>>>>>> String into Hash at /etc/puppet/modules/profiles/m
>>>>>>>>>> anifests/logstash/shipper.pp:15"
>>>>>>>>>>
>>>>>>>>>> My shipper.pp
>>>>>>>>>>
>>>>>>>>>> class profiles::logstash::shipper() {
>>>>>>>>>>
>>>>>>>>>>   $shipper_config = hiera('profiles::logstash::config', {})
>>>>>>>>>>   create_resources('profiles::logstash::config', $shipper_config)
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>   notice("${shipper_config[name]}"

Re: [Puppet Users] Using Hiera to Populate Defined Type in Puppet 3.6

2014-05-29 Thread Brian Wilkins 
Same problem. It seems like I am close. If only it didn't put all the data 
together as one string.

On Thursday, May 29, 2014 1:17:07 PM UTC-4, Doug_F wrote:
>
> Maybe try your hiera command right inside your create_resources. 
>
>
> On Thu, May 29, 2014 at 11:13 AM, Brian Wilkins 
> 
> > wrote:
>
>> On puppetmaster:
>>
>> $ sudo hiera --debug profiles::logstash::config ::fqdn=hostname
>>
>> DEBUG: Thu May 29 13:12:56 -0400 2014: Hiera YAML backend starting
>> DEBUG: Thu May 29 13:12:56 -0400 2014: Looking up 
>> profiles::logstash::config in YAML backend
>> DEBUG: Thu May 29 13:12:56 -0400 2014: Looking for data source 
>> node/hostname
>> DEBUG: Thu May 29 13:12:56 -0400 2014: Found profiles::logstash::config 
>> in node/hostname
>> {"order"=>"10", "content"=>"this is a test"}
>>
>>
>>
>> On Thursday, May 29, 2014 1:11:20 PM UTC-4, Doug_F wrote:
>>
>>> If you use hiera on the server does it show up as a hash? 
>>>
>>>
>>>
>>> On Thu, May 29, 2014 at 11:08 AM, Brian Wilkins wrote:
>>>
>>>> Same problem. I see it concatenated in the notice.
>>>>
>>>>
>>>> On Thursday, May 29, 2014 1:05:39 PM UTC-4, Doug_F wrote:
>>>>
>>>>> Just a thought try changing 
>>>>>   $shipper_config = hiera('profiles::logstash::config', {}) => 
>>>>> $shipper_config = hiera_hash('profiles::logstash::config', {})
>>>>>  
>>>>>
>>>>> On Thu, May 29, 2014 at 11:01 AM, Brian Wilkins wrote:
>>>>>
>>>>>>  It prints out:
>>>>>>
>>>>>> order10contentthis is a test
>>>>>>
>>>>>> It concatenated it all together.
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Thursday, May 29, 2014 12:59:09 PM UTC-4, Doug_F wrote:
>>>>>>
>>>>>>> Try setting your notice("${shipper_config}") before create resources 
>>>>>>> and see what it prints out. 
>>>>>>>
>>>>>>>
>>>>>>> On Thu, May 29, 2014 at 10:47 AM, Brian Wilkins 
>>>>>>> wrote:
>>>>>>>
>>>>>>>> Oh ok, makes sense. I did that and now I get "can't convert String 
>>>>>>>> into Hash at /etc/puppet/modules/profiles/m
>>>>>>>> anifests/logstash/shipper.pp:15"
>>>>>>>>
>>>>>>>> My shipper.pp
>>>>>>>>
>>>>>>>> class profiles::logstash::shipper() {
>>>>>>>>
>>>>>>>>   $shipper_config = hiera('profiles::logstash::config', {})
>>>>>>>>   create_resources('profiles::logstash::config', $shipper_config)
>>>>>>>>
>>>>>>>>
>>>>>>>>   notice("${shipper_config[name]}")
>>>>>>>>   class { 'logstash':
>>>>>>>> ensure  => 'present',
>>>>>>>> version => '1.4.1-1_bd507eb',
>>>>>>>> status  => 'enabled',
>>>>>>>>   }
>>>>>>>>
>>>>>>>>   profiles::logstash::config { 'shipper':
>>>>>>>>
>>>>>>>>content => $content,
>>>>>>>>order   => $order,
>>>>>>>>   }
>>>>>>>>
>>>>>>>>   include logstash
>>>>>>>> }
>>>>>>>>
>>>>>>>> Line 15 is the create_resources line.
>>>>>>>>
>>>>>>>>
>>>>>>>> On Thursday, May 29, 2014 12:42:15 PM UTC-4, Doug_F wrote:
>>>>>>>>
>>>>>>>>> profiles::logstash::config:
>>>>>>>>>input_file:
>>>>>>>>>  content: 'this is a test'
>>>>>>>>>  order: '10'
>>>>>>>>>
>>>>>>>>> Should probably be 
>>>>>>>>> profiles::logstash::config:
>>>>>>>>>content: 'this is a test'
>>>

Re: [Puppet Users] Using Hiera to Populate Defined Type in Puppet 3.6

2014-05-29 Thread Brian Wilkins 
On puppetmaster:

$ sudo hiera --debug profiles::logstash::config ::fqdn=hostname

DEBUG: Thu May 29 13:12:56 -0400 2014: Hiera YAML backend starting
DEBUG: Thu May 29 13:12:56 -0400 2014: Looking up 
profiles::logstash::config in YAML backend
DEBUG: Thu May 29 13:12:56 -0400 2014: Looking for data source node/hostname
DEBUG: Thu May 29 13:12:56 -0400 2014: Found profiles::logstash::config in 
node/hostname
{"order"=>"10", "content"=>"this is a test"}


