from:"Craig"

On Tue, Nov 15, 2016 at 5:21 PM, Ugo Bellavance  wrote:
>
> # puppet -V
> 2.7.26
>
>
>
[snip]

It's the first time I try using tidy, am I missing something obvious?
>
>
The year?

I'm not trying to be flippant but you are trying to solve a problem on
software that was end of life many years ago now.  Even Puppet 3 is end of
life in a matter of weeks.   Rather than waste time trying to debug very
ancient code (a quick glance at GitHub shows 18 closed pull requests
specifically mentioning the tidy resource) you should invest in upgrading,
at least to a later puppet 3 set up that people still have vague memories
of.

Regards
Craig

-- 
Enviatics |  Automation and Configuration Management
Puppet Labs Service Delivery Partner & Certified Consultant
http://www.enviatics.com | @Enviatics | cr...@enviatics.com

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CACxdKhHf7oZhBw7qN9ez5CnS97m9OuetwjYpHmJSORfdAwYjXg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] hiera & profile & roles

On Wed, Nov 16, 2016 at 10:51 AM, Craig Dunn  wrote:

>
>
> On Wed, Nov 16, 2016 at 10:42 AM, Albert Shih 
> wrote:
>
>>  Le 16/11/2016 à 10:34:36+0100, Craig Dunn a écrit
>>
>> > # Tomcat class has an attribute called "catalina_home" which is looked
>> up from
>> > hiera data binding
>> > include ::tomcat
>> >
>> > class { "my_application":
>> >   tomcat_root => $::tomcat::catalina_home
>> > }
>>
>> SUPER nice.
>>
>> I didn't think about that
>>
>> Don't know why but I always thought that was « bad practice » to access
>> some attribute from outside the module.
>>
>
> Not at all - especially not when done from the profiles.
>
>
Going off topic, but I should clarify my view on that - I don't consider it
bad practice to access an *attribute*, if the module is following semver
standards the attribute should be considered part of the public API and I
should expect that not to break until a major version release... however
this rule doesn't apply to *all* variables, consider this example

class tomcat (
  $catalina_home = $::tomcat::params::catalina_home,
  ...
) {

  $bindir = "${catalina_home}/bin"
  ...
}

In this example, I would consider $::tomcat::catalina_home to be part of
the API and perfectly acceptable to call this from your profiles, I would
urge caution using $::tomcat::bindir though because this is a variable used
in the internals of the class and not exposed as a documented attribute, I
would consider this to be 'private' and expect that even a patch version
release could break this.

Craig


-- 
Enviatics |  Automation and Configuration Management
Puppet Labs Service Delivery Partner & Certified Consultant
http://www.enviatics.com | @Enviatics | cr...@enviatics.com

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CACxdKhHg579vePd%2B%3DQ3M4_MXVQdiShtQNpVy-%3DOU-VSAW5tHfw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] hiera & profile & roles

On Wed, Nov 16, 2016 at 10:42 AM, Albert Shih  wrote:

>  Le 16/11/2016 à 10:34:36+0100, Craig Dunn a écrit
>
> > # Tomcat class has an attribute called "catalina_home" which is looked
> up from
> > hiera data binding
> > include ::tomcat
> >
> > class { "my_application":
> >   tomcat_root => $::tomcat::catalina_home
> > }
>
> SUPER nice.
>
> I didn't think about that
>
> Don't know why but I always thought that was « bad practice » to access
> some attribute from outside the module.
>

Not at all - especially not when done from the profiles.

A module's attributes are effectively it's API - by accessing
$::tomcat::catalina_home you don't need to know or care if the value is
being set by hiera or by the modules default (params.pp), and it's the best
source of truth for that value.  This is a very good example of the
benefits of profiles too.

Craig

-- 
Enviatics |  Automation and Configuration Management
Puppet Labs Service Delivery Partner & Certified Consultant
http://www.enviatics.com | @Enviatics | cr...@enviatics.com

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CACxdKhE86B%3D0x7efpzEfAcmt6i_bL6yzjxWOyCHB9xMU0LZMeQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] hiera & profile & roles

On Wed, Nov 16, 2016 at 10:18 AM, Albert Shih  wrote:

>  Le 16/11/2016 à 09:34:50+0100, Craig Dunn a écrit
>
>
> This is exaclty what I try to do. Event I sometime use create_resources (or
> now loop). But I don't see how I can do for a data needed by two profile
> like a share password. Or if I take your sample "webserver", "security",
> "base",
> "tomcat". If I installed tomcat in some place ('/opt/tomcat') how the
> module who manage the war going to kown where to put the war ?
>


As I said there are times when you need to populate profile data, and it
sounds like you've thought well about that - as far as your tomcat example
goes, it would be better to use the component module as an API to determine
the install path (if possible) - something like this assuming you are using
puppetlabs/tomcat

# Tomcat class has an attribute called "catalina_home" which is looked up
from hiera data binding
include ::tomcat

class { "my_application":
  tomcat_root => $::tomcat::catalina_home
}

Here we've managed to solve this without having to populate profile data
from hiera.


-- 
Enviatics |  Automation and Configuration Management
Puppet Labs Service Delivery Partner & Certified Consultant
http://www.enviatics.com | @Enviatics | cr...@enviatics.com

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CACxdKhEzeGkk%3DPn5M4zpqrKO4KcjWJg6Cza%2Bn8OF%3D3mrBO6AOg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] hiera & profile & roles

On Wed, Nov 16, 2016 at 8:45 AM, Albert Shih  wrote:

> Hi,
>
> When I read some recommendation about using hieradata/profile/roles I
> always find people saying to put the data inside the profile (in hiera)
> like
>
> profile::cms::key1: value1
> profile::mysql::key2: value2
> profile::webserveur::key3: value3
>
> Why it's not recommended to put the value inside the role like
>
> role::my_cms::key1: value1
> role::my_cms::key2: value2
> role::my_cms::key3: value3
>

Firstly, the idea behind roles and profiles is that profiles are used to
define logical "technology stacks" composing of your component modules.
That is to say, that profiles are the layer where you declare how your
component modules are implemented to model the technology unit you are
trying to manage.  Roles are a way to represent a more "business logic"
view of Puppet and are generally just wraps one or more profiles that make
up that business logic, eg: a "application server" is all you should care
about at a business logic level, the technology stacks (profiles) that are
included to make up the role of an application server may include
"webserver", "security", "base", "tomcat"Ironically the value of
roles is their simplicity, by keeping them essentially dumb and limiting
their responsibility to just including profiles it provides a nice layer of
separation between business logic representation and implementation details.

With the above in mind, I think having hiera data populate role classes
blurs that line and you end up with implementation details in both roles
and profiles and it starts not making sense to have that further layer of
abstraction.

Going further, the best environments I have seen only need to populate
profile class with hiera data in the most extreme of edge cases.  Good
component modules should be able to get all the data they need by using
data bindings and a well thought out hiera hierarchy should prove
sufficient for ensuring that things get configured correctly, and often
your profiles will generally just "include ::class" and let data bindings
do the rest - obviously this isn't always the case, sometimes you need to
do specific implementation around component modules, such as component
modules which expose a defined resource type but have no "create_resources"
style of dynamically creating the resources that it provides, which is what
profiles serve to do, and in some cases it might make sense to populate
profile data from hiera to achieve this.

So in summary;  If you have a lot of data in hiera for your roles/profiles,
you might want to look at why this is and see if having a more suitable
hierarchy and relying on native data binding lookups from the component
modules isn't an option...  If you genuinely need data populated at this
level, then it's part of the implementation of your technology stack,
therefore should be at the profile level, not the role level.

I highly recommend you read this post by Gary Larizza ...
http://garylarizza.com/blog/2014/02/17/puppet-workflow-part-2/

Disclaimer: all of this is just opinions, but they're well tested opinions
;)

HTH
Craig

-- 
Enviatics |  Automation and Configuration Management
Puppet Labs Service Delivery Partner & Certified Consultant
http://www.enviatics.com | @Enviatics | cr...@enviatics.com

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CACxdKhGW%2B8839782vKsJiOVc6%2BS%2B2r%3DqCNhjQU-1HJcvk%3DdHtQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] development workflow

2016-11-08 Thread Craig Dunn

On Mon, Nov 7, 2016 at 2:47 PM, R.I.Pienaar  wrote:
>
> Anyway, if others have experiences and suggestions, they're welcome.
>
>
> Check out gogs.io. Doesn't have CI built in but it's so light and easy to
> deploy and run it's well worth a consideration over gitlab
>
>
>
Gogs is very good, especially if you are already familiar with Github, it's
very much a clone UX wise Note that some time ago several contributors
forked Gogs to a project called Gitea (https://github.com/go-gitea/gitea)
to get more traction on PR's...etc, they later reversed this decision when
the original maintainer got back involved, but it looks as if the
maintainer has gone AWOL again and the fork is now active - this time it
looks more permanent so the project will probably continue there.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CACxdKhGC8BmHM2pNbTVZmdZNh%3D-ciJQCF4V-mFYEU%3DaA67COrA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] paragraphing hiera yaml

2016-11-02 Thread Craig Dunn

On Fri, Oct 28, 2016 at 7:45 PM, Christopher Wood <
christopher_w...@pobox.com> wrote:

>
>
> So how would I auto-magically auto-paragraph hiera yaml to make it
> friendlier for more people, while still keeping it syntactically valid?
>
>
> Example two:
>
> ---
> one::services::enabled: true
>
> one::two::abc: 8.45
> one::two::three: this is the string
>
> puppet4::ca_server: otherhostname
> puppet4::server: hostname
>

Another options not yet presented is to split the files out into the
classes they represent.

This can be done with something like this in your hiera.yaml using the
special variable %{calling_module}

---
:yaml:
  :hierarchy:
- foo/%{calling_module}

Then, instead of having a foo.yaml with everything, you have a foo/one.yaml
and a foo/puppet.yaml (based on your above example). I like this
configuration in Hiera, and in fact Jerakia does something very similar by
default - grouping everything in one file can get very messy very quickly.
Using calling_module in hiera has a few limitations if you're doing crazy
things like hiera() calls across different modules, but if you are using
straight forward data binding lookups it works well.  It's not quite an
answer to your question but it might help you keep things tidier.

Regards
Craig

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CACxdKhGra34cP4Du37nwXMBy_0OFvgWeV%3Dcwgh_9gCdEvh9ddw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] subscribe vs notify

2016-10-12 Thread Craig Dunn

subscribe and notify are metaparameters, as Peter Faller has already
pointed out.  They do exactly the same thing in reverse of eachother,
resource A notifying resource B has the same effect as resource B
subscribing to resource A.  It's generally better to use subscribe in most
cases for readability (although opinions may vary on this matter).  Some
times there are cases when only notify will do, consider this example

if $condition {
  file { '/tmp/foo':
ensure => file,
  }
}

service { 'foo':
  subscribe => File['/tmp/foo']
}

In the above example, if I want the service to refresh then putting subscribe
=> File['/tmp/foo'] in the service declaration is a bad idea, because if
$condition doesn't give true then the file resource it's notifying will
never exist and therefore the catalog will fail to compile, in this
example, the correct way would be to add notify => Service['foo'] in the
file declaration so the resource relationship only exists when $condition
is true

Regards
Craig


On Mon, Oct 10, 2016 at 4:57 AM, Andrew  wrote:

> A long time ago in a puppet version far far away, I used to use subscribe
> all the time, until I discovered notify.
> Now the type docs
> <https://docs.puppet.com/puppet/latest/reference/type.html#service> no
> longer list subscibe, I'm a assuming it has been or is slated for
> deprecation.
>
> but ... I have a problem that I think I can only solve using subscribe.
>
> Certficates.
> ssl certificates for each computer are put in one place, and all ssl
> serivces are expected to use the same certificate.
> so, all computers are using the certs for ldaps://, some are using them
> for https://, some for other ssl based services.
>
> file -> /etc/pki/tls/certs/localhost.crt
> file -> /etc/pki/tls/private/localhost.key
> group -> certifcates, members = ldap, apache, [whoever etc]
>
> Now I need to renew all the certificates and restart the services that are
> using them ...
>
> Q. howto map all this? Is there a better way than subscribing the relevant
> services to the cert and key files ??
>
> Any ideas ?
>
> Andrew.
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/puppet-users/7ecc18cf-040c-49fe-8b27-dbb627c4ff55%40googlegroups.com
> <https://groups.google.com/d/msgid/puppet-users/7ecc18cf-040c-49fe-8b27-dbb627c4ff55%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>



-- 
Enviatics |  Automation and Configuration Management
Puppet Labs Service Delivery Partner & Certified Consultant
http://www.enviatics.com | @Enviatics | cr...@enviatics.com

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CACxdKhGJ6_Zv9UJ0khvi7i_utpMUXVV%2BfEz4j-uKoW9wvUeqww%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Order of removal of resources

2016-09-21 Thread Craig Dunn

On Wed, Sep 21, 2016 at 9:33 AM, Peter Faller  wrote:

> What is the effect of the 'require' metaparameter when ensure is set to
> absent, i.e. when a resource
> is removed? It seems that changes to the required resource are applied
> before changes to the requiring
> resource are applied - is that always the case?
>
> When one resource (R1) depends on another resource (R2) to be able to be
> created, having R1::require=>R2 works as expected - R2 is created first,
> then R1. (My case is where R2 is a configuration file that has to be
> present for R1 to be created). But now in my case, R2 has to be present for
> R1 to be removed as well. Having R1::require=>R2 and both
> R1::ensure=>absent and R2::ensure=>absent results in R2 being removed
> before R1 is removed; where I am trying to get R1 removed before R2 is
> removed.
>


The require merely implies that R2 should be "managed" before R1, and
"managed" being setting the desired state (absent, present...etc) so the
actual value of ensure is unimportant here.

If you want to change your requirements based on the value of ensure you
could do something like

if $ensure == 'present' {
  Resource['one'] -> Resource['two']
elsif $ensure == 'absent'
  Resource['two'] -> Resource['one']
}

Regards
Craig

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CACxdKhFfD6YcYjG4Q4jpj71Dt7nAK7Mu-UpM_11-TAUddbmaCA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Puppet Without Agent

2016-08-15 Thread Craig Dunn

I agree with Lowe Schmidt.

Wrong tool for the job.  "connect on some servers through SSH and run some
command lines" sounds like command orchestration, not configuration
management - Rundeck, ansible...etc as said.



On Mon, Aug 15, 2016 at 3:57 PM, Lowe Schmidt  wrote:

> Hey,
>
> no, sorry. Puppet cant connect over ssh and run commands for you.
> You can run the puppet agent without a puppet master, but then you need to
> transfer the manifest to the machine you want to run on first.
>
> There are other tools that lets you run commands or scripts over ssh like
> fabric or ansible.
>
> --
> Lowe Schmidt | +46 723 867 157
>
> On 15 August 2016 at 13:39,  wrote:
>
>> Hi guys,
>>
>> I wonder if I can use the Puppet without agent. I only need the Puppet
>> connect on some servers through SSH and run some command lines.
>>
>> Do you know if Puppet do this?
>>
>> Thanks a lot.
>>
>> Silvestri
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to puppet-users+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit https://groups.google.com/d/ms
>> gid/puppet-users/9c2c3a0d-045b-49a3-93bc-d4d13605d68e%40googlegroups.com
>> 
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/puppet-users/CAC-wWcTdKo4a%3Dq0X-Wi2WGt_yAYuCWre07j%2B_tWf%
> 2BmOh6cRRrA%40mail.gmail.com
> 
> .
>
> For more options, visit https://groups.google.com/d/optout.
>



-- 
Enviatics |  Automation and Configuration Management
Puppet Labs Service Delivery Partner & Certified Consultant
http://www.enviatics.com | @Enviatics | cr...@enviatics.com

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CACxdKhEYNPW4V_V3CPtjS39ije61ua7e_-LsWNz%2BhS%3DzN7VpWA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Puppet .... ruby regex

2016-08-04 Thread Craig Dunn

On Thu, Aug 4, 2016 at 8:17 AM, Alex Samad  wrote:

> Hi
>
> I want to take ${trusted['certname']} and  extract the hostname short form
> from it.
>
> so if i had thisbox.abc.com.au. I would like to get just thisbox
>


$hostpart=split($trusted['certname'], '[.]')[0]

... would be a cleaner approach.

