Re: [Puppet Users] r10k postrun + Puppetfile

2016-02-20 Thread Cory Stoker 
What does your r10k.yaml look like for the postrun command? What you are
trying to do is possible of course.  I have a postrun script that I call
that wraps and commands I want to perform post deploy.

Your Puppetfile should be in the environment/ folder.   So
like /etc/puppetlabs/code/environments/production/Puppetfile.  On your
r10k-control git repo it is in the top level directory, which then r10k
will copy into the right location.

HTH,
Cory

On Mon, Feb 8, 2016 at 10:32 PM, Lupin Deterd  wrote:

> Hi,
>
>  I have two questions that all related to r10k, this  could be trivial but
> I can't seem to make it work. Basically what I want to achieve is  trigger
>  a postrun  that will modify/set the permission of /var/lib/hieradata and
> /etc/puppetlabs/puppet/environment/production/modules both are managed by
> r10k.
>
>  Currently I have a Shell script that does the permission modify and being
> invoke  manually. I tried to add that on my postrun config but no luck.
>
>
> Second question where does 'Puppetfile' should be located? Should it go
> inside the 'environments' folder that is under git control?
>
>
> Cheers
> Lupin
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/04f1e7e2-8155-4dca-b103-887302a79384%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAJNEtxvPQV4FYSSh0Z%2Bob1%2BMPkKdotPrpwDMy67fuYCzR0LqyQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Question about Puppet CLI and --codedir

2016-02-06 Thread Cory Stoker 
So reading this right you want to have an agent run code out of the test
branch on the puppetserver and not the production branch?  And it will work
fine if you change the codedir on the puppetserver?

The clients usually do not dictate the code directory on the remote
server.  They tell the server their environment and the server will handle
the rest.  The server has a root codedir, and then uses environments to run
different branches of your code.

Ideally you would have:

/etc/puppetlabs/code as your codedir on the server

Then you would have:
/etc/puppetlabs/code/environments/production
/etc/puppetlans/code/environments/test


On the agent then you would have in puppet.conf
[agent]
environment = test


Puppet has a bunch of defaults so commenting it out in the conf does not
mean it isn't set still.

HTH

On Thu, Feb 4, 2016 at 4:32 PM, CJ Cotton  wrote:

> My understanding is that the Puppet CLI parameters will be the values
> taken in at run time.
> I have two code directories; test and production.
>
> They are exact replicas of each other.
> If I force the puppetserver to run /etc/puppetlabs/test -- it will run
> without issue and as expected.
>
> When I run the command;
> puppet agent -t --codedir /etc/puppetlabs/test --noop
>
> It will still run code out of /etc/puppetlabs/production. I tested this by
> putting a notify statement in  production, and not having one in test.
> Every time I ran it, it ran with the notify statement indicating it was
> still reading /etc/puppetlabs/production.
>
> Does anyone have any idea why it would not be using the parameter I input?
>
> The puppetmaster does have the master.code.dir commented out.
> The puppet.conf file on master only has an agent environment
>
> I'm running this from a node (different server). I verified the
> puppet.conf for the server I'm running it from also does not have values,
> though at one point of testing I explicitly hardcoded them and it still
> failed.
>
> Ideas, thoughts?
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/522ca301-dddb-4111-b19d-ebbd30666337%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAJNEtxvxdbwPa%2B_8FHEUFhSQZmRA9%2B65xy680MV4Liw9nCwGEw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: puppetlabs-firewall issue

2014-07-02 Thread Cory Stoker 
Hmm...

Do you have plugin sync turned on in the agent config?  Should see
something like pluginsync = true in your puppet.conf.  The error
specified seems to be having an issue fining the type which is sync'ed
from the master to the agents through plugin sync.

On Tue, Jul 1, 2014 at 1:50 PM, Pablo Morales netwarrior...@gmail.com wrote:
 If it helps this is what I see when running in debug mode:

 debug: /Stage[main]/My_fw::Post/Firewall[999 drop all]/require: requires
 Class[My_fw::Pre]
 debug: /Stage[main]/My_fw::Pre/Firewall[001 accept all to lo
 interface]/before: requires Firewall[002 accept related established rules]
 debug: /Stage[main]/Firewall::Linux::Redhat/require: requires
 Package[iptables]
 debug: /Stage[main]/My_fw::Pre/Firewall[000 accept all icmp]/before:
 requires Firewall[001 accept all to lo interface]
 debug: /Stage[main]/My_fw::Pre/Firewall[100 allow http and https
 access]/before: requires Class[My_fw::Post]
 debug: /Stage[main]/My_fw::Pre/Firewall[002 accept related established
 rules]/before: requires Class[My_fw::Post]
 debug: /Stage[main]/Users/User[pepe]: Autorequiring Group[shame]
 debug: /Schedule[daily]: Skipping device resources because running on a host
 debug: /Schedule[monthly]: Skipping device resources because running on a
 host
 debug: /Schedule[hourly]: Skipping device resources because running on a
 host
 debug: /Schedule[never]: Skipping device resources because running on a host
 debug: Prefetching yum resources for package
 debug: Puppet::Type::Package::ProviderYum: Executing '/bin/rpm --version'
 debug: Puppet::Type::Package::ProviderYum: Executing '/bin/rpm -qa
 --nosignature --nodigest --qf '%{NAME} %|EPOCH?{%{EPOCH}}:{0}| %{VERSION}
 %{RELEASE} %{ARCH}
 ''
 debug: Service[iptables](provider=redhat): Executing '/sbin/service iptables
 status'
 debug: Puppet::Type::Service::ProviderRedhat: Executing '/sbin/chkconfig
 iptables'


 El martes, 1 de julio de 2014 16:17:30 UTC-3, Pablo Morales escribió:

 Hi there guys
 I'm new to puppet I thinks it's a great tool and I'm trying to configure
 some task to perform automatically like users and some services which I had
 no
 problems until now with iptables, this is what I'v got

 server and client:
 CentOS release 6.5 (Final)