On Thursday, May 29, 2014 1:11:20 PM UTC-4, Doug_F wrote:
>
> If you use hiera on the server does it show up as a hash? 
>
>
>
> On Thu, May 29, 2014 at 11:08 AM, Brian Wilkins 
> 
> > wrote:
>
>> Same problem. I see it concatenated in the notice.
>>
>>
>> On Thursday, May 29, 2014 1:05:39 PM UTC-4, Doug_F wrote:
>>
>>> Just a thought try changing 
>>>   $shipper_config = hiera('profiles::logstash::config', {}) => 
>>> $shipper_config = hiera_hash('profiles::logstash::config', {})
>>>  
>>>
>>> On Thu, May 29, 2014 at 11:01 AM, Brian Wilkins wrote:
>>>
>>>>  It prints out:
>>>>
>>>> order10contentthis is a test
>>>>
>>>> It concatenated it all together.
>>>>
>>>>
>>>>
>>>> On Thursday, May 29, 2014 12:59:09 PM UTC-4, Doug_F wrote:
>>>>
>>>>> Try setting your notice("${shipper_config}") before create resources 
>>>>> and see what it prints out. 
>>>>>
>>>>>
>>>>> On Thu, May 29, 2014 at 10:47 AM, Brian Wilkins wrote:
>>>>>
>>>>>> Oh ok, makes sense. I did that and now I get "can't convert String 
>>>>>> into Hash at /etc/puppet/modules/profiles/m
>>>>>> anifests/logstash/shipper.pp:15"
>>>>>>
>>>>>> My shipper.pp
>>>>>>
>>>>>> class profiles::logstash::shipper() {
>>>>>>
>>>>>>   $shipper_config = hiera('profiles::logstash::config', {})
>>>>>>   create_resources('profiles::logstash::config', $shipper_config)
>>>>>>
>>>>>>
>>>>>>   notice("${shipper_config[name]}")
>>>>>>   class { 'logstash':
>>>>>> ensure  => 'present',
>>>>>> version => '1.4.1-1_bd507eb',
>>>>>> status  => 'enabled',
>>>>>>   }
>>>>>>
>>>>>>   profiles::logstash::config { 'shipper':
>>>>>>
>>>>>>content => $content,
>>>>>>order   => $order,
>>>>>>   }
>>>>>>
>>>>>>   include logstash
>>>>>> }
>>>>>>
>>>>>> Line 15 is the create_resources line.
>>>>>>
>>>>>>
>>>>>> On Thursday, May 29, 2014 12:42:15 PM UTC-4, Doug_F wrote:
>>>>>>
>>>>>>> profiles::logstash::config:
>>>>>>>input_file:
>>>>>>>  content: 'this is a test'
>>>>>>>  order: '10'
>>>>>>>
>>>>>>> Should probably be 
>>>>>>> profiles::logstash::config:
>>>>>>>content: 'this is a test'
>>>>>>>order: '10'
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Thu, May 29, 2014 at 10:27 AM, Brian Wilkins 
>>>>>>> wrote:
>>>>>>>
>>>>>>>> I am trying to use hiera to populate a defined type to feed the 
>>>>>>>> puppet-logstash module. So far, I have been unable to send the data 
>>>>>>>> from my 
>>>>>>>> hiera file to my defined type. I have tested my defined type and it is 
>>>>>>>> working, I just can't seem to populate the variables. It tells me that 
>>>>>>>> $content and $order are not set.
>>>>>>>>
>>>>>>>> /etc/puppet/modules/profiles/manifests/logstash/shipper.pp:
>>>>>>>>
>>>>>>>> class profiles::logstash::shipper() {
>>>>>>>>
>>>>>>>>   $shipper_config = hiera('

Re: [Puppet Users] Using Hiera to Populate Defined Type in Puppet 3.6

2014-05-29 Thread Brian Wilkins 
Same problem. I see it concatenated in the notice.

On Thursday, May 29, 2014 1:05:39 PM UTC-4, Doug_F wrote:
>
> Just a thought try changing 
>   $shipper_config = hiera('profiles::logstash::config', {}) => 
> $shipper_config = hiera_hash('profiles::logstash::config', {})
>
>
> On Thu, May 29, 2014 at 11:01 AM, Brian Wilkins 
> 
> > wrote:
>
>> It prints out:
>>
>> order10contentthis is a test
>>
>> It concatenated it all together.
>>
>>
>>
>> On Thursday, May 29, 2014 12:59:09 PM UTC-4, Doug_F wrote:
>>
>>> Try setting your notice("${shipper_config}") before create resources and 
>>> see what it prints out. 
>>>
>>>
>>> On Thu, May 29, 2014 at 10:47 AM, Brian Wilkins wrote:
>>>
>>>> Oh ok, makes sense. I did that and now I get "can't convert String into 
>>>> Hash at /etc/puppet/modules/profiles/manifests/logstash/shipper.pp:15"
>>>>
>>>> My shipper.pp
>>>>
>>>> class profiles::logstash::shipper() {
>>>>
>>>>   $shipper_config = hiera('profiles::logstash::config', {})
>>>>   create_resources('profiles::logstash::config', $shipper_config)
>>>>
>>>>
>>>>   notice("${shipper_config[name]}")
>>>>   class { 'logstash':
>>>> ensure  => 'present',
>>>> version => '1.4.1-1_bd507eb',
>>>> status  => 'enabled',
>>>>   }
>>>>
>>>>   profiles::logstash::config { 'shipper':
>>>>
>>>>content => $content,
>>>>order   => $order,
>>>>   }
>>>>
>>>>   include logstash
>>>> }
>>>>
>>>> Line 15 is the create_resources line.
>>>>
>>>>
>>>> On Thursday, May 29, 2014 12:42:15 PM UTC-4, Doug_F wrote:
>>>>
>>>>> profiles::logstash::config:
>>>>>input_file:
>>>>>  content: 'this is a test'
>>>>>  order: '10'
>>>>>
>>>>> Should probably be 
>>>>> profiles::logstash::config:
>>>>>content: 'this is a test'
>>>>>order: '10'
>>>>>
>>>>>
>>>>>
>>>>> On Thu, May 29, 2014 at 10:27 AM, Brian Wilkins wrote:
>>>>>
>>>>>> I am trying to use hiera to populate a defined type to feed the 
>>>>>> puppet-logstash module. So far, I have been unable to send the data from 
>>>>>> my 
>>>>>> hiera file to my defined type. I have tested my defined type and it is 
>>>>>> working, I just can't seem to populate the variables. It tells me that 
>>>>>> $content and $order are not set.
>>>>>>
>>>>>> /etc/puppet/modules/profiles/manifests/logstash/shipper.pp:
>>>>>>
>>>>>> class profiles::logstash::shipper() {
>>>>>>
>>>>>>   $shipper_config = hiera('profiles::logstash::config')
>>>>>>   create_resources('config', $shipper_config)
>>>>>>
>>>>>>   notice("${shipper_config[name]}")
>>>>>>   class { 'logstash':
>>>>>> ensure  => 'present',
>>>>>> version => '1.4.1-1_bd507eb',
>>>>>> status  => 'enabled',
>>>>>>   }
>>>>>>
>>>>>>   profiles::logstash::config { $name:
>>>>>>content => $content,
>>>>>>order   => $order,
>>>>>>   }
>>>>>>
>>>>>>   include logstash
>>>>>> }
>>>>>>
>>>>>> /etc/puppet/modules/profiles/manifests/logstash/config.pp:
>>>>>>
>>>>>> define profiles::logstash::config(
>>>>>>   $content = undef,
>>>>>>   $order = undef,
>>>>>> ) {
>>>>>>   logstash::configfile { $name:
>>>>>> content => $content,
>>>>>> order   => $order
>>>>>>   }
>>>>>> }
>>>>>>
>>>>>> /etc/puppet/data/node/els4172.els.dev.yaml:
>>>>&

Re: [Puppet Users] Using Hiera to Populate Defined Type in Puppet 3.6

2014-05-29 Thread Brian Wilkins 
It prints out:

order10contentthis is a test

It concatenated it all together.


