Re: [Puppet Users] Question about ssh
On 6/24/21 11:46 PM, keyze...@gmail.com wrote: > Hi > > I am using > *ghoneycutt/ssh* > * > * > *and for a specific user I want to create a local key if it doesn't > exist and then put it in the authorised file* > * > * > *I get the feeling I can do that with the above but are not sure how to * > * > * > *Thanks* > > -- > You received this message because you are subscribed to the Google > Groups "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to puppet-users+unsubscr...@googlegroups.com > <mailto:puppet-users+unsubscr...@googlegroups.com>. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/d11454aa-5bb8-43b8-b43b-7e7a49fa4009n%40googlegroups.com > <https://groups.google.com/d/msgid/puppet-users/d11454aa-5bb8-43b8-b43b-7e7a49fa4009n%40googlegroups.com?utm_medium=email_source=footer>. Hello, The module does not generate the keys for you. To add them to an authorized_keys file check out this link. https://github.com/ghoneycutt/puppet-module-ssh#manage-users-ssh_authorized_keys Best regards, -g -- Garrett Honeycutt -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/bba31524-441c-ac00-c6f7-7247863cae73%40garretthoneycutt.com.
Re: [Puppet Users] refactor use of ensure_packages to install new versions of php packages
On 10/12/20 5:10 AM, jochen@gmail.com wrote: > Hi all, > > I posted a question on Stackoverflow before the weekend, but no > responses and not many views yet, unfortunately. So please forgive me > asking this again here. refactor ensure_packages to switch version of > installed packages https://stackoverflow.com/q/64284862/13088564?sem=2 > > > I am successfully installing several PHP modules by version with puppet > on Debian linux like this: > > $php_version = '7.3' > ensure_packages([ > "php$php_version-xml", > "php$php_version-zip", > "php$php_version-curl", > "php$php_version-mbstring", > "libapache2-mod-php$php_version", > ], > { 'ensure' => 'present', } ) > > now I want to prepare for an update from PHP 7.3 to 7.4. This basically > works, but the 7.3 packages stay installed. I would like to adapt the > code to remove the old packages. I am looking for a way to reuse the > list of packages of modules for uninstalling. > > I am thinking of a signature like this > > class profile::software::apache ( > $php_version = '7.4', > $php_remove = ['7.0‘, ‘7.3'] > , #... > ) { > > $myPackages = [ > "php$php_version-xml", > "php$php_version-zip", > "php$php_version-curl", > "php$php_version-mbstring", > "libapache2-mod-php$php_version", > ] > > ensure_packages($myPackages, { > 'ensure' => 'present', > } ) > > $php_remove.each | String $php_version | { > ensure_packages($myPackages, > { > 'ensure' => 'absent', > } ) > } > } > > Is there a way to solve this? > > thx > > -- > You received this message because you are subscribed to the Google > Groups "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to puppet-users+unsubscr...@googlegroups.com > <mailto:puppet-users+unsubscr...@googlegroups.com>. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/64abfa9c-5b7a-4aac-8a78-8e5152e8d66cn%40googlegroups.com > <https://groups.google.com/d/msgid/puppet-users/64abfa9c-5b7a-4aac-8a78-8e5152e8d66cn%40googlegroups.com?utm_medium=email_source=footer>. Hi Jochen, Can Puppet handle this, yes! Should it, absolutely not. As you have seen from the posts you are going to quickly have a huge list of things you do not want on your system which becomes hard to manage. Instead of that, suggest you manage what packages are available in your repositories. You can tell puppet to install php-whatever and not specify 7.3 vs 7.4 vs 7.4.2, etc. You could have systems in different environments use different paths in your repo definitions such that you can test new packages in a pre-production environment and then update the URL's in other environments. You will end up with a much more reliable change management process for patching than attempting to track all the versions in Puppet. Best regards, -g -- Garrett Honeycutt -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/eb2655bd-b4ee-d487-e646-1ad2ad537120%40garretthoneycutt.com.
Re: [Puppet Users] LDAP ? User type provider documentation ? Hiera Back End ?
On 8/13/19 6:10 PM, 'Dan White' via Puppet Users wrote: > On Aug 13, 2019, at 9:04 PM, 'Dan White' via Puppet Users > mailto:puppet-users@googlegroups.com>> > wrote: > >> Is there any current documentation about how to create user resources >> with an ldap provider ? > > Let me be a bit more specific on this question. I am looking for the > setup details to allow Puppet to get the user information from ldap. I > am guessing this is a “read-only” thing and that the user must exist in > ldap before Puppet can use it. > > —- > > "Sometimes I think the surest sign that intelligent life exists > elsewhere in the universe is that none of it has tried to contact us." > > Bill Waterson (Calvin & Hobbes) > > -- > You received this message because you are subscribed to the Google > Groups "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to puppet-users+unsubscr...@googlegroups.com > <mailto:puppet-users+unsubscr...@googlegroups.com>. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/F74722AC-1F84-4C4C-8F3B-BF130616144B%40icloud.com > <https://groups.google.com/d/msgid/puppet-users/F74722AC-1F84-4C4C-8F3B-BF130616144B%40icloud.com?utm_medium=email_source=footer>. Hi Dan, Surprised by this idea and curious about your use case. Puppet is better for modeling resources on a system as opposed to data in an external database, which is what users are in LDAP. Normally you would use Puppet to manage local users as well as the setup necessary for nsswitch, sssd/nscd and pam so the system can resolve users and groups from LDAP. Best regards, -g -- Garrett Honeycutt Tailored Automation https://tailoredautomation.io -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/73fc8362-c8ea-6077-910d-35a051febf92%40garretthoneycutt.com.
Re: [Puppet Users] Latest version of lookup_http not in rubygems.org
On 2/19/19 4:23 PM, Peter Krawetzky wrote: > I'm trying to an SSL connection from puppetserver to a couchdb no-sql > database for hiera lookup data. I have both hiera-http and lookup_http > installed however the version of lookup_http.rb file that gets installed > from running the puppetserver gem install command is 1.0.3. The version > I want to install is 1.4.0 https://github.com/crayfishx/lookup_http > > Is there any way I can get the 1.4.0 version installed on my > puppetserver? SSL was supported in 1.2.0 so I figured I would just > install the latest. > > -- Hi Peter, I think there might be confusion between lookup_http and hiera_http. The latest release for lookup_http[1] is 1.0.3. Its docs reference 1.4.0 for hiera_http[2]. The hiera_http repo references using couchdb, so hope that gets you on the right track. [1] - https://rubygems.org/gems/lookup_http [2] - https://github.com/crayfishx/hiera-http Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/5d51f23a-777e-1293-7a0a-9c57afc92d9f%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] puppet-rspec - external modules? use vendored instead of download?
On 5/6/18 5:02 PM, Joaquin Menchaca wrote: > I am getting started with puppet-rspec, and I setup my external modules > required in the site/$module/.fixtures.yml, with something like > > --- > fixtures: > forge_modules: > apt: puppetlabs/apt > stdlib: puppetlabs/stdlib > debconf: stm/debconf > > I noticed that these are downloaded each and every time I run my tests > (and with slow internet, this is not fun). Could I point these to my > vendored modules instead in ../../modules? > > What is typical configuration? > > I'm thinking for local development environment, I really do want to use > vendored modules, not download these puppies each time (or just download > if I changed metadata.json). For CI environment, I can see how that'd > make sense to download each and every time. > > Hi Joaquin, When you run `rake spec` it runs the equivalent of the following three commands. `rake spec_clean` # Clean up the fixtures directory `rake spec_prep` # Create the fixtures directory `rake spec_standalone` # Run RSpec code examples You could run the following once. `rake spec_clean spec_prep` Then run this as you are working on the module. `rake spec_standalone` Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/3ae66002-cc58-f8af-e926-63acebdbf09d%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] rspec cannot load required gems
On 4/23/18 4:38 PM, Michael Watters wrote: > Has anybody used rspec-puppet to run tests using a function that > requires external ruby gems? I'm running unit tests on resources that > call functions in the puppet_thycotic module however rspec is failing > with an error as shown below. > > Failure/Error: require 'parseconfig' > > Puppet::PreformattedError: > Evaluation Error: Error while evaluating a Function Call, Could > not autoload puppet/parser/functions/getsecret: cannot load such file -- > parseconfig at > /home/username/projects/puppet/modules/example/spec/fixtures/modules/example/manifests/hostname.pp:32:20 > on node host.example.com > > I've installed the parseconfig gem using both the gem and puppet_gem > providers but rspec still complains that it can't find the file. Any > idea how to resolve this? Is there another directory where rspec looks > for gem packages? > Hi Michael, Try putting the gem in your Gemfile and using bundler when you invoke rspec, such as `bundle exec rake spec_standalone` or `bundle exec rspec`. Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/8df25700-205c-8a3d-cb1b-b7238dbe43c3%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Re: Custom fact producing different results
:ff:ff:ff > 5: br-private: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc > noqueue state UP group default > link/ether 00:30:48:7e:52:19 brd ff:ff:ff:ff:ff:ff > inet 10.0.2.10/24 <http://10.0.2.10/24> brd 10.0.2.255 scope > global br-private > valid_lft forever preferred_lft forever > inet 10.0.2.1/32 <http://10.0.2.1/32> scope global br-private:0 > valid_lft forever preferred_lft forever > inet6 fe80::230:48ff:fe7e:5219/64 scope link > valid_lft forever preferred_lft forever > 9: tap0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast > master br-public state UNKNOWN group default qlen 500 > link/ether fe:2d:b0:c6:2b:58 brd ff:ff:ff:ff:ff:ff > inet6 fe80::fc2d:b0ff:fec6:2b58/64 scope link > valid_lft forever preferred_lft forever > 10: tap1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc > pfifo_fast master br-public state UNKNOWN group default qlen 500 > link/ether fe:69:06:4b:83:19 brd ff:ff:ff:ff:ff:ff > inet6 fe80::fc69:6ff:fe4b:8319/64 scope link > valid_lft forever preferred_lft forever > > require 'facter/util/ip' > > def has_address(interface) > ip = Facter::Util::IP.get_interface_value(interface, 'ipaddress') > if ip.nil? > false > else > true > end > end > > def is_internal(interface) > rfc1918 = Regexp.new('^10\.0\.1\.') > ip = Facter::Util::IP.get_interface_value(interface, 'ipaddress') > if rfc1918.match(ip) > true > else > false > end > end > > def find_networks > found_public = found_internal = false > Facter::Util::IP.get_interfaces.each do |interface| > if has_address(interface) > if is_internal(interface) > found_internal = true > else > found_public = true > end > end > end > [found_public, found_internal] > end > > # these facts check if any interface is on a public or internal network > # they return the string true or false > # this fact will always be present > > Facter.add(:is_internal) do > confine :kernel => Facter::Util::IP.supported_platforms > setcode do > found_public, found_internal = find_networks > found_internal > end > end > > Facter.add(:interfaces_internal) do > confine :kernel => Facter::Util::IP.supported_platforms > setcode do > iface="" > Facter::Util::IP.get_interfaces.each do |interface| > if has_address(interface) > if is_internal(interface) > iface += "," unless iface.empty? > iface = iface + Facter::Util::IP.alphafy(interface) > end > end > end > iface > end > end > > -- Hi, Suggest writing unit tests. The practice of writing them often exposes issues with your implementation. Here's a simple one that shows how you can define your expectations and stub out commands. https://github.com/ghoneycutt/puppet-module-ssh/blob/master/spec/unit/facter/ssh_spec.rb BTW, you might want to think of another approach than relying on the network as a source of truth. As your network grows and changes, you will have tight coupling between what your systems do and the IP's they have. Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/6efad7be-2860-d0c2-4cbc-c33203063716%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Location of config files in roles/profiles pattern
On 6/17/17 7:06 PM, Rob Nelson wrote: > Jtc, > > I keep my templates and files in the profile class itself, in paths like > files/phpMyAdmin/config.php and templates/randomapp/app.conf.erb. I have > a site_config module that has some files that aren't tied to profile > development, like certs. Other than that, I DO put config files in the 2 > component modules that are private (everything else is from the forge). > > I hope that gives you some ideas. > > On Sat, Jun 17, 2017 at 2:41 PM J.T. Conklin <j...@acorntoolworks.com > <mailto:j...@acorntoolworks.com>> wrote: > > > Over the past year or so, we've completed a transition from locally > developed puppet modules containing node-specific configuration, to > using the roles/profiles pattern with parameterized modules with most > config values coming from hiera. > > One exception to this are config files that are too specific, to > complicated, or otherwise not suitable for conversion to templates. At > the moment, these are still in our puppet modules. Not only does this > bind node-specific configuration in with otherwise independent modules, > now that all our other node-specific configuration is done with hiera, > the config is split across two places -- which makes it hard to under- > stand. > > I spent some time look for articles and blog posts that cover this, but > all the examples I've seen show use cases where module configuration is > completely taken from hiera. How do others handle this? Store files in > the profiles module itself? > > Thanks in advance, > > --jtc > > -- > You received this message because you are subscribed to the Google > Groups "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, > send an email to puppet-users+unsubscr...@googlegroups.com > <mailto:puppet-users%2bunsubscr...@googlegroups.com>. > To view this discussion on the web visit > > https://groups.google.com/d/msgid/puppet-users/87a856sbhk.fsf%40wopr.acorntoolworks.com. > For more options, visit https://groups.google.com/d/optout. > > -- > Rob Nelson > Hi, I do something similar by keeping files and templates in profiles module and encode the name of the profile into the path. So for profile 'foo' I might have profile/templates/foo/ and profile/files/foo/ that would each contains templates and files, respectively. Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/49c65d38-232d-7f1f-24c3-bc9e767ee32a%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] How to create init-scripts and immediately use them in a service?