 On client:
 puppet-2.7.25-2.el6.noarch

 On server:
 puppet-server-3.6.2-1.el6.noarch
 puppet-3.6.2-1.el6.noarch

 I'm following this:
 https://forge.puppetlabs.com/puppetlabs/firewall

 My config on server:
 /etc/puppet/modules/my_fw/manifests
 post.pp
 pre.pp
 class my_fw::post {
   firewall { '999 drop all':
 proto   = 'all',
 action  = 'drop',
 before  = undef,
   }
 }

 class my_fw::pre {
   Firewall {
 require = undef,
   }

   # Default firewall rules
   firewall { '000 accept all icmp':
 proto   = 'icmp',
 action  = 'accept',
   }-
   firewall { '001 accept all to lo interface':
 proto   = 'all',
 iniface = 'lo',
 action  = 'accept',
   }-
   firewall { '002 accept related established rules':
 proto   = 'all',
 ctstate = ['RELATED', 'ESTABLISHED'],
 action  = 'accept',
   }

   firewall { '100 allow http and https access':
 port   = [80, 443],
 proto  = tcp,
 action = accept,
   }

 }

 /etc/puppet/manifests
 site.pp
 # tell puppet on which client to run the class
 node slnxserver {

 include users

 #resources { firewall:
 #purge = true
 #}

 Firewall {
 before  = Class['my_fw::post'],
 require = Class['my_fw::pre'],
 }

 class { ['my_fw::pre', 'my_fw::post']: }
 class { 'firewall': }
 }

 On the client I see the following:
 tail -f /var/log/messages
 Jul  1 16:01:09 slnxserver puppet-agent[16431]: Finished catalog run in
 0.35 seconds
 Jul  1 16:02:41 slnxserver puppet-agent[16431]: Finished catalog run in
 0.33 seconds
 Jul  1 16:04:13 slnxserver puppet-agent[16431]: Finished catalog run in
 0.30 seconds
 Jul  1 16:05:45 slnxserver puppet-agent[16431]: Finished catalog run in
 0.28 seconds
 Jul  1 16:07:17 slnxserver puppet-agent[16431]: Finished catalog run in
 0.29 seconds

 No problems reported, but it seems the iptables rules are not applied, am
 I missing somthing else?

 The 80:443 ports is not applied:

 iptables -nL
 Chain INPUT (policy ACCEPT)
 target prot opt source   destination

 Chain FORWARD (policy ACCEPT)
 target prot opt source   destination

 Chain OUTPUT (policy ACCEPT)
 target prot opt source   destination

 If I uncomment the resource statement above I get:
 puppet-agent[16431]: Failed to apply catalog: Parameter name failed on
 Resources[firewall]: Could not find resource type 'firewall' at
 /etc/puppet/manifests/site.pp:8


 Thanks for your time and support, any help appreciated.
 Regards



 --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To unsubscribe from this group and stop receiving emails from it, send an

Re: [Puppet Users] Scaling of Puppet masters

2014-05-19 Thread Cory Stoker 
I can weigh in a little on this...

As far as scalability of the puppet masters, it can be variable
depending on what kind of puppet code you are running.  The largest
item that can ruin scalability is long catalog compilation time.
Another thing is run interval.

Current at my workplace we run a pretty comprehensive puppet code base
(100% provisioned and deployed via puppet) over 10,000+ puppet agents.
 We service the nodes through an LVS load balancer pair and have 3
puppet masters with 8 cores running Nginx with Passenger.  We have a 6
hour run interval and also perform ad hoc runs.  We have had 0 issues
with this setup so far in regard to load however the puppet masters
are consistently busy on all cores.  PuppetDB with Postgres is a must.

I know a lot of people are now turning to Hiera backends to do their
ENC as well as Dashboard and Foreman.

Thanks,
Cory


On Mon, May 19, 2014 at 1:50 PM, Jerald Sheets que...@gmail.com wrote:

 On May 19, 2014, at 3:40 PM, Peter Berghold salty.cowd...@gmail.com wrote:

 Second:  is there a way to use a load balancer in front of a bank of Puppet 
 masters and keep the reports in sync?

 PuppetDB eliminates this need for you, and you can scale at the PostGres 
 layer instead.  Have a peek at PuppetDB.  It’s a default install with PE, and 
 easy to install with OSS Puppet.


  I am considering proposing Puppet Dashboard as an ENC.

 According to my communications with various folks doing this for a living, 
 Foreman seems to be the favored ENC to recommend given that Dashboard is 
 being deprecated.  Not totally, as it’s been released to the community, but 
 it’s not the “go-to” any more, necessarily.

 —jms

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAJNEtxs4HbgVe-bsGo2DfxxKR0_L2qG6OSuLu%2BpM%3D4J%2BS9eH7w%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: puppetdb: how to install using the system ruby 1.9.3-p484

2014-01-21 Thread Cory Stoker 
So how did you install Ruby 1.9.3?  Did you create your own RPM or use
something else?  The RPM packages for puppet will have dependencies
and then yum will try to satisfy them by looking in it's configured
yum repositories.  It usually tries to find the latest version.
Looking at your output it looks like none of the Ruby dependencies
were installed so yum find versions for you.  For example these 2 are
looking for a Ruby greater than 1.8 installed and a file called
/usr/bin/ruby:
-- Processing Dependency: ruby = 1.8 for package: puppet-3.4.2-1.el6.noarch
-- Processing Dependency: /usr/bin/ruby for package: puppet-3.4.2-1.el6.noarch

Since neither were found in the RPM DB it installed Ruby 1.8.7 for you.


On Tue, Jan 21, 2014 at 1:14 PM, machete scuderia...@gmail.com wrote:


 On Tuesday, January 21, 2014 3:13:49 PM UTC-5, machete wrote:

 The 1.8.7 ruby, rubygems and its gems were uninstalled. The root .gem and
 user .gem directories were also removed.  I am hunting for what I am
 overlooking.

 I am now looking at using the yum package to install puppet. Listed below
 are the results of the package install. Notice it's trying to install 1.8.7,
 when my goal is to use the shiny 1.9.3 ...