On Thursday, May 29, 2014 12:59:09 PM UTC-4, Doug_F wrote:
>
> Try setting your notice("${shipper_config}") before create resources and 
> see what it prints out. 
>
>
> On Thu, May 29, 2014 at 10:47 AM, Brian Wilkins 
> 
> > wrote:
>
>> Oh ok, makes sense. I did that and now I get "can't convert String into 
>> Hash at /etc/puppet/modules/profiles/manifests/logstash/shipper.pp:15"
>>
>> My shipper.pp
>>
>> class profiles::logstash::shipper() {
>>
>>   $shipper_config = hiera('profiles::logstash::config', {})
>>   create_resources('profiles::logstash::config', $shipper_config)
>>
>>
>>   notice("${shipper_config[name]}")
>>   class { 'logstash':
>> ensure  => 'present',
>> version => '1.4.1-1_bd507eb',
>> status  => 'enabled',
>>   }
>>
>>   profiles::logstash::config { 'shipper':
>>
>>content => $content,
>>order   => $order,
>>   }
>>
>>   include logstash
>> }
>>
>> Line 15 is the create_resources line.
>>
>>
>> On Thursday, May 29, 2014 12:42:15 PM UTC-4, Doug_F wrote:
>>
>>> profiles::logstash::config:
>>>input_file:
>>>  content: 'this is a test'
>>>  order: '10'
>>>
>>> Should probably be 
>>> profiles::logstash::config:
>>>content: 'this is a test'
>>>order: '10'
>>>
>>>
>>>
>>> On Thu, May 29, 2014 at 10:27 AM, Brian Wilkins wrote:
>>>
>>>> I am trying to use hiera to populate a defined type to feed the 
>>>> puppet-logstash module. So far, I have been unable to send the data from 
>>>> my 
>>>> hiera file to my defined type. I have tested my defined type and it is 
>>>> working, I just can't seem to populate the variables. It tells me that 
>>>> $content and $order are not set.
>>>>
>>>> /etc/puppet/modules/profiles/manifests/logstash/shipper.pp:
>>>>
>>>> class profiles::logstash::shipper() {
>>>>
>>>>   $shipper_config = hiera('profiles::logstash::config')
>>>>   create_resources('config', $shipper_config)
>>>>
>>>>   notice("${shipper_config[name]}")
>>>>   class { 'logstash':
>>>> ensure  => 'present',
>>>> version => '1.4.1-1_bd507eb',
>>>> status  => 'enabled',
>>>>   }
>>>>
>>>>   profiles::logstash::config { $name:
>>>>content => $content,
>>>>order   => $order,
>>>>   }
>>>>
>>>>   include logstash
>>>> }
>>>>
>>>> /etc/puppet/modules/profiles/manifests/logstash/config.pp:
>>>>
>>>> define profiles::logstash::config(
>>>>   $content = undef,
>>>>   $order = undef,
>>>> ) {
>>>>   logstash::configfile { $name:
>>>> content => $content,
>>>> order   => $order
>>>>   }
>>>> }
>>>>
>>>> /etc/puppet/data/node/els4172.els.dev.yaml:
>>>>
>>>> classes:
>>>>   - os::repo
>>>>   - profiles::logstash::shipper
>>>>
>>>> profiles::logstash::config:
>>>>input_file:
>>>>  content: 'this is a test'
>>>>  order: '10'
>>>>
>>>>
>>>> My notice is not called, it does not display a thing. Did I use 
>>>> create_resources correctly?
>>>>
>>>>
>>>>
>>>>  -- 
>>>> You received this message because you are subscribed to the Google 
>>>> Groups "Puppet Users" group.
>>>> To unsubscribe from this group and stop receiving emails from it, send 
>>>> an email to puppet-users...@googlegroups.com.
>>>>
>>>> To view this discussion on the web visit https://groups.google.com/d/
>>>> msgid/puppet-users/c162ac6e-257c-4c42-a856-0b2f99dbd7f3%
>>>> 40googlegroups.com<https://groups.google.com/d/msgid/puppet-users/c162ac6e-257c-4c42-a856-0b2f99dbd7f3%40googlegroups.com?utm_medium=email&utm_source=footer>
>>>> .
>>>> For more options, visit https://groups.google.com/d/optout.
>>>>
>>>
>>>  -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to puppet-users...@googlegroups.com .
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/puppet-users/305d7707-68ca-4814-940e-ef984fcb2c04%40googlegroups.com<https://groups.google.com/d/msgid/puppet-users/305d7707-68ca-4814-940e-ef984fcb2c04%40googlegroups.com?utm_medium=email&utm_source=footer>
>> .
>>
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/09cd7ee2-7231-499f-a05e-e4430389956a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Using Hiera to Populate Defined Type in Puppet 3.6

2014-05-29 Thread Brian Wilkins 
Oh ok, makes sense. I did that and now I get "can't convert String into 
Hash at /etc/puppet/modules/profiles/manifests/logstash/shipper.pp:15"

My shipper.pp

class profiles::logstash::shipper() {

  $shipper_config = hiera('profiles::logstash::config', {})
  create_resources('profiles::logstash::config', $shipper_config)

  notice("${shipper_config[name]}")
  class { 'logstash':
ensure  => 'present',
version => '1.4.1-1_bd507eb',
status  => 'enabled',
  }

  profiles::logstash::config { 'shipper':
   content => $content,
   order   => $order,
  }

  include logstash
}

Line 15 is the create_resources line.

On Thursday, May 29, 2014 12:42:15 PM UTC-4, Doug_F wrote:
>
> profiles::logstash::config:
>input_file:
>  content: 'this is a test'
>  order: '10'
>
> Should probably be 
> profiles::logstash::config:
>content: 'this is a test'
>order: '10'
>
>
>
> On Thu, May 29, 2014 at 10:27 AM, Brian Wilkins 
> 
> > wrote:
>
>> I am trying to use hiera to populate a defined type to feed the 
>> puppet-logstash module. So far, I have been unable to send the data from my 
>> hiera file to my defined type. I have tested my defined type and it is 
>> working, I just can't seem to populate the variables. It tells me that 
>> $content and $order are not set.
>>
>> /etc/puppet/modules/profiles/manifests/logstash/shipper.pp:
>>
>> class profiles::logstash::shipper() {
>>
>>   $shipper_config = hiera('profiles::logstash::config')
>>   create_resources('config', $shipper_config)
>>
>>   notice("${shipper_config[name]}")
>>   class { 'logstash':
>> ensure  => 'present',
>> version => '1.4.1-1_bd507eb',
>> status  => 'enabled',
>>   }
>>
>>   profiles::logstash::config { $name:
>>content => $content,
>>order   => $order,
>>   }
>>
>>   include logstash
>> }
>>
>> /etc/puppet/modules/profiles/manifests/logstash/config.pp:
>>
>> define profiles::logstash::config(
>>   $content = undef,
>>   $order = undef,
>> ) {
>>   logstash::configfile { $name:
>> content => $content,
>> order   => $order
>>   }
>> }
>>
>> /etc/puppet/data/node/els4172.els.dev.yaml:
>>
>> classes:
>>   - os::repo
>>   - profiles::logstash::shipper
>>
>> profiles::logstash::config:
>>input_file:
>>  content: 'this is a test'
>>  order: '10'
>>
>>
>> My notice is not called, it does not display a thing. Did I use 
>> create_resources correctly?
>>
>>
>>
>>  -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to puppet-users...@googlegroups.com .
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/puppet-users/c162ac6e-257c-4c42-a856-0b2f99dbd7f3%40googlegroups.com<https://groups.google.com/d/msgid/puppet-users/c162ac6e-257c-4c42-a856-0b2f99dbd7f3%40googlegroups.com?utm_medium=email&utm_source=footer>
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/305d7707-68ca-4814-940e-ef984fcb2c04%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Using Hiera to Populate Defined Type in Puppet 3.6

2014-05-29 Thread Brian Wilkins 
I am trying to use hiera to populate a defined type to feed the 
puppet-logstash module. So far, I have been unable to send the data from my 
hiera file to my defined type. I have tested my defined type and it is 
working, I just can't seem to populate the variables. It tells me that 
$content and $order are not set.