On 5/19/17 8:40 AM, Martijn wrote: > Hi all, > > Looking for advice. > > We're about to deploy queue-workers, which are essentially a > shell-script which calls the PHP binary which keeps running and polling > the jobqueue for jobs. Each website that we deploy to a server will get > a queue-worker. These workers (there will be multiple per server) need > to be kept running and should be started on boot, etc. > > Sound like an init-script for each worker would do the trick. My goal is > to make it easy for developers to deploy new workers, i.e. they should > be able to create a new init-script, pointing to the location of their > shell-script, and be able to count on it getting deployed and started on > the server. > > In other words: > 1. The developer writes a shell-script called queue.sh and deploys it in > the root of the website's directory. The shell-script starts the php cli > binary which keeps running until it's stopped or dies for some reason. > 2. They call a single define in our Puppet code that takes the path to > queue.sh as a parameter and ensures the init-script is created from a > template. > 3. The server picks up the init-script and starts managing the service. > 3. The init-script takes care of running the queue.sh script at boot and > can stop/restart it when needed. > 4. Repeat for each website. > > For the moment, we're on Ubuntu 14.04 so Upstart scripts would be a > logical choice. In the future we'll move to Ubuntu 16.04, with systemd. > > I created a define that we can add to a node manifest. Here's an example > of how I imagine calling this define: > > | > site::queueworker {'website01':path =>'/var/www/website01/queue.sh'} > | > > This drops a new Upstart init-script in /etc/init/ based on a template: > | > /etc/init/queue-website01.conf > | > > I'm unsure if/how I can immediately use this new Upstart service in a > service, e.g.: service {'queue-website01': ensure => running, enable => > true}. I mean, how do Puppet and the init system know about the new service? > > Will that work, or am I going about this completely the wrong way? > Should I be using supervised or something else instead? > > Thanks for any advice you can give. > Martijn > Hi Martin, Suggest that you package your software. This way the init script lives next to the other shell scripts and software necessary and not separated between repos. You can setup a pipeline tool like Jenkins to monitor your repo and then create and deploy packages automatically with FPM[1], which makes creating packages really simple. This would simplify your code quite a bit such that your queueworker define is just managing a package and a service. [1] - https://github.com/jordansissel/fpm/ Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/84bf0c53-d92b-ce10-2a19-b34e15acb267%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Equivalent of Require, but slightly different
On 5/15/17 9:28 PM, Ugo Bellavance wrote: > Hi, > > I'm working on a public puppet module and while I've done a lot of > improvements up to now (especially considering my puppet capabilities), > there is still a lot of work to do and I'd need some help for my next > step. My repo is https://github.com/ubellavance/ZendServerPuppet and my > next target is to make sure that an application action is not done > before the bootstrap is complete. Explanations: the module performs a > "bootstrap" process at the first puppet run (just after installing the > packages). If I set an application action (define, for example) before > the bootstrap process is complete (which would obviously happen), there > is an error with obscure error messages provided by the Zend Server API, > which isn't really user-friendly and it causes a failure of the puppet > run. There is a fact that is set to true if the bootstrap is complete: > $::zend_gui_completed. I tried doing a conditional statement using this > variable but I don't know how to just do nothing for the application > action and just output a message (notify) saying that the application > actions will be applied after the bootstrap. It is a bit tricky because > before the bootstrap it doesn't exist, so it is undefined, and once the > bootstrap is complete, it equals to true. > > I tried this, in application.pp, but it looks like the if doesn't work > because the notify occurs every time > > if $::zend_gui_completed != true { > > notify {"zend_gui_completed = $::zend_gui_completed. Bootstrap must > run first. Application settings will be applied after Bootstrap is > done": } > > } > > > Here's the output: > > > Notice: > /Stage[main]/Main/Node[default]/Zendserver::Application[patate]/Notify[zend_gui_completed > = true. Bootstrap must run first. Application settings will be applied > after Bootstrap is done]/message: defined 'message' as > 'zend_gui_completed = true. Bootstrap must run first. Application > settings will be applied after Bootstrap is done' > > > Could someone help me figure out how to make the if work, and, even more > important, if there is a way to "bypass" the zendserver::application > blocks if zend_gui_completedis not true? > > > Here's my application::define: > > > zendserver::application { 'patate': > > ensure => 'define', > > base_url => "http://patate.com <http://patate.com/>", > > version => "2", > > logo => "/usr/share/pixmaps/poweredby.png" > > } > > > Please let me know if you need more information. > > > Thanks, Hi, Your comparison of $::zend_gui_completed is never boolean true, so the notify always happens. Perhaps your fact is returning a string and not a boolean. Put this in your code just above the conditional statement. $zgc_type = inline_template('<%= @zend_gui_completed.class %>') notify { "zend_gui_completed is type ${zgc_type}": } If it is a string, check out str2bool() from stdlib[1]. [1] - https://github.com/puppetlabs/puppetlabs-stdlib#str2bool Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/4153b999-d7b3-d4e8-1042-142ccbd7a0dd%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Re: apt/yum.downloads.puppetlabs.com CDN & rsync deprecation
+1 to an alternate rsync service. A lot of us already have tooling built up around rsync, so this change breaks work flows. It also comes without warning for a service that has been around for ages. Best regards, -g On 4/24/17 7:19 AM, Andreas Paul wrote: > We would also be interested in an alternative server to rsync from. > > Best regards, > Andreas Paul > > On Monday, April 24, 2017 at 2:46:24 PM UTC+2, Chris Kuehl wrote: > > Is there an alternative server we can rsync from? We've been using > ftpsync (the recommended tool > <https://www.debian.org/mirror/ftpmirror> for mirroring apt > repositories), which worked great until this was turned off. ftpsync > appears to be at least somewhat superior to the other options. > > Thanks, > Chris > > On Friday, April 21, 2017 at 1:54:36 PM UTC-7, Daniel Dreier wrote: > > On Wednesday we put yum.puppetlabs.com > <http://yum.puppetlabs.com> and apt.puppetlabs.com > <http://apt.puppetlabs.com> behind the CloudFront CDN in order > to accelerate downloads for overseas users. Both repositories > have historically been served from the Linode Fremont > datacenter, and download performance from Australia and Asia in > particular are dramatically faster with the CDN than without. > > One side effect is that we no longer support rsync. Other tools > like mrepo, reposync, and apt-mirror can sync to your local > mirror via HTTP. Since you'll be accessing cached content from a > local CloudFront edge location, HTTP mirroring should be very > fast for most users. > > -- > Daniel Dreier > Technical Operations Engineer > GPG: BA4379FD > > -- > You received this message because you are subscribed to the Google > Groups "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to puppet-users+unsubscr...@googlegroups.com > <mailto:puppet-users+unsubscr...@googlegroups.com>. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/d1c9a550-cc51-48bb-8d5b-3c6d4c5477b8%40googlegroups.com > <https://groups.google.com/d/msgid/puppet-users/d1c9a550-cc51-48bb-8d5b-3c6d4c5477b8%40googlegroups.com?utm_medium=email_source=footer>. > For more options, visit https://groups.google.com/d/optout. -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/f49fa010-955c-e17d-2232-95d530d80c45%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] removing "minimum_uid=1000" value from all my pam config files
On 3/30/17 1:58 PM, Peter K wrote: > I'm trying to remove a specific configuration value, "minimum_uid=1000", > from multiple lines in several files (currently 5 files) in /etc/pam.d/. > A typical line looks like this: > | > auth [success=1default=ignore] pam_ldap.so use_first_pass > minimum_uid=1000 > | > > I've tried exec and sed, but I couldn't figure out the necessary > escaping to get the filename variable to parse (here I test with 'abc'): > | > define removeMinimumUID(){ > exec { '${filename}': > command => "/usr/bin/sed -i \'s|abc|cab|g\' ${filename}", > onlyif => '/usr/bin/test -e ${filename}', > refresh => '/usr/bin/true', > provider => 'posix', > logoutput => on_failure, > } > } > > RemoveMinimumUID { "/mnt/NY_Interactive/dev/peter/puppet/abc.txt": } > | > > Error: > Executing: '/usr/bin/sed -i 's|abc|cab|g' '^[[0m > ^[[mNotice: > /Stage[main]/Main/Removeminimumuid[/mnt/NY_Interactive/dev/peter/puppet/abc.txt]/Exec[${filename}]/returns: > /usr/bin/sed: no input files^[[0m > > If I substitute the fully qualified filename with the filename variable > on the 'commmand' parameter line, the script runs fine. > > > > Then I tried stdlibs' file_line but I couldn't figure out how to replace > a substring without identifying the entire replacement string: > | > > > file {'/home/peter/dev/puppet/abc.txt': > ensure=>present, > }-> > file_line {'Append a line to /home/peter/dev/puppet/abc.txt': > path =>'/home/peter/dev/puppet/abc.txt', > line =>'cab', > multiple =>true, > match =>"abc$", > } > | > > > I'm currently looking at augeas but no luck yet. > > Suggestions? > thx... > Hi Peter, The Puppet approach would be to specify the end state as opposed to running sed against a file. The sed approach will ensure you removed a specific line, though it does not ensure the content of the entire file. This is especially important with PAM to ensure it is configured correctly. Checkout my Puppet Approved pam module[1] where you can specify what lines should be in your pam configs. [1] - https://forge.puppet.com/ghoneycutt/pam Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/0bbe179f-fca4-db60-53a0-920c10d85e59%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Re: What's the best way to deal with multiple OS's