 # sudo yum install puppetLoaded plugins: fastestmirror
 Loading mirror speeds from cached hostfile
  * base: mirrors-pa.sioru.com
  * epel: www.gtlib.gatech.edu
  * extras: www.gtlib.gatech.edu
  * rpmforge: mirror.us.leaseweb.net
  * updates: centos.icyboards.com
 puppetlabs-deps| 1.9
 kB 00:00
 puppetlabs-deps/primary_db |  21
 kB 00:00
 puppetlabs-products| 1.9
 kB 00:00
 puppetlabs-products/primary_db | 103
 kB 00:00
 Setting up Install Process
 Resolving Dependencies
 -- Running transaction check
 --- Package puppet.noarch 0:3.4.2-1.el6 set to be updated
 -- Processing Dependency: ruby = 1.8 for package:
 puppet-3.4.2-1.el6.noarch
 -- Processing Dependency: facter = 1.6.11 for package:
 puppet-3.4.2-1.el6.noarch
 -- Processing Dependency: ruby-rgen = 0.6.5 for package:
 puppet-3.4.2-1.el6.noarch
 -- Processing Dependency: ruby = 1.8.7 for package:
 puppet-3.4.2-1.el6.noarch
 -- Processing Dependency: hiera = 1.0.0 for package:
 puppet-3.4.2-1.el6.noarch
 -- Processing Dependency: ruby-augeas for package:
 puppet-3.4.2-1.el6.noarch
 -- Processing Dependency: /usr/bin/ruby for package:
 puppet-3.4.2-1.el6.noarch
 -- Processing Dependency: ruby-shadow for package:
 puppet-3.4.2-1.el6.noarch
 -- Running transaction check
 --- Package facter.x86_64 1:1.7.4-1.el6 set to be updated
 -- Processing Dependency: virt-what for package:
 1:facter-1.7.4-1.el6.x86_64
 --- Package hiera.noarch 0:1.3.0-1.el6 set to be updated
 -- Processing Dependency: rubygem-json for package:
 hiera-1.3.0-1.el6.noarch
 --- Package ruby.x86_64 0:1.8.7.352-13.el6 set to be updated
 -- Processing Dependency: ruby-libs = 1.8.7.352-13.el6 for package:
 ruby-1.8.7.352-13.el6.x86_64
 -- Processing Dependency: libruby.so.1.8()(64bit) for package:
 ruby-1.8.7.352-13.el6.x86_64
 --- Package ruby-augeas.x86_64 0:0.4.1-1.el6 set to be updated
 -- Processing Dependency: augeas-libs = 0.8.0 for package:
 ruby-augeas-0.4.1-1.el6.x86_64
 -- Processing Dependency: libaugeas.so.0(AUGEAS_0.12.0)(64bit) for
 package: ruby-augeas-0.4.1-1.el6.x86_64
 --- Package ruby-rgen.noarch 0:0.6.5-1.el6 set to be updated
 --- Package ruby-shadow.x86_64 0:1.4.1-13.el6 set to be updated
 -- Running transaction check
 --- Package augeas-libs.x86_64 0:1.0.0-5.el6_5.1 set to be updated
 --- Package ruby-libs.x86_64 0:1.8.7.352-13.el6 set to be updated
 --- Package rubygem-json.x86_64 0:1.5.5-1.el6 set to be updated
 -- Processing Dependency: rubygems for package:
 rubygem-json-1.5.5-1.el6.x86_64
 --- Package virt-what.x86_64 0:1.11-1.2.el6 set to be updated
 -- Running transaction check
 --- Package rubygems.noarch 0:1.3.7-5.el6 set to be updated
 -- Processing Dependency: ruby-rdoc for package:
 rubygems-1.3.7-5.el6.noarch
 -- Running transaction check
 --- Package ruby-rdoc.x86_64 0:1.8.7.352-13.el6 set to be updated
 -- Processing Dependency: ruby-irb = 1.8.7.352-13.el6 for package:
 ruby-rdoc-1.8.7.352-13.el6.x86_64
 -- Running transaction check
 --- Package ruby-irb.x86_64 0:1.8.7.352-13.el6 set to be updated
 -- Finished Dependency Resolution

 Dependencies Resolved


 ==
  PackageArch Version  Repository
 Size

 ==
 Installing:
  puppet noarch   3.4.2-1.el6
 puppetlabs-products   1.1 M
 Installing for dependencies:
  facter x86_64   1:1.7.4-1.el6
 puppetlabs-products87 k
  hiera  noarch   1.3.0-1.el6

Re: [Puppet Users] gem install error

2013-12-16 Thread Cory Stoker 
Some ruby gems are compiled and they need dependencies.  In this case
you need the MySQL development files.  Usually it is an RPM like
mysql-devel that you need in addition to gcc, make, etc...

The first error is probably because you specify versions in gem
differently than how you tried above.  For example:

gem install mysql -v 2.9.1

But since 2.9.1 is the latest it will be installed if you leave off a version.

On Mon, Dec 16, 2013 at 3:37 PM, Stuart Cracraft smcracr...@gmail.com wrote:

 Anyone seen this?

 [root@ca-sna-pm01 puppet-dashboard]# !gem

 gem install mysql-2.9.1

 ERROR:  While executing gem ... (Net::HTTPServerException)

 403 Forbidden

 [root@ca-sna-pm01 puppet-dashboard]# gem install mysql

 Building native extensions.  This could take a while...

 ERROR:  Error installing mysql:

 ERROR: Failed to build gem native extension.



 /usr/bin/ruby extconf.rb

 checking for mysql_ssl_set()... no

 checking for rb_str_set_len()... no

 checking for rb_thread_start_timer()... no

 checking for mysql.h... no

 checking for mysql/mysql.h... no

 *** extconf.rb failed ***

 Could not create Makefile due to some reason, probably lack of

 necessary libraries and/or headers.  Check the mkmf.log file for more

 details.  You may need configuration options.



 Provided configuration options:

 --with-opt-dir

 --without-opt-dir

 --with-opt-include

 --without-opt-include=${opt-dir}/include

 --with-opt-lib

 --without-opt-lib=${opt-dir}/lib

 --with-make-prog

 --without-make-prog

 --srcdir=.

 --curdir

 --ruby=/usr/bin/ruby

 --with-mysql-config

 --without-mysql-config





 Gem files will remain installed in /usr/lib64/ruby/gems/1.8/gems/mysql-2.9.1
 for inspection.

 Results logged to
 /usr/lib64/ruby/gems/1.8/gems/mysql-2.9.1/ext/mysql_api/gem_make.out

 [root@ca-sna-pm01 puppet-dashboard]#





 --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To unsubscribe from this group and stop receiving emails from it, send an
 email to puppet-users+unsubscr...@googlegroups.com.
 To view this discussion on the web visit
 https://groups.google.com/d/msgid/puppet-users/e2e8905f-8bb5-4067-a8bd-bf0b6012261b%40googlegroups.com.
 For more options, visit https://groups.google.com/groups/opt_out.