/etc/puppet/modules/profiles/manifests/logstash/shipper.pp:

class profiles::logstash::shipper() {

  $shipper_config = hiera('profiles::logstash::config')
  create_resources('config', $shipper_config)

  notice("${shipper_config[name]}")
  class { 'logstash':
ensure  => 'present',
version => '1.4.1-1_bd507eb',
status  => 'enabled',
  }

  profiles::logstash::config { $name:
   content => $content,
   order   => $order,
  }

  include logstash
}

/etc/puppet/modules/profiles/manifests/logstash/config.pp:

define profiles::logstash::config(
  $content = undef,
  $order = undef,
) {
  logstash::configfile { $name:
content => $content,
order   => $order
  }
}

/etc/puppet/data/node/els4172.els.dev.yaml:

classes:
  - os::repo
  - profiles::logstash::shipper

profiles::logstash::config:
   input_file:
 content: 'this is a test'
 order: '10'


My notice is not called, it does not display a thing. Did I use 
create_resources correctly?



-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/c162ac6e-257c-4c42-a856-0b2f99dbd7f3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: Calculating network address - boolean opertors

2014-05-28 Thread Brian Mathis 
I did some more work on this and got it to accept a dotted-quad formatted
subnet mask, so you don't need to use CIDR format:

$host = "10.122.3.177"
$mask = '255.255.255.128'

### Convert netmask to CIDR bits
$mask_cidr_bits = {
  '255' => '8',  '254' => '7',
  '252' => '6',  '248' => '5',
  '240' => '4',  '224' => '3',
  '192' => '2',  '128' => '1',
  '0'   => '0',
}
$mask_octets = split( $mask, '\.' )
$cidr =
  $mask_cidr_bits[$mask_octets[0]] +
  $mask_cidr_bits[$mask_octets[1]] +
  $mask_cidr_bits[$mask_octets[2]] +
  $mask_cidr_bits[$mask_octets[3]]

# Wildcard is inverse of netmask
$wild_card = 32 - $cidr


### Convert dotted quad IP to decimal format
$host_octets = split( $host, '\.' )
$ip_decimal =
  ($host_octets[0] * 16777216) +
  ($host_octets[1] * 65536) +
  ($host_octets[2] * 256) +
  ($host_octets[3])


### Remove host bits to get subnet by shifting wildcard bits off the end
$subnet_decimal = ($ip_decimal >> $wild_card) << $wild_card


### Convert IP decimal format to dotted quad
    $quad1   = $subnet_decimal / 16777216
$remain1 = $subnet_decimal % 16777216
$quad2   = $remain1 / 65536
$remain2 = $remain1 % 65536
$quad3   = $remain2 / 256
$quad4   = $remain2 % 256

$subnet = "${quad1}.${quad2}.${quad3}.${quad4}"


❧ Brian Mathis
@orev


On Mon, May 19, 2014 at 6:49 PM, Brian Mathis
wrote:

> The "and" function is only meant to return true or false.  It does not
> perform binary arithmetic, which is what you're trying to do.
>
> If you can use the number of bits in the netmask (CIDR notation), instead
> of the dotted-quad notation, you can do something like this:
>
> $host = "10.122.3.177"
> $mask_bits = 25
> $wild_card = 32 - $mask_bits
>
> ### Convert dotted quad to decimal format
> $octet = split( $host, '\.' )
> $ip_decimal =
>   ($octet[0] * 16777216) +
>   ($octet[1] * 65536) +
>   ($octet[2] * 256) +
>   ($octet[3])
>
> ### Remove host bits
> $subnet_junk= $ip_decimal  >> $wild_card
> $subnet_decimal = $subnet_junk << $wild_card
>
> ### Convert decimal format to dotted quad
> $quad1   = $subnet_decimal / 16777216
> $remain1 = $subnet_decimal % 16777216
> $quad2   = $remain1 / 65536
> $remain2 = $remain1 % 65536
> $quad3   = $remain2 / 256
> $quad4   = $remain2 % 256
>
> $subnet = "${quad1}.${quad2}.${quad3}.${quad4}"
>
>
> Another possibility would be to calculate using ruby code and the
> inline_template() function.
>
>
> ❧ Brian Mathis
> @orev
>
>
> On Mon, May 19, 2014 at 3:22 AM, Michael Wörz wrote:
>
>> no, thanks split works now,
>> but the boolean operator
>>
>> $ok1=$iparray[0] and $nmarray[0]
>>
>> returns true inetad of 10
>>
>>
>> $ip="10.122.3.177"
>> $nm="255.255.255.128"
>> $iparray=split($ip, '[.]')
>> $nmarray=split($ip, '[.]')
>>
>> $ok1=$iparray[0] and $nmarray[0]
>> notify {"$ok1":}
>>
>>
>>
>>
>> Am Montag, 19. Mai 2014 09:08:16 UTC+2 schrieb Joaquin Menchaca:
>>
>>> Did you escape the meta character of dot?
>>>
>>> $octets = split($ip, '[.]')
>>>
>>>
>>>
>>> On Monday, May 19, 2014 12:01:48 AM UTC-7, Michael Wörz wrote:
>>>>
>>>> Hello folks
>>>>
>>>> i need a bit of help calculating the network address from ip an netmask
>>>> avoiding the use of stdlib within a puppet maifest.
>>>>
>>>> #given IP address and netmask
>>>> $ip="10.122.3.177"
>>>> $nm="255.255.255.128"
>>>>
>>>> #splitting into octets -  split() didnt work for some reason
>>>> if $ip =~ /([0-9]+)\.[0-9]+\.[0-9]+\.[0-9]+/ {$ip1 = $1} #  same for
>>>> $ip2 = $2  ...
>>>> if $nm =~ /([0-9]+)\.[0-9]+\.[0-9]+\.[0-9]+/ {$nm1 = $1}
>>>>
>>>> # apply boolean AND
>>>> $oc1=$ip1 && $nm1
>>>> # Could not parse for environment production: Could not match && at
>>>> ...
>>>>
>>>>
>>>> notify {"$oc1":}
>>>>
>>>> thanks for your help
>>>>
>>>  --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to puppet-users+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/puppet-users/bca3ec21-0338-4f2f-b423-eb79d2300359%40googlegroups.com<https://groups.google.com/d/msgid/puppet-users/bca3ec21-0338-4f2f-b423-eb79d2300359%40googlegroups.com?utm_medium=email&utm_source=footer>
>> .
>>
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CALKwpEwv_7YF4n3fqP%3DTWh0EyUArU%3DF8THc07nmezGg21SqJHQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: validate_re() does not correctly match numbers in some cases