Craig

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CACxdKhGWJSH86RrTkJyOfkUtzNieHTVOYTLEmoBHvWLvVKtVgQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] enc output causes puppetserver to throw invalid tag error

2016-08-02 Thread Craig Dunn

On Tue, Aug 2, 2016 at 2:57 PM, Joseph Lorenzini  wrote:

> Hi all,
>
> I am having a problem with external node classier. Here's the yaml output
> from the enc executable.
>
> https://gist.github.com/jaloren/f7599e96c6a8c47591eb395f4680d48c
>
> The yaml output inludes a parameterized class. When puppet server gets
> this yaml output, it throws the following exception.
>
> *Could not retrieve catalog from remote server: Error 400 on SERVER:
> Invalid tag '{"apache::server"=>{"version"=>"2.4.6-40.el7.centos.4"}}' on
> node node2*
>
>

classes is a hash, but in your YAML you have a trailing "-" behind the
apache key which is translated as an array in short, this should
work

classes:
  apache::server:
version: 2.4.6-40.el7.centos.4
environment: test

Note, there is no "-" behind "apache:"  See
https://docs.puppet.com/guides/external_nodes.html#classes for more
information

Craig

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CACxdKhHLkoZ6QqkkL6vCVZXB0K2t%2BBUsCg5bOpLqFYUrNJWz1A%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Changing namevar of resources triggering alias error

2016-08-02 Thread Craig Dunn

On Fri, Jul 29, 2016 at 5:53 PM, Luke Bigum  wrote:

> Can someone explain this to me? I thought I'd be able to change the title
> of a nagios_host resource but leave name_var the same to effectively write
> two nagios_host files to disk with the same content, but instead I'm
> triggering an error in the resouce alias code. I didn't realise changing
> namevar was using resource aliases under the hood?
>
>
Short answer here is, you can't - at least without modifying the
nagios_host type.   Puppet defines uniqueness by the value of the namevar,
in the absence of the namevar being defined, it's value is set from the
resource title.   Therefore you can never have two resources with the same
namevar.

The theoretical solution to your issue would be to make a composite namevar
combining both the target and the host_name - I did an extensive write up
of all this recently;

http://www.craigdunn.org/2016/07/composite-namevars-in-puppet/

One slightly hackish approach would be to write your own custom_nagios_host
type using composite namevars and write a small provider that doesn't do
much else than inherit off the nagios_host default provider.


> --
> Luke Bigum
> Senior Systems Engineer
>
>
[ massive snip ]

Polite request; Whilst we are all delighted in the number of awards your
employer has received,  if you must have a 58 line signature on emails sent
to public forums, could you please format it correctly with "-- " (dash
dash space) so compliant mail programs can handle it properly.   Thanks ;)

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CACxdKhFEHysLyn1agnpDxK2x7_U0sdbZqzrARkAMFmDWfL3VsA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Issue copying files if package exists

2016-06-13 Thread Craig Dunn

>From reading your comments I think maybe you are misunderstanding what the
defined() function does.   This function is run *server side* during the
compilation of the catalog and is saying "If this Puppet resource exists in
the catalog, yet".  It is not saying "If this resource is configured on the
target system".

The "yet" above is also important, depending on the ordering of your
includes, if the parser is evaluating this block before it evaluates
wherever you declare the openssh-server package resource, then at this
point it is not defined.  It may well be getting declared after this point.

Given the above, what are you trying to achieve?  Are you trying to manage
the file resource after the package resource, or are you saying you only
want to manage the file if the package exists on the target system?

If the former, you should just *require* the Puppet resource in your
manifest;

file { "/etc/fail2ban/filter.d/sshd-dos.local":
  mode => "0644",
  owner => 'root',
  group => 'root',
  source =>
'puppet:///modules/fail2ban/etc/fail2ban/filter.d/sshd-dos.local',*
  require => Package[$sshdPackage],
*}


If that's not what you are trying to do, please elaborate.

Regards
Craig



On Sun, Jun 12, 2016 at 3:23 PM, Helmut Schneider  wrote:

> Hi,
>
> I want to copy files if a package is installed. What works fine with
> the packages 'postfix', 'fail2ban' and 'apache2' does not with
> 'openssh-server.
>
> class fail2ban {
>   $postfixPackage = $::operatingsystem ? {
> /(?i:Ubuntu|Debian|Mint)/ => 'postfix',
> default   => 'undef',
>   }
>   $sshdPackage = $::operatingsystem ? {
> /(?i:Ubuntu|Debian|Mint)/ => 'openssh-server',
> default   => 'undef',
>   }
>
>   if ! defined (Package["$package"]) {
> package { "$package":
>   ensure => installed,
> }
>   }
>
>   if defined (Package["$postfixPackage"]) {
> file { "/etc/fail2ban/filter.d/postfix-amavis.local":
>   mode => "0644",
>   owner => 'root',
>   group => 'root',
>   source =>
> 'puppet:///modules/fail2ban/etc/fail2ban/filter.d/postfix-amavis.local',
> }
>   }
>   if defined (Package["$sshdPackage"]) {
> file { "/etc/fail2ban/filter.d/sshd-dos.local":
>   mode => "0644",
>   owner => 'root',
>   group => 'root',
>   source =>
> 'puppet:///modules/fail2ban/etc/fail2ban/filter.d/sshd-dos.local',
> }
>   }
> }
>
> $ rm /etc/fail2ban/filter.d/postfix-amavis.local
> /etc/fail2ban/filter.d/sshd-dos.local^C
> $ sudo rm /etc/fail2ban/filter.d/postfix-amavis.local
> /etc/fail2ban/filter.d/sshd-dos.local
> $ sudo puppet agent -t -d | grep -Ei
> '(postfix|openssh-server|postfix-amavis.local|sshd-dos.local)'
> [...]
> Debug: /Package[postfix]: Provider apt does not support features
> virtual_packages; not managing attribute allow_virtual
> Debug: /Package[openssh-server]: Provider apt does not support features
> virtual_packages; not managing attribute allow_virtual
> [...]
> Notice:
> /Stage[main]/Fail2ban/File[/etc/fail2ban/filter.d/postfix-amavis.local]/
> ensure: defined content as '{md5}c5def71abe5f682c2beb896fd5e30e10'
> Debug:
> /Stage[main]/Fail2ban/File[/etc/fail2ban/filter.d/postfix-amavis.local]:
> The container Class[Fail2ban] will propagate my refresh event
>
> So /etc/fail2ban/filter.d/sshd-dos.local is not copied. When
> uncommenting the if-clause 'if defined (Package["$sshdPackage"])' the
> file gets copied:
>
> $ sudo puppet agent -t -d | grep -i 'sshd-dos.local'
> Debug:
> /Stage[main]/Fail2ban/File[/etc/fail2ban/filter.d/sshd-dos.local]:
> Autorequiring File[/etc/fail2ban/filter.d/]
> Notice:
> /Stage[main]/Fail2ban/File[/etc/fail2ban/filter.d/sshd-dos.local]/ensure
> : defined content as '{md5}3d993678f322e5cb6335addaaa40512e'
> Debug:
> /Stage[main]/Fail2ban/File[/etc/fail2ban/filter.d/sshd-dos.local]: The
> container Class[Fail2ban] will propagate my refresh event
>
> Am I missing the obvious?
>
> $ puppet -V
> 3.8.7
> $ lsb_release -d
> Description:Ubuntu 14.04.4 LTS
>
> Thank you
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
>

Re: [Puppet Users] using variables in puppet exec

2016-05-16 Thread Craig Dunn

On Mon, May 16, 2016 at 3:05 PM, Harish Kothuri 
wrote:

> Thanks Craig,
>
> It works fine now.
>

Cool.


>
> The reason am not using "file" is , it is taking more time to copy file
> from share than executing the simple command.
>
>
If you can quantify that with some test results it may be worth raising a
ticket regarding that, maybe there are some improvements that could be made
to the windows file provider.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CACxdKhGF%3DVyb2GyGPt5FZguOGQwD1hZoA%2BTJHr-7a-ubCwBHnA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] using variables in puppet exec

2016-05-16 Thread Craig Dunn

On Mon, May 16, 2016 at 1:09 PM, Harish Kothuri 
wrote:

>
> exec{ 'cmd /c copy /Y "\\shareloc\folder1\folder2\Mysoftware.msi"
> "${pypredest}"':
>


Your resource title is enclosed in single quotes which means everything
will be taken literally and your variable will not be interpolated

Something like this would fix that problem...

exec{ "cmd /c copy /Y \"\\shareloc\folder1\folder2\Mysoftware.msi\"
\"${pypredest}\"":

Although I'm not sure why you need an exec to do this (disclaimer: I
haven't used windows in years)

Can you not do this with the file resource?

file { $pypredest:
  ensure => file,
  source => '\\shareloc\folder1\folder2\Mysoftware.msi',
}


Regards
Craig

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CACxdKhHmpFBqqbw3KCdynZmFppVCYNSz2TPmfRybcn73Q8aPxw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] will this puppet supports IBM Integration Bus v9 installation which is in .tar or not. If it supports please mention the links where should I refer.

2016-05-10 Thread Craig Dunn

Hi,

I've automated IntegrationBus 9 for one of my clients - it's a bit of a
beast.  I'd be happy to share the puppet module that I have written and
collaborate on it, it still has some custom quirks and it would be nice to
make it more generic and open source it.

Feel free to contact me off-list
Craig


On Tue, May 10, 2016 at 12:54 PM, srinivas reddy 
wrote:

> Hi All,
>
> I am working on automation of IIB 9 installation part. I am having doubt
> that will this puppet supports IBM Integration Bus v9 installation which is
> in .tar or not. If it supports please mention the links where should I
> refer.
>
> If any one have done IIB9 automation then please give how should I start
> and please help me on getting resolve the coding part.
>
> how should I write code: as I am new to this puppet please help me to get
> the basic code how should I start write. Please check the sample procedure
> below:
>
> *IIB 9*
>
> Step 1:
>
> 1.  *Logon as root* to the servers.
>
> 2.  Switch to admin.
>
> 3.  Base package location:
>
>  /u/users/admin/media/iib9/
>
> 4.  Check the server details
>
> $*uname –a*
>
> 5.  Copy the files from below location:
>
> scp  path
> 
> where software is exists  and copy this to below location
> /u/users/admin/media/broker/iib9/base
>
> 6.  Copy the *Fix Pack* package from
>
> scp  path
> 
> where software is exists  and copy this to below location
> /u/users/admin/media/broker/iib9/fp03/
>
> 7.  Copy the *APAR* packages from
>
> scp  path
> 
> where software is exists  and copy this to below location
> /u/users/admin/media/broker/iib9/apar1/
>
> scp  path
> 
> where software is exists  and copy this to below location
> /u/users/admin/media/broker/iib9/apar2/
>
> 8.  Untar the packages.
>
> *Eg:-* tar –zxvf *.tar.gz
>
>tar –xvf *.tar
>
> 9.  Switch back to *root.*
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/6089c0f2-7418-4b4c-8026-80af5ef8eaa3%40googlegroups.com
> <https://groups.google.com/d/msgid/puppet-users/6089c0f2-7418-4b4c-8026-80af5ef8eaa3%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>



-- 
Enviatics |  Automation and Configuration Management
Puppet Labs Service Delivery Partner & Certified Consultant
http://www.enviatics.com | @Enviatics | cr...@enviatics.com

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CACxdKhHChPzyRYXj7U8kF6j1Q6%2BY7_s1OBofkSLnNANQkPaFhQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] How to Read New Files Dynamically with Hiera?

2016-04-15 Thread Craig Dunn

On Thu, Apr 14, 2016 at 4:34 PM,  wrote:

>  Hi,
> We need to manage many keys in Hiera. Since many people should be able to
> edit the keys and in order to avoid a complete mess I was thinking to work
> with many different files. The problem is that I don't know how to make
> Hiera read from new files. I don't want to add each file to the hierarchy
> explicitly.
> Optimally I would add something like that
> /etc/puppetlabs/code/enironments/%{::environment}/hieradata/delegated/*
>
> and Hiera will just read from all files that are under the
> delegated
>

You could use Jerakia to do this (it can also be configured as a regular
hiera backend).  It supports fragments so if your hierarchy contains
"/delegated" then the presence of a directory called "delegated.d" will
automatically get checked and if present any files within it are
concatenated together along with delegated.yaml and returned as one YAML
document.  see the "Fragments" documentation in
http://jerakia.io/datasources/file/

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CACxdKhFM2n1eam7J%3D8TTv-EmUav-%2BpyQcJ5a2BDOuuYbHvWQOA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Pasword retrievel from external source on node

2016-03-10 Thread Craig Dunn

On Thu, Mar 10, 2016 at 3:09 PM, Thomas Müller 
wrote:

> I'm too interested in how people manage credentials without having it in
> the catalog.
>

The problem as I see it is that there isn't a blanket approach.  If you
need a secret value in a template, that template is already compiled into
the catalog before the agent receives it, and there are numerous ways to
get a file on a system.  One idea would be a kind of "eyaml in reverse"
approach, where files could be deployed with inline encrypted data, and
then a type and provider to do a pattern substitution on the file on the
agent using local keys.

But the problem isn't just files - what about, for example, exec commands
that need to use a secret in the command line?  file_line resources?
augeas? - theres a whole host of places the data might end up.

I think the bigger issue to address would be why are your catalogs not
considered a safe place to have this data? Access to the catalog should be
at the same level of trust as root access to the agent.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CACxdKhGrdrciDbSnPNAnGSjfspNP7azB%2BvMofR057dODZ9VL2A%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Pasword retrievel from external source on node

2016-03-10 Thread Craig Dunn

On Thu, Mar 10, 2016 at 12:05 PM, Johan De Wit  wrote:

> Hi,
>
> Anyone playing with the idea to manage passwords on the node by retrieving 
> them from an externa source like cyberark ?
>
> The idea is to avoid storing passwords in some 'human readable' form in eg. 
> hiera, manifests, catalogs, puppetdb ..
> Main concern is security.
>
>
Why can't you store them in hiera using hiera-eyaml?, which is what most
people do - so they are stored inline with the rest of your configuration
but are encrypted.  If you want to go the extra mile you could use Vault,
there is also a hiera-vault backend, though I've not got first hand
experience of that.

Craig

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CACxdKhF0Fk6yz%3D3Aw--VFA_DBJ1wGr0Mmfd14SezXUErn4XZNA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] exec not executing

2016-02-23 Thread Craig Dunn

On Tue, Feb 23, 2016 at 12:41 AM, Tim Dunphy wrote:

> Craig and Christan.. thanks for your input! What I was trying to do with
the
> 'refreshonly' statement was to get the exec statement to run only once.
>
> How would I be able to achieve getting the exec command to run only once?

There are a number of "restrictive" attributes that will limit how/when an
exec is run. By default, with none of these, an exec will execute every
time puppet runs, eg:

exec { 'foo':
path=> "/bin",
command => "foo --bar",
}

In order to stop the exec running on every puppet run, you need to think
about when you do, or do not, want to run it. This depends on the nature
of your command and what it does. If this command is something that
should just run once to achieve a task, but never again once that task has
been completed you need to think of a way to test if the task is completed
or not. That could be another command you can run to verify if you need to
run the exec. This can be achieved with onlyif / unless and takes a
command as an argument.

command => 'foo --bar'
onlyif => 'foo --has-not-run-yet'

By adding onlyif, the command foo --has-not-run-yet is issued first, the
command foo --bar is only run if the first command returns 0. Conversely,
there is also unless which has the oposite behaviour to say that run this
command *unless* the first command returns 0.

The second way to restrict when the command gets run is to identify a file
that the command creates, that is to say, if the file exists, assume that
this command has already run and don't run it, that can be done with the
creates attribute

command => 'foo --bar'
creates => '/opt/created/by/foo.txt'

This will only run if the file /opt/created/by/foo.txt does not exist.

The third way is refreshonly, which you initially has in your exec.
Refreshonly will only run the command if a resource that the exec is
subscribed to is changed, or if a changed resource notifies the exec.

file { '/etc/config':
ensure => file,
notify => Exec['foo']
}

The foo exec will only run if there is a change to the /etc/config file
resource.