On 2/24/17 5:30 PM, Nate B wrote: > // , Is there a better way to deal with this in later versions of Puppet? > > I lean toward using different manifests for different operating system > variations, but like the original poster says, no matter how one > organizes the logic, it still gets tedious. > > Puppet 4.9 doesn't even seem to have in line selectors: > https://docs.puppet.com/puppet/latest/lang_summary.html#selectors > > https://duckduckgo.com/?q=inurl%3Ahttps%3A%2F%2Fdocs.puppet.com%2Fpuppet%2Flatest%2F+%22selectors%22=h_=web > > Should I consider having a different module for each OS, say, a module > named appcerts_pkgs_windows and a module named appcerts_pkgs_linux, with > different manifests for the variations under each? > > The whole point of Puppet is to manage multiple operating systems and > variations from a single source. It would surprise me if they didn't > have a solution, but I just can't seem to find it. > > On Friday, September 30, 2011 at 11:33:50 AM UTC-7, Jeff Falgout wrote: > > We're in the situation of dealing with multiple operating systems > (and will likely add another) and I'm quickly realizing that > building logic in the manifest to deal with the differences in Red > Hat i386 vs Red Hat x86_64 vs SuSE i586 vs SuSE x86_64 vs Mac is > getting tedious. For instance, in the sshd_config: > > SLES i586 has the sftp-server binary in a different path than the > x86_64 version and it's different than RHEL - so I end up with logic > as such: > > # Set the SFTP Path > if $lsbdistid == 'SUSE LINUX' { >if $architecture == 'x86_64' { > $sftppath = '/usr/lib64/ssh/sftp-server' >} else { > $sftppath = '/usr/lib/ssh/sftp-server' >} > } else { >$sftppath = "/usr/libexec/openssh/sftp-server" > } > > > Is there a better way to deal with different OS's or is the long and > winding road of config mgmt? > > Do people do something like: > > include ssh::server::$operatingsystem > > class ssh::server::RedHat { > blah > } > > class ssh::server::SLES { > blah > } > > > Different modulepath? Different puppet servers based on OS? > > Cheers, > > Jeff > > -- Hi Jeff, Most of my modules support a bunch of OS's including Debian, EL, Solaris, Suse and Ubuntu and at different releases. To do this, I have to encode a lot of default data into the module. Consider the following pattern. If you do not specify a value for the package parameter, it will use the default for that osfamily. class foo ( $package = undef, ) { case $::osfamily { 'Debian': { $default_package = 'foo2' } 'RedHat': { $default_package = 'foo' } default: { fail('foo supports EL and Debian osfamilies') } } if $package == undef { $package_real = $default_package } else { $package_real = $package } package { $package_real: ensure => 'present', } } Take a look at my ssh module. It is approved by Puppet and works on 13 different platforms and takes into account the processor type for Suse as you mentioned above. https://forge.puppet.com/ghoneycutt/ssh/readme I tend to use case statements for all of the different platforms and avoid using subclasses such as foo::debian and foo::redhat. While I generally opt for putting all configuration into the same template such as with the ssh module, sometimes the platform differences are quite different, in which case I use platform specific templates. For an example of this, check out my Puppet approved module for inittab. https://forge.puppet.com/ghoneycutt/inittab Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/8cfb1168-2d9e-225b-9ef8-d7066e36ec4d%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Manage delivery and execution of RPMs not in YUM
On 3/2/17 9:58 AM, warron.french wrote: > Hello all, > can someone please advise me on a proper set of syntax (a file to look > at) for an example to follow to solve the following challenge: > > 1. I have 2 deliver 2 *.rpm files that are not in a YUM repository, so > I dropped them into the files directory of my module path. > 2. I need to be able to execute each of them either together, or > _A.rpm before B.rpm_ > 3. __Then execute a shell script that requires the 2 RPMs to be in > place before that happens. > > I am starting to get into slightly more complicated modules, instead of > simply delivering basic ASCII text files using *content => > template('modulename/some.erb')*. > > I just need an example that is know to provide proper execution, proper > syntax, and something I can learn from correctly. I am still building > the foundation of my understanding, so troubleshooting someone else's > code isn't going to be too good for my development yet. > > > Thank you in advance, > -- > Warron French > Hi Warron, What you want to accomplish is a bad idea and you should use a yum repo and definitely not check in binary data with your modules. You could at least store the rpm's somewhere and then download them from that canonical source. Take a look at Artifactory which can help with where to store things such as your random rpm's. Sometimes you have to automate what you have before you build something better. Suggest writing an exec resource that can handle what you are trying to do. The key here is to have two commands. One that checks to see if you are already in the desired state and another to get you to the desired state. Figure that out without Puppet and once you have those commands, you can write a manifest. Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/4fc045bb-3e5f-f9d4-88a6-688ca3e3436b%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] how to use external facts in a template?
On 1/25/17 6:43 AM, Sans wrote: > Dear all, > I'm having this issue and running out of ideas. > I have this two external facts (defined in > /etc/facter/facts.d/extn_git_facts.txt): > > | > > root@p19-d-pmaster-001:~# facter|grep ks_git > ks_git_puppet-hiera =>master > ks_git_puppet-master =>develop > | > > I want to use these two facts in a template. Here is my pseudo code: > | > > <%- > git_repos =['puppet-hiera','puppet-master'] > git_repos.each do|g_repo| > git_branch ="ks_git_#{g_repo}" > git_br_name =Facter.value("ks_git_#{g_repo}") > -%> > GIT_BRANCH :: <%=git_branch %> > GIT_BRANCH_NAME :: <%=git_br_name %> > <%- > end > -%> > | > > and I don't get anything returned by `git_br_name` at all. If I use the > same code in irb console, it works just fine: > > | > irb(main):012:0>require'facter' > =>true > irb(main):013:0>git_repos =['puppet-hiera','puppet-master'] > =>["puppet-hiera","puppet-master"] > irb(main):014:0>git_repos.each do|g_repo| > irb(main):015:1*p Facter.value("ks_git_#{g_repo}") > irb(main):016:1>end > "master" > "develop" > =>["puppet-hiera","puppet-master"] > | > > > What am I doing wrong in the template? if I use some other built-in > facts instead, e.g. `Facter.value(:hostname)` - it works just okay. Does > mean the external facts cannot be used in template? Thanks in advance. > > Best, > Santanu > > -- Hi Sans, I think your ERB syntax may be off. Here's an example doing something similar. Instead of Facter.value() just put an @ in front of the fact name. <% @nameservers.each do |nameserver| -%> nameserver <%= nameserver %> <% end -%> Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/b82abd3d-f322-f243-50be-3ca98b593afa%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] How to read in file into array of hashes to use build start script template
On 1/13/17 4:15 PM, James Perry wrote: > After spending most of they day digging around and researching, I find > Puppet's immutable variables are keeping me from properly handling what > I'm trying to do, so I want to see if anyone else has some suggestions > on how to handle was I need to accomplish. > > Goal: Ingest a CSV file provided by a user and generate a start / stop > script, dynamically, for every server in scope, based on CSV file. > > CSV Format: > SERVER,start command > > Example. > SERVERA, /usr/local/bin/prog start databasea > SERVERA, /usr/local/bin/prog start databaseb > SERVER1, /usr/local/bin/prog start database123 > > > The basic design I had in mind for the manifest is to: > 1. Read in the file as provided, > 2. Convert , to downcase(A) => B > 3. if $hostname == A >$my_server_script_lines = $my_hash[A][B] >file { > ... > content => template("basic_start_script"), > } > > 4. Create a template that runs through the $my_server_script_lines to > put each start line under start) and under stop) after doing a substr > replacement of start for stop in B. > > Code so far > include stdlib > $my_data = file("/home/me/database.csv") > $my_subst = downcase(split($my_data2,'[,\n]')) > $my_hash = hash($my_subst) > > notice ($my_hash[SERVERA]) > > $ puppet apply --verbose test.pp > Info: Loading facts > *Notice: Scope(Class[main]): '/usr/local/bin/prog start databaseb'* > Notice: Compiled catalog for myhost.net in environment production in > 0.16 seconds > Info: Applying configuration version '1484340247' > Notice: Applied catalog in 0.03 seconds > > Here are the values of the variables as it processes through > > $my_data = "SERVERA,/usr/local/bin/prog start databasea > SERVERA,/usr/local/bin/prog start databaseb > SERVERB,/usr/local/bin/prog start database123" > > $my_subst = [servera, '/usr/local/bin/prog start databasea' , servera, > '/usr/local/bin/prog start databaseb' , serverb, '/usr/local/bin/prog > start database123' ] > > $my_hash = {servera => '/usr/local/bin/prog start databaseb' , serverb > => '/usr/local/bin/prog start database123' } > > So I already know why the hash conversion dropped the "start databasea" > for the servera key, what I can't seem to figure out is how to have it > convert into a array of value pairs for a specific key. > >{ servera => ['/usr/local/bin/prog start > databasea', '/usr/local/bin/prog start databaseb'], serverb => > ['/usr/local/bin/prog start database123'] } > > I tried various iterations of .each to try to create and fill the array > pointed to by the hash, but Puppet doesn't permit that as it would be > changing an already assigned variable / hash. > > I was able use the $my_subst variable in an erb template to create the > start/stop lines. It worked ok for the 3 line example above, but when I > got to dozens of servers / start lines being applied to hundreds of > servers on each check-in it soon killed the CPU in my master server as > it ran through a loop checking if $hostname == servername. > > Is it possible to have Puppet handle parsing the data in $my_substr, or > even right from the raw file data to do the following? >1. Run through incoming data to fill start command array. > ['/usr/local/bin/prog start databasea', '/usr/local/bin/prog start > databaseb'] >2. Assign that to the array of key-pairs. { servera => > ['/usr/local/bin/prog start databasea', '/usr/local/bin/prog start > databaseb'], serverb => ['/usr/local/bin/prog start database123'] } > > Thanks! > Hi James, One approach would be to not do it within a puppet manifest and instead transform that data with a language you are familiar with and have it write to its own file in Hiera as YAML or JSON. Once the data structure is there, you can use the create_resources() function to create the resources from the data in Hiera. Another approach would be to write a custom function or ENC that uses your CSV as the data store and for a given server respond with the start command. If you are not familiar with ruby, the custom ENC would be easier, since it can be in any language. Instead of a CSV, you might want to look at Consul which can host key/value pairs for you. You can then query it to see which databases are associated with a given server. Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/fd4a21e3-1820-ace5-36f9-407a5d980c20%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Open source puppet performance monitoring/tuning?