2014-05-21 Thread Brian Mathis 
On Wed, May 21, 2014 at 4:29 AM, Felix Frank <
felix.fr...@alumni.tu-berlin.de> wrote:

> On 05/20/2014 07:16 PM, Brian Mathis wrote:
> > This is a bug in validate_re(), even though there is a workaround.
>
> Arguably so.
>
> One could also argue, on the other hand, that regular expressions are
> matched by *strings* and nothing else. Sure, we've been spoiled by bash
> and perl which don't give damn and implicitly convert to string every
> chance they get. But that isn't a universal truth. Point in fact
>
> irb(main):001:0> puts "it works!" if 5 =~ /[0-9]+/
> => nil
>
> I agree that it *is* inconvenient to check for two cases "is numeric" or
> "contains a number" when logically the former implies the latter. I also
> think that implicit string conversion would be a beneficial feature for
> validate_re. But it is not necessarily a bug.
>
> Cheers,
> Felix
>


If validate_re() is only effective on strings, then, in a dynamically typed
language such as ruby/puppet, it better make sure it's casting to a string
inside the function.  Forcing the use of quotes is a workaround for
something that it should be doing and creates inconsistency in the
interface.  Forcing the user to be aware of the internals of the function
in order to use it defeats the point of using functions.

One of the big problems here is that sometimes it works and sometimes it
doesn't for the same data, depending on where you got it and what you did
with it, which is clearly a bug.  I'm not sure how else you can define a
bug other than "actual behavior does not match expected behavior", when the
expectation is merely that the function performs in a predictable way.


❧ Brian Mathis
@orev

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CALKwpEwaUwoCQGDTeN6ztLJKUXoTMfgnFpK%3D7xZbifjb5sk_nw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: validate_re() does not correctly match numbers in some cases

2014-05-20 Thread Brian Mathis 
On Tue, May 20, 2014 at 11:59 AM, jcbollinger wrote:

>
>
> On Monday, May 19, 2014 6:45:56 PM UTC-5, Brian Mathis wrote:
>>
>> I'm seeing this issue with the current version of stdlib.  When getting
>> numeric data from hiera, or performing math on a variable, validate_re()
>> fails when using the following regex:
>> '[0-9]+'
>>
>>
>
> Fascinating.
>
>
>
>> Here are some test cases:
>>
>> Getting data from hiera
>> # Hiera data:
>> # ---
>> # testvalue: 1234
>>
>> FAIL:
>> $myvar = hiera('testvalue')
>> validate_re( $myvar, '[0-9]+' )
>>
>> Performing math
>> OK:
>>$var = 1000
>>validate_re( $var, '[0-9+]' )
>>
>> FAIL:
>>$var2 = 2000 + 1
>>validate_re( $var2, '[0-9+]' )
>>
>> I've had to resort to quoting variables in validate_re, like this:
>> OK:
>> $var3 = 3000 + 1
>> validate_re( "${var3}", '[0-9+]' )
>>
>> However puppet-lint complains about having only a variable inside
>> double-quotes, so I'm considering solving this with the very ugly:
>> validate_re( "X${var3}", 'X[0-9+]' )
>>
>>
>
> Yet your solution using "${var3}" is perfectly good thing to do to convert
> a variable of uncertain type to a string.  I'd tell puppet-lint to go play
> in a clothes dryer.
>
> Alternatively, you could try this instead:
>
> if not is_integer(${var3}) or (${var3} < 0) {
>   validate_re( ${var3}, '[0-9]+')
> }
>
>
> John
>
>>

I have decided to exclude these files from that puppet-lint test, so I can
use double-quotes only.  However, if validate_re() is expecting to only
operate on a string, it should be doing this internally and not forcing it
upon the user to make an explicit cast to a string.  This is a bug in
validate_re(), even though there is a workaround.


❧ Brian Mathis
@orev

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CALKwpEyxD7Y%3Deo%2BWVjghirYsqXXsHiXS1wDZooFk9t6CZc-X%3DQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] validate_re() does not correctly match numbers in some cases

2014-05-19 Thread Brian Mathis 
I'm seeing this issue with the current version of stdlib.  When getting
numeric data from hiera, or performing math on a variable, validate_re()
fails when using the following regex:
'[0-9]+'

Here are some test cases:

Getting data from hiera
# Hiera data:
# ---
# testvalue: 1234

FAIL:
$myvar = hiera('testvalue')
validate_re( $myvar, '[0-9]+' )

Performing math
OK:
   $var = 1000
   validate_re( $var, '[0-9+]' )

FAIL:
   $var2 = 2000 + 1
   validate_re( $var2, '[0-9+]' )

I've had to resort to quoting variables in validate_re, like this:
OK:
$var3 = 3000 + 1
validate_re( "${var3}", '[0-9+]' )

However puppet-lint complains about having only a variable inside
double-quotes, so I'm considering solving this with the very ugly:
validate_re( "X${var3}", 'X[0-9+]' )

Is anyone else seeing this issue?

I have opened a ticket:
https://tickets.puppetlabs.com/browse/MODULES-865


❧ Brian Mathis
@orev

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CALKwpExkspPvmmqkov3rmj2i07m86WsWq%2B%3Dyi-Lize9RT6aP9g%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: Calculating network address - boolean opertors

2014-05-19 Thread Brian Mathis 
The "and" function is only meant to return true or false.  It does not
perform binary arithmetic, which is what you're trying to do.

If you can use the number of bits in the netmask (CIDR notation), instead
of the dotted-quad notation, you can do something like this:

$host = "10.122.3.177"
$mask_bits = 25
$wild_card = 32 - $mask_bits

### Convert dotted quad to decimal format
$octet = split( $host, '\.' )
$ip_decimal =
  ($octet[0] * 16777216) +
  ($octet[1] * 65536) +
  ($octet[2] * 256) +
  ($octet[3])

### Remove host bits
$subnet_junk= $ip_decimal  >> $wild_card
$subnet_decimal = $subnet_junk << $wild_card

### Convert decimal format to dotted quad
$quad1   = $subnet_decimal / 16777216
$remain1 = $subnet_decimal % 16777216
$quad2   = $remain1 / 65536
$remain2 = $remain1 % 65536
$quad3   = $remain2 / 256
$quad4   = $remain2 % 256

$subnet = "${quad1}.${quad2}.${quad3}.${quad4}"


Another possibility would be to calculate using ruby code and the
inline_template() function.