Regards
Craig

--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/CACxdKhGNuLzOY88L6kc_85mrEug375fo0O1cnOdHu5k7R7n%2BfA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] exec not executing

2016-02-22 Thread Craig Dunn

On Mon, Feb 22, 2016 at 8:14 AM, Tim Dunphy  wrote:
> Hey guys,
>
>  I wrote an exec class for one of my modules. And for some reason, on puppet
> runs it's not executing.
>
> Here's the class:
>
> class bacula::exec {
>
> exec { 'create.mysql.admin.user':
> path => "/bin",
> command => "mysql -e 'grant all privileges on *.* to 'admin'@'localhost'
> identified by 'secret';",
> refreshonly => true,
> }

You have "refreshonly" set to true, this means the exec will never run
unless something triggers a refresh event on the resource.  Eg:
another resource must notify the exec resource, or the exec resource
must subscribe to another resource - it will then be triggered
whenever there is a change to the related resource.

You haven't provided any code indicating that there is a resource that
notifies your exec, I suspect thats why it's never running.

Regards

Craig

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CACxdKhEgLtGynpCyeX%3DYuycgAdNQ6vJ4PWsaqcfvd8FVvCY8MA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Newbie question about fetching specific value of a key from hash

2016-02-04 Thread Craig Dunn

>> I want to get the value of datadir in my puppet module. Please let me know 
>> what is the syntax I need to use to fetch this value. I tried something as 
>> follows but it doesn't work.
>>
>>
>> $datadir = hiera('mysqlconfig::custom_mysql_options[datadir]’)
>
> With hiera you can only specify keys, not elements of a hash.

That's not the case with Hiera 2.0+ which supports drilling down into
hashes and arrays... so you should also be able to do

$datadir = hiera('mysqlconfig::custom_mysql_options.datadir')

If you're still on Hiera 1.0 though, what Martin said.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CACxdKhEjxb1sLXugQD5dTHBYbxLcvrATC1jjZhwcXKWvvXAMSg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: Access to hiera repository

2016-02-04 Thread Craig Dunn

This also depends if your requirement is only restricting users access
to data.  If thats all you need then to me this is falls more into
what tool you use to store and edit your data, rather than the one you
use to look it up,  you might be able to use a hiera backend more
advanced than the simple YAML one that uses something that has the
concept of users and ACL's, maybe something like using hiera-http to
talk to CouchDB and ensure that CouchDB permissions are locked down or
one of the various database backends and store your data in something
that allows granular access.

If however you also need to change the lookup strategy, hierarchy,
data source...etc from Puppet depending on what is being configured,
then Jerakia would be a solution.

Craig



On Thu, Feb 4, 2016 at 9:27 AM, Gerhardus Geldenhuis
 wrote:
> Hi Stefan,
> It is a fairly common problem and until recently there has not been a very
> elegant solution. Have a look at http://jerakia.io/ which is a drop in
> replacement for Hiera. Its used in production by a Swiss bank and some other
> places so even though it is fairly new is more than up to the task. Jerakia
> offers an elegant solution to your silo problem and there is some examples
> and documentation on the website to get you started.
>
> Regards
>
>
> On Tuesday, 2 February 2016 22:40:12 UTC, Stefan Schulte wrote:
>>
>> Hello everyone,
>>
>> I am currently working in a Linux team that decided to use Puppet as a
>> configuration management tool and we developed a couple of own modules,
>> use a lot from the forge and we keep hiera data in a separate git
>> repository (tools: r10k+controlrepo, one separate hiera repo not managed
>> by r10k, gitlabs server to manage all git repos)
>>
>> The IT department is quite big and has different silos (e.g VMWare team,
>> Linux team, Backup team, Storage team, etc) but we (meaning the linux
>> team) want to use puppet to replace workflows that beforehand went
>> through different departments, e.g. to configure backup for a new
>> machine, the backup team had to create a node in their backup tool and
>> than give us the necessary input to generate the correct configuration
>> file on the new server.
>>
>> Ideally I would like them to manage the data in hiera the same way as we
>> do, so they can leverage the hierarchy to define defaults on a subnet
>> level, host level, etc. but on the otherhand access to the single hiera
>> repo would allow them to basically reconfigure everything on a server
>> (like adding data for the sudo module to add custom sudo rules).
>>
>> Even though this would be tracked through git logs, a lot of my
>> collegues are not comfortable with that (and might even be against
>> internal regulations) so I am wondering how you manage the fact when a
>> lot of different teams with different knowledge about puppet, yaml, and
>> git should contribute to hiera but should only manage stuff they care
>> about/are responsible for.
>>
>> - Stefan
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/1d9fb756-cdfe-468f-b0fa-4b7a90a81e2a%40googlegroups.com.
>
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CACxdKhHWMEwekPk2SAM2hgVjtp0dBjvZhRW5Fm98TiPVAr38Lw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] How to manage half file.

2016-01-15 Thread Craig Dunn


Albert,

Is it possible that your application can manage the line it needs to manage in 
a separate file to php.ini?  If so you can use a combination of concat's source 
and content attributes to manage this.

If for example, your application can manage a file containing just the one line 
in /etc/config/file.part  you can concatenate this with Puppet data using 
something like;

concat { '/etc/config/file':
  ensure => present,
}

concat::fragment { 'config_puppet':
  content => template('mymodule/config.erb'),
  target  => '/etc/config/file',
}

concat::fragment { 'app_config':
  source  => '/etc/config/file.part',
  target  => '/etc/config/file',
}

This depends on your ability to define which file the application places it’s 
config in, but it’s another way of doing it that doesn’t involve writing facts.

Regards
Craig


-- 
Enviatics |  Automation and Configuration Management
Puppet Labs Service Delivery Partner & Certified Consultant
http://www.enviatics.com | @Enviatics | cr...@enviatics.com



> On 13 Jan 2016, at 22:21, Hunter Haugen  wrote:
> 
> Does the application have an "include" syntax that would allow you do have 
> one file that is one line that the application manages, and the file that 
> puppet manages includes it where appropriate?
> 
> Or a stupid workaround would be to have a fact that is that one line, and a 
> puppet template that adds the line. So puppet would manage the whole file but 
> the line would not be affected by a puppet run.
> 
> 
> 
> -Hunter
> 
> On Wed, Jan 13, 2016 at 12:25 PM, Albert Shih  <mailto:albert.s...@obspm.fr>> wrote:
> Hi everybody.
> 
> I want to manage through puppet a config file for a php web application.
> 
> But I just want manage all of it's content except one line, because this
> line is manage by the application himself.
> 
> I can't change the application behavior.
> 
> I don't think I can manage through augeas because this file is not in any
> « standard » format.
> 
> I prefer not to manage it through file_line because this config file is
> large.
> 
> What kind of solution do I have ?
> 
> Regards.
> 
> JAS
> --
> Albert SHIH
> DIO bâtiment 15
> Observatoire de Paris
> 5 Place Jules Janssen
> 92195 Meudon Cedex
> France
> Téléphone : +33 1 45 07 76 26 /+33 6 86 69 
> 95 71 
> xmpp: j...@obspm.fr <mailto:j...@obspm.fr>
> Heure local/Local time:
> mer 13 jan 2016 21:17:48 CET
> 
> --
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to puppet-users+unsubscr...@googlegroups.com 
> <mailto:puppet-users%2bunsubscr...@googlegroups.com>.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/puppet-users/20160113202546.GB83097%40pcjas.obspm.fr
>  
> <https://groups.google.com/d/msgid/puppet-users/20160113202546.GB83097%40pcjas.obspm.fr>.
> For more options, visit https://groups.google.com/d/optout 
> <https://groups.google.com/d/optout>.
> 
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to puppet-users+unsubscr...@googlegroups.com 
> <mailto:puppet-users+unsubscr...@googlegroups.com>.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/puppet-users/CAJaQvGBx527Ji8AAGf8Ldx9dnPNzX1fEEOUW6nx5%2Bxnr9e5-ig%40mail.gmail.com
>  
> <https://groups.google.com/d/msgid/puppet-users/CAJaQvGBx527Ji8AAGf8Ldx9dnPNzX1fEEOUW6nx5%2Bxnr9e5-ig%40mail.gmail.com?utm_medium=email&utm_source=footer>.
> For more options, visit https://groups.google.com/d/optout 
> <https://groups.google.com/d/optout>.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/421609D7-1F5C-4173-9263-BB36A372D636%40craigdunn.org.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Puppet agents get hanged in "Info: Loading facts"

2015-11-05 Thread Craig Dunn

Your code snippet suggests that facter has run,  and the master is
timing out running /etc/puppet/node.rb which is the ENC script (which
happens after the facts have been sent by the agent).   Are you
running Foreman/Satellite? - It sounds like you may have a network
connectivity issue here between your Puppet master and ENC

Craig

On Thu, Nov 5, 2015 at 4:23 PM, Eddie Mashayev  wrote:
> Hi All,
>
> I have CentOS 6.5 running puppet agent version 3.8.2 the problem is when I’m
> running “puppet agent -t” it gets hanged:
>
> [root@server ~]# puppet agent -t
> Info: Retrieving pluginfacts
> Info: Retrieving plugin
> Info: Loading facts
> Info: Loading facts
>
> “Could not retrieve catalog from remote server: Error 400 on SERVER: Failed
> when searching for node : Failed to find via exec: Execution of
> '/etc/puppet/node.rb”
>
>
>
> After I checked it I found out the reason, I have more than 1000 VLANs on
> the servers and I guess when the Facter collecting the INFO it gets timeout
> and fails.
> I found this thread to “Allow for disabling certain facts within Facter ”
> https://tickets.puppetlabs.com/browse/FACT-718” but it still wasn’t
> implemented.
> My question is there is any way that puppet won’t get info for VLANS?
> Meaning "puppet agent –t" won’t triger the Facter get information about
> VLANS?
> If no how can I override this issue?
>
> Thakns,
> EddieM
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/857038e6-6e35-4bd0-a86e-710093744a71%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.



-- 
Enviatics | Automation and configuration management
http://www.enviatics.com | @Enviatics
http://dojo.training | @DojoTraining

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CACxdKhETMCYy8AXwLBQPfWS4PnzOKWTaK%3Ds_iEUrpxmRY5fGJw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: Possible to overriding Hiera on the run-time?

2015-09-17 Thread Craig Dunn

On Thu, Sep 17, 2015 at 3:00 PM, jcbollinger  wrote:
>
>
> On Wednesday, September 16, 2015 at 7:39:32 AM UTC-5, Sans wrote:
>>
>> Hi there,
>>
>> I got to solve a "rare" issue here which I'm running out of ideas for. In
>> our manifest, we do some conditional  git pull (using vcsrepo forgemodule)
>> based on a Hiera variable that set either true or false. We keep the value
>> as false i.e. no git-pull by default but want to set it true, on the fly
>> temporarily for onetime run. Is there anyway to override hiera value when
>> running puppet agent from the command-line on the run-time?
[snip]
>
>
> It's unclear from where you want to control this one-off behavior
> alteration.  If from the target node, then you want to rely on a custom
> fact.  There are several ways to write a fact whose value you can easily
> influence at run time, and there are many ways you can condition the
> declarations in your manifests and the data retrieved from Hiera on the
> value of a given fact.

It's can be done easier than that, although facts is the right
track...  You don't actually have to create a fact, you could just
test for the existence of it...

class mything (
  $pull_repo, # sourced from hiera mything::pull_repo
) {

  $do_pull = $::pull_repo ? {
undef => $pull_repo,
default => $::pull_repo,
  }
}

Note the use of top level scoping there - by default $::pull_repo will
be undef and the value from hiera used, you can then dynamically
create your fact on the fly by calling puppet agent with...

FACTER_pull_repo=yes puppet agent -t

Im not sure how you would tie that into the mcollective job, but it
shouldn't be too hard

Craig

-- 
Enviatics | Automation and configuration management
http://www.enviatics.com | @Enviatics
Puppet Training http://www.enviatics.com/training/

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CACxdKhF22iV7SyUgrO-YKpv_3t9btp62PKvmOBo4u2yar5NGEQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Cloud init configuration management with Puppet

2015-09-01 Thread Craig Barr

Thanks Jeremy,

I should have mentioned that the Puppet code is being called in a Packer 
run not the AWS user-data run. Basically, I'm creating a new AMI from a 
source AMI.

For the record, I solved the problem but it wasn't as elegant as I had 
hoped.

class profiles::aws {  

  # Enable SSH Password Authentication
  $cloud_init_file = '/etc/cloud/cloud.cfg'
  $ssh_pwauth_property_name = "ssh_pwauth"
  $ssh_pwauth_desired_state = "${ssh_pwauth_property_name}:   1"
  exec {'enable_ssh_pwauth':
command => "/bin/sed -i 's/ssh_pwauth.*/${ssh_pwauth_desired_state}/' 
${cloud_init_file}",
unless  => "/bin/grep '${ssh_pwauth_desired_state}' ${cloud_init_file}",
  }

}

On Tuesday, 25 August 2015 02:05:06 UTC+10, Jeremy wrote:
>
> I believe you're looking at it from the wrong view point if you're 
> trying to simply use an existing AMI and not for the creation of a new 
> AMI to load. 
>
> The cloud-init configuration can be manipulated using the user-data 
> passed to the EC2 instance on initialization just as you can trigger the 
> puppet installation. I suggest you check out the cloud-init 
> documentation for the version installed on your AMI. 
>
> On 23.08.2015 22:21, Craig Barr wrote: 
> > I thought this would be super easy but hit a road block (at least in 
> > terms of an elegance solution - yes I know how to use exec type with 
> > sed and grep but that feels a bit to much like a workaround) 
> > 
> > My requirements is for a file at /etc/cloud/cloud.cfg that looks like 
> > this: 
> > 
> > users: 
> >  - default 
> >  - name: ec2-user 
> >primary-group: users 
> >groups: users 
> >lock-passwd: false 
> >sudo: [ALL=(ALL) NOPASSWD:ALL] 
> >   
> > disable_root: 1 
> > ssh_pwauth:   0 
> > 
> > to be changed to this (The only change is highlighted below in 
> > yellow... ssh_pwauthfrom 0 to 1): 
> > 
> > users: 
> >  - default 
> >  - name: ec2-user 
> >primary-group: users 
> >groups: users 
> >lock-passwd: false 
> >sudo: [ALL=(ALL) NOPASSWD:ALL] 
> >   
> > disable_root: 1 
> > ssh_pwauth:   1 
> > 
> > The file is pre-existing in the AMI and is not created by Puppet. If 
> > something like this worked, I would be super happy but, it 
> > doesnt. 
> > 
> >   augeas { "enable-ssh-pwauth" : 
> >  changes => ["set /files/etc/ssh/sshd_config/ssh_pwauth 1",] 
> >   }  
> > 
> > Ive tried 
> > Augeas 1.0.0 and 1.4.0 on OracleLinux 6.6... Neither seem to work 
> > 
> > Is Yaml-like lens in augeas even supported? And, if not, is there any 
> > other way I can solve this without grep + sed exec type pattern? 
> > Thoughts? 
> > 
> >  -- 
> >  You received this message because you are subscribed to the Google 
> > Groups "Puppet Users" group. 
> >  To unsubscribe from this group and stop receiving emails from it, 
> > send an email to puppet-users...@googlegroups.com  [1]. 
> >  To view this discussion on the web visit 
> > 
> > 
> https://groups.google.com/d/msgid/puppet-users/b6d54be7-a3fe-41cc-95c1-ad9e034f9a04%40googlegroups.com
>  
> > [2]. 
> >  For more options, visit https://groups.google.com/d/optout [3]. 
> > 
> > 
> > Links: 
> > -- 
> > [1] mailto:puppet-users+unsubscr...@googlegroups.com  
> > [2] 
> > 
> > 
> https://groups.google.com/d/msgid/puppet-users/b6d54be7-a3fe-41cc-95c1-ad9e034f9a04%40googlegroups.com?utm_medium=email&utm_source=footer
>  
> > [3] https://groups.google.com/d/optout 
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/4d99d3dc-3752-4ebd-a8c9-e3a8aa1c8e96%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Cloud init configuration management with Puppet

2015-08-24 Thread Craig Barr

I thought this would be super easy but hit a road block (at least in terms
of an elegance solution - yes I know how to use exec type with sed and grep
but that feels a bit to much like a workaround)

My requirements is for a file at /etc/cloud/cloud.cfg that looks like this:

users:
- default
- name: ec2-user
primary-group: users
groups: users
lock-passwd: false
sudo: ['ALL=(ALL) NOPASSWD:ALL']

disable_root: 1
ssh_pwauth: 0

to be changed to this (The only change is highlighted below in yellow...
ssh_pwauthfrom 0 to 1):

users:
- default
- name: ec2-user
primary-group: users
groups: users
lock-passwd: false
sudo: ['ALL=(ALL) NOPASSWD:ALL']

disable_root: 1
ssh_pwauth: 1

The file is pre-existing in the AMI and is not created by Puppet. If
something like this worked, I would be super happy but, it doesn't.

augeas { "enable-ssh-pwauth" :
changes => ["set /files/etc/ssh/sshd_config/ssh_pwauth 1",]
}

I've tried
Augeas 1.0.0 and 1.4.0 on OracleLinux 6.6... Neither seem to work

Is Yaml-like lens in augeas even supported? And, if not, is there any other
way I can solve this without grep + sed exec type pattern?
Thoughts?