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAJNEtxu%2BkQNH6p%2BZ4gkOGfB7ZmvCpptVFGn8B91L294hsMOOOA%40mail.gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] replace a value in file

2013-10-25 Thread Cory Stoker 
I would guess that the lens is error out when it attempts to load the
file.  Have you tried to use augtool manually to see if you can make
your changes?

One thing I notice is that if a lens cannot parse a file it will say
in the error section.  Taking a guess something like this:

# augtool
augtool ls /augeas/files/etc/default/fusioninventory-agent/error/
pos = 618
line = 19
char = 0
lens = /usr/share/augeas/lenses/dist/shellvars.aug:61.12-.77:
message = Iterated lens matched less than it should

Now my error was just an example from a file I pulled from the
internet. You should check it out in augtool for yourself.  If augeas
parses your file correctly it will should show up in:

augtool print /augeas/files/etc/default/fusioninventory-agent/

If it shows then you should be able to change your line as needed.

HTH

-Cory


On Fri, Oct 25, 2013 at 9:58 AM, puppetstan stanislas.lev...@gmail.com wrote:
 Hi

 I would lie replace a value in my config file
 /etc/default/fusioninventory-agent

 MODE = daemon

 and i would like replace cron by daemon


 My manifest is this but is not good, can you have an idea? I think it s
 Simplevers.lns is not good..

 augeas { 'fusioninventory mode':
lens = 'Simplevars.lns',
 incl = '/etc/default/fusioninventory-agent',
 changes = [ 'set MODE daemon' ],
 }


 Regards

 --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To unsubscribe from this group and stop receiving emails from it, send an
 email to puppet-users+unsubscr...@googlegroups.com.
 To post to this group, send email to puppet-users@googlegroups.com.
 Visit this group at http://groups.google.com/group/puppet-users.
 For more options, visit https://groups.google.com/groups/opt_out.

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] exporting custom facts to the puppet agents

2013-10-16 Thread Cory Stoker 
Well the easiest way would be to make a puppet module and place your
facts in the correct path.  Then enable pluginsync which causes the
fact to get downloaded to the puppet clients.

See:  http://docs.puppetlabs.com/guides/plugins_in_modules.html


On Sun, Oct 13, 2013 at 3:00 AM, Sans r.santanu@gmail.com wrote:


 Dear all,

 I have a custom fact, that reads a file and then generate the values
 dynamically based on the file content. It's something like this:


 inFile = /home/admin/OSs.txt
 gos = {}

 if File.exist?(inFile)
 open(inFile, 'r').each do |line|
 next if line =~ /^\s*(#|$)/
 parts = line.split(',').map(:strip)

 case parts[1]
 when /^Mac/
 (gos[:mac] ||= [])  parts[0]
 when /_Win$/
 (gos[:win] ||= [])  parts[0]
 else
 (gos[:linux] ||= [])  parts[0]
 end
 end
 end

 Facter.add(:am_running_oss) do
 has_weight 100
 if gos.count = 1
 setcode { gos.keys.join(',') }
 else
 setcode { 'undefined' }
 end
 end



 The file is on the PuppetMaster. Hence the custom fact 'am_running_oss' is
 not available or empty when it runs on the agent. What are the options I
 have to make the custom facts(s) available on every single puppet agent?
 Thanks in advance. Cheers!!

 --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To unsubscribe from this group and stop receiving emails from it, send an
 email to puppet-users+unsubscr...@googlegroups.com.
 To post to this group, send email to puppet-users@googlegroups.com.
 Visit this group at http://groups.google.com/group/puppet-users.
 For more options, visit https://groups.google.com/groups/opt_out.

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] require one file from several environments

2013-10-06 Thread Cory Stoker 
Data like this should probably go into hiera. Then write modules to
use the data via parameterized classes or hiera() lookups.  For
example we use the datadir directive in hiera to split out hiera
lookups to become environments aware.  This would simplify your data
structure to where you are just specifying the data for each
environment to use instead of having to code your manifests to
understand the data structure in a environmentally aware state.

Example in your prod environment hiera yaml:
software::soft1::version: 0.0.6

Example in your test environment hiera yaml:
software::soft1::version: 0.0.7

Then in your class:
class software::soft1($version) {
  package { 'soft1':
ensure = $version
}

Hiera would give your puppet clients the correct answer based on environment...

However if you just want to use your data structure you referenced
above you can place it into a module/class or even use import. However
importing in a file like site.pp is not really recommended for various
reasons.

On Fri, Oct 4, 2013 at 10:52 AM, kay kay kay.d...@gmail.com wrote:
 I would like to create one file with array, i.e.:

 $pkg_versions = {
   soft1  = { prod = 0.0.6, test = 0.0.7 },
   soft2 = { prod = 1.1.4, test = 1.1.5 };
 }

 And require this file in several environments.

 I tried to use require /var/lib/puppet/somedir/etc/file.inc, but puppet
 can not find it.

 What solution should I use? Or maybe is it possible to put this array in
 puppet class, include it in parent classe and get its values?

 Thanks for help!

 --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To unsubscribe from this group and stop receiving emails from it, send an
 email to puppet-users+unsubscr...@googlegroups.com.
 To post to this group, send email to puppet-users@googlegroups.com.
 Visit this group at http://groups.google.com/group/puppet-users.
 For more options, visit https://groups.google.com/groups/opt_out.

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Converting augeas snippet to puppet augeas resource

2013-10-06 Thread Cory Stoker 
Ouch my eyes...  Augeas can wreck your day sometimes.  I have to ask
though, why not use the Puppetlabs Firewall Module? It's here:
https://forge.puppetlabs.com/puppetlabs/firewall

Then you would do something like this:
  firewall { 'mayo_fw TCP/3':
ensure = present,
table  = 'filter',
chain  = 'Mayo-Firewall-INPUT',
proto  = 'tcp',
dport  = 3,
action = 'accept',
  } #End

As far as your output above it looks like it errored out on the files
iptables.save and iptables.orig?  What's weird is you have incl
commented out which would make me think it should only load the one
path you specified.