❧ Brian Mathis
@orev


On Mon, May 19, 2014 at 3:22 AM, Michael Wörz wrote:

> no, thanks split works now,
> but the boolean operator
>
> $ok1=$iparray[0] and $nmarray[0]
>
> returns true inetad of 10
>
>
> $ip="10.122.3.177"
> $nm="255.255.255.128"
> $iparray=split($ip, '[.]')
> $nmarray=split($ip, '[.]')
>
> $ok1=$iparray[0] and $nmarray[0]
> notify {"$ok1":}
>
>
>
>
> Am Montag, 19. Mai 2014 09:08:16 UTC+2 schrieb Joaquin Menchaca:
>
>> Did you escape the meta character of dot?
>>
>> $octets = split($ip, '[.]')
>>
>>
>>
>> On Monday, May 19, 2014 12:01:48 AM UTC-7, Michael Wörz wrote:
>>>
>>> Hello folks
>>>
>>> i need a bit of help calculating the network address from ip an netmask
>>> avoiding the use of stdlib within a puppet maifest.
>>>
>>> #given IP address and netmask
>>> $ip="10.122.3.177"
>>> $nm="255.255.255.128"
>>>
>>> #splitting into octets -  split() didnt work for some reason
>>> if $ip =~ /([0-9]+)\.[0-9]+\.[0-9]+\.[0-9]+/ {$ip1 = $1} #  same for
>>> $ip2 = $2  ...
>>> if $nm =~ /([0-9]+)\.[0-9]+\.[0-9]+\.[0-9]+/ {$nm1 = $1}
>>>
>>> # apply boolean AND
>>> $oc1=$ip1 && $nm1
>>> # Could not parse for environment production: Could not match && at
>>> ...
>>>
>>>
>>> notify {"$oc1":}
>>>
>>> thanks for your help
>>>
>>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/bca3ec21-0338-4f2f-b423-eb79d2300359%40googlegroups.com<https://groups.google.com/d/msgid/puppet-users/bca3ec21-0338-4f2f-b423-eb79d2300359%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
>
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CALKwpEyFs%3DmnPJNm0B5RJOGA3KG%2BjpANOajeDkwro%2B%3DhLRL3yA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] "puppet apply --noop -e" and overiding facter values for testing

2014-05-06 Thread Brian Mathis 
This applies to facter version 1.7 and above.  See docs:
http://docs.puppetlabs.com/guides/custom_facts.html#external-facts

You can create a file like this (the name does not matter):
/etc/facter/facts.d/myfacts.txt:
hostname=value

Then when you run 'facter hostname', "value" will be returned.


❧ Brian Mathis


On Tue, May 6, 2014 at 7:43 AM, Jakov Sosic  wrote:

> On 05/06/2014 12:29 AM, Brian Mathis wrote:
>
>> The problem is that your variable names are being returned from the
>> $(cat...) after bash has already evaluated the environment, so it's
>> taking it as a literal string and trying to execute the command.
>>
>> To get bash to interpret it as a variable, use 'eval':
>> eval $(cat test_values | tr '\n' ' ' ) puppet apply --noop -e
>> 'notice("${fqdn}")'
>>
>> Also, on modern versions of facter you can place facts in
>> /etc/facter/facts.d and they will override the detected versions.
>>
>
> Can you show an example how to override facter value with file in
> /etc/facter/facts.d/ ? For example, how to override hostname?
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/puppet-users/5368CAD9.1030302%40gmail.com.
>
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CALKwpEwyEaGx_AtpXxc%2B8%3DCxa1Nh0M8y78zq6P4ArebZp1P3Eg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] "puppet apply --noop -e" and overiding facter values for testing

2014-05-05 Thread Brian Mathis 
The problem is that your variable names are being returned from the
$(cat...) after bash has already evaluated the environment, so it's taking
it as a literal string and trying to execute the command.

To get bash to interpret it as a variable, use 'eval':
   eval $(cat test_values | tr '\n' ' ' ) puppet apply --noop -e
'notice("${fqdn}")'

Also, on modern versions of facter you can place facts in
/etc/facter/facts.d and they will override the detected versions.


❧ Brian Mathis


On Sat, May 3, 2014 at 7:41 AM, Peter  wrote:

> Hi Puppet Users,
>
> Firstly I already know that I can override facter variables by adding them
> to the commandline.  Eg:
>
> root@dna:~# FACTER_fqdn=foo.bar.info puppet apply --noop -e
> 'notice("${fqdn}")'
> Notice: Scope(Class[main]): foo.bar.info
> Notice: Compiled catalog for dna.local in environment production in 0.03
> seconds
> Notice: Finished catalog run in 0.04 seconds
>
> I would like to use a number of different FACTER overrides, I can add them
> all to the command line but I want to test different values at different
> times.  I was hoping that I could have a file like:
> root@dna:~# cat test_values
> FACTER_hostname=bob
> FACTER_domain=mgnt.local
> FACTER_fqdn=bob.mgnt.local
> FACTER_foo=foo
>
> Then like with the hiera command line tool use an option to tell puppet
> apply to use this file and override any facts with the same name.  However
> there isnt an option.
>
> I have found a bash command which will take the values from the file and
> concat them together to form one line:
> root@dna:~# cat test_values | tr '\n' ' '
> FACTER_hostname=bob FACTER_domain=mgnt.local FACTER_fqdn=bob.mgnt.local
> FACTER_foo=foo
>
> I was then hoping I could do something like:
> root@dna:~# $(cat test_values | tr '\n' ' ' ) puppet apply --noop -e
> 'notice("${fqdn}")'
> -bash: FACTER_hostname=bob: command not found
>
> However it doesn't work.
>
> My question is, does anyone know a puppet way pass a file to puppet apply
> which will override facts or if there are any bash experts out there how I
> can have the output of the command as plan text.
>
> Thanks,
>
> Peter
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/fc389ac2-c451-434e-804e-1bbaf9e00117%40googlegroups.com<https://groups.google.com/d/msgid/puppet-users/fc389ac2-c451-434e-804e-1bbaf9e00117%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CALKwpEwO4d5z7jbLvZX21W%2BEsGevWi%2BwShhO5trKVq-yk-b4Gg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Puppet is not updating user passwords

2014-04-23 Thread Brian Mathis 
The issue you have is that Puppet is not updating the /etc/shadow file, but
even once it's doing that correctly, Method 1 still will not work. The
sha1() and md5() functions do not produce passwd/shadow compatible values
because that is not what they are for. Generating encrypted passwords is
more complex than a simple hash of the password.

Method 2 *should* work, but since it's not, you have something else going
on. Have you tried to apply the manifest using debug and/or verbose mode?

I will guess that you're missing the ruby-shadow package, which Puppet
needs to manage those files. Check your package provider and/or gem to make
sure you have it installed.