On 1/13/17 1:46 PM, R.I.Pienaar wrote: > > > - Original Message - >> From: "dkoleary" <dkole...@olearycomputers.com> >> To: "puppet-users" <puppet-users@googlegroups.com> >> Sent: Friday, 13 January, 2017 19:43:20 >> Subject: Re: [Puppet Users] Open source puppet performance monitoring/tuning? > >> Hi, Garret; >> >> Your suggestion to review last_run_summary.yaml results in one huge step in >> the right direction. >> >> # grep file: /opt/puppetlabs/puppet/cache/state/last_run_summary.yaml >> file: 121.817228425 >> >> So, how do I go about finding out which file resource(s) are causing the >> problem? > > You can use https://github.com/ripienaar/puppet-reportprint to report on slow > things > > See the sample report. > > I think it'll work with Puppet 4, it's been a while, open an issue if it > doesnt > Thank you RI! This is really helpful and it works great with Puppet v4. -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/8cf0f290-fef6-368e-ee1a-25373be8ed46%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Open source puppet performance monitoring/tuning?
On 1/12/17 3:46 PM, dkoleary wrote: > I think I've taken my open source puppet server to the limits; but, I'd like > to be able to confirm that and find out what resources are needed. > > Short version of the problem: When we first started, puppet agent runs would > take 5-10 seconds. Now, while we still have a limited number of modules, > we're looking at 1400+ systems under management. Most runs still take in the > 5-10 second range but a growing number are taking 400+ seconds to complete. > > Short version of the question: How do I know what needs to be tuned or > examined? > > An example: the first paragraph of > https://docs.puppet.com/pe/latest/config_puppetserver.html says "Tuning JRuby > on Puppet server". What would be the symptom that suggests JRuby needs tuning? > > An ISBN for a book would be great. I find all sorts of books on learning > puppet but not too many on tuning it. > > Any hints or suggestions will be greatly appreciated. > > Doug O'Leary > Hi Doug, The times for agent runs typically do not correspond to any Puppet related tuning. The places that the agent comes into contact with the master during a puppet run, once they have received the catalog is file serving, filebucketing changed files and sending a report. Metrics to look for are how long does it take your puppet master to compile a catalog and are any of your agents timing out when requesting catalogs. Try checking out last_run_summary.yaml for figuring out which resources take the most time during the agent run. Typically I see poorly configured name servers and requests outside of the network as ways in which the agent will take longer to run. This thread might also help. https://ask.puppet.com/question/3/where-can-i-find-information-about-sizing-for-puppet-servers/ Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/cf9f5d0b-dd54-6deb-de9d-a93a6f5abd20%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] lspci via facter
On 1/5/17 6:27 AM, Cam Mac wrote: > Hi, > > I'm trying to get videocard information into facter for installation of > drivers. I've been able to > get to the point of getting it to work in ruby, but not in Puppet. One > thing I need to do is > remove non-word characters, such as brackets, hash symbols, etc, as I > run a grep command > in my Puppet manifest which doesn't work when certain special characters > are present (apart from a comma). > > This is what I have so far: > > require 'facter' > > Facter.add("videocard") do > confine :kernel => :linux > ENV["PATH"]="/bin:/sbin:/usr/bin:/usr/sbin" > setcode do > ctrl = [] > lspciexists = system "/bin/bash -c 'which lspci >&/dev/null'" > if $?.exitstatus == 0 > output = %x{lspci} > output.split("\n").each {|s| > if s =~ /VGA\s+compatible\s+controller/ > s.gsub!(/(\W)/, " ").gsub!(/\s+/," ") > ctrl << s > end > } > end > controllers.join(',') > end > end > > What am I doing wrong here? > > Thanks for any help, > > -Cam > Hi Cam, I have not tested the above code, though you say it works in Ruby and not Puppet, so guessing you have an issue with where the code is on disk or missing some steps in the process. Ensure that this code is in $modulepath://lib/facter/videocard.rb. You can remove the 'require facter' line. Then run the puppet agent so that pluginsync puts the code in the right place. Now run `facter -p videocard` and you should see your output. Here's an example[1] of a module with a fact that is similar to what you are doing. Notice it uses Facter::Util::Resolution.which instead of system. Here's an example[2] of how to write unit tests for your new fact. [1] - https://github.com/ghoneycutt/puppet-module-ssh/blob/master/lib/facter/ssh.rb [2] - https://github.com/ghoneycutt/puppet-module-ssh/blob/master/spec/unit/facter/ssh_spec.rb Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/8c8b33b0-35ab-507b-ffc2-02ee48f73b48%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Announce: Puppet Agent 1.8.0 is available
On 11/1/16 9:29 PM, Geoff Nichols wrote: > I’m excited to announce a new backwards-compatible feature release of > Puppet Agent. Puppet Agent 1.8.0 contains several updated component > versions, including new feature releases of Puppet and Facter. > > > * Puppet 4.8.0 - This release includes several improvements to the type > system and updates puppet module tool to use "forgeapi.puppet.com > <http://forgeapi.puppet.com>" (instead of "forgeapi.puppetlabs.com > <http://forgeapi.puppetlabs.com>"). > > > * Facter 3.5.0 - New feature release allowing settings for configuring > external and custom fact directories, setting command line options, and > blocking facts - loaded by default from /etc/puppetlabs/facter/facter.conf. > > > This release also adds support for macOS Sierra and Windows Server 2016. > > > Release notes for each of these are linked from the main puppet-agent > note: https://docs.puppet.com/puppet/4.8/reference/release_notes_agent.html > > > For information on upcoming platform end-of-life (EOL) for Puppet Agent, > please see our Platform Support Lifecycle page: > https://puppet.com/content/platform-support-lifecycle > > > Community shout-out to Clay Caviness for several contributions to this > release - including a fix for ‘tidy’ and additional fixes for Mac OS X. > > > > -- > > Geoff Nichols > Puppet Ecosystem - Agent and Platform Team Hi Geoff, I added puppet 4.8.0 to a test harness and it seems that it has not been released to rubygems.org, which is needed for automated testing. Could you please release it to rubygems.org. Thanks, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/b21cd7e8-0f8d-1bd4-c711-e15f4b46eb64%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Spec testing and dalen-puppetdbquery
On 11/1/16 4:03 PM, Peter Berghold wrote: > I have a module that I am writing spec tests for that uses the Puppet > Forge module cited in the subject line to query for a list of nodes > fitting a particular criteria. When I run the spec test it bombs out > with a message: "cannot load such file -- puppet/util/puppetdb" > > After a bit of searching I am still left wondering package or gem this > is looking for. Anybody know? > Hi, Do you have dalen/puppet-puppetdbquery in your .fixtures.yml? A link to your project would make debugging easier. Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/cbe019bf-e5bc-c19c-177a-9d2e5492a080%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Re: Help unit testing profile with dependency on ntp 5.0 module (module data)
On 11/1/16 6:12 AM, David Schmitt wrote: > Hi Steve, > > I can reproduce this locally, and it looks like some kind of setup issue > around how (rspec-)puppet is loading lookup data. > > I'll look into it, and keep you posted. > > Regards, David > > On Monday, October 31, 2016 at 2:39:54 AM UTC, Stephen Nesbitt wrote: > > All: > > I'm struggling to unit test a very simple profile with a dependency > on the ntp 5.0.0 module - the ntp version implementing module data. > The problem is that none of the default values for ntp are > visible/available to the unit test as indicated by the failure: > | > 1) profile::ntp::client with default values for all parameters > profile::ntp::client should compile into a catalogue without > dependency cycles > Failure/Error: it { is_expected.to <http://is_expected.to> > compile.with_all_deps } > > error during compilation:EvaluationError:Errorwhileevaluating > a FunctionCall,Class[Ntp]: > expects a value forparameter 'autoupdate' > expects a value forparameter 'broadcastclient' > expects a value forparameter 'config' > ... > | > > > The profile::ntp::client class is very simple: > > | > classprofile::ntp::client { > include ::ntp > } > | > > My spec helper is: > > | > require'puppetlabs_spec_helper/module_spec_helper' > > RSpec.configure do|c| > c.after(:suite)do > RSpec::Puppet::Coverage.report!(95) > end > end > | > > My .fixtures.yml > > | > > fixtures: > forge_modules: > ntp:'puppetlabs/ntp' > stdlib:'puppetlabs/stdlib' > symlinks: > profile:"#{source_dir}/../profile" > | > > > My unit test: > > | > > require 'spec_helper' > > describe 'profile::ntp::client' do > context 'with default values for all parameters' do > describe 'profile::ntp::client' do > it { is_expected.to <http://is_expected.to> compile.with_all_deps } > # it { is_expected.to <http://is_expected.to> > contain_class('profile::ntp::client') } > # it { is_expected.to <http://is_expected.to> contain_class('::ntp') } > > end > end > end > > | > > Puppet version is 4.7.0. Host OS is ubuntu 16.04 > > > Any help in resolving this would be much appreciated. > > > -steve > Hi, I noticed that your .fixtures.yml do not include versions. This means that they will always test against the latest version. You probably want to change this to use the version you actually use. Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/adc79629-9318-87d5-0194-d4a8f2f027bb%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] paragraphing hiera yaml
On 10/28/16 1:45 PM, Christopher Wood wrote: > Here's a Friday sort of question. > > All the yaml emitters don't add the extra space that I can add as a person > editing a file to make things more readable. Or to be more accurate, I can't > manage it myself and I can't find one that does. > > Consider the readability of the two examples below when thinking about what > keys go with which classes. Also keep in mind that while example one may be > fine for many of us, lots more people will find it easier to work with yaml > using example two. > > So how would I auto-magically auto-paragraph hiera yaml to make it friendlier > for more people, while still keeping it syntactically valid? > > > Example one: > > --- > one::services::enabled: true > one::two::abc: 8.45 > one::two::three: this is the string > puppet4::ca_server: otherhostname > puppet4::server: hostname > > > Example two: > > --- > one::services::enabled: true > > one::two::abc: 8.45 > one::two::three: this is the string > > puppet4::ca_server: otherhostname > puppet4::server: hostname > Hi Christopher, It sounds like you have two processes managing the same data - a program that emits YAML and people who also edit that YAML. If so, you would be better off by splitting that between two backends. Hiera can query the program that emits YAML directly as well as reading the YAML you modify manually. Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/033cc1a3-3e17-993e-1a1e-bd4b87b815b1%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] GDM configurations with a puppet module