On Fri, Oct 4, 2013 at 7:13 AM, Patrick Spinler pspin...@gmail.com wrote:

 (apologies in advance for the line wrap)

 I have the following tidbit of augeas code, which inserts a rule into
 /etc/sysconfig/iptables as the first rule of a specifically named chain;

 # augtool insert append before
 /files/etc/sysconfig/iptables/table/append[. = 'Mayo-Firewall-INPUT'][1]
 # augtool match /files/etc/sysconfig/iptables/table/append[. = '']
 # /files/etc/sysconfig/iptables/table/append[8] = (none)
 # augtool set /files/etc/sysconfig/iptables/table/append[. = '']
 'Mayo-Firewall-INPUT'
 # augtool set /files/etc/sysconfig/iptables/table/append[. =
 'Mayo-Firewall-INPUT'][1]/protocol 'tcp'
 # augtool set /files/etc/sysconfig/iptables/table/append[. =
 'Mayo-Firewall-INPUT'][1]/match 'tcp'
 # augtool set /files/etc/sysconfig/iptables/table/append[. =
 'Mayo-Firewall-INPUT'][1]/dport '3'
 # augtool set /files/etc/sysconfig/iptables/table/append[. =
 'Mayo-Firewall-INPUT'][1]/jump 'ACCEPT'
 # augtool print /files/etc/sysconfig/iptables/table/append[. =
 'Mayo-Firewall-INPUT'][1]
 # /files/etc/sysconfig/iptables/table/append[8] = Mayo-Firewall-INPUT
 # /files/etc/sysconfig/iptables/table/append[8]/dport = 3
 # /files/etc/sysconfig/iptables/table/append[8]/match = tcp
 # /files/etc/sysconfig/iptables/table/append[8]/protocol = tcp
 # /files/etc/sysconfig/iptables/table/append[8]/jump = ACCEPT

 I'd like to convert this to a puppet augeas define.  So far, I've got this:

   define mayo_firewall_insert ($dport, $proto) {

 augeas { firewall_${title}:
   context = /files/etc/sysconfig/iptables/table,
   # incl = /etc/sysconfig/iptables,
   # lens = iptables.aug,
   onlyif = match append[dport='$dport'] size != 0,
   changes = [
   insert append before append[. =
 'Mayo-Firewall-INPUT'][1],
   set append[. = ''] 'Mayo-Firewall-INPUT',
   set append[. = 'Mayo-Firewall-INPUT'][1]/protocol
 '$proto',
   set append[. = 'Mayo-Firewall-INPUT'][1]/match '$proto',
   set append[. = 'Mayo-Firewall-INPUT'][1]/dport '$dport',
   set append[. = 'Mayo-Firewall-INPUT'][1]/jump 'ACCEPT',
   ],
 }

 However, when I declare a resource using the above define, I get augeas
 syntax errors, and I'm not sure how to track down the problem:

 (invoked as 'puppet apply  --verbose --debug --detailed-exitcodes
 --execute include omnibus_node')

 ...
 Debug: Augeas[firewall_omnibus_tcp_4100](provider=augeas): Opening
 augeas with root /, lens path , flags 32
 Debug: Augeas[firewall_omnibus_tcp_4100](provider=augeas): Augeas
 version 1.1.0 is installed
 Warning: Augeas[firewall_omnibus_tcp_4100](provider=augeas): Loading
 failed for one or more files, see debug for /augeas//error output
 Debug: Augeas[firewall_omnibus_tcp_4100](provider=augeas):
 /augeas/files/etc/sysconfig/iptables.save/error/pos = 115
 Debug: Augeas[firewall_omnibus_tcp_4100](provider=augeas):
 /augeas/files/etc/sysconfig/iptables.save/error/line = 3
 Debug: Augeas[firewall_omnibus_tcp_4100](provider=augeas):
 /augeas/files/etc/sysconfig/iptables.save/error/char = 0
 Debug: Augeas[firewall_omnibus_tcp_4100](provider=augeas):
 /augeas/files/etc/sysconfig/iptables.save/error/lens =
 /shares/nfs/unixarch/share/augeas/lenses/dist/shellvars.aug:163.12-.99:
 Debug: Augeas[firewall_omnibus_tcp_4100](provider=augeas):
 /augeas/files/etc/sysconfig/iptables.save/error/message = Syntax error
 Debug: Augeas[firewall_omnibus_tcp_4100](provider=augeas):
 /augeas/files/etc/sysconfig/iptables.orig/error/pos = 64
 Debug: Augeas[firewall_omnibus_tcp_4100](provider=augeas):
 /augeas/files/etc/sysconfig/iptables.orig/error/line = 2
 Debug: Augeas[firewall_omnibus_tcp_4100](provider=augeas):
 /augeas/files/etc/sysconfig/iptables.orig/error/char = 0
 Debug: Augeas[firewall_omnibus_tcp_4100](provider=augeas):
 /augeas/files/etc/sysconfig/iptables.orig/error/lens =
 /shares/nfs/unixarch/share/augeas/lenses/dist/shellvars.aug:163.12-.99:
 Debug: Augeas[firewall_omnibus_tcp_4100](provider=augeas):
 /augeas/files/etc/sysconfig/iptables.orig/error/message = Syntax error
 Debug: Augeas[firewall_omnibus_tcp_4100](provider=augeas): Closed the
 augeas connection
 ...


 I'm guessing the augeas tree isn't what I think it is by the time it
 goes to

Re: [Puppet Users] Re: storeconfigs

2013-10-06 Thread Cory Stoker 
It looks like you do not have all the Ruby gems installed.
Storeconfigs requires Activerecord version 2.1 or later.  On your
system depending on how you install your Ruby gems, you should run:

#see if Activerecord is installed
gem list

if you do not find it installed then you should install from pacjage
manager or do a gem install activerecord.

http://projects.puppetlabs.com/projects/1/wiki/using_stored_configuration

Also it should be noted that storeconfigs has been replaced by
puppetdb and if you are doing this for the first time you should use
PuppetDB instead of storeconfigs.

http://docs.puppetlabs.com/puppetdb/latest/

HTH
-Cory



On Sun, Oct 6, 2013 at 6:58 AM, ytmp123 tmp...@hotmail.de wrote:
 If I remove storeconfigs=true from the Agent's puppet.conf-file then
 there is no error on the Agent. But the desired files aren't created in the
 puppet-server's /var/lib/puppet-directory. No files are created. So where
 is the data collected?

 Can anyone help me?

 --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To unsubscribe from this group and stop receiving emails from it, send an
 email to puppet-users+unsubscr...@googlegroups.com.
 To post to this group, send email to puppet-users@googlegroups.com.
 Visit this group at http://groups.google.com/group/puppet-users.
 For more options, visit https://groups.google.com/groups/opt_out.