❧ Brian Mathis


On Wed, Apr 23, 2014 at 5:27 PM, Mike R  wrote:

> I can't get puppet to update the password for any users that I declare,
> this is my manifest:
>
> user {'test1':
> ensure => present,
> password => sha1('vagrant'),
> shell => '/bin/bash',
> }
>
>
> I also tried with the md5() function, and with raw password hash. I am on
> Ubuntu 12.04, using Puppet 2.7.19, Vagrant 1.5.3.
>
> When I check /etc/shadow, all I see is ! (exclamation points where the
> password should be)
>
> test4:!:16183:0:9:7:::
> test3:!:16183:0:9:7:::
> test1:!:16183:0:9:7:::
> test2:!:16183:0:9:7:::
>
>
>
> I posted my question to stackoverflow with more details:
> http://stackoverflow.com/questions/23253271/not-updating-the-user-password
> I also looked over this old post
> https://groups.google.com/forum/#!topic/puppet-users/gXpt-YjROMw
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/4c1b1ad3-2d3f-41dd-8709-7bb3f83c7c21%40googlegroups.com<https://groups.google.com/d/msgid/puppet-users/4c1b1ad3-2d3f-41dd-8709-7bb3f83c7c21%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CALKwpEz4P96-JKApD%2BQ1jkaRdQA_%2Bc_ei4ZPyhagKH%2B6-PtP4w%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: facter-1.7.3 and puppet-3.3.1 on OS X Mavericks 10.9

2014-04-09 Thread Brian Auron 
Hello,

I came looking for this exact error, but specifying "--server 
puppetmaster.domain" or setting "server = puppetmaster.domain" in 
puppet.conf doesn't allow a successful run of puppet. The error is the same 
as Paul had above:

Error: Could not request certificate: SSL_connect returned=1 errno=0 
state=SSLv2/v3 read server hello A: (null)

But `openssl s_client -connect puppetmaster.domain:8140` works just fine. 
There are no DNS alternative names and we only have one puppetmaster. Does 
anybody have an idea? Thanks!

-Brian

On Tuesday, February 11, 2014 1:56:25 PM UTC-6, Paul Tötterman wrote:
>
> Paul, that ssl error looks like the following post on puppet-users: 
>> https://groups.google.com/forum/#!topic/puppet-users/4-6EimF_-NY/discussion, 
>> which relates to SNI.
>>
>
> Thank you for pointing me in the right direction.
>  
>
>> Adding a server alias to your puppetmaster vhost may resolve your 
>> problem. This is a change in ruby after 1.9.0, so it wouldn't have been in 
>> system ruby on OSX before mavericks.
>>
>
> I can run the agent with --server puppet.$domain or by setting the server 
> in the config file. But I had no success in adding aliases to my 
> puppet/passenger/apache config. After trying to add the required apache 
> directives (NameVirtualHost, ServerName and ServerAlias) and restarting 
> apache, no puppet agents would communicate properly with the master.
>
> So I guess I'm going to go with server in puppet.conf for now.
>
> Thanks,
> Paul
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/0bcc83a0-d9b7-4cca-adfb-66289c418be1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: My dynamic config-file environment broke in 3.5

2014-04-04 Thread Brian Pitts 
Hi Eric,

I'm glad you're taking this and the yumrepo issue (which also bit me) 
seriously. I've already downgraded to 3.4.3, but I'll try 3.5.1 as soon as 
it's available.

On Friday, April 4, 2014 7:55:21 PM UTC-5, Eric Sorenson wrote:
>
> Hi Brian, thanks for the report -- this was exactly the problem that led 
> us to recall the 3.5.0 release just now.
>
> There is a workaround that is pretty simple, if you're willing to stick 
> with it: just set `environmentpath=/some/nonexistent/dir` in the [master] 
> section of your puppet.conf. This will cause the directory environment code 
> to bypass your /etc/puppet/environments setup and things should be as they 
> were.
>
> You're right that both the precedence logic should change and the release 
> notes should more accurately reflect the situation; we're working on the 
> code for 3.5.1 and have already updated the release notes to have big 
> flashing warnings.
>
> Please give the workaround above a try before you revert back to 3.4.3 -- 
> it's worked in all of the cases we've been able to reproduce here, and 
> looking at your config it *should* work for you too, but if not I'd be 
> super interested to troubleshoot it further.
>
> We're tracking this at https://tickets.puppetlabs.com/browse/PUP-2158 so 
> add yourself as a watcher to that bug to see how things shake out.
>
> --eric0
>
> On Friday, April 4, 2014 11:37:22 AM UTC-7, Brian Pitts wrote:
>>
>> Hi,
>>
>> After I upgraded my puppetmaster to 3.5, my clients can no longer find my 
>> modules. I had my modules broken up into three directories
>>
>> * modules: third-party modules I install via r10k
>> * lib-modules: library/generic modules I wrote
>> * app-modules: application/wrapper modules I wrote
>>
>> I expressed this in puppet.conf with
>>
>> [master]
>> environment = production
>> manifest= $confdir/environments/$environment/manifests/site.pp
>> modulepath  = 
>> $confdir/environments/$environment/modules:$confdir/environments/$environment/lib-modules:$confdir/environments/$environment/app-modules
>>
>> However, my puppet runs fail with "Could not find class atop"; that class 
>> is in lib-modules. When I check the modulepath on my master I don't get 
>> what I expect
>>
>> $ sudo puppet config print modulepath --section master --environment 
>> production
>>
>> /etc/puppet/environments/production/modules:/etc/puppet/modules:/usr/share/puppet/modules
>>
>> Based on the documentation I've read [0], I think this is because I named 
>> the directory that I stored my dynamic environments in "environments". In 
>> 3.5 if puppet sees a directory named "environments" it will use "directory 
>> environments" instead of "config-file environments". I.E. the precedence is
>>
>> static config-file environments → directory environments → dynamic (
>> $environment) config-file environments
>>
>> This is a surprise, since I did not intentionally set up directory 
>> environments and they don't support my modulepath. To me it seems like this 
>> behavior unncecessarily breaks existing puppet setups. Why isn't the 
>> precedence
>>
>> static config-file environments → dynamic ($environment) config-file 
>> environments→ directory environments ?
>>
>> Also, shouldn't a warning about this be added to the release notes?
>>
>> [0] 
>> http://docs.puppetlabs.com/puppet/latest/reference/environments_classic.html#interaction-with-directory-environments
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/07167945-0574-4560-a6a2-0e7c729ce117%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] My dynamic config-file environment broke in 3.5

2014-04-04 Thread Brian Pitts 
Hi,

After I upgraded my puppetmaster to 3.5, my clients can no longer find my 
modules. I had my modules broken up into three directories

* modules: third-party modules I install via r10k
* lib-modules: library/generic modules I wrote
* app-modules: application/wrapper modules I wrote

I expressed this in puppet.conf with

[master]
environment = production
manifest= $confdir/environments/$environment/manifests/site.pp
modulepath  = 
$confdir/environments/$environment/modules:$confdir/environments/$environment/lib-modules:$confdir/environments/$environment/app-modules

However, my puppet runs fail with "Could not find class atop"; that class 
is in lib-modules. When I check the modulepath on my master I don't get 
what I expect

$ sudo puppet config print modulepath --section master --environment 
production
/etc/puppet/environments/production/modules:/etc/puppet/modules:/usr/share/puppet/modules

Based on the documentation I've read [0], I think this is because I named 
the directory that I stored my dynamic environments in "environments". In 
3.5 if puppet sees a directory named "environments" it will use "directory 
environments" instead of "config-file environments". I.E. the precedence is

static config-file environments → directory environments → dynamic (
$environment) config-file environments

This is a surprise, since I did not intentionally set up directory 
environments and they don't support my modulepath. To me it seems like this 
behavior unncecessarily breaks existing puppet setups. Why isn't the 
precedence

static config-file environments → dynamic ($environment) config-file 
environments→ directory environments ?