On 10/21/16 4:03 PM, warron.french wrote: > Hello all, >I have created a puppet module (and class) that manages the content > of the banners of systems. > > By banners, I am referring to: > > * /etc/issue > * /etc/issue.net <http://issue.net> > * /etc/motd > > These are all controlled by a class in my module named > *mas_shared_all_bannersmgmt *with the class for those three files named > - *mas_shared_all_bannersmgmt::text.* > > I have another empty class currently called > *mas_shared_all_bannersmgmt::gdm* and I want it to be able to control > the banner at the login prompt while logging in for Gnome Desktop. > > I will also eventually want to create another class called > *mas_shared_all_bannersmgmt::kdm* and it will be in association with > commands for KDE desktop environments ( I know a little redundant), as > managed by KDM. > > Currently, I don't know if the same login banner (Legal Notice Text, > whatever..) if set for Gnome will work for KDE... I will learn after I > figure this out for Gnome (*GDM*). > > Can someone please point me in the best direction to accomplish this? I > haven't found a single Puppet Module at the forge, and there isn't a > resource for KDM/GDM type of behaviors either. > > After I get it working I intend to share it with the Puppet Forge, after > I figure out how to make that happen as well. > > > Thanks for the advice and guidance, > > -- > > Warron French Hi Warron, Suggest using Ericsson/motd[1]. It manages just those three files, is actively maintained, has tests and works on a ton of platforms. If you are using the roles and profiles approach, you could have different data in Hiera depending on your profile and have profiles for GDM, KDM, etc. [1] - https://github.com/Ericsson/puppet-module-motd Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/9430bf7a-b4aa-7fd5-f410-ff4f7e5d230c%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Using a vhost name in hiera
On 9/29/16 9:52 AM, Ugo Bellavance wrote: > > > On Wednesday, September 28, 2016 at 8:07:26 PM UTC-4, Ugo Bellavance wrote: > > > > On Wednesday, September 28, 2016 at 4:35:50 PM UTC-4, Garrett > Honeycutt wrote: > > On 9/28/16 3:54 PM, Ugo Bellavance wrote: > > Hi, > > > > I am working with this module > https://github.com/voxpupuli/puppet-nginx > <https://github.com/voxpupuli/puppet-nginx> > > to get some nginx servers up. Here is my hiera config for a > vhost: > > > > nginx::nginx_vhosts: > > 'website1.domain.com <http://website1.domain.com>': > > proxy: 'http://website1.internal' > > > > I would like to have my logs in one directory per vhost. > > > > Here is what I have for now: > > > > nginx::http_access_log: > "%{hiera('nginx::config::log_dir')}/access_log" > > > > > > In the template, it looks like that: > > > > "${::nginx::config::log_dir}/${name_sanitized}.access.log > ${format_log}", > > > > Would there be a way to set it in hiera so that it is the > equivalent of > > this: > > > > "${::nginx::config::log_dir}/${name_sanitized}/access.log > ${format_log}", > > > > Of course, I would like to avoid having to edit the template. > > > > Thanks, > > > > Hi Ugo, > > nginx_vhosts has a parameter named access_log. You could use > that as > follows. > > nginx::nginx_vhosts: > 'website1.domain.com <http://website1.domain.com>': > proxy: 'http://website1.internal' > access_log: '/whatever/access.log' > > > https://github.com/voxpupuli/puppet-nginx/blob/master/manifests/resource/vhost.pp#L145 > > <https://github.com/voxpupuli/puppet-nginx/blob/master/manifests/resource/vhost.pp#L145> > > > > Makes sense, I didn't see that one. In fact I was looking for a way > to make it automatic instead of always have to enter the log path. > > > I tested it but the system complains that the directory doesn't exist. > I wonder how I could easily create a folder for each vhost, and I don't > know how it could be managed automatially in the module since puppet > doesn't create parent directories for File directives. It looks like > I'll have to stick to the default. > > That makes me think of something. Could I enumerate the names of all my > vhosts in hiera, and have only one vhost directive? Something like > here https://blog.serverdensity.com/deploying-nginx-with-puppet/ but > with something like a table of vdomain values. > > It looks very hard to find relevant information on how to use hiera... > but it is such an excellent tool! > Hi Ugo, Suggest creating a profile class that includes nginx as well as ensuring that all those directories exist first. An alternative would be to send a pull request to the nginx module that runs `mkdir -p` for you when specifying a custom access_log. Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/64c906b4-8214-c635-ef83-edba0469c517%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Using a vhost name in hiera
On 9/28/16 3:54 PM, Ugo Bellavance wrote: > Hi, > > I am working with this module https://github.com/voxpupuli/puppet-nginx > to get some nginx servers up. Here is my hiera config for a vhost: > > nginx::nginx_vhosts: > 'website1.domain.com': > proxy: 'http://website1.internal' > > I would like to have my logs in one directory per vhost. > > Here is what I have for now: > > nginx::http_access_log: "%{hiera('nginx::config::log_dir')}/access_log" > > > In the template, it looks like that: > > "${::nginx::config::log_dir}/${name_sanitized}.access.log ${format_log}", > > Would there be a way to set it in hiera so that it is the equivalent of > this: > > "${::nginx::config::log_dir}/${name_sanitized}/access.log ${format_log}", > > Of course, I would like to avoid having to edit the template. > > Thanks, > Hi Ugo, nginx_vhosts has a parameter named access_log. You could use that as follows. nginx::nginx_vhosts: 'website1.domain.com': proxy: 'http://website1.internal' access_log: '/whatever/access.log' https://github.com/voxpupuli/puppet-nginx/blob/master/manifests/resource/vhost.pp#L145 Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/82aad790-59dd-f1b8-8cb3-c7c013fa983f%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Re: mount point directory permissions
On 9/22/16 6:54 AM, otheus uibk wrote: > Chiming in... > > The old feature request at https://projects.puppetlabs.com/issues/4815 > <https://projects.puppetlabs.com/issues/4815> had it right. This should > be a part of the core Mount resource type. Eric's rejection of it was > stupid. On most systems, when you mount a volume, the underlying file or > directory must first be there. After you mount, the permissions of the > mounted directory may need to be changed for whatever reason. In another > thread, it was argued that the underlying filesystem -- if it's NFS -- > should have the permissions set on the server; that's a silly argument, > but more importantly, the underlying filesystem might be a newly created > one at the time of deployment. So either before or after, a File > resource is needed. Actually, both, but because we can't define the same > resource twice, we have to choose one. And because the alternative > currently seems to be an Exec resource, the solution is system > dependent. (Or, we have to go through a lot of trouble). > > The following is an ugly hack, and must be tweaked for each system. This > example works for linux: > > mount { 'fs:/mountpoint': >name=> '/mountpoint', >device=> 'fs:/vol/devid', >ensure=> mounted, >require=> Exec[mount-ensure-mountpoint], >... > } > file { '/mountpoint': ># After mountpoint has been created >owner=> newownerid, >group=> newgroupid, >mode=> '0770' >require=> 'Mount[fs:/mountpoint]', > } > exec { 'mount-ensure-mountpoint' >command=> 'mkdir -p m 0755 /mountpoint', >creates=> '/mountpoint' > } > > I suppose a refreshonly => true in the Exec resource might provide a > tiny optimization. > Creating a custom type or function to do the above is silly, given that > nearly every systemadmin needs. > > I cannot currently figure out PUppetlabs' new issue tracking/search > system, otherwise I would try to add this to a ticket there. > Hi, You can use ghoneycutt/types, which has a class for mount[1]. It ensures the directory exists for the mount by using `mkdir -p`. You can use it directly from Hiera as per the docs or through a manifest like this. types::mount { '/srv/nfs/home': ensure => 'present', device => 'nfsserver:/export/home', fstype => 'nfs', options => 'rw,rsize=8192,wsize=8192', } [1] - https://github.com/ghoneycutt/puppet-module-types#mount Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/35d475fa-e4df-8b84-8682-ce7c8d6ae542%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Re: Announce: Ruby 2.3 update planned for puppet-agent 1.6.0
On 8/5/16 9:12 PM, Geoff Nichols wrote: > > > On Friday, July 29, 2016 at 5:00:26 PM UTC-7, Geoff Nichols wrote: > > Because Ruby 2.1 is approaching end-of-life (upstream bugfix support > ended March 2016), we need to move puppet-agent to a more modern > Ruby version. > > > If all goes well with testing, the upcoming puppet-agent 1.6.0 > release will include Ruby 2.3.1. > > > As an update, we found some issues during testing, so puppet-agent 1.6.0 > will NOT include Ruby 2.3.1. > > We're now targeting the Ruby 2.3 update for a later puppet-agent > release. (We'll share more information about that timeframe as the plan > firms up.) > > Thanks, > Geoff > Hi Geoff, It seems that the testing is leaving out the huge dataset of modules from the Forge. Checked out the TravisCI configs for a couple of the top supported modules including stdlib, apache, ntp, apt and vcsrepo and none of them are testing with ruby 2.3. Suggest that before moving to a new version of ruby, the TravisCI configs for all supported modules should be explicitly testing against the new ruby version to ensure it works. For those curious about adding support for ruby 2.3.1, here's an example TravisCI config. https://github.com/ghoneycutt/puppet-module-ssh/blob/master/.travis.yml Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/e047976c-7f82-30c9-3631-ae8ba081ca0f%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] pdxcat-nrpe, hiera data in command
On 4/21/16 3:09 PM, Ugo Bellavance wrote: > Hi, > > I want to create a nrpe command using the pdxcat-nrpe, for check_ntp. > My NTP servers would check against public servers, and all others will > check against my internal NTP servers. > > The code looks like that: > > nrpe::command { > 'check_ntp': > package_name => 'nagios-plugins-ntp', > ensure => present, > command => "check_ntp -H $ntpserver"; > } > > I'd like to simply use a value in hiera for $ntpserver but it doesn't > look possible without editing the module, which I'd like to avoid as > much as possible. > > Anyone has an idea? > > Thanks, > Hi Ugo, You don't have to to modify pdxcat/nrpe to get that to work. Wherever you are calling this from, you need to set the value of $ntpserver. That can happen as a parameter to the class which would automatically look it up or with the hiera() function. I also have an nrpe module. It allows you to specify all of your plugins in Hiera. They seem to be similar in OS support and functionality, though mine has extensive unit testing. https://github.com/ghoneycutt/puppet-module-nrpe#usage Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/57193726.6080501%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] referencing boolean within puppet manifest