--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/b6d54be7-a3fe-41cc-95c1-ad9e034f9a04%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] hiera - data retrieved once or everytime a lookup is required

2015-08-21 Thread Craig Dunn

On Thu, Aug 20, 2015 at 6:16 PM, Andrew Hibbert
 wrote:
> Hi,
>
> I'm looking into hiera particularly the http backend
> (https://github.com/crayfishx/hiera-http).
>
> I'm wandering when using hiera if a single lookup is done at the start of
> the puppet run or if everytime a value needs to be looked up the file is
> accesed or in this case the http api queried?

Hiera will pass the query to the backend on every lookup.  In the
particular case of hiera-http (since 1.3) you can enabling caching to
reduce the number of HTTP API queries using the cache_timeout and
cache_clean_interval flags.

Regards
Craig

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CACxdKhG23q%2BeG0qzgUW1Rrx1kcrf93s4sGjBmJ5DdMO7nL0e7Q%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] hiera-gpg, end of life.

2015-08-19 Thread Craig Dunn

Hi all,

For anyone that is interested, I've decided to officially bring to an
end the hiera-gpg[0] project and will not be maintaining it going
forward.

hiera-gpg was one of the first additional backends written for Hiera
and was released 4 years ago (was it *really* that long ago?). It
gained a lot of popularity solving the problem of storing sensitive
information in hieras YAML repo. Some time ago, Tom Poulton released
a new encryption based backend called hiera-eyaml[1] which aimed, and
succeeded, to provide a better implementation of hiera data encryption
with support for inline encryption rather than whole-file, and remove
the reliance on GPG and related libraries.

There hasn't been any activity around hiera-gpg for a while, but I'm
aware of a couple of people still using it in production. If you are
still using it I highly recommend changing over to hiera-eyaml.

If anyone _really_ wants to keep hiera-gpg alive then please contact
me privately

Regards
Craig
[0]: https://github.com/crayfishx/hiera-gpg
[1]: https://github.com/TomPoulton/hiera-eyaml

--
Enviatics | Automation and configuration management
http://www.enviatics.com | @Enviatics
Puppet Training http://www.enviatics.com/training/

--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/CACxdKhGzaPaPBgdOKnVR-Bgb8L5m3GxxXgAwc2Ve_DhKhhYydA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Ordering without dependencies

On Fri, Jul 3, 2015 at 4:42 PM, R.I.Pienaar  wrote:

> On teardown I don't care what stays and go, just want to try my best to kill 
> things
>
> So the resources in question are varied and custom and spread over multiple 
> hosts.
>
> So rather than a specific solution that involves just killing this or that I 
> am
> after ideas for how to do so in a generic way with any kind of resource


I don't think you'll find a clean way of doing this - you are trying
to take a system that is built entirely around the concept of
enforcing a desired state and telling it to "try it's best".   You
could do something batshit crazy with run stages but that would likely
be more trouble than its worth.



-- 
Enviatics | Automation and configuration management
http://www.enviatics.com | @Enviatics
Puppet Training http://www.enviatics.com/training/

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CACxdKhEk39Voo7dQ0EXOSJxMsk5AqjwnQaPmOgqGxUJq%3Dg7g_w%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Ordering without dependencies

On Fri, Jul 3, 2015 at 3:10 PM, R.I.Pienaar  wrote:
> hello,
>
> I am looking for a way to influence run order without also doing dependencies.
>
> I have a case where I am removing a bit of software from my system and so as 
> is
> typical things need to be done in a different order from creation, crucially I
> also do not really care if removal fails.  It should just try to remove 
> everything
> independent of each other - but at least in a given order so there's some 
> chance
> of it working.


Theres also a parameter to exec called 'returns' that takes an array,
so if you know what return codes are possible you can do...

exec { '/bin/false':
  returns => [ '0', '1' ],
  before => Exec['other'],
}

and it will never fail the resource, I think thats cleaner than my
other example.

Craig


-- 
Enviatics | Automation and configuration management
http://www.enviatics.com | @Enviatics
Puppet Training http://www.enviatics.com/training/

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CACxdKhFMzpoWdp7-pAPUa8SGTOjz%2Bnzcg0%3D3REcdF0sxmowQQA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Ordering without dependencies

On Fri, Jul 3, 2015 at 3:10 PM, R.I.Pienaar  wrote:

>
> I tried:
>
>   exec{"false": before => Exec["true"]}
>   exec{"true": }
>
> This fails because before implies a requirement.

If you don't care about a failure, why not always mask it to be true?

exec { '/bin/remove mystuff; /bin/true':
   before => Exec['carry_on_regardless'],
}

exec { '/bin/carry_on_regardless': }


?

-- 
Enviatics | Automation and configuration management
http://www.enviatics.com | @Enviatics
Puppet Training http://www.enviatics.com/training/

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CACxdKhFd07iWnF4p0WOhuH357yJtcfXStv7fw%2BouU4G-JAyT3Q%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Exposing master to the public internet

On Thu, Jul 2, 2015 at 9:51 PM, Nik Haldimann  wrote:

> However, my impression is that a puppet master is usually deployed within a
> private networks (e.g., internal to a data center or as part of a private
> VPC subnet on AWS). For my use case I would have to open the master to the
> public internet. What are the implications of this? Is this recommended or
> not? Are there specific settings I should be watching out for to make this
> secure?

I can't think of any reason why it would be a bad idea to run Puppet
over a public network - The SSL features alone actually make it quite
suitable for this type of set up. You can also tweak auth.conf to
further secure it.  Two things which I would advise though are 1)
Don't autosign your certs, and 2) don't trust any facts from the
agent, if using things like certname in hiera.yaml or elsewhere always
source the value from a trusted facts
(https://docs.puppetlabs.com/puppet/latest/reference/lang_facts_and_builtin_vars.html#trusted-facts)

Craig

Don't autosign your certs

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CACxdKhH1EWerYfw6X%3D0JGYDDJ_pwHyxU6D6pPt2F%2BJYBtOfYGw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Copy File from one Puppet Agent to another Puppet Agent

2015-07-01 Thread Craig Dunn

> My idea wos now to take the Ressource "file" and put in the path-option the
> path to the share of the syslog-system, like so:
>
> file { "$hostname.conf":
> ensure  =>  present,
> path=>  "//server/share/$hostname.conf",
> source  =>  template("default_nxlog_debian/default.conf.erb")
>   }

If I understand you correctly, then I think exported resources is what
you are looking for - assuming you want to put it into
/etc/something/$hostname.conf on the syslog server (for example) then
you could do something like...

(on the agents)
@@file { "/etc/something/${::hostname}.conf":
  ensure => file,
  content => template('default_nxlog_debian/default.conf.erb'),
  tag => 'ngix_config_file',
}

This will cause the resource to be stored on the puppet master, rather
than applied to the node, you can then collect all the resources on
the syslog server by having something like this in the manifest

File <<| tag == 'ngix_config_file' |>>

See: https://docs.puppetlabs.com/puppet/latest/reference/lang_exported.html
for more detailed docs.

Regards
Craig



-- 
Enviatics | Automation and configuration management
http://www.enviatics.com | @Enviatics
Puppet Training http://www.enviatics.com/training/

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CACxdKhGEw7pUiJgfShxU0fZeVqJ49%2B0nHEvyGaLdG%2BbHSARg7w%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: Puppet agent not picking up hiera

2015-06-26 Thread Craig Dunn

>> Seems to work from the command line:
>>
>> [me@puppet puppet]$ sudo hiera ntp::servers ::fqdn=servers-fqdn
>> ::environment=production
>> ["0.us.pool.ntp.org iburst",
>>  "1.us.pool.ntp.org iburst",
>>  "2.us.pool.ntp.org iburst",
>>  "3.us.pool.ntp.org iburst"]
>>
>> But not on the agents?

Did you restart puppet server after making the changes to hiera.yaml?
It caches the config in hiera.yaml on start up.  That could explain
why you are seeing different behaviour on the command line.


-- 
Enviatics | Automation and configuration management
http://www.enviatics.com | @Enviatics
Puppet Training http://www.enviatics.com/training/

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CACxdKhGjE189p53XMYipR2X2t2Up0OT%2B0TmVa0mJ_y7qQr%3DLVw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] For PE 3, what are the stable/supported database backends?

2015-06-26 Thread Craig Dunn

On Thu, Jun 25, 2015 at 9:27 PM, leam hall  wrote:
> We're looking to move from yaml and json to a database. What good options
> are along the lines of MySQL, Postgres, or MongoDB?

Are you talking about Hiera?  If so, you can checkout hiera-mysql[1].
Or use something like CouchDB that's fronted with an HTTP API and use
hiera-http[2] to talk to it.

[1]: http://github.com/crayfishx/hiera-mysql
[2]: http://github.com/crayfishx/hiera-http

Regards
Craig

-- 
Enviatics | Automation and configuration management
http://www.enviatics.com | @Enviatics
Puppet Training http://www.enviatics.com/training/

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CACxdKhFrQL8_EERTX7k27eJRcEfVrWpvheLDdcKeXugbO6farQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] puppet ignoring hiera

2015-06-18 Thread Craig Dunn

On Thu, Jun 18, 2015 at 4:34 PM, Peter Berghold  wrote:

> So... what am I missing here?

hiera_include('classes') in site.pp?


-- 
Enviatics | Automation and configuration management
http://www.enviatics.com | @Enviatics
Puppet Training http://www.enviatics.com/training/

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CACxdKhH8_pNJtCNqYXH_XEUMa3YUJQud4newy8eqxCnvnXHa%3Dw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: Check service running with flag file

2015-06-11 Thread Craig Dunn

On reading this again, what you are trying to do won't work - you are
requiring that the exec resource be "satisfied" before the service
starts - if the exec resource doesn't run because onlyif returns
false, this is normal behaviour and not a failure, therefore the
resource is still satisfied and your service resource will be acted
on.  All you are doing is determining order.



On Thu, Jun 11, 2015 at 11:55 AM, Craig Dunn  wrote:
> You haven't provided a command to run via the command attribute, so
> the provider will attempt to execute what you have in the resource
> title (checkForFile) - that is to say, it is trying to execute the
> command 'checkForFile', which of course, doesn't exist.
>
> As Denmat already pointed out, this may not be the best solution, but
> if you really want to stick with this approach then you need to
> specify a command - try adding command => '/bin/true' to the exec
> resource declaration to get around your current problem.
>
> Craig
>
>
> On Thu, Jun 11, 2015 at 8:13 AM, Eddie Mashayev  wrote:
>> Anyone?!
>>
>>
>> On Wednesday, June 10, 2015 at 2:30:33 PM UTC+3, Eddie Mashayev wrote:
>>>
>>> Hi All,
>>>
>>> I want to check that my service "nails" running on all my servers only if
>>> file "/etc/NONAILS" not exists on this server.
>>>
>>> If it exists don’t start this process, this file works like a flag.
>>>
>>> I wrote script in puppet to check that and it works.
>>>
>>>
>>> Still it throes error when this file do exists:
>>>
>>>
>>> [root@test ~]# puppet  agent -t
>>>
>>> Info: Retrieving pluginfacts
>>>
>>> Info: Retrieving plugin
>>>
>>> Info: Loading facts
>>>
>>> Info: Loading facts
>>>
>>> Info: Caching catalog for test
>>>
>>> Info: Applying configuration version '1433921081'
>>>
>>> Error: Could not find command 'checkForFile'
>>>
>>> Error: /Stage[main]/Check_service/Exec[checkForFile]/returns: change from
>>> notrun to 0 failed: Could not find command 'checkForFile'
>>>
>>> Notice: /Stage[main]/Check_service/Service[nails]: Dependency
>>> Exec[checkForFile] has failures: true
>>>
>>> Warning: /Stage[main]/Check_service/Service[nails]: Skipping because of
>>> failed dependencies
>>>
>>>
>>> Question can I do it in cleaner way without throwing errors??
>>>
>>>
>>>
>>> This is my script:
>>>
>>>
>>> class check_service {
>>>
>>> service { "nails":
>>> ensure => "running",
>>> enable => true,
>>> hasstatus  => false,
>>> hasrestart => true,
>>> require => exec['checkForFile'],
>>> }
>>>
>>> exec {"checkForFile":
>>> path => "/usr/bin/",
>>> onlyif => "test -e /etc/NONAILS",
>>> }
>>> }
>>>
>>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to puppet-users+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/puppet-users/6cc13de4-eeba-44d7-8bd6-15af22d775fc%40googlegroups.com.
>>
>> For more options, visit https://groups.google.com/d/optout.
>
>
>
> --
> Enviatics | Automation and configuration management
> http://www.enviatics.com | @Enviatics
> Puppet Training http://www.enviatics.com/training/



-- 
Enviatics | Automation and configuration management
http://www.enviatics.com | @Enviatics
Puppet Training http://www.enviatics.com/training/

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CACxdKhHnySpZNxP%2BwOEEBjKNLM%2BBnYuQ1iFmSF_eQ9qj%3DYmv1A%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: Check service running with flag file

2015-06-11 Thread Craig Dunn

You haven't provided a command to run via the command attribute, so
the provider will attempt to execute what you have in the resource
title (checkForFile) - that is to say, it is trying to execute the
command 'checkForFile', which of course, doesn't exist.

As Denmat already pointed out, this may not be the best solution, but
if you really want to stick with this approach then you need to
specify a command - try adding command => '/bin/true' to the exec
resource declaration to get around your current problem.

Craig


On Thu, Jun 11, 2015 at 8:13 AM, Eddie Mashayev  wrote:
> Anyone?!
>
>
> On Wednesday, June 10, 2015 at 2:30:33 PM UTC+3, Eddie Mashayev wrote:
>>
>> Hi All,
>>
>> I want to check that my service "nails" running on all my servers only if
>> file "/etc/NONAILS" not exists on this server.
>>
>> If it exists don’t start this process, this file works like a flag.
>>
>> I wrote script in puppet to check that and it works.
>>
>>
>> Still it throes error when this file do exists:
>>
>>
>> [root@test ~]# puppet  agent -t
>>
>> Info: Retrieving pluginfacts
>>
>> Info: Retrieving plugin
>>
>> Info: Loading facts
>>
>> Info: Loading facts
>>
>> Info: Caching catalog for test
>>
>> Info: Applying configuration version '1433921081'
>>
>> Error: Could not find command 'checkForFile'
>>
>> Error: /Stage[main]/Check_service/Exec[checkForFile]/returns: change from
>> notrun to 0 failed: Could not find command 'checkForFile'
>>
>> Notice: /Stage[main]/Check_service/Service[nails]: Dependency
>> Exec[checkForFile] has failures: true
>>
>> Warning: /Stage[main]/Check_service/Service[nails]: Skipping because of
>> failed dependencies
>>
>>
>> Question can I do it in cleaner way without throwing errors??
>>
>>
>>
>> This is my script:
>>
>>
>> class check_service {
>>
>> service { "nails":
>> ensure => "running",
>> enable => true,
>> hasstatus  => false,
>> hasrestart => true,
>> require => exec['checkForFile'],
>> }
>>
>> exec {"checkForFile":
>> path => "/usr/bin/",
>> onlyif => "test -e /etc/NONAILS",
>> }
>> }
>>
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/6cc13de4-eeba-44d7-8bd6-15af22d775fc%40googlegroups.com.
>
> For more options, visit https://groups.google.com/d/optout.