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Newbie basic parameterized class usage question

2013-10-02 Thread Cory Stoker 
Not sure if you got help or not but that error is telling you that
filesys_group_acl is not a resource type.  This is because you created
it as a class and not a defined resource type.  Defined types use the
define keyword instead of the class keyword.

http://docs.puppetlabs.com/puppet/3/reference/lang_defined_types.html

HTH

-Cory

On Tue, Oct 1, 2013 at 9:17 AM, Patrick Spinler pspin...@gmail.com wrote:

 I'd like to create and call a parameterized class from another class,
 both in modules.  Here's what I'm trying to do:

 First, my module path:

 ap00375@ROFTMA901A ~ $ sudo puppet apply --configprint modulepath
 /modules:/shares/nfs/unixnoarch/config/puppet:/shares/nfs/unixnoarch/config/puppet/linux

 Here, you can see the two modules in question:

 ap00375@ROFTMA901A ~ $ find /shares/nfs/unixnoarch/config/puppet/ -name
 'init.pp'
 /shares/nfs/unixnoarch/config/puppet/tws_node/manifests/init.pp
 /shares/nfs/unixnoarch/config/puppet/filesys_group_acl/manifests/init.pp

 Here's the contents of tws_node's init.pp:

 class tws_node {

   $userhome=/opt/IBM/TWS

   filesys_group_acl { ibmtm_acl_group_ibmtm :
 #subscribe  = File[$userhome],
 dir = $userhome,
 group = ibmtm,
   }

 }

 And the contents of filesys_group_acl's init.pp (the parameterized one)


 class filesys_group_acl ($dir = '', $group = '') {

   exec { apply_acl_${title}:
 unless = /usr/bin/getfacl $dir 2/dev/null | /bin/grep
 group:$group:  /dev/null,
 command= /usr/bin/setfacl -R -m group:$group:rwx -m
 default:group:$group:rwx $dir,
   }

 }


 And it's complaining about the parameterized class, filesys_group_acl:

 ap00375@ROFTMA901A ~ $ sudo puppet apply --noop --verbose  --execute
 include tws_node
 Error: Puppet::Parser::AST::Resource failed with error ArgumentError:
 Invalid resource type filesys_group_acl at
 /shares/nfs/unixnoarch/config/puppet/tws_node/manifests/init.pp:10 on
 node roftma901a.mayo.edu
 Error: Puppet::Parser::AST::Resource failed with error ArgumentError:
 Invalid resource type filesys_group_acl at
 /shares/nfs/unixnoarch/config/puppet/tws_node/manifests/init.pp:10 on
 node roftma901a.mayo.edu


 Any help, please?  What am I missing?

 Thanks,
 -- Pat


-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Where does the puppet master get its hostname

2013-09-10 Thread Cory Stoker 
Puppet uses Facter to determine the FQDN.  I believe Facter uses a few
methods to try and figure out the domain part, namely:
hostname -f
dnsdomainname
parse out /etc/resolv.conf for the domain or search lines.

HTH,
Cory


On Tue, Sep 10, 2013 at 1:16 PM, Nathan Valentine nat...@puppetlabs.com wrote:
 Check both of the following: /etc/hosts and /etc/sysconfig/network.

 --
 ---
 Nathan Valentine - nat...@puppetlabs.com
 Puppet Labs Professional Services
 GV: 415.504.2173
 Skype: nrvale0

 --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To unsubscribe from this group and stop receiving emails from it, send an
 email to puppet-users+unsubscr...@googlegroups.com.
 To post to this group, send email to puppet-users@googlegroups.com.
 Visit this group at http://groups.google.com/group/puppet-users.
 For more options, visit https://groups.google.com/groups/opt_out.

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Re: Puppet first run timing out

2013-09-04 Thread Cory Stoker 
We have lots of puppet clients on crappy bandwidth that would time out
like this as well.  The option we changed to fix this is:

#Specify the timeout to wait for catalog in seconds
configtimeout = 600

The default time is like 60 or 120 secs.  Another thing you should do
is check out the logs of the web server if you are using passenger.
You should see a ton of GET requests when you need to sync plugins.
To force your puppet agent to redownload stuff remove the $vardir/lib
directory on the agent.


On Wed, Sep 4, 2013 at 1:48 PM, Pete Hartman pete.hart...@gmail.com wrote:
 I'm having a similar problem.

 I know for a fact that I am not contending with other agents, because this
 is in a lab environment and none of my agents is scheduled for periodic runs
 (yet).

 I have successfully run puppet agent -t first time, signed the cert, and run
 it a second time to pull over stdlib and other modules on agents running
 RHEL 6 and Solaris 10u10 x86.

 But I'm getting this timeout on a Solaris 10u10 box running on a T4-1 SPARC
 system.

 This was my third run:

  # date;puppet agent -t;date
 Wed Sep  4 14:12:05 CDT 2013
 Info: Retrieving plugin
 Notice: /File[/var/lib/puppet/lib/puppet/parser/functions/count.rb]/ensure:
 defined content as '{md5}9eb74eccd93e2b3c87fd5ea14e329eba'
 Notice:
 /File[/var/lib/puppet/lib/puppet/parser/functions/validate_bool.rb]/ensure:
 defined content as '{md5}4ddffdf5954b15863d18f392950b88f4'
 Notice:
 /File[/var/lib/puppet/lib/puppet/parser/functions/get_module_path.rb]/ensure:
 defined content as '{md5}d4bf50da25c0b98d26b75354fa1bcc45'
 Notice:
 /File[/var/lib/puppet/lib/puppet/parser/functions/is_ip_address.rb]/ensure:
 defined content as '{md5}a714a736c1560e8739aaacd9030cca00'
 Error:
 /File[/var/lib/puppet/lib/puppet/parser/functions/is_numeric.rb]/ensure:
 change from absent to file failed: execution expired

 Error: Could not retrieve plugin: execution expired
 Info: Caching catalog for AGENT
 Info: Applying configuration version '1378322110'
 Notice: Finished catalog run in 0.11 seconds
 Wed Sep  4 14:15:58 CDT 2013


 Each time I've run it, I get about 10 or so files and then I get execution
 expired.

 What I'd really like to see is whether I can increase the expiry timeout.