On 4/12/16 2:53 PM, Mike Reed wrote: > Hello all, > > I've recently experienced some inconsistencies around referencing > Boolean values within a puppet manifest. We've written some custom > Boolean facts and we look to the true/false values within our manifests > to help make decisions on what should or shouldn't be done. > > The issue I have is the different behavior I see when referencing the > fact value. For instance, in some cases I have to reference the Boolean > value with quotes (ie.. 'true') in order to get things working right. > In other cases, removing the quotes returns the results I would expect. > > I understand that this is most likely due to what the fact is returning > but I was wondering if there's a 'best practice' for approaching > something like this. I've also played around with stringify_facts and > achieved varied results (in terms of referencing the Boolean values) and > that may have only confused me. > > We're currently running: Puppet v:3.8.6/Hiera v:1.3.4 > > I realize this question touches on a few different things but does > anybody have a brief explanation for how I might consistently reference > these Boolean values throughout our puppet infrastructure? > > Here's an example of a custom fact that we use: > > require 'facter' > > Facter.add(:nvidia_installed) do > setcode do > tools_test = Facter::Util::Resolution.exec("/usr/bin/nvidia-smi") > if tools_test > nvidia_installed = true > else > nvidia_installed = false > end > end > end > > In order to reference this particular value within my manifest, I have > to reference the value without quotes: elsif ($::class == > 'render_workstation') and ($::nvidia_installed == false) { > > As always, thank you in advance for the help and support. > > Cheers, > > Mike > Hi Mike, Booleans such as true vs. stringified booleans such as 'true' have long been a sore spot within the Puppet ecosystem. You want to set stringify_facts = false in your puppet.conf. This will allow you to have other data types as facts such as booleans, arrays, and hashes. Recommend using this design pattern to deal with stringified booleans in Puppet v3. if is_string($my_param) == true { $my_param_bool = str2bool($my_param) } else { $my_param_bool = $my_param } validate_bool($my_param_bool) So given the param, $my_param, this will ensure it is an actual boolean. In your code you reference $my_param_bool instead of $my_param. Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/570DA17B.90301%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] puppet facter for password hashing algorithm on a per OS basis
fe%40googlegroups.com?utm_medium=email_source=footer>. > For more options, visit https://groups.google.com/d/optout. > > > > -- > John Warburton > Ph: 0417 299 600 > Email: jwarbur...@gmail.com > <javascript:_e(%7B%7D,'cvml','jwarbur...@gmail.com');> > > -- > You received this message because you are subscribed to the > Google Groups "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from > it, send an email to puppet-users+unsubscr...@googlegroups.com > > <javascript:_e(%7B%7D,'cvml','puppet-users%2bunsubscr...@googlegroups.com');>. > To view this discussion on the web visit > > https://groups.google.com/d/msgid/puppet-users/CAAJLFxXmSU-H20DhyUTxRYwWT56nHVbJLd1qkGYfx4GB-8AWHQ%40mail.gmail.com > > <https://groups.google.com/d/msgid/puppet-users/CAAJLFxXmSU-H20DhyUTxRYwWT56nHVbJLd1qkGYfx4GB-8AWHQ%40mail.gmail.com?utm_medium=email_source=footer>. > For more options, visit https://groups.google.com/d/optout. > > -- > You received this message because you are subscribed to the Google > Groups "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, > send an email to puppet-users+unsubscr...@googlegroups.com > > <javascript:_e(%7B%7D,'cvml','puppet-users%2bunsubscr...@googlegroups.com');>. > To view this discussion on the web visit > > https://groups.google.com/d/msgid/puppet-users/CAJdJdQkwh4Xcq%3DJPBf6vNyebNKNj-UjuiKMDuK0mp6o1%3DriGYg%40mail.gmail.com > > <https://groups.google.com/d/msgid/puppet-users/CAJdJdQkwh4Xcq%3DJPBf6vNyebNKNj-UjuiKMDuK0mp6o1%3DriGYg%40mail.gmail.com?utm_medium=email_source=footer>. > For more options, visit https://groups.google.com/d/optout. > > > > -- > John Warburton > Ph: 0417 299 600 > Email: jwarbur...@gmail.com <mailto:jwarbur...@gmail.com> > Hello, On your EL systems you can support multiple hash types. Not sure how Solaris handles that. As John mentioned, you could use an ENC if you want to dictate what to use as opposed to having the system figure it out. You could use Hiera as I mentioned if you want the system to determine the hashing method based on some fact. Going that route, you could create a custom fact to aid in that approach. Another approach would be to use plain text passwords (though still encrypted in the Hiera data with heira-eyaml) and write a function that takes the arguments of the password and the hashing type or use generate() and call openssl, which would return the password hash generated with the hashing algorithm you specified. Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/56BCBE5C.7040304%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] puppet facter for password hashing algorithm on a per OS basis
On 2/10/16 8:38 AM, Warron French wrote: > Hello, I was hoping someone could help with answering this question, for > the following scenario. > > On our network we have some OLD ( I mean 1/06, up to 1/09) Solaris 10 > SPARC servers and workstations along with newer Solaris 10 SPARC servers > (running even the lastest revisions, like 1/13); and we have CentOS > servers and workstations. > > The password hashing algorithm is different between the OLD Solaris 10 > SPARC servers and workstations versus the newer *recently > rebuilt* Solaris 10 1/13 SPARC servers and workstations; the *older ones > *run with *MD5*for password hashing, we don't want that. Even some of > the Solaris 10 machines that running the newer Solaris 10 1/13 (build a > couple of years ago) might be running with the MD5 hashing algorithm. > *All* of our CENTOS systems though, thank goodness, are running with > the sha-512 (yay!). > > > Anyway, we have a potential project to use puppet to populate/generate > *LOCAL *(not AD/LDAP) accounts across all of our systems and want our > passwords for each of the accounts added to be the same; but of course, > if the > /password/ attribute given to the *user* resource in the puppet code is > of an incorrect hash-type, then that account will not work properly. > > That is why I am asking for help, to achieve this particular goal. > > Thank you in advance, > Warron > Hi Warron, Supporting many OS's, I often hit this problem and solve it through Hiera. There you can specify different password hashes based on a mixture of facts such as osfamily and operatingsystemmajrelease. While the hashes are not plain text, they can still easily be cracked. Suggest taking a look at hiera-eyaml[1] to encrypt them. [1] - https://github.com/TomPoulton/hiera-eyaml Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/56BB56B3.1070005%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Creating module structure with Foreman that removes settings when a module no longer applies (like GPOs)
On 2/5/16 12:33 PM, jmp242 wrote: > I'm thinking about this, and it may be a total waste of time, but > occasionally we want to change the configuration of an existing > computer. We could totally re-image the computers, but that seems like > it might be a big time sink compared to resetting when the hostgroup > changes. It also seems like a good way to make sure you know what > configuration is applied if a computer is moved across hostgroups. > > My current best idea for this is to use an inheritance method, but > Inheritance is discouraged. However, it seems like it would be quite clean: > > Each module would have: > module > module::applied > > The module would actually have the steps to back out whatever > module::applied did. module would be applied at the top hostgroup, and > then in the hostgroup or systemgroup that is set up for a particular > configuration the module::applied would override or do the actual > configuration... > > Is this a totally crazy idea? Or will it work like I'm thinking, and > also work with 4.x? > Hi jmp242, I'm leaning toward totally crazy :) Your system provisioning process should provisional a minimal system and then configure and manage it with Puppet. If your goal is to reuse that system, then just re-provision it. This will ensure you are not dragging around cruft that then becomes depended on. For example, you build role A, then change system to role B and everything works but when you build role B from scratch it fails because it was depending on something from role A that was not described by role B. WRT rebuilding being a time sink, I normally see bare metal to fully puppetized systems using PXE taking around 15 minutes if you have local copies of your repos. Potentially much shorter times if you are using VM images, containers, jails, etc. Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/56B4EA01.1080606%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Overriding file resource with class inheritance
On 1/29/16 6:05 PM, Kyle Flavin wrote: > I'm creating a module, and I want to override the file resource for > puppet.conf which is defined within a module called "puppet". The > resource declaration looks like this: > > | > # modules/puppet/manifests/init.pp > classpuppet { >... > file {'/etc/puppet/puppet.conf': > content =>template('puppet/puppet.conf.erb'), > } >... > } > | > > > I want to override this file resource to provide a customized > puppet.conf, and I'm trying to do so using inheritance. My module is > laid out as follows: > > | > # modules/foreman-proxy directory > > ├──manifests > │ ├──init.pp > │ └──puppet.pp > └──templates > └──puppet.conf.erb > > # init.pp > classforeman-proxy inherits puppet { > include foreman-proxy::puppet > } > > # puppet.pp > classforeman-proxy::puppet inherits puppet { > file {'/etc/puppet/puppet.conf': > content =>template('foreman-proxy/puppet.conf.erb'), > } > } > > | > > When I run this on the client, I get the error: > | > Error:Couldnotretrieve catalog fromremote server:Error400on > SERVER:Couldnotfind scope forforeman-proxy::puppet on node > Warning:Notusingcache on failed catalog > Error:Couldnotretrieve catalog;skipping run > | > > What am I doing incorrectly? Is there a better approach? I'm trying to > avoid modifying the existing puppet module, because it's applied across > many servers. > Hi Kyle, I think you have a scoping issue, try using the double colons for the puppet class, such as 'class foreman-proxy::puppet inherits ::puppet'. You seem to be using inheritance correctly to override a resource, though you are doing this between two modules. This pattern should be avoided at all costs and will likely end in tears. http://docs.puppetlabs.com/guides/style_guide.html#class-inheritance Suggest that the puppet module manage the puppet.conf. HTH, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/56ABF94B.7090709%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] librarian-puppet vs R10K