-- 
Enviatics | Automation and configuration management
http://www.enviatics.com | @Enviatics
Puppet Training http://www.enviatics.com/training/

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CACxdKhF3s%3D-HPcpFtoQS%2B2DMFZhsMn7z4vnYys5wt9-%3DYY3ZaA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Validating more than one type of data structure at a time

2015-06-03 Thread Craig Dunn

The validate_* functions are designed to fail the catalog if the
passed variable doesnt match the defined type, sounds like you want
the is_* functions (also from stdlib) which return true or false but
dont fail.

if ( is_string($myvar) or is_hash($myvar) ) {
  ...
} else {
  fail('not a string or a hash')
}


Regards
Craig


On Wed, Jun 3, 2015 at 6:26 AM, Jacob McCoy Wade  wrote:
> I am trying to find out how I can validate more than one type of data
> structure for a given value in a manifest?  In particular I would like to be
> able to have either a string or a hash be a valid data structure.
> Something like:
> if ($myvar != false) {
> validate_string($myvar) || validate_hash($myvar)
> }
> Does anybody know if this is possible to do?
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/732c0ec6-d9bb-4f32-9eae-4667037a0e87%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.



-- 
Enviatics | Automation and configuration management
http://www.enviatics.com | @Enviatics
Puppet Training http://www.enviatics.com/training/

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CACxdKhG1MujS2StnayWqOnN5bRuGJ2hMwSj-BGz9h6TP-yowyA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Stupid hiera.yaml wildcard question.

2015-06-02 Thread Craig Dunn

On Tue, Jun 2, 2015 at 3:35 PM, jcbollinger  wrote:
>
>
> On Tuesday, June 2, 2015 at 2:55:16 AM UTC-5, jamese wrote:

>> You can also use calling_module, but that probably wouldn't give the
>> granularity that you want.
>
>
>
> Yes, one of these is the standard way to approach such problems, provided
> that you're not looking to provide for cross-module data directly via Hiera.
> You use the calling_class or calling_module variable to define one or more
> levels of your hierarchy (i.e. in hiera.yaml), so that lookups choose the
> correct data file for their context.  Note that this is actually more
> efficient than what you asked: instead of loading all the data files, it
> will load exactly the one it needs.

+1 to calling_module - I nearly always use this approach when using
the YAML back end for Hiera.  You are right, it comes with the
limitation that I cant look up tango::bar from class foo without some
very nasty hackery, but this isn't such a bad thing.   If you are
relying on this kind of cross-module data sharing then you probably
have a larger design issue, modules that require data from other
modules should get them by including the class and referencing them in
Puppet ($::tango::bar), not circumventing the module and going
straight to Hiera, thus keeping any logic (such as params.pp defaults)
that the module provides.

In a small number of cases I've required a variable from a class that
is not included, and therefore this pattern failed - but in all of
those cases a small re-think revealed a few design flaws and things
were re-factored.

Craig

-- 
Enviatics | Automation and configuration management
http://www.enviatics.com | @Enviatics
Puppet Training http://www.enviatics.com/training/

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CACxdKhGhEC70%2BP47h5kfpO0mGtSuXAz9QEoHgfWern_Ow5jv3Q%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Any advise on this hiera stuff

2015-06-02 Thread Craig Dunn

On Mon, Jun 1, 2015 at 11:42 AM, Twan  wrote:
> Hiera:
> session_managers:
>   sm001.guest.lan:
>   - agent01.guest.lan
>   - agent02.guest.lan
>   sm02.guest.lan
>   - agent03.guest.lan
>   - agent04.guest.lan
>
>
> I need to get the following:
> On session managers a list (comman seperated) of the agents
> On each agent, the sessionmanager on a line in a configfile.
>

If Im understanding you correctly, then maybe join() from stdlib and
inline_template may help you

$agents=join($session_managers[$::fqdn], ',')

$manager=inline_template('<%= @session_managers.keys.select { |k|
@session_managers[k].include?(scope["::fqdn") }[0] %>')

 Or, something like that anyway :-)
Craig


-- 
Enviatics | Automation and configuration management
http://www.enviatics.com | @Enviatics
Puppet Training http://www.enviatics.com/training/

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CACxdKhH6cjFM6GMbHNzDan30WpULE1UTWdHbm2MiGvVJRZxYag%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: New MCollective Plugin for OpenSCAP Scanning

2015-05-14 Thread Adam Craig

Thanks for sharing, Trevor.  This is an exciting project, and I thoroughly 
enjoyed your talk on Tuesday.

Best,
-- Adam

On Wednesday, May 13, 2015 at 10:10:48 PM UTC-4, Trevor Vaughan wrote:
>
> Hi All,
>
> I presented a piece on a proof of concept that I put together to perform 
> OpenSCAP scans against systems using MCollective.
>
> I thought that some of you might be interested. The relevant information 
> is all linked from my post at 
> http://www.onyxpoint.com/distributed-openscap-scanning-with-mcollective/.
>
> Thanks,
>
> Trevor
>
> -- 
> Trevor Vaughan
> Vice President, Onyx Point, Inc
> (410) 541-6699
> tvau...@onyxpoint.com 
>
> -- This account not approved for unencrypted proprietary information --
>  

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/e397f35c-b969-4eba-8a17-7744cd897508%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] What's difference between roles and profiles, ENC and Hiera

2015-04-02 Thread Craig Dunn

On Wed, Apr 1, 2015 at 5:23 PM, Dhaval  wrote:
> Thanks for your time in explaining,  what i understand is "roles and
> profiles" is different from Hiera and ENC which is used for providing data
> only. Let me search for example where Hiera is used and roles and profiles
> are defined to make difference in data as per the defined profile.

You are discussing three very different things here, an ENC is, at
it's most basic form, just a classifier that says node X should apply
class Y - though there are much more sophisticated things that one can
do with an ENC, in the scope of this example lets leave it at that.
What class Y actually is, is where roles and profiles come in.  Roles
and profiles are merely a design pattern for laying out your classes
to add some layers of abstraction between component modules (the
actual cogs) and roles (business logic) - when people adopt roles and
profiles they tend to classify just the nodes role in the ENC.  Hiera
is a different concept entirely and is used to provide hierarchical
data lookups which determine what data values are applied based on a
pre-determined series of overrides that are customized to your
particular environment.

https://www.youtube.com/watch?v=ZpHtOnlSGNY is a talk I did on this
some time ago, and towards the end Hiera and ENCs are touched on

Some of the relevant parts are;

http://www.slideshare.net/PuppetLabs/roles-talk
- #71 Hiera
- #88 ENC
- #92 Stack diagram

Hope this helps.

Regards
Craig

-- 
Enviatics | Automation and configuration management
http://www.enviatics.com | @Enviatics
Puppet Training http://www.enviatics.com/training/

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CACxdKhE315%3DKkeua_0FTPn8n%2BG8H-RGTEEDvxRRL9y4iVQrs9Q%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: puppet enterprise free eval hardware requirements

2015-03-30 Thread Craig White

PE version is a robust, monolithic turnkey install. They used to have a 
community based test VM pair which had much lighter requirements (albeit 
with less services) but I haven't checked in a long time so it may not be 
available any longer.

On Monday, March 30, 2015 at 3:32:52 PM UTC-7, Vince Skahan wrote:
>
> geez puppet needs a 'lot' of oomph to spin up the first node
>
> Evaluation Environment
>
> An evaluation environment is run on a monolithic installation and is 
> suitable for evaluating PE on 250 or fewer nodes. We recommend that your 
> hardware meets the following:
>
>
>- A 4-core server with 6 GB of RAM
>  - At least 100 GB of free storage in /opt for PuppetDB
>   
> We strongly recommend that users on systems with 4 GB of RAM upgrading or 
> migrating to PE 3.7 from PE 3.3 or earlier upgrade to 6 GB of RAM before 
> attempting to upgrade or migrate their PE installation.
>
>
> I have a 16-GB ram Intel NUC (
> http://www.intel.com/content/dam/www/public/us/en/documents/product-briefs/nuc-kit-d54250wyk-product-brief.pdf)
>  
> running Centos7 and was thinking of spinning up some VMs to try this out. 
>  Does this system have enough oomph to run the 10-node-max free eval, or am 
> I going to be stuck with running masterless perhaps ?
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/266a2353-55cb-406e-b47c-bb682a505825%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Use value from a hash defined in hiera datasource elsewhere in the same hiera datasource

2015-03-21 Thread Craig Wickesser

I have a hiera (YAML based) data source:

--


# /etc/puppet/hieradata/foo.yaml

webapp::options:
  http_port: 8080
  timeout: 500


#
# Set the http_port for "foo"
#


# any of these approaches gave an empty value
foo::http_port: "%{hiera('options['http_port']')}"
foo::http_port: "%{hiera('options::http_port')}"
foo::http_port: "%{hiera('options.http_port')}"

--


The "foo" class needs to know the http_port of the webap, and in my case it 
should be set to whatever value is in webapp::options['http_port']. The 
only work around I found is to do this:


--


# /etc/puppet/hieradata/foo.yaml

webapp_http_port: 8080
webapp::options:
  http_port: "%{hiera('webapp_http_port')}"
  timeout: 500


#
# Set the http_port for "foo"
#


foo::http_port: "%{hiera('webapp_http_port')}"

--


But I was hoping to just extract the value from the hash. Thoughts?

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/9a6be0d5-56bd-4b55-a806-8b3d71d7bc9c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: Puppet agent environment

2015-01-23 Thread Craig White

why not let puppet manage puppet.conf and thus changes in foreman make 
changes to puppet.conf?

On Friday, January 23, 2015 at 1:04:22 AM UTC-7, Evgeniy Troitskiy wrote:
>
> Hello all!
>
> I have a directory environments configured in Puppet (production and 
> development) and I use the Foreman as an ENC.
>
> When I try to set development environment for the host in Foreman, then 
> Puppet agent execute module from right environment. But if agent try to 
> access to *files* folder (puppet:///modules/$module_name/testfile), it 
> gets testfile from same directory from production not from development. And 
> if I change environment to development in Puppet agent config file - 
> puppet:///modules/$module_name/testfile links to right place in development 
> environment.
>
> How can I correct this?
>
> Additional info:
>
> *part of puppet.conf*
>
> [master]
>
> environment   = production
>
> environmentpath   = /etc/puppet/environments
>
> *part of fileserver.conf*
>
> [development]
>
>path /etc/puppet/environments/development/files
>
>allow *
>
> [production]
>
>path /etc/puppet/environments/production/files
>
>allow *
>
> */etc/puppet/environments/*
>
> ├── production
>
> │   ├── files
>
> │   ├── manifests
>
> │   └── modules
>
> └── development
>
> ├── files
>
> ├── manifests
>
> └── modules 
>
> Thanks for advice!
>
>
> -- 
>
> Regards,
>
> Evgeniy Troitskiy
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/0666388b-a27e-4abb-ad3f-a867acf3c4d8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: Error: Failed to parse template . Detail: Could not find value for 'serveraliases' at

2015-01-09 Thread Craig White

Testing for errors is part of the erb game. Comment all of that out and put 
in just <%= serveraliases -%> just to see what is written to the file.

In your case above, it seems you have accounted for whether serveraliases 
is an array or empty but not a simple string which is probably what it is.

On Friday, January 9, 2015 at 8:41:20 AM UTC-7, Spriya wrote:
>
> Hi,
>
> I am having this issue:
>
>
> *Error: Failed to parse template otrs/vhost-otrs.conf.erb:*
> *  Filepath: 
> /opt/puppet/lib/ruby/site_ruby/1.9.1/puppet/parser/templatewrapper.rb*
> *  Line: 81*
> *  Detail: Could not find value for 'serveraliases' at 
> /etc/puppetlabs/puppet/modules/otrs/templates/vhost-otrs.conf.erb:7*
> * at /etc/puppetlabs/puppet/modules/otrs/manifests/apache.pp:10 on node 
> dot-pap-spr-t03.ddc.dot.state.ma.us 
> *
>
>
> Here is my code manifests code:
>
> class otrs::apache {
>
>   include apache
>
>   apache::vhost { $otrs::sitename:
> priority=> '01',
> docroot => '/var/www',
> port=> '80',
> serveraliases   => [ $::fqdn ],
> }
> }
>
> Here is my template:
> * cat vhost-otrs.conf.erb*
> *# OTRS Config*
> *# MaxRequestsPerChild (so no apache child will be to big!)*
> *MaxRequestsPerChild 4000*
>
> *>*
> *  ServerName <%= @name %>*
> *<%if serveraliases.is_a? Array -%>*
> *<% serveraliases.each do |name| -%><%= "  ServerAlias #{name}\n" %><% end 
> -%>*
> *<% elsif serveraliases != '' -%>*
> *<%= "  ServerAlias #{serveraliases}" -%>*
> *<% end -%>*
>
>
> Do any one knows  answer? I could not find the answer for this?
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/3d6e89bc-f8e9-4708-89d2-6f3408f14299%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: facter & external-dir

2014-12-24 Thread Craig White

Not really a puppet question or a puppet answer

man alias (bash command)

You should be able to alias the command and put into bash_profile for all 
users when they login.

On Wednesday, December 24, 2014 10:28:09 AM UTC-7, guymatz wrote:
>
> Is there any way to get facter to return facts from /etc/facter/facts.d 
> when not run as root?  I would like to centralize my facts and not have to 
> remember to add --external-dir when checking facts.
>
> Thank you all!!  And Happy Holidays!
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/5be7866d-8c64-4e14-b03d-3bfff1bb83cc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: setting folders to different permissions

2014-12-22 Thread Craig White

The answer may actually depend on the OS you are using but I agree with 
John that this actually requires 2 separate directives...

On a Red Hat system...

# cat /etc/default/useradd
# useradd defaults file
GROUP=100
HOME=/home
INACTIVE=-1
EXPIRE=
SHELL=/bin/bash
SKEL=/etc/skel
CREATE_MAIL_SPOOL=yes

the /home/$USER would have 755 permissions by default though you could use 
puppet to ensure that if a $USER changes his $HOME directory permissions, 
they are changed back.
Likewise, you could set /home to 750 permissions to ensure that any changes 
are overridden. Obviously if you set /home to 750 permissions, then the 
'group' would have to be set to a group that all users belong to so there's 
something lacking in the question (i.e. 'users' on a Red Hat system).

On Thursday, December 18, 2014 8:35:57 AM UTC-7, Brian Keating wrote:
>
> Hi,
> I want to set /home dir to chmod 750 but all dirs included to 755.  Anyone 
> have a solution?
> Thanks,
> Brian.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/134655cd-bc95-4615-aa17-5f63ef32e17f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: conditionally running apt-get update

2014-12-15 Thread Craig White

I tend to create a directory with a minimal class /etc/puppet/deployfiles 
and then another class for custom apt stuff and I have a file in 
modules/apt/files where cron does a date thingy (/bin/date > 
/etc/puppet/modules/apt/files/apt_update_time) and then I have this module 
watch for a change which notifies an Exec in my apt module to trigger an 
apt-get update. It's convoluted but it works. Similarly I have an 
apt_upgrade_time file too but I don't have a cron job updating that one - I 
just run the date command manually to get machines to perform the apt-get 
upgrade but I do have machines run apt-get update daily triggered by the 
updated file from cron.