Also, shouldn't a warning about this be added to the release notes?

[0] 
http://docs.puppetlabs.com/puppet/latest/reference/environments_classic.html#interaction-with-directory-environments

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/b679f601-9d89-4537-b239-f2c8597faa3c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Workaround for user password hash

2014-02-06 Thread Brian Mathis 
On Thu, Feb 6, 2014 at 5:12 AM,  wrote:

> On Wednesday, February 5, 2014 8:31:21 PM UTC+1, Brian Mathis wrote:
>
>
>> There is nothing wrong with the sha1() function, it's just being used
>> incorrectly.
>>
>
> Just for the record, what would be the correct way to use it for this
> purpose?
>
> I think it could be an interesting topic: when searching for solutions to
> my problem I found various old threads dealing with this issue, but no
> different ways of using sha1().
> Someone even suggests the plain non-working way, e.g.:
> https://groups.google.com/forum/#!topic/puppet-users/gXpt-YjROMw
>
> Thanks.
> Marco
>


There is no correct way to use it for this purpose.

If you want to get an idea of what is involved in creating a password from
plaintext, take a look here (Java code):
ftp://ftp.arlut.utexas.edu/pub/java_hashes/Sha256Crypt.java

To do this in Puppet, you'd probably have to write some Ruby code as a
module or patch to Puppet -- not really sure.

Incidentally, password fields in Linux do not use SHA1, it's either SHA256
or SHA512, used within this type of algorithm.


❧ Brian Mathis

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CALKwpEw4iyEXdV1LBqppkYCj4LqNG3%3Di-fz%3DAD2cRt8tPDaOSg%40mail.gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Workaround for user password hash

2014-02-05 Thread Brian Mathis 
On Wed, Feb 5, 2014 at 1:25 PM, Chuck Anderson  wrote:

> On Wed, Feb 05, 2014 at 09:48:59AM -0800, zerozerouno...@gmail.com wrote:
> > I needed a "user" puppet resource to add a user and set its password, on
> > CentOS 6.4.
> > The manifest was applied with no errors, but the password was not set
> > correctly.
> >
> > I tried:
> >
> >   password => sha1("password")
> >
> > and some hash was set for the user password, but it was not the right
> one,
> > I could not log in.
>
> I think that wouldn't work because it doesn't create a salt or the
> proper format in /etc/shadow of $$salt$hash.
>
> > I then tried directly setting the hash I got from "openssl passwd -1
> > password":
> >
> >   password => "$1$RCxCmL.x$MRHrLKqYpha19ERGC/5FQ/"
> >
> > but only part of the hash ended up in /etc/shadow, e.g. in this case
> > ".x/5FQ/".
>
> Use single quotes rather than double quotes so the $ aren't
> interpolated as variables:
>
> password => '$1$RCxCmL.x$MRHrLKqYpha19ERGC/5FQ/'
>
> > PS: what's the problem with sha1()? I don't care about the password being
> > in clear text in the manifest, BTW.
>
> It just creates a raw SHA1 hash without the required format including
> the hash type field and salt field.
>


It's far more than just simple formatting.  Passwords are stored using
"crypt" functions, with the original one using DES, then we moved on to MD5
and SHA.  The cryptographic portions (MD5, SHA1, etc...) are only PART of
the algorithm, which also includes salting, multiple iterations, etc...

There is nothing wrong with the sha1() function, it's just being used
incorrectly.


❧ Brian Mathis

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CALKwpEw5e_eRNv%3DHKUg%3Dehu0Psx%2BkjuY1fQ_LLziru7wJXoVfw%40mail.gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Fedora 20 Packages

2013-12-03 Thread Brian Pitts 
Hi,

Since the Fedora 20 final release is a week away, I was wondering if F20 
packages for yum.puppetlabs.com are being worked on.

All the best,
Brian

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/a30d6a39-eb9f-43c1-9ae1-b56656b0725a%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] User Management in LDAP/Kerberos (freeipa)

2013-11-14 Thread Brian Mathis 
Puppet is really meant for managing systems, not data.  The data in LDAP is
really more like database data, not so much as system information, even
though many system services use it to get information.

Consider if you would use Puppet to manage data (like web site content) in
a MySQL database.  You might use Puppet to create the table structure as
part of the installation process, but not to revise the data itself.


❧ Brian Mathis


On Thu, Nov 14, 2013 at 2:50 AM, William Leese
wrote:

> Hi,
>
> I'm faced with the question if we should be doing user management directly
> using freeipa (an integrated LDAP, Kerberos, CA, etc) or by manipulating
> freeipa using Puppet.
> Installation and configuration of the service is already performed through
> Puppet so this only concerns the data stored by freeipa (users, groups,
> sshkeys, sudo permissions, etc).
>
> Pros of puppet:
> - everything goes through source control
> - we love puppet
>
> Cons:
> - exposing all functionality is near impossible and thus the chances of
> the puppet config not being a perfect representation of the freeipa config
> is rather high
>
> I was wondering if fellow admins have faced this question and have any
> insights I should consider.
>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/c0ad2090-2eae-4561-9b2d-4f31b6fe9b6e%40googlegroups.com
> .
> For more options, visit https://groups.google.com/groups/opt_out.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CALKwpEypTcgHOAyk05uM%3DALsYui%2BLNKbw2BXfXx9_D1yrS_KQA%40mail.gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Noob question about the ${name} variable

2013-09-25 Thread Brian Lalor 
On Sep 25, 2013, at 8:12 AM, John Simpson  wrote:

>  file { '/etc/httpd/conf.d/ssl.conf' :
>ensure  => file ,
>content => template ( "${module_name}{$name}.erb" ) ,
>  }
> 
> Here $name expands to "apache", so the filename passed to template() is 
> "apacheapache.erb", rather than the expected and desired value 
> "apache/etc/httpd/conf.d/ssl.conf.erb".

Is this the literal syntax?  Because you have "{$name}" instead of "${name}".  
I can't explain why the former would expand the way it does, unless the braces 
around the variable name have special meaning.  I would expect you'd get the 
literal braces in the expanded value.  Not a real answer, but it does look 
unintentional.

--
Brian Lalor
bla...@bravo5.org
http://github.com/blalor

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.

  1   2   3   4   5   6   >