On 1/28/16 9:40 AM, Alex Harvey wrote: > Hi all, > > I am interested in the future of the Librarian-puppet project - to find > out how many people are still using it, and if there are people out > there who actually prefer it over R10K. > > I recently looked into R10K for a few projects I was working on, and I > found it to be surprisingly complicated. It had many features I didn't > seem to need, features that overlap with features provided by > Jenkins/Bamboo, and appeared designed with a view to helping people > deploy code in complex ways, help them to test short lived branches on > Puppet masters, etc. This might have made sense once, but if you're > doing all your development in a test-driven fashion in > Vagrant/Rspec-puppet/Beaker, I can't see a need for R10K's features, and > concluded it was mainly just a lot harder to understand than > Librarian-puppet. I do see that it performs better, but again, > Librarian-puppet has never been a bottleneck. > > Other views most appreciated. > > With best regards, > Alex Hi Alex, I generally implement both for customers. Though I use Dan Bode's librarian-puppet-simple which purposely does not handle dependencies. I spoke at a couple Puppet Camp's regarding dealing with modules and here are slides[1] explaining the pro's and con's of the different approaches. R10k is great, even with a build pipeline, because the caching feature really speeds up the build jobs over librarian-puppet, which will need to download the git repo's each time. I maintain a bunch of modules that you might consider as common or base to an OS such as SSH, NTP, PAM, hosts, timezone, NFS, etc as well as code for modeling PuppetDB, Puppet agents and masters that are tracked in a Puppetfile[2]. Since that has its own life cycle outside of the clients' and does not need git branch to environment mapping it is maintained with librarian-puppet-simple. I've also used r10k to build Puppet platform as a service for large enterprises that have many products and teams with their own distinct environments. This allows many teams to leverage each others work while giving them their own autonomy with regards to number of environments, testing abilities, module versions and release schedules. [1] - http://www.slideshare.net/gh/2014-multiple-approaches-to-managing-puppet-modules-puppet-camp-seattle [2] - https://github.com/ghoneycutt/puppet-modules Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/56AA68D0.4070304%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] r10k database backend
On 1/25/16 6:25 PM, Patrick Lesher wrote: > Has anyone thought about or tried to have r10k run against a mysql > backend to populate at least the information the puppetfile gives? > > Updating each puppetfile for a large number of “Environments” can be > burdonsome when we have to update the version on a number of modules. > We already have all of our hiera data in a mysql backend and would like > to try to simplify some processes. > > Thanks, > Patrick > > -- > You received this message because you are subscribed to the Google > Groups "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to puppet-users+unsubscr...@googlegroups.com > <mailto:puppet-users+unsubscr...@googlegroups.com>. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/4733e1e7-734b-4a13-8bea-c8942a988c40%40googlegroups.com > <https://groups.google.com/d/msgid/puppet-users/4733e1e7-734b-4a13-8bea-c8942a988c40%40googlegroups.com?utm_medium=email_source=footer>. > For more options, visit https://groups.google.com/d/optout. Hi Patrick, Without modifying r10k, you could generate the Puppetfile from data in your database. Keeping the information in a file under revision control buys you all the nice things related to using a VCS. What is the motivation of using a database backend? I'm curious as to the problems you encounter using the normal method of storing your Puppetfile in a git repo. Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/56A6D41D.6060806%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Slightly Off-Topic: CI Test of Puppet module fail
On 1/19/16 7:31 AM, Gareth Rushgrove wrote: > The error from Travis suggests a linting issue, specifically: > > manifests/config/mysql.pp - WARNING: ensure found on line but it's > not the first attribute on line 24 > > My guess for why you're not seeing that locally, but it's coming up in > Travis is that the version of puppet-lint is unspecified. I'd wager > that locally you have an older version, but Travis is installing the > latest. > > https://github.com/thbe/puppet-bacula/blob/master/Gemfile#L7 > > Looking at this more closely however the plot thickens. It looks like > it might be a bug in puppet-lint. > > https://github.com/thbe/puppet-bacula/blob/master/manifests/config/mysql.pp#L24 > > The code referenced does use ensure, but as an attribute of a nested > data structure, not as a parameter. > > Two options present: > > * Add a control comment to ignore the check for that line, described > here: http://puppet-lint.com/controlcomments/ > * Determine the local version of puppet-lint that is passing the check > and pin to that version in your Gemfile > > I'd also open the issue over on > https://github.com/rodjek/puppet-lint/issues as I think it's a bug. > > Cheers (and definitely not off-topic. This list is for pretty-much > anything that's useful to users of Puppet in my view. > > Gareth > > On 19 January 2016 at 11:54, Thomas Bendler <thomas.bend...@gmail.com> wrote: >> >> Hello, >> >> I have a small problem with a Puppet module I've wrote. The module is: >> >> https://forge.puppetlabs.com/thbe/bacula >> >> When I check the module locally with: >> >> bundle exec rake validate && bundle exec rake lint && bundle exec rake spec >> SPEC_OPTS='--format documentation' >> >> it says everything is fine. When I deploy the module on my test box, it work >> fine. When I pass my commit to Travis CI, it fail: >> >> https://travis-ci.org/thbe/puppet-bacula/builds/103322979 >> >> Any Ideas? >> >> Regards Thomas >> -- >> Linux ... enjoy the ride! Hi, puppet-lint is not actively maintained - the last commit is April 11th, 2015. If you install it from rubygems, the latest release is 1.1.0 though GitHub reads that there have been 58 commits to master since then. In order to get the latest version, you need to install from git. Here's the line to use in your Gemfile gem 'puppet-lint', :git => 'https://github.com/rodjek/puppet-lint.git' If you are interested in extending your style with other community puppet-lint plugins, here is what I use in my Gemfile's gem 'puppet-lint-absolute_classname-check' gem 'puppet-lint-alias-check' gem 'puppet-lint-empty_string-check' gem 'puppet-lint-file_ensure-check' gem 'puppet-lint-file_source_rights-check' gem 'puppet-lint-fileserver-check' gem 'puppet-lint-leading_zero-check' gem 'puppet-lint-spaceship_operator_without_tag-check' gem 'puppet-lint-trailing_comma-check' gem 'puppet-lint-undef_in_function-check' gem 'puppet-lint-unquoted_string-check' gem 'puppet-lint-variable_contains_upcase' Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/569FD76E.2040808%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] odd puppet-lint config problems
On 1/20/16 4:17 PM, Ramin K wrote: > I'm doing some work around distributing a puppet-lint wrapper > internally. Ideally I want a wrapper that reads a custom .puppet-lint.rc > within the repo and the rc file is --only-checks so we can enable new > checks as the codebase is ready to be stricter. > > The problems I'm running into are > > 1. .puppet-lint.rc seems to be additive loading ~/.puppet-lint.rc, > ./.puppet-lint.rc AND --conf path/to/.puppet-lint.rc > > 2. .puppet-lint.rc doesn't support --only-checks syntax > > Has anyone done something similar and did you have to modify optparse.rb > and other Ruby code with puppet-lint to get it to work? > > Ramin > Hi Ramin, It sounds like you have a repo with a bunch of modules as opposed to one repo per module. Recommend using a script that calls puppet-lint with the arguments that you would like and integrating that into a pre-commit check or a build pipeline. I never use .puppt-lint.rc, instead you would normally have a Rakefile[1] that would configure puppet-lint and run the tests with `rake lint`. See my last post under the subject 'Slightly Off-Topic: CI Test of Puppet module fail' for how to configure it that way. [1] - https://github.com/ghoneycutt/puppet-module-ssh/blob/master/Rakefile Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/569FFD3E.4040802%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Unable to add ssh-keys to known_hosts
On 1/4/16 2:33 PM, Dr. Natas wrote: > Hey Dirk > > Thanks for the pointing to my mistake. > I got it working by simply adding the following code. I'm still in my > beta testing and will continue to modify my code a lot better. I'll post > what I have when I'm done. Thanks for taking part of your day to helping > me out. By the way, happy late new years! > > | > # Collect SSH keys from all Unix hosts and store them in ssh_known_hosts > # so that all managed hosts will automatically know each other. > > class ssh_keys { > # Declare the exported resource > @@sshkey { $::fqdn: > type => rsa, > key => $sshrsakey > } > > # Collect all keys: > Sshkey <<| |>> > > ssh_authorized_key { 'test@account2': > user => 'test.two', > type => 'ssh-rsa', > ensure => present, > key=> 'this-is-the-best-burrito2', > } > } > | > > Hi Dr. Natas, Check out my Puppet Approved ssh module[1]. It handles the functionality that you described and let's you easily specify[2] authorized keys. [1] - https://forge.puppetlabs.com/ghoneycutt/ssh [2] - https://github.com/ghoneycutt/puppet-module-ssh#manage-users-ssh_authorized_keys Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/568ADF9A.6050104%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] require two different types
On 12/23/15 4:14 PM, Tim Dunphy wrote: > Hello, > > How can I require two different types in my manifests? For instance I > have this setup in one of my modules: > > file { "/etc/pki/tls/private/${::hostname}.example.com.key": > owner => "bacula", > group => "bacula", > mode => 0400, > require => Package["bacula-client","bacula-common"], > require => File["/etc/pki/tls/private","/etc/pki/tls/certs"], > source => > "puppet:///modules/bacula/${::hostname}/${::hostname}.example.com.key", > notify => Service["bacula-fd"] > } > > And I want to require both Packages and directories provided by File. > But when I try that I get this: > > Error: Could not retrieve catalog from remote server: Error 400 on > SERVER: Duplicate parameter 'require' for on > File[/etc/pki/tls/private/ldap1.example.com.key] at > /etc/puppet/environments/production/modules/bacula/manifests/config.pp:43 on > node ldap1.example.com <http://ldap1.example.com> > Warning: Not using cache on failed catalog > Error: Could not retrieve catalog; skipping run > > How do I require both Files and Packages in such a way as to be > acceptable to puppet? > > Thanks, > Tim > Hi Tim, The key is to use an array. Such as file { "/etc/pki/tls/private/${::hostname}.example.com.key": source => "puppet:///modules/bacula/${::hostname}/${::hostname}.example.com.key", owner => 'bacula', group => 'bacula', mode=> '0400', require => [ Package['bacula-client','bacula-common'], File['/etc/pki/tls/private'], File['/etc/pki/tls/certs'], ], notify => Service['bacula-fd'], } Since the filesystem is hierarchical in nature, file resources are implicitly ordered. So if you have a file resource for '/etc/pki/tls/private' it is automatically done before this file resource and should not be explicitly required. Note that this is not same functionality as `mkdir -p`. So if '/etc/pki/tls' did not exist, the resource for '/etc/pki/tls/private' would fail and so would this file resource for the key. You would correctly write your resource as follows. file { "/etc/pki/tls/private/${::hostname}.example.com.key": source => "puppet:///modules/bacula/${::hostname}/${::hostname}.example.com.key", owner => 'bacula', group => 'bacula', mode=> '0400', require => [ Package['bacula-client','bacula-common'], File['/etc/pki/tls/certs'], ], notify => Service['bacula-fd'], } Even when requiring multiple resources of the same type, the above format is the way to go. Here's a link to make viewing the code a bit nicer. http://pastebin.com/NpbJT86J Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/567B25A8.4020806%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] handling of network mounts using puppet