 Some other details:  The master is RHEL 6 on a Sun/Oracle X4800, lots and
 lots of fast cores and memory.  I'm using Puppet Open Source. I'm using
 passenger.  I have no real modules other than some basic forge modules I've
 installed to start out with.

 [root@MASTER audit]# cd /etc/puppet/modules
 [root@MASTER modules]# ls
 apache  concat  epel  firewall  inifile  passenger  puppet  puppetdb  ruby
 stdlib

 I briefly disabled SELinux on the master, but saw no change in behavior.

 I'm certain that the firewall is right because other agents have had no
 problems.  iptables IS enabled, however.

 The master and the agent are on the same subnet, so I don't suspect a
 network performance issue directly.

 On Solaris, because the vendor supplied OpenSSL is antique and doesn't
 include SHA256, we have built our own OpenSSL and our own Ruby using that
 OpenSSL Library.  Even though SPARC is a 64 bit architecture, Ruby seems to
 default to a 32 bit build, so we built OpenSSL as 32 bit as well to match.
 I've got an open question to the guy responsible for that to see how hard it
 would be to try to build Ruby as 64 bit, that's likely a next test.

 I have not yet run snoop on the communication to see what's going on the
 network side, but as I say I don't really expect the network to be the
 problem, between being on the same subnet and success on other systems with
 higher clock speeds.

 Any pointers to other possible causes or somewhere I can (even temporarily)
 increase the timeout would be appreciated.




 On Thursday, August 8, 2013 8:56:33 AM UTC-5, jcbollinger wrote:



 On Wednesday, August 7, 2013 11:46:06 AM UTC-5, Cesar Covarrubias wrote:

 I am already using Passenger. My master is still being minimally
 utilized, as I'm just now beginning the deployment process. In terms of
 specs, it is running 4 cores and 8GB of mem and 4GB of swap. During a run,
 the total system usage is no more than 2GB and no swap. No network
 congestion and I/O is low on the SAN which these VMs use.

 The odd thing is once the hosts get all the libs sync'd, performance is
 fine on further changes. It's quite perplexing.


 To be certain that contention by multiple Puppet clients does not
 contribute to the issue, ensure that the problem still occurs when only one
 client attempts to sync at a time.  If it does, then the issue probably has
 something to do with the pattern of communication between client and master,
 for that's the main thing that differs between an initial run and subsequent
 ones.

 During the initial plugin sync, the master delivers a moderately large
 number of small files to the client, whereas on subsequent runs it usually
 delivers only a catalog, and perhaps, later, 'source'd Files

Re: [Puppet Users] Puppet Dashboard Error 400 Invalid Parameter at passenger pp:48

2013-09-04 Thread Cory Stoker 
Look at the apache::vhost definition.  It looks to me that template
is no longer a parameter to the defined type.  Since this looks like
puppetlabs-dashboard I would check out the puppetlabs-apache module to
find the apache::vhost defined type in
puppetlabs-apache/manifest/vhost.pp.  If the parameter is not declared
in the type then you will need to remove that line and figure out what
you do need to declare in passenger.pp for the apache::vhost resource.
 It looks to me like $template was a parameter in older versions of
that module (0.4.0) but is now gone in the current version.

HTH

On Wed, Sep 4, 2013 at 8:08 AM, Mr. Vitriol patrick.marv.b...@gmail.com wrote:
 Hi,
 I am new to the job and forum. I installed puppet and puppetmaster and set
 up my first dependencies acording to a manual that we have here in our
 company. Everything works fine and I can set up new nodes with several
 modules to choose from. Unfortunatley the Dashboard gives me errors instead
 of starting correctley.

 Here the message:

 Error: Could not retrieve catalog from remote server: Error 400 on SERVER:
 Invalid parameter template at
 /etc/puppet/modules/dashboard/manifests/passenger.pp:48 on node
 puppet-master.defaultdomain
 Warning: Not using cache on failed catalog
 Error: Could not retrieve catalog; skipping run

 The relevant passage from the passenger is:

 # Class: dashboard::passenger
 #
 # This class configures parameters for the puppet-dashboard module.
 #
 # Parameters:
 #   [*dashboard_site*]
 # - The ServerName setting for Apache
 #
 #   [*dashboard_port*]
 # - The port on which puppet-dashboard should run
 #
 #   [*dashboard_config*]
 # - The Dashboard configuration file
 #
 #   [*dashboard_root*]
 # - The path to the Puppet Dashboard library
 #
 # Actions:
 #
 # Requires:
 #
 # Sample Usage:
 #
 class dashboard::passenger (
   $dashboard_site,
   $dashboard_port,
   $dashboard_config,
   $dashboard_root
 ) inherits dashboard {

   require ::passenger
   include apache

   file { '/etc/init.d/puppet-dashboard':
 ensure = absent,
   }

   file { 'dashboard_config':
 ensure = absent,
 path   = $dashboard_config,
   }

   apache::vhost { $dashboard_site:
 port = $dashboard_port,
 priority = '50',
 docroot  = ${dashboard_root}/public,
 template = 'dashboard/passenger-vhost.erb',
   }
 }

 That is the default version, since I didn't add anything.

 I hope someone can help me with this, google wasn't able to.

 Thanks in advance.

 --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To unsubscribe from this group and stop receiving emails from it, send an
 email to puppet-users+unsubscr...@googlegroups.com.
 To post to this group, send email to puppet-users@googlegroups.com.
 Visit this group at http://groups.google.com/group/puppet-users.
 For more options, visit https://groups.google.com/groups/opt_out.

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Re: Installing PuppetDB on Red Hat 6.4 Postgresql issues

2013-07-24 Thread Cory Stoker 
Hello:

I always seem to not be able to use localhost even with Posgtres bound
to all addresses.  The command I tend to use is like:

 psql -h 10.10.10.10 -d puppetdb -U puppetdb -W

then enter your password.

HTH

On Wed, Jul 24, 2013 at 2:01 PM, GregC greg.caldwe...@gmail.com wrote:
 I was able to run a psql puppetdb without issue and then saw the creation of
 the puppetdb database.


 On Wednesday, July 24, 2013 3:37:10 PM UTC-4, GregC wrote:

 Follwed the instructions for installing PuppetDB from pupptlabs url:
 http://docs.puppetlabs.com/puppetdb/latest/configure.html#using-postgresql

 After running the following commands to create puppetdb user and puppetdb
 database I cannot login with the password I provided for puppetdb
 $ sudo -u postgres sh $ createuser -DRSP puppetdb $ createdb -E UTF8 -O
 puppetdb puppetdb $ exit

 I keep getting a connection error, can anyone shed any light on this,
 appreciate your help in advance.