On Monday, December 15, 2014 2:27:24 PM UTC-7, Vince Skahan wrote:
>
> In trying to spin up on puppet in a Vagrant environment, one of the things 
> I have to do to my VM is 'apt-get update' at least once to catch the base 
> box's understanding of what packages are where up to current.  That takes a 
> long enough time that I'd like to do it just once, or very rarely rather 
> than every time I run 'vagrant provision'
>
> Right now, my toplevel manifest does the update once before trying to 
> install anything.
>
> exec { "run apt-get update":
>   path=> '/usr/bin',
>   command => 'apt-get update',
> }
>
> # install and configure nginx
> class {'nginx': }
>
>
>
> Ansible has a nice feature where you can specify how long you want the 
> cache valid for, and it skips doing everything if the cache isn't that old 
> (yet)
>
>   - name: update apt cache
>apt: update_cache=yes cache_valid_time=84600
>
>
> Is there something similar for Puppet, or can somebody suggest a 
> reasonable workaround ?
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/15545aa5-36dc-403a-aa1b-bd68c3376edc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] class{'apache::mod::pagespeed':} woes

2014-12-12 Thread Craig Dunn

I believe you are probably not declaring class { '::apache': } anywhere, or
it is declared after ::apache::mod::pagespeed, which means that
$::apache::mod::pagespeed::apache_version is nil (since the default doesn't
exist when the class is parsed), that's causing nil to be sent to
versioncmp() in the template

<%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%>

Make sure you declare ::apache first and it should be fine.

Craig



On Fri, Dec 12, 2014 at 1:23 PM, Felix Frank <
felix.fr...@alumni.tu-berlin.de> wrote:

> Hi,
>
> what do you mean by 'parent class'?
>
> From looking at the source, it seems that the apache::mod::pagespeed
> class is not related to class apache at all. Parameter values for the
> latter will not apply to the former. Could this be your problem?
>
> I'm a little confused by the phrasing of the error message in your
> paste, but that is likely just an artifact from Puppet's ERB binding.
>
> On 12/09/2014 11:03 AM, Brent Clark wrote:
> > Good day Guys.
> >
> > An interesting challenge.
> >
> > I'm trying to get mod pagespeed of puppet labs apache module working.
> >
> > Everything is fine, until I define class{'apache::mod::pagespeed':}
> >
> > Its kinda like puppet cant seem to find the parent class defined
> variables.
> >
> > http://pastebin.com/kmCu0L5H
> >
> > To just enable the mod (i.e. apache::mod {'pagespeed':}), there is no
> > problem, but I now need to take management of pagespeed.conf.
> >
> > Regards
> > Brent Clark
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/548ADE31.9070706%40alumni.tu-berlin.de
> .
> For more options, visit https://groups.google.com/d/optout.
>



-- 
*Enviatics *| Automation and configuration management
http://www.enviatics.com | @Enviatics
Puppet Training http://www.enviatics.com/training/

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CACxdKhH8QDXa2PU6BU4rEvv5wJi0xJPO5KYcPqPEEi%3D1S267kA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] basic hiera question

2014-11-19 Thread Craig White

awesome - thanks

On Wednesday, November 19, 2014 11:55:51 AM UTC-7, Ramin K wrote:
>
> On 11/19/14 10:42 AM, Craig White wrote: 
> > getting very frustrated and have covered the 7 or so pages on puppet's 
> > documentation on hiera several times. 
> > 
> > # cat hiera.yaml 
> > --- 
> > :backends: 
> >- yaml 
> > :hierarchy: 
> >- defaults 
> >- "%{clientcert}" 
> >- "%{environment}" 
> >- global 
> >- common 
> >- ldap 
> > :yaml: 
> >:datadir: /etc/puppetlabs/puppet/hieradata 
> > 
> > # cat hieradata/ldap.yaml 
> > --- 
> > ldap: 
> >rootdn: cn=admin,dc=wl,dc=com 
> >rootpw: mySuperSecretPassword 
> >dn: dc=wl,dc=com 
> >directory: /var/lib/ldap 
> > 
> > # hiera ldap 
> > {"rootdn"=>"cn=admin,dc=wl,dc=com", 
> >   "rootpw"=>"mySuperSecretPassword", 
> >   "dn"=>"dc=wl,dc=com", 
> >   "directory"=>"/var/lib/ldap"} 
> > 
> > # head -n 5 modules/wl/manifests/config.pp 
> > # script to setup OpenLDAP 
> > 
> > class wl::config () inherits wl { 
> > 
> >$rootpw = hiera('ldap::rootpw') 
> > 
> > but unfortunately... 
> > 
> > # puppet agent --test --debug 
> > results in the error... 
> > Error: Could not retrieve catalog from remote server: Error 400 on 
> > SERVER: Could not find data item ldap::rootpw in any Hiera data file and 
> > no default supplied at 
> > /etc/puppetlabs/puppet/modules/wl/manifests/config.pp:5 on node 
> $obscured 
> > Warning: Not using cache on failed catalog 
> > Error: Could not retrieve catalog; skipping run 
> > 
> > what am I doing wrong? 
>
> 1. Your hierarchy isn't. You can call it common, global, default, or 
> whatever else but you only get one and it goes at the bottom. If it's 
> not at the bottom, it's not common, default or global. Clientcert goes 
> at the top because it's the most specific. 
>
> :hierarchy: 
>- "%{clientcert}" 
>- "%{environment}" 
>- common 
>
>
> https://ask.puppetlabs.com/question/3146/how-to-build-a-proper-hiera-hierarchy/
>  
>
> 2. You're using a hash as your data. If you want to query for key 
> ldap::rootpw, it'll look like the following. 
>
> ldap::rootdn:'cn=admin,dc=wl,dc=com' 
> ldap::rootpw:'mySuperSecretPassword' 
> ldap::dn:'dc=wl,dc=com' 
> ldap::directory: '/var/lib/ldap' 
>
> Note this has nothing to do with hiera_hash or hiera_array. 
>
> http://ask.puppetlabs.com/question/13592/when-to-use-hiera-hiera_array-and-hiera_hash/
>  
>
> 3. You're not using hiera-eyaml. Don't put clear txt passwords in your 
> yaml files, use hiera-eyaml instead. It's really nice. 
>
> https://github.com/TomPoulton/hiera-eyaml 
>
> Ramin 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/fa294a8b-516c-452b-bd57-cdbf12bbe216%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] basic hiera question

2014-11-19 Thread Craig White

getting very frustrated and have covered the 7 or so pages on puppet's 
documentation on hiera several times.

# cat hiera.yaml
---
:backends:
  - yaml
:hierarchy:
  - defaults
  - "%{clientcert}"
  - "%{environment}"
  - global
  - common
  - ldap
:yaml:
  :datadir: /etc/puppetlabs/puppet/hieradata

# cat hieradata/ldap.yaml
---
ldap:
  rootdn: cn=admin,dc=wl,dc=com
  rootpw: mySuperSecretPassword
  dn: dc=wl,dc=com
  directory: /var/lib/ldap

# hiera ldap
{"rootdn"=>"cn=admin,dc=wl,dc=com",
 "rootpw"=>"mySuperSecretPassword",
 "dn"=>"dc=wl,dc=com",
 "directory"=>"/var/lib/ldap"}

# head -n 5 modules/wl/manifests/config.pp
# script to setup OpenLDAP

class wl::config () inherits wl {

  $rootpw = hiera('ldap::rootpw')

but unfortunately...

# puppet agent --test --debug
results in the error...
Error: Could not retrieve catalog from remote server: Error 400 on SERVER: 
Could not find data item ldap::rootpw in any Hiera data file and no default 
supplied at /etc/puppetlabs/puppet/modules/wl/manifests/config.pp:5 on node 
$obscured
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run

what am I doing wrong?

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/c07cb7bf-3aa3-4757-a900-da3bc05021d9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: trying to use a puppet forge module that uses a different style

yes that was all  ;-)

Got it - thanks

yes, the intent is to use hiera on all of this but I have to knock down one 
hurdle at a time. Now that I can have made it work, I can start fooling 
with hiera which I never used before.

Thanks so much

On Tuesday, November 18, 2014 10:51:51 AM UTC-7, jcbollinger wrote:
>
>
>
> On Tuesday, November 18, 2014 10:09:32 AM UTC-6, Craig White wrote:
>>
>> OK - but I still need to figure out how to call one class with parameters 
>> from another class...
>>
>> class wl::config { :
>> class openldap::server::database { $dn:
>> ensure => present,
>> rootdn => "cn=admin,${dn}",
>> rootpw => $rootpw,
>>   }
>> }
>>
>>
>
> Oh, is THAT all?  You are mixing the syntax for defining a class with that 
> for declaring one.  A resource-style class declaration looks like this:
>
> class { 'mymodule::myclass':
>   param1 => value1,
>   param2 => value2
> }
>
> HOWEVER, your specific example also seems to imply that you think 
> openldap::server::database is a class, whereas it's actually a resource 
> type (specifically, a defined type).  You would declare instances of that 
> type just like you declare instances of any other resource type:
>
> openldap::server::database { $dn:
>   ensure => present,
>   rootdn => "cn=admin,${dn}",
>   rootpw => $rootpw,
> }
>
> The docs of the openldap module provide additional examples of both.
>
> Do note, however, that an ENC cannot emit resource declarations, only 
> class declarations and global variables.  Moreover, be aware that for most 
> purposes it is poor form to use resource-like class declarations.  They do 
> have their purposes, but it is usually better form to bind data to classes 
> via Hiera than to bind it explicitly in the class declaration (whether via 
> node block or via ENC).  Use the 'include' family of functions to declare 
> classes wherever it is feasible to do so.
>
>
> John
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/6346d74c-2415-4e40-9c5d-bbaf0d6e5abd%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: trying to use a puppet forge module that uses a different style

On Tuesday, November 18, 2014 9:18:33 AM UTC-7, Steven Post wrote:
>
> If you use hiera and puppet 3 (or later), you can use the automatic class 
> parameters for that, and just 'include openldap::server::database'.
> Of cause you can set up some class parameters on your own class if you 
> want to and do that.
> Typically, this is where I would use hiera for.
>

I understand that but now I have to have a whole lot of instructions for 
people to spin up a server with ENC parameters without even getting into 
the fact that I will still need a class to do all of the things I have to 
do with this (post install scripts) after it is installed. That is why I am 
so eager to not have this code anywhere in a site manifest or anything 
resembling a site manifest but rather in its own class. 

No matter how I try, I simply cannot figure out how to have this work...
class wl::config { :
class openldap::server::database { $dn:
ensure => present,
rootdn => "cn=admin,${dn}",
rootpw => $rootpw,
  }
}

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/a38fcf95-b6cc-4a2b-987e-25bdbccbdf5f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: trying to use a puppet forge module that uses a different style

OK - but I still need to figure out how to call one class with parameters 
from another class...

class wl::config { :
class openldap::server::database { $dn:
ensure => present,
rootdn => "cn=admin,${dn}",
rootpw => $rootpw,
  }
}


On Tuesday, November 18, 2014 9:06:34 AM UTC-7, Steven Post wrote:
>
> The roles/profile pattern does not use node inheritance, only class 
> inheritance.
> Strictly speaking, this isn't even necessary, it can just make some things 
> easier.
>
> At my company, we don't even use any real node definition, everything is 
> done with an ENC and hiera.
> The roles/profile model still fits here, and we use it actively, as do 
> many other people.
> A role is just a simple class, that includes roles (mostly), there is only 
> 1 'node' definition in the manifests: default.
>
> It goes something like this:
> ENC assigns a node to a role (regular class), a role includes 1 or more 
> profiles and sometimes some extra stuff such as packages (RPM)
> the profile does the actual modules. Also there is still hiera in all 
> this, mostly using the automatic class parameters.
> A node actually gets both the 'default' node definition and the 'role'.
>
> On Tuesday, November 18, 2014 4:50:33 PM UTC+1, Craig White wrote:
>>
>> It seems that node inheritance is deprecated in Puppet 4 so this is a no 
>> go (role/profiles).
>>
>> I suppose I should have mentioned that I will be using an ENC so I am 
>> trying to keep the cruft inside node definitions to a minimum which is why 
>> I am struggling to find a way to create a class - certainly I can create a 
>> new wl class for this but then I am struggling to make these things work 
>> inside a class.
>>
>> On Tuesday, November 18, 2014 5:32:54 AM UTC-7, Steven Post wrote:
>>>
>>> Hi Craig,
>>>
>>> If you scroll down on the website you mentioned, you'll see some usage 
>>> instructions.
>>> I recommend *not* to change the module (not even adding your own wl.pp 
>>> file inside), but to set up your wl.pp file elsewhere.
>>> You can use your own class (wl.pp, located outside this module) to set 
>>> up the LDAP configuration using the module.
>>>
>>> I use the roles/profile setup, but you can leave the roles out if that 
>>> is easier for you, it takes some time getting to really know it all.
>>> That said, the ldap module controls ldap, but not your node.
>>> your node should have some other class assigned to it (such as wl.pp), 
>>> which then uses the ldap module, unchanged.
>>> More info about the roles/profile pattern: 
>>> http://www.craigdunn.org/2012/05/239/
>>> One of the ideas here is that you should never need to change a module 
>>> you download from the forge (with some rare exceptions)
>>>
>>> Regards,
>>> Steven
>>>
>>> On Monday, November 17, 2014 11:40:28 PM UTC+1, Craig White wrote:
>>>>
>>>> Not that it matters, but I am trying to use a module out of puppet 
>>>> forge - camptocamp-openldap
>>>> https://github.com/camptocamp/puppet-openldap
>>>>
>>>> There's no hint of using it anywhere
>>>>
>>>> It has an unusual style. There isn't any init.pp and the structure 
>>>> looks like this...
>>>>
>>>> ├── client
>>>> │   ├── config.pp
>>>> │   ├── install.pp
>>>> │   ├── ldapvi.pp
>>>> │   └── utils.pp
>>>> ├── client.pp
>>>> ├── server
>>>> │   ├── access.pp
>>>> │   ├── config.pp
>>>> │   ├── database.pp
>>>> │   ├── dbindex.pp
>>>> │   ├── globalconf.pp
>>>> │   ├── install.pp
>>>> │   ├── module.pp
>>>> │   ├── overlay.pp
>>>> │   ├── service.pp
>>>> │   └── slapdconf.pp
>>>> ├── server.pp
>>>> └── wl.pp
>>>>
>>>> The last file - wl.pp is my own file and it looks like this...
>>>>
>>>>   $ensure= present
>>>>   $directory = '/var/lib/ldap'
>>>>   $rootdn= 'cn=admin,dc=wl,dc=com'
>>>>   $rootpw= 'password'
>>>>   $dn= 'dc=wl,dc=com'
>>>>
>>>>   # Install openldap server
>>>>   class { 'openldap::server':
>>>>   }
>>>>
>>>>   openldap::server::database { $dn:
>>>> ensure => present,
>>>> rootdn =>

[Puppet Users] Re: trying to use a puppet forge module that uses a different style

On Tuesday, November 18, 2014 7:27:20 AM UTC-7, jcbollinger wrote:
>
>
> On Monday, November 17, 2014 4:40:28 PM UTC-6, Craig White wrote:
>>
>> The last file - wl.pp is my own file and it looks like this...
>>
>
>>   $ensure= present
>>   $directory = '/var/lib/ldap'
>>   $rootdn= 'cn=admin,dc=wl,dc=com'
>>   $rootpw= 'password'
>>   $dn= 'dc=wl,dc=com'
>>
>>   # Install openldap server
>>   class { 'openldap::server':
>>   }
>>
>>   openldap::server::database { $dn:
>> ensure => present,
>> rootdn => "cn=admin,${dn}",
>> rootpw => $rootpw,
>>   }
>>
>>
>
> Oh no, no, no.  You should not add code to a module in order to *use* the 
> module.  Moreover, you should have top-level declarations only in your site 
> manifest.  Your wl.pp is in fact functioning as a site manifest when you 
> name it in a 'puppet apply' run, so it's not necessarily wrong in itself, 
> it just doesn't belong in the module (and putting it there confers no 
> particular advantage).
>

As usual, John has identified what I am trying to do.

Yes, I want to have an assignable class to what is essentially site 
manifest coding in anticipation of using an ENC and Hiera. 
 

>
>  
>
>> and if I use 'puppet apply -vd --modulepath /etc/puppet/modules wl.pp
>>
>> it works fine but I can't put those variables into the server.pp file or 
>> any of the files in the /server subdirectory because they don't work.
>>
>
>
> I'm not clear on what you're trying to do.  When you say "it works" do you 
> mean that wl.pp achieves everything you're after, or just that it runs 
> without error?
>

works as in installs openldap-servers package, configures it per the 
database instructions I have provided.
 