 [postgres@puppetmaster3:~]$ psql -h localhost puppetdb puppetdb psql:
 FATAL: Ident authentication failed for user puppetdb

 --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To unsubscribe from this group and stop receiving emails from it, send an
 email to puppet-users+unsubscr...@googlegroups.com.
 To post to this group, send email to puppet-users@googlegroups.com.
 Visit this group at http://groups.google.com/group/puppet-users.
 For more options, visit https://groups.google.com/groups/opt_out.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Re: 3.2.2 on CentOS 6.3, and Did not receive certificate

2013-07-23 Thread Cory Stoker 
So that log looks like the Apache log...  Do you have your
puppetmaster logging to syslog as well?  There should be more than
just the GET lines from Apache.  I think when you turn on --debug it
will increase the normal logging of the puppetmaster to syslog.  That
is where you should see lines regarding the signing of a new cert or
hopefully why its not working.

The 404 error means it was not found when the client attempted to
retrieve its cert. Usually after that you see something like a PUT
of the agents CSR for signing on the CA.  Then after the CA signs and
creates the cert, you will see another GET from the client that
succeeds.

All the logs I posted earlier in my example that worked were found in
the messages file.

On Tue, Jul 23, 2013 at 1:23 PM, Forrie for...@gmail.com wrote:
 When I try to connect a new client to this problematic Puppet Master, here's
 what I see in the log:

 10.103.0.3 - - [23/Jul/2013:15:15:27 -0400] GET /production/certificate/ca?
 HTTP/1.1 200 1915 - -
 10.103.0.3 - - [23/Jul/2013:15:15:27 -0400] GET
 /production/certificate/new-server.domain.com? HTTP/1.1 404 59 - -

 But in auth.conf, it appears to be correct:

 path /certificate/ca
 auth any
 method find
 allow *

 HTTP 404 = not found

 so, somewhere in this process, the Master is refusing to generate certs.
 I've checked the directories and permissions and I cannot see a problem
 there.   Likewise, my auth.conf is permissive.

 It looks like I'm just going to have to start all over again - going through
 each client manually -- I don't look forward to this at all.

 --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To unsubscribe from this group and stop receiving emails from it, send an
 email to puppet-users+unsubscr...@googlegroups.com.
 To post to this group, send email to puppet-users@googlegroups.com.
 Visit this group at http://groups.google.com/group/puppet-users.
 For more options, visit https://groups.google.com/groups/opt_out.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Re: 3.2.2 on CentOS 6.3, and Did not receive certificate

2013-07-21 Thread Cory Stoker 
Not exactly sure if you tried this but I would added --debug to your
config.ru and then tail the logs on the puppetmaster.  Clear out of
client SSL dir on the agent to start from scratch and make sure the
master does not have any leftover files from your client.

config.ru with debug:

$0 = master
ARGV  --rack
ARGV  --confdir  /etc/puppet
ARGV  --vardir   /var/lib/puppet
ARGV  --debug
require 'puppet/util/command_line'
run Puppet::Util::CommandLine.new.execute


These logs are from a good client certificate signing:

puppet-master[6853]: Handling request: GET
/server/certificate_request/mypuppetclient.example.com
puppet-master[6853]: Could not find certificate_request for
'mypuppetclient.example.com'
puppet-master[8243]: Handling request: PUT
/server/certificate_request/mypuppetclient.example.com
puppet-master[8243]: mypuppetclient.example.com has a waiting
certificate request
puppet-master[8243]: Signed certificate request for mypuppetclient.example.com
puppet-master[8243]: Removing file Puppet::SSL::CertificateRequest
mypuppetclient.example.com at
'/var/lib/puppet/ssl/ca/requests/mypuppetclient.example.com.pem'
puppet-master[8243]: Handling request: GET
/server/certificate/mypuppetclient.example.com

HTH
-Cory

On Fri, Jul 19, 2013 at 4:50 PM, Forrie for...@gmail.com wrote:
 I spent the afternoon re-doing my puppet master, tested it with just 2 new
 clients and I got the same exact problem.   I restored my old
 /var/lib/puppet so that other agents can work.

 This is either a bug in Puppet itself or a bizarre configuration issue.


 --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To unsubscribe from this group and stop receiving emails from it, send an
 email to puppet-users+unsubscr...@googlegroups.com.
 To post to this group, send email to puppet-users@googlegroups.com.
 Visit this group at http://groups.google.com/group/puppet-users.
 For more options, visit https://groups.google.com/groups/opt_out.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Re: PuppetMaster LB on top of OCFS2

2013-07-18 Thread Cory Stoker 
On Thu, Jul 18, 2013 at 1:53 PM, Jakov Sosic jso...@srce.hr wrote:

 On 07/18/2013 08:29 PM, GregC wrote:

 Load balancing will work without issue, there is a good suggestion on
 using round robin DNS in Chapter 4 of Pro Puppet page 116.


 Yeah but I am little suspicious about two masters sharing /var/lib/puppet
 ... could that cause troubles?


We have puppetmasters that share /var/lib/puppet/ssl via NFS.  This works
great.  Just make sure you do not have 2 active CA servers at the same
time.  The only shared stuff for the puppetmasters in /var/lib/puppet is
the SSL stuff.  We also share the /etc/puppet/environments for code.  We
use this setup to scale to tens of thousands of puppet clients.

HTH

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Puppetmaster 3.2.3 logging different than previous versions

2013-07-17 Thread Cory Stoker 
Hello:

After upgrading to Puppet 3.2.3 I have noticed that the puppetmaster does 
not log the catalog compilation time like it did in 3.1.1 or before.  This 
log line used to look like:
myserver puppet-master[19002]: Compiled catalog for myhost in environment 
production in 1.01 seconds

Even if I change the logging level to debug in the rack config I do not see 
this line.  Anyone else notice this as well?  This could be related to the 
previous logging issues with 3.2 as 
in http://projects.puppetlabs.com/issues/20919  .  If this is an intended 
change, what is the best way to get the catalog compile time as this can be 
important information in regard to how the puppetmaster is performing.

Thanks,
Cory

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.