>
>  
>
>>
>> I need a method - I thought a class openldap::wl class but I can't make 
>> that work either. How do I structure this so I can use one class to 
>> configure clients without resorting to re-writing the module completely so 
>> it comports to a style that I understand?
>>
>  
>
> Well, it *looks* like you configure clients by declaring instances of 
> class openldap::client, which sounds like what you want.  The module seems 
> actually to have reasonably good documentation, including examples, at the 
> URL you provided.
>

No - just looking for a way to create a class (or obviously now that 
everyone is suggesting modifying a 3rd party module is bad form), a new 
module that is basically site manifest code. I do have more that I want to 
do and just provided the two things that I just can't make work properly 
inside of a class but I will try doing it in a new class/module and see if 
that makes a difference.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/74926f2a-90ad-463a-b34f-743d4d5b068f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: trying to use a puppet forge module that uses a different style

It seems that node inheritance is deprecated in Puppet 4 so this is a no go 
(role/profiles).

I suppose I should have mentioned that I will be using an ENC so I am 
trying to keep the cruft inside node definitions to a minimum which is why 
I am struggling to find a way to create a class - certainly I can create a 
new wl class for this but then I am struggling to make these things work 
inside a class.

On Tuesday, November 18, 2014 5:32:54 AM UTC-7, Steven Post wrote:
>
> Hi Craig,
>
> If you scroll down on the website you mentioned, you'll see some usage 
> instructions.
> I recommend *not* to change the module (not even adding your own wl.pp 
> file inside), but to set up your wl.pp file elsewhere.
> You can use your own class (wl.pp, located outside this module) to set up 
> the LDAP configuration using the module.
>
> I use the roles/profile setup, but you can leave the roles out if that is 
> easier for you, it takes some time getting to really know it all.
> That said, the ldap module controls ldap, but not your node.
> your node should have some other class assigned to it (such as wl.pp), 
> which then uses the ldap module, unchanged.
> More info about the roles/profile pattern: 
> http://www.craigdunn.org/2012/05/239/
> One of the ideas here is that you should never need to change a module you 
> download from the forge (with some rare exceptions)
>
> Regards,
> Steven
>
> On Monday, November 17, 2014 11:40:28 PM UTC+1, Craig White wrote:
>>
>> Not that it matters, but I am trying to use a module out of puppet forge 
>> - camptocamp-openldap
>> https://github.com/camptocamp/puppet-openldap
>>
>> There's no hint of using it anywhere
>>
>> It has an unusual style. There isn't any init.pp and the structure looks 
>> like this...
>>
>> ├── client
>> │   ├── config.pp
>> │   ├── install.pp
>> │   ├── ldapvi.pp
>> │   └── utils.pp
>> ├── client.pp
>> ├── server
>> │   ├── access.pp
>> │   ├── config.pp
>> │   ├── database.pp
>> │   ├── dbindex.pp
>> │   ├── globalconf.pp
>> │   ├── install.pp
>> │   ├── module.pp
>> │   ├── overlay.pp
>> │   ├── service.pp
>> │   └── slapdconf.pp
>> ├── server.pp
>> └── wl.pp
>>
>> The last file - wl.pp is my own file and it looks like this...
>>
>>   $ensure= present
>>   $directory = '/var/lib/ldap'
>>   $rootdn= 'cn=admin,dc=wl,dc=com'
>>   $rootpw= 'password'
>>   $dn= 'dc=wl,dc=com'
>>
>>   # Install openldap server
>>   class { 'openldap::server':
>>   }
>>
>>   openldap::server::database { $dn:
>> ensure => present,
>> rootdn => "cn=admin,${dn}",
>> rootpw => $rootpw,
>>   }
>>
>> and if I use 'puppet apply -vd --modulepath /etc/puppet/modules wl.pp
>>
>> it works fine but I can't put those variables into the server.pp file or 
>> any of the files in the /server subdirectory because they don't work.
>>
>> I need a method - I thought a class openldap::wl class but I can't make 
>> that work either. How do I structure this so I can use one class to 
>> configure clients without resorting to re-writing the module completely so 
>> it comports to a style that I understand?
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/0650309b-198f-4680-acce-07df346b9440%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] trying to use a puppet forge module that uses a different style

2014-11-17 Thread Craig White

Not that it matters, but I am trying to use a module out of puppet forge - 
camptocamp-openldap
https://github.com/camptocamp/puppet-openldap

There's no hint of using it anywhere

It has an unusual style. There isn't any init.pp and the structure looks 
like this...

├── client
│   ├── config.pp
│   ├── install.pp
│   ├── ldapvi.pp
│   └── utils.pp
├── client.pp
├── server
│   ├── access.pp
│   ├── config.pp
│   ├── database.pp
│   ├── dbindex.pp
│   ├── globalconf.pp
│   ├── install.pp
│   ├── module.pp
│   ├── overlay.pp
│   ├── service.pp
│   └── slapdconf.pp
├── server.pp
└── wl.pp

The last file - wl.pp is my own file and it looks like this...

  $ensure= present
  $directory = '/var/lib/ldap'
  $rootdn= 'cn=admin,dc=wl,dc=com'
  $rootpw= 'password'
  $dn= 'dc=wl,dc=com'

  # Install openldap server
  class { 'openldap::server':
  }

  openldap::server::database { $dn:
ensure => present,
rootdn => "cn=admin,${dn}",
rootpw => $rootpw,
  }

and if I use 'puppet apply -vd --modulepath /etc/puppet/modules wl.pp

it works fine but I can't put those variables into the server.pp file or 
any of the files in the /server subdirectory because they don't work.

I need a method - I thought a class openldap::wl class but I can't make 
that work either. How do I structure this so I can use one class to 
configure clients without resorting to re-writing the module completely so 
it comports to a style that I understand?

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/7c11cfda-2e63-4742-bf9d-62bc53c200bd%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] parameterized values displaying tooltip on ENC

2014-11-03 Thread Craig White

I believe the ENC already has access to the node's stored value and would 
display that after assignment if assigned. 

I didn't consider 'cost' but it would seem that loading 'params.pp' values 
is not a large cost in terms of server but perhaps just in programming.

I am just gathering that the primary thinking is that if you don't know the 
values you want to use to override, then don't override. 

Myself, I am trying not to longhand some of the variables and am choosing 
to use ns1 rather than nameserver1 

On Monday, November 3, 2014 3:03:51 PM UTC-7, Felix.Frank wrote:
>
> Hi, 
>
> sounds like a complex problem. 
>
> Here's a simple counter case that shows why I don't think that any ENC 
> out there does this. 
>
> class resolv::params { 
> if $ipaddress =~ /^192/ { 
> $ns1 = '192.168.0.1' 
> } 
> else { 
> $ns1 = '8.8.8.8' 
> } 
> } 
>
> The raison d'etre (as far as I know it - never used this pattern myself) 
> for params classes is their ability to centrally define defaults that 
> are derived from fact values. The ENC would have to interpret the 
> manifest for the params class in question, using the node's stored data 
> as the basis. 
>
> Doing this on the fly does not sound feasible to me - this is quite an 
> expensive operation. So the ENC would have to maintain some kind of 
> cache for all those values. This, in turn, sounds like a lot of work. 
> The it probably would be a cool feature to add to the ENC of your choice 
> :-) 
>
> Cheers, 
> Felix 
>
> On 10/14/2014 11:17 PM, Craig White wrote: 
> > I am trying to figure out if parameterized variables can be displayed 
> > when hovering over the appropriate section in an ENC. At the moment, I 
> > am playing with PE 3.3 with it's console/dashboard and my previous 
> > experience was with puppet 2.6.x and Foreman. 
> > 
> > Simplified example, module resolv 
> > 
> > # resolv/manifests/init.pp 
> > class resolv ( 
> >   $ns1 = $resolv::params::ns1, 
> >   ) inherits resolv::params { 
> >   include resolv::config 
> > } 
> > 
> > # resolv/manifests/params.pp 
> > class resolv::params { 
> >   $ns1 = '192.168.0.1' 
> > } 
> > 
> > So when I am editing a node and adding an override in the puppet 
> > dashboard (ENC), I hover over the box $ns1 where I can override the 
> > value and it shows me what I will get if I don't override, which is 
> > 'default: $ns1::params::ns1' which is absolutely meaningless at that 
> > point and I was hoping it would show the assignment from params.pp 
> > 
> > Is this just something I can't fix or am I misunderstanding how to use 
> > parameterized variables? 
> > 
> > Craig 
> > 
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/34216231-6e0b-4635-99c1-2cf3f8e0aa85%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: certificate verify failed: [unable to get local issuer certificate

2014-10-17 Thread Craig White

did you make some changes because of Poodle? state=SSLv3

as for Firefox - probably just need to go into Firefox preferences and 
delete the certificate that you stored already but it does seem strange 
that you have 2 certificates with the same serial #

On Friday, October 17, 2014 10:28:39 AM UTC-7, Stella wrote:
>
> Hi all,
>
> When I run "puppet agent --test", I got this error: 
>
> Error: Could not retrieve catalog from remote server: Error 400 on SERVER: 
> Failed to submit 'replace facts' command for example.com to PuppetDB at 
> example.com:8081: SSL_connect returned=1 errno=0 state=SSLv3 read server 
> certificate B: certificate verify failed: [unable to get local issuer 
> certificate for /CN=example.com]
>
> It was working before and I don't know what has changed to cause this 
> problem.
>
> Also if I try to access puppet master (https://example.com:8140) on local 
> machine from Firefox, I got error as below, but remote access is working:
>
> Your certificate contains the same serial number as another certificate 
> issued by the certificate authority.  Please get a new certificate 
> containing a unique serial number. 
> (Error code: sec_error_reused_issuer_and_serial)
>
> thanks,
> Stacey
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/d9e8f371-bc2c-406f-9557-efefbdf2e70a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: Custom fact that requires inifile

2014-10-17 Thread Craig White

It would seem to me that I would not eagerly use another gem to obtain 
information from a file when ruby has File and vast string compare options 
but the choice is yours. Then there are tools like augeas (sp?).

Gems can be managed as a package using the gem provider so it's fairly easy 
to get puppet clients to install gems and note that facts run first so the 
first pass, the fact will not have information as the gem would likely have 
to be installed and the second pass, the fact can be derived.

On Friday, October 17, 2014 8:03:36 AM UTC-7, Mark Rosedale wrote:
>
> Hello,
>
> I'm looking to implement a custom fact that tells my puppet config if a 
> machine is configured a certain way. What I want to do is parse the 
> configuration's ini file and see if a certain setting is turned on or off. 
> I'm looking at using the ruby gem inifile 
> to do this. 
>
> Couple of questions. I'm assuming that facts, unlike functions, are run on 
> the node, correct? So if that is the case what is the best way to 
> distribute this gem to all hosts? 
>
> Final question. Am I barking up the wrong tree trying to use this library 
> to parse an ini file? Has anyone else done this type of thing?  
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/f38be6ad-2d2f-40b9-a5e9-a3e9d94b2dc9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: LoadError: no such file to load -- facter/util/file_read

2014-10-15 Thread Craig White

OK - so am I at the moment anyway...

# puppet -V
3.6.2 (Puppet Enterprise 3.3.2)

I was rather frustrated by not having a system ruby so I did the 
following...
# ln -s /opt/puppet/bin/ruby /opt/puppet/bin/irb /opt/puppet/bin/gem 
/usr/local/bin

which made ruby/gem/irb available to any user any where. Before you do that 
though, make sure you don't have another ruby installed - 'which ruby' will 
tell you if it finds a ruby anywhere on your $PATH

You should be able to do this - if you can't, there's something wrong with 
your install of puppet/ruby/etc.

# irb
irb(main):001:0> require 'facter'
=> true
irb(main):002:0>

On Wednesday, October 15, 2014 6:50:41 AM UTC-7, Spriya wrote:
>
> Hi Craig,
>
> I am using PE. My installation was all in one(master,database,console). 
> Yes  i have more than one ruby installed.
>
> *ruby -v*
> *ruby 1.8.7 (2011-06-30 patchlevel 352) [x86_64-linux]*
>
>
> *$ cd /opt/puppet/bin*
> *./ruby -v*
> *ruby 1.9.3p484 (2013-11-22 revision 43786) [x86_64-linux]*
>
>
> let me know how to troubleshoot this issue.
>
>
> On Tuesday, October 14, 2014 7:54:04 PM UTC-4, Craig White wrote:
>>
>> how did you install puppet?  Do you have more than one install of ruby on 
>> your system?  Is it possible that when you invoke the interactive ruby 
>> console (irb) that it starts a ruby binary that has nothing to do with your 
>> puppet install?
>>
>> On Tuesday, October 14, 2014 4:41:07 PM UTC-7, Spriya wrote:
>>>
>>> Hi Craig,
>>>
>>> even if i do  require facter. It is throwing me error.
>>>
>>> *irb(main):002:0> require 'facter'*
>>> *LoadError: no such file to load -- facter*
>>> *from (irb):2:in `require'*
>>> *from (irb):2*
>>> *from :0*
>>>
>>>
>>> On Tuesday, October 14, 2014 5:22:26 PM UTC-4, Craig White wrote:
>>>>
>>>> I don't see a 'file_read' method for Factor::Util
>>>>
>>>> Facter::Util.methods
>>>> => [:freeze, :===, :==, :<=>, :<, :<=, :>, :>=, :to_s, 
>>>> :included_modules, :include?, :name, :ancestors, :instance_methods, 
>>>> :public_instance_methods, :protected_instance_methods, 
>>>> :private_instance_methods, :constants, :const_get, :const_set, 
>>>> :const_defined?, :const_missing, :class_variables, :remove_class_variable, 
>>>> :class_variable_get, :class_variable_set, :class_variable_defined?, 
>>>> :public_constant, :private_constant, :module_exec, :class_exec, 
>>>> :module_eval, :class_eval, :method_defined?, :public_method_defined?, 
>>>> :private_method_defined?, :protected_method_defined?, 
>>>> :public_class_method, 
>>>> :private_class_method, :autoload, :autoload?, :instance_method, 
>>>> :public_instance_method, :psych_yaml_as, :yaml_as, :psych_to_yaml, 
>>>> :to_yaml_properties, :to_yaml, :nil?, :=~, :!~, :eql?, :hash, :class, 
>>>> :singleton_class, :clone, :dup, :initialize_dup, :initialize_clone, 
>>>> :taint, 
>>>> :tainted?, :untaint, :untrust, :untrusted?, :trust, :frozen?, :inspect, 
>>>> :methods, :singleton_methods, :protected_methods, :private_methods, 
>>>> :public_methods, :instance_variables, :instance_variable_get, 
>>>> :instance_variable_set, :instance_variable_defined?, :instance_of?, 
>>>> :kind_of?, :is_a?, :tap, :send, :public_send, :respond_to?, 
>>>> :respond_to_missing?, :extend, :display, :method, :public_method, 
>>>> :define_singleton_method, :object_id, :to_enum, :enum_for, :psych_y, 
>>>> :equal?, :!, :!=, :instance_eval, :instance_exec, :__send__, :__id__]
>>>>
>>>> Craig
>>>>
>>>> On Tuesday, October 14, 2014 2:01:15 PM UTC-7, Spriya wrote:
>>>>>
>>>>> Hi,
>>>>>
>>>>> I am am trying to execute my puppet facts using irb. so when i use 
>>>>> irb. It is throwing me error. No such file to load -- 
>>>>> facter/util/file_read
>>>>>
>>>>> *$irb*
>>>>> *irb(main):001:0> require 'facter/util/file_read'*
>>>>> *LoadError: no such file to load -- facter/util/file_read*
>>>>> *from (irb):1:in `require'*
>>>>> *from (irb):1*
>>>>> *from :0*
>>>>> *irb(main):002:0> require 'facter'*
>>>>> *LoadError: no such file to load -- facter*
>>>>> *from (irb):2:in `require'*
>>>>> *from (irb):2*
>>>>> *from :0*
>>>>>
>>>>> Anyone help me
>>>>>
>>>>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/cf7b7c15-bc30-42b5-ab45-1e1a545add64%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: LoadError: no such file to load -- facter/util/file_read

how did you install puppet?  Do you have more than one install of ruby on 
your system?  Is it possible that when you invoke the interactive ruby 
console (irb) that it starts a ruby binary that has nothing to do with your 
puppet install?

On Tuesday, October 14, 2014 4:41:07 PM UTC-7, Spriya wrote:
>
> Hi Craig,
>
> even if i do  require facter. It is throwing me error.
>
> *irb(main):002:0> require 'facter'*
> *LoadError: no such file to load -- facter*
> *from (irb):2:in `require'*
> *from (irb):2*
> *from :0*
>
>
> On Tuesday, October 14, 2014 5:22:26 PM UTC-4, Craig White wrote:
>>
>> I don't see a 'file_read' method for Factor::Util
>>
>> Facter::Util.methods
>> => [:freeze, :===, :==, :<=>, :<, :<=, :>, :>=, :to_s, :included_modules, 
>> :include?, :name, :ancestors, :instance_methods, :public_instance_methods, 
>> :protected_instance_methods, :private_instance_methods, :constants, 
>> :const_get, :const_set, :const_defined?, :const_missing, :class_variables, 
>> :remove_class_variable, :class_variable_get, :class_variable_set, 
>> :class_variable_defined?, :public_constant, :private_constant, 
>> :module_exec, :class_exec, :module_eval, :class_eval, :method_defined?, 
>> :public_method_defined?, :private_method_defined?, 
>> :protected_method_defined?, :public_class_method, :private_class_method, 
>> :autoload, :autoload?, :instance_method, :public_instance_method, 
>> :psych_yaml_as, :yaml_as, :psych_to_yaml, :to_yaml_properties, :to_yaml, 
>> :nil?, :=~, :!~, :eql?, :hash, :class, :singleton_class, :clone, :dup, 
>> :initialize_dup, :initialize_clone, :taint, :tainted?, :untaint, :untrust, 
>> :untrusted?, :trust, :frozen?, :inspect, :methods, :singleton_methods, 
>> :protected_methods, :private_methods, :public_methods, :instance_variables, 
>> :instance_variable_get, :instance_variable_set, 
>> :instance_variable_defined?, :instance_of?, :kind_of?, :is_a?, :tap, :send, 
>> :public_send, :respond_to?, :respond_to_missing?, :extend, :display, 
>> :method, :public_method, :define_singleton_method, :object_id, :to_enum, 
>> :enum_for, :psych_y, :equal?, :!, :!=, :instance_eval, :instance_exec, 
>> :__send__, :__id__]
>>
>> Craig
>>
>> On Tuesday, October 14, 2014 2:01:15 PM UTC-7, Spriya wrote:
>>>
>>> Hi,
>>>
>>> I am am trying to execute my puppet facts using irb. so when i use irb. 
>>> It is throwing me error. No such file to load -- facter/util/file_read
>>>
>>> *$irb*
>>> *irb(main):001:0> require 'facter/util/file_read'*
>>> *LoadError: no such file to load -- facter/util/file_read*
>>> *from (irb):1:in `require'*
>>> *from (irb):1*
>>> *from :0*
>>> *irb(main):002:0> require 'facter'*
>>> *LoadError: no such file to load -- facter*
>>> *from (irb):2:in `require'*
>>> *from (irb):2*
>>> *from :0*
>>>
>>> Anyone help me
>>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/7167ec34-bfc8-4811-8812-9dde213bad1a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: LoadError: no such file to load -- facter/util/file_read

I don't see a 'file_read' method for Factor::Util

Facter::Util.methods
=> [:freeze, :===, :==, :<=>, :<, :<=, :>, :>=, :to_s, :included_modules, 
:include?, :name, :ancestors, :instance_methods, :public_instance_methods, 
:protected_instance_methods, :private_instance_methods, :constants, 
:const_get, :const_set, :const_defined?, :const_missing, :class_variables, 
:remove_class_variable, :class_variable_get, :class_variable_set, 
:class_variable_defined?, :public_constant, :private_constant, 
:module_exec, :class_exec, :module_eval, :class_eval, :method_defined?, 
:public_method_defined?, :private_method_defined?, 
:protected_method_defined?, :public_class_method, :private_class_method, 
:autoload, :autoload?, :instance_method, :public_instance_method, 
:psych_yaml_as, :yaml_as, :psych_to_yaml, :to_yaml_properties, :to_yaml, 
:nil?, :=~, :!~, :eql?, :hash, :class, :singleton_class, :clone, :dup, 
:initialize_dup, :initialize_clone, :taint, :tainted?, :untaint, :untrust, 
:untrusted?, :trust, :frozen?, :inspect, :methods, :singleton_methods, 
:protected_methods, :private_methods, :public_methods, :instance_variables, 
:instance_variable_get, :instance_variable_set, 
:instance_variable_defined?, :instance_of?, :kind_of?, :is_a?, :tap, :send, 
:public_send, :respond_to?, :respond_to_missing?, :extend, :display, 
:method, :public_method, :define_singleton_method, :object_id, :to_enum, 
:enum_for, :psych_y, :equal?, :!, :!=, :instance_eval, :instance_exec, 
:__send__, :__id__]

Craig

On Tuesday, October 14, 2014 2:01:15 PM UTC-7, Spriya wrote:
>
> Hi,
>
> I am am trying to execute my puppet facts using irb. so when i use irb. It 
> is throwing me error. No such file to load -- facter/util/file_read
>
> *$irb*
> *irb(main):001:0> require 'facter/util/file_read'*
> *LoadError: no such file to load -- facter/util/file_read*
> *from (irb):1:in `require'*
> *from (irb):1*
> *from :0*
> *irb(main):002:0> require 'facter'*
> *LoadError: no such file to load -- facter*
> *from (irb):2:in `require'*
> *from (irb):2*
> *from :0*
>
> Anyone help me
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/9a3e640b-d969-4694-91f1-315ca9741732%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: LoadError: no such file to load -- facter/util/file_read

I don't see a 'file_read' method for Factor::Util

Facter::Util.methods
=> [:freeze, :===, :==, :<=>, :<, :<=, :>, :>=, :to_s, :included_modules, 
:include?, :name, :ancestors, :instance_methods, :public_instance_methods, 
:protected_instance_methods, :private_instance_methods, :constants, 
:const_get, :const_set, :const_defined?, :const_missing, :class_variables, 
:remove_class_variable, :class_variable_get, :class_variable_set, 
:class_variable_defined?, :public_constant, :private_constant, 
:module_exec, :class_exec, :module_eval, :class_eval, :method_defined?, 
:public_method_defined?, :private_method_defined?, 
:protected_method_defined?, :public_class_method, :private_class_method, 
:autoload, :autoload?, :instance_method, :public_instance_method, 
:psych_yaml_as, :yaml_as, :psych_to_yaml, :to_yaml_properties, :to_yaml, 
:nil?, :=~, :!~, :eql?, :hash, :class, :singleton_class, :clone, :dup, 
:initialize_dup, :initialize_clone, :taint, :tainted?, :untaint, :untrust, 
:untrusted?, :trust, :frozen?, :inspect, :methods, :singleton_methods, 
:protected_methods, :private_methods, :public_methods, :instance_variables, 
:instance_variable_get, :instance_variable_set, 
:instance_variable_defined?, :instance_of?, :kind_of?, :is_a?, :tap, :send, 
:public_send, :respond_to?, :respond_to_missing?, :extend, :display, 
:method, :public_method, :define_singleton_method, :object_id, :to_enum, 
:enum_for, :psych_y, :equal?, :!, :!=, :instance_eval, :instance_exec, 
:__send__, :__id__]

Craig

On Tuesday, October 14, 2014 2:01:15 PM UTC-7, Spriya wrote:
>
> Hi,
>
> I am am trying to execute my puppet facts using irb. so when i use irb. It 
> is throwing me error. No such file to load -- facter/util/file_read
>
> *$irb*
> *irb(main):001:0> require 'facter/util/file_read'*
> *LoadError: no such file to load -- facter/util/file_read*
> *from (irb):1:in `require'*
> *from (irb):1*
> *from :0*
> *irb(main):002:0> require 'facter'*
> *LoadError: no such file to load -- facter*
> *from (irb):2:in `require'*
> *from (irb):2*
> *from :0*
>
> Anyone help me
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/d21fe09d-b49a-46a8-96e9-e8da91a866eb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] parameterized values displaying tooltip on ENC

I am trying to figure out if parameterized variables can be displayed when 
hovering over the appropriate section in an ENC. At the moment, I am 
playing with PE 3.3 with it's console/dashboard and my previous experience 
was with puppet 2.6.x and Foreman.

Simplified example, module resolv

# resolv/manifests/init.pp
class resolv (
  $ns1 = $resolv::params::ns1,
  ) inherits resolv::params {
  include resolv::config
}

# resolv/manifests/params.pp
class resolv::params {
  $ns1 = '192.168.0.1'
}

So when I am editing a node and adding an override in the puppet dashboard 
(ENC), I hover over the box $ns1 where I can override the value and it 
shows me what I will get if I don't override, which is 'default: 
$ns1::params::ns1' which is absolutely meaningless at that point and I was 
hoping it would show the assignment from params.pp

Is this just something I can't fix or am I misunderstanding how to use 
parameterized variables?

Craig

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/00163866-f938-41bd-a64a-143ea2b9840f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: Error: Could not retrieve local facts: undefined method `split' for [1, 2, 3, 4, 5]:Array

2014-10-10 Thread Craig White

Facter is basically a hash. You would want to name each specific 'fact' 
with a unique name as it would have one value - hash is a key => value pair.

On Friday, October 10, 2014 10:57:02 AM UTC-7, Spriya wrote:
>
> Hi,
>
> require 'facter'
>
> ary = [1,2,3,4,5]
>
> ary.each do |numbers|
> Facter.add("base") do
>   setcode do
>   "#{numbers} "
> end
> end
> end
>
> In the fact it is returning only 1 value. In the fact it is returning base 
> = 1 only not returning 2 3 4
>
> Help me
>
>
>
>
> On Friday, October 10, 2014 1:38:41 PM UTC-4, Craig White wrote:
>>
>> split is a string function
>>
>> your ary is an array as you defined it
>>
>> This will give you ruby functions for the Array class
>>
>> http://www.ruby-doc.org/core-2.1.3/Array.html
>>
>> Craig
>>
>> On Friday, October 10, 2014 7:39:05 AM UTC-7, Spriya wrote:
>>>
>>> Hi,
>>>
>>> when i am trying to do puppet custom facts to split [1,2,3,4,5] to 
>>> 1
>>> 2
>>> 3
>>> 4
>>> 5
>>>
>>> *It is throwing me error:*
>>> *Error: Could not retrieve local facts: undefined method `split' for [1, 
>>> 2, 3, 4, 5]:Array*
>>>
>>>
>>> *Here is my facts*
>>>
>>>
>>>
>>>
>>>
>>> *require 'facter'ary = [1,2,3,4,5]ary.map { |i| "'" + i.to_s + 
>>> "'"}.join(",")#str = ""ary.each do |i|#id,val = row[i] val = ary.split 
>>> ","Facter.add("base") do  setcode doiendendendAnyone, help me*
>>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/894bdfab-fa4c-4c42-aa22-8d487144b281%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: Error: Could not retrieve local facts: undefined method `split' for [1, 2, 3, 4, 5]:Array

2014-10-10 Thread Craig White

split is a string function

your ary is an array as you defined it

This will give you ruby functions for the Array class

http://www.ruby-doc.org/core-2.1.3/Array.html

Craig

On Friday, October 10, 2014 7:39:05 AM UTC-7, Spriya wrote:
>
> Hi,
>
> when i am trying to do puppet custom facts to split [1,2,3,4,5] to 
> 1
> 2
> 3
> 4
> 5
>
> *It is throwing me error:*
> *Error: Could not retrieve local facts: undefined method `split' for [1, 
> 2, 3, 4, 5]:Array*
>
>
> *Here is my facts*
>
>
>
>
>
> *require 'facter'ary = [1,2,3,4,5]ary.map { |i| "'" + i.to_s + 
> "'"}.join(",")#str = ""ary.each do |i|#id,val = row[i] val = ary.split 
> ","Facter.add("base") do  setcode doiendendendAnyone, help me*
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/3633db6e-d1cf-409e-8489-35073c05b23b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] What is wrong with this code?

2014-08-19 Thread Craig Dunn

On Tue, Aug 19, 2014 at 12:33 PM, Marc  wrote:

Hi all,
>
> The code snippet below is an isolation of the problem I am facing.
> I don't understand why this produces a duplicate declaration.
> Can anyone give an explanation?
>
> *$ cat test.pp *
> *class foo { contain foo::bar }*
> *class foo::bar { class { 'bar': } }*
> *class bar { notify { 'hello': } }*
> *include foo*
>
>
Within class foo::bar "bar" is being found in local scope (eg: it's
declaring itself).  Thats why fully qualified is always a good way to go to
be explicit about these things.  You need to explicitly require ::bar, not
bar...

class foo::bar { class { '::bar': } }

Craig


-- 
*Enviatics *| Automation and configuration management
http://www.enviatics.com | @Enviatics
Puppet Training http://www.enviatics.com/training/

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CACxdKhHbYp8M2Z%2BUXCwVXnGHRFzcb9A8E0R-wEas24feAGSFVQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: custom function to read inifile

Does this  meet your use 
case? 

On Wednesday, 23 July 2014 07:36:45 UTC+10, Ritesh Nanda wrote:
>
> Hello ,
>
> I was trying to write a custom function which would run on puppet master 
> take input a ini file , parse a section of that ini file and assign 
> its value to a variable .
> Something like 
>
> $test = iniread('example.ini', 'Program', 'path')
>
> This would assign the value to test variable when the functions runs on 
> the puppet master.
>
> iniread.rb file looks like 
>
> require 'rubygems'
> require 'inifile'
> module Puppet::Parser::Functions
>   newfunction(:iniread, :type => :rvalue) do |args|
> raise(Puppet::ParseError, 'inifile read(): Wrong number of arguments ' +
>   "given (#{args.size} for 3)") if args.size != 3
>
> filename = args[0]
> section = args[1]
> key = args[2]
>
> file = IniFile.load(filename)
> data = file[section]
> value = data[key]
> return value
>
>   end
> end
>
> It gives an error while running 
>
> Error 400 on SERVER: undefined method `[]' for nil:NilClass at 
> /etc/puppetlabs/puppet/modules/example/manifests/init.pp:45
>
> init.pp has 
>
> $test =iniread("example.ini", "Program", "path") 
>
>
> Doing that in ruby works 
>
> require 'inifile'
> filename = ARGV[0]
> section = ARGV[1]
> key = ARGV[2]
> file = IniFile.load(filename)
> data = file[section]
> InstPath = data[key]
> puts InstPath
>
> Help to this would be really appreciated. 
>
> Regards,
> Ritesh 
>
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/705ed63d-1ae5-4fb5-afbc-6dfa7b579154%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Integrating Puppet and VMware vCloud Application Director

I'm looking for anyone with experience integrating VMware vCloud 
Application Director and Puppet. How did you find it? Were there any 
particular challenges and/or triumphs?

One such challenge I have encountered is with the Application Director 
"update" phase. The VMware tool, lets you register newly created VMs with 
Puppet for a certain configuration profile to be applied as part of the 
initial "provision" phase however, it appears at present that the "update" 
feature of the tool cannot be used with Puppet. What I mean is that you 
cannot trigger an "update" (aka "puppet apply") from the VMware tool after 
the VM has been updated. Perhaps, this feature will be added in a later 
version. I am not sure yet if this is a good or bad thing or whether there 
are known workaround but it would be great to get any other perspectives on 
this.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/f9e0457c-311d-4c64-ac65-6ff8f3e037d3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: How to install Tomcat

You could start by downloading and trying out one of the Puppet Modules for 
Tomcat as listed 
at https://forge.puppetlabs.com/modules?utf-8=%E2%9C%93&sort=rank&q=tomcat

For information on installing Puppet Modules from Forge see 
http://docs.puppetlabs.com/puppet/latest/reference/modules_installing.html

For information on getting started with Puppet see 
http://docs.puppetlabs.com/learning/

On Tuesday, 22 July 2014 19:06:11 UTC+10, phani krishna wrote:
>
>
>
>  hi i am new to puppet 
>
> please can any one let me know how to install  tomcat on client machine 
>
> Thanks
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/f12d192a-af82-4bea-abe9-6f6afa2f4884%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: PE and VMWare Question