On 12/9/15 9:08 AM, ddns...@gmail.com wrote: > Hello Group, > > > I am working on a module to handle mounting of NFS mounts. > *Puppet*: 3.7.1 > *Hiera*: 1.3.4 > > I have already tested it in my lab machine and it works as expected: > > mytestserver.example.com.yaml > | > nfsmounts: > '/net1': > path:'/net1' > device:'somefiler:/vol/vol1/test1' > '/net2': > path:'/net2' > device:'nfsserver:/data/test2' > '/net3': > path:'/net3' > device:'192.168.0.100:/local/foo/test3' > | > > > init.pp > | > classmynfsmounts { > $nfsmounts_hash =hiera_hash('nfsmounts') > create_resources('mynfsmounts::mounts',$nfsmounts_hash ) > } > | > > mounts.pp > | > define mynfsmounts::mounts ($path,$device,) > { > $mountopts ='rw,_netdev' > $owner ='admuser' > $group ='admuser' > > mount {$name: > ensure =>'mounted', > device =>$device, > fstype =>'nfs', > options =>$mountopts, > atboot =>'yes', > require =>File[$title], > } > > file {$title: > ensure =>directory, > owner =>$owner, > group =>$group, > mode=>'2775', > } > > } > | > > > My question is, how do I separate the /file/ and the /mount/ resources > in a separate manifest inside the same module and have the same effect? > Our puppet admins require that defined type declarations do not include > resources inside them. > Hi, Checkout ghoneycutt/nfs[1], it already supports a ton of platforms, though if yours is not supported, I would be happy to work with you to add support. If you want to also ensure the directory is there for the mount, I use ghoneycutt/types[2], which supports NFS and more. An example is here[3]. Like Martin, I'm also a bit confused by your statement regarding the puppet admins. Hopefully they are encouraging the use of third party modules as opposed to reinventing the wheel. :) The code you have makes sense to me, whereas putting the mount and file resources somewhere else does not make sense at all and seems to be in opposition to why defined types exist. [1] - https://github.com/ghoneycutt/puppet-module-nfs [2] - https://github.com/ghoneycutt/puppet-module-types [3] - https://github.com/ghoneycutt/puppet-module-types#mount Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/56687EBE.20502%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Re: Unit testing reference modules and best practices
On 12/2/15 6:33 PM, Haani Niyaz wrote: > Hi Ben, > > I am also looking for some reference material to better illustrate how > to use rsepc puppet, a best practices of sorts to my team. Were you > successful in finding some examples? > > On Friday, 11 July 2014 10:29:32 UTC+10, Ben Sullivan wrote: > > Hi > > I'm looking for some reference modules to share with my team to > illustrate how to best use rspec-puppet to unit test Puppet DSL code. > > I'm going to go through the Puppet Enterprise supported modules as I > figured that was a reasonable place to > start: https://forge.puppetlabs.com/modules?supported=yes > <https://forge.puppetlabs.com/modules?supported=yes> > > The team doesn't understand the value of rspec-puppet at present and > I need to articulate arguments to get some buy-in. At the moment we > rely on long-running end to end tests which won't scale for us as > our automation codebase grows. > > Any tips/recommendations would be appreciated. > > Many thanks > > Ben > Hello, Last year I spoke[1] at LISA about why TDD works for configuration management. Unfortunately, those slides are all pictures.. I teach an interactive class about testing and last year gave a 1/2 day tutorial on testing with rspec-puppet at LOAD. Those slides[2] explain why testing is important, what are all the bits needed to get rspec-puppet to work and what to test. It references a Vagrant setup[3] to get you started. It installs some older gems, so you might be better off cloning one of the modules below and using `rvm use 2.1.0 && bundle install` to get all the testing dependencies going. My vim module is an example[4] of testing a simple class that works on many platforms and the nscd module is an example[5] of a module with a ton of parameters and also supporting many platforms. If you're interested in best practices around testing, I recently starting working with Rubocop after noticing that a puppet-community module was using it in their automated testing. Rubocop enforces ruby style. Here's an example commit[6] that shows how I added it to a module, modified the Travis-ci testing setup and all the changes to the code that resulted. [1] - http://www.slideshare.net/gh/20141114-why-test-driven-development-tdd-works-for-sysadmins-lisa14 [2] - http://www.slideshare.net/gh/20140406-loa-daystddwithpuppettutorial [3] - https://github.com/ghoneycutt/learnpuppet-tdd-vagrant [4] - https://github.com/ghoneycutt/puppet-module-vim/blob/master/spec/classes/init_spec.rb [5] - https://github.com/ghoneycutt/puppet-module-nscd/blob/master/spec/classes/init_spec.rb [6] - https://github.com/ghoneycutt/puppet-module-nscd/commit/de95ca517ed7df0bf2c34b0c8decff551a697fde Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/566070AC.5000401%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Puppetlabs/mysql forge module - user accounts
On 11/25/15 9:03 AM, Matt Shields wrote: > I'm using the Puppetlabs/mysql forge module and I have it creating a db > and adding a few users. Is there a way to automatically remove any > accounts that are not defined in my puppet script? For example, if an > admin manually created a user? > > -matt > Hi Matt, You should be able to specify purging using the resources resource. This will purge any mysql_user that is not explicitly defined through Puppet. resources { 'mysql_user': purge => true, } Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/5655F53D.5040401%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] strange line wrapping behavior
On 11/17/15 11:08 AM, tobias.ko...@gmail.com wrote: > Hi, > > I got a file resource > > file {'/usr/java/jboss-as/server/somesoftware/deploy/jontram-ds.xml': > ensure => file, > owner => 'root', > group => 'root', > mode=> '0655', > content => template('somesoftware/jboss/jontram-ds.xml.erb'), > require => [ Class['somesoftware::cpfiles'], > somesoftware::mariadb::createdb [ $db_name ] ], > } > > The second last line is obviously to long (over 80 lines). It works in > one line but I get a puppet-lint error. I would like to cut it it two. > My first thought was to use the '\' > > like > require => [ Class['somesoftware::cpfiles'],\ > somesoftware::mariadb::createdb [ $db_name ] > } > > but then I get an error > > Error: Could not retrieve catalog from remote server: Error 400 on > SERVER: Syntax error at '\'; expected ']' at ... > > It works if I just press enter at the end of the line and write the rest > on the next line (without the \). > > So I wonder is it right to not use \ for line wrapping? If yes where can > I find documentation about that behavior? > Hi Tobias, Somehow line length was added to the style guide, though Puppet does not provide a mechanism, such as `\` to denote line wrapping. While not having huge lines is a good idea, adhering to an arbitrary limit without the ability to wrap to the next line is not. Suggest turning it off. In fact, we disable it by default[1] when creating new modules. You can limit the length of your require like this file { '/usr/java/jboss-as/server/somesoftware/deploy/jontram-ds.xml': ensure => file, owner => 'root', group => 'root', mode => '0655', content => template('somesoftware/jboss/jontram-ds.xml.erb'), require => [Class['somesoftware::cpfiles'], Somesoftware::Mariadb::Createdb[$db_name], ], } In general, putting elements of an array on multiple lines helps readability, especially when reviewing diffs. [1] - https://github.com/puppetlabs/puppet/blob/1a557254012447a4f0a2e01eeebaf52c75ab6f80/lib/puppet/module_tool/skeleton/templates/generator/Rakefile#L3 Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/564B817F.4060907%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] strange line wrapping behavior
On 11/17/15 2:51 PM, tobias.ko...@gmail.com wrote: > Hi G, > > sounds great. > > How would you use the indentation in > > Somesoftware::Mariadb:: ... > > The same position as the require? Or two characters on the right? I'm > asking because resources can be already indented (e.g. two chars) and > the second line then starts at position 1 on the new line. > > I'm still wondering when to use the Backslash. On some sources (e.g. > http://stackoverflow.com/questions/11406234/puppet-how-can-i-wrap-a-command-into-two-line-if-80-characters > ) it's recommended but it didn't work on my machine. > > > Am Dienstag, 17. November 2015 20:35:49 UTC+1 schrieb Garrett Honeycutt: > > On 11/17/15 11:08 AM, tobias...@gmail.com - tracked > wrote: > > Hi, > > > > I got a file resource > > > > file > {'/usr/java/jboss-as/server/somesoftware/deploy/jontram-ds.xml': > > ensure => file, > > owner => 'root', > > group => 'root', > > mode=> '0655', > > content => template('somesoftware/jboss/jontram-ds.xml.erb'), > > require => [ Class['somesoftware::cpfiles'], > > somesoftware::mariadb::createdb [ $db_name ] ], > > } > > > > The second last line is obviously to long (over 80 lines). It > works in > > one line but I get a puppet-lint error. I would like to cut it it > two. > > My first thought was to use the '\' > > > > like > > require => [ Class['somesoftware::cpfiles'],\ > > somesoftware::mariadb::createdb [ $db_name ] > > } > > > > but then I get an error > > > > Error: Could not retrieve catalog from remote server: Error 400 on > > SERVER: Syntax error at '\'; expected ']' at ... > > > > It works if I just press enter at the end of the line and write > the rest > > on the next line (without the \). > > > > So I wonder is it right to not use \ for line wrapping? If yes > where can > > I find documentation about that behavior? > > > > Hi Tobias, > > Somehow line length was added to the style guide, though Puppet does > not > provide a mechanism, such as `\` to denote line wrapping. While not > having huge lines is a good idea, adhering to an arbitrary limit > without > the ability to wrap to the next line is not. Suggest turning it off. In > fact, we disable it by default[1] when creating new modules. > > You can limit the length of your require like this > > file { '/usr/java/jboss-as/server/somesoftware/deploy/jontram-ds.xml': > ensure => file, > owner => 'root', > group => 'root', > mode => '0655', > content => template('somesoftware/jboss/jontram-ds.xml.erb'), > require => [Class['somesoftware::cpfiles'], > Somesoftware::Mariadb::Createdb[$db_name], > ], > } > > In general, putting elements of an array on multiple lines helps > readability, especially when reviewing diffs. > > [1] - > > https://github.com/puppetlabs/puppet/blob/1a557254012447a4f0a2e01eeebaf52c75ab6f80/lib/puppet/module_tool/skeleton/templates/generator/Rakefile#L3 > > <https://github.com/puppetlabs/puppet/blob/1a557254012447a4f0a2e01eeebaf52c75ab6f80/lib/puppet/module_tool/skeleton/templates/generator/Rakefile#L3> > - tracked > > <https://github.com/puppetlabs/puppet/blob/1a557254012447a4f0a2e01eeebaf52c75ab6f80/lib/puppet/module_tool/skeleton/templates/generator/Rakefile#L3> > > > Best regards, > -g > > -- > Garrett Honeycutt > @learnpuppet > Puppet Training with LearnPuppet.com > Mobile: +1.206.414.8658 > Hi Tobias, Backslash does not work with puppet manifests. There is not a way to wrap to the next line. Seems my example got lost in formatting. Here's a link. http://pastebin.com/26eSAJBu Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/564B89EA.2080600%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Multi environment and multi system
On 10/2/15 8:08 PM, Joao Morais wrote: > > How to manage a Puppet Server with multi-environment and multi-system? > > Background: > > I am using a `puppet-environments` repository with some branches that > represents my environments. r10k provides the sinchronization between > repository and Puppet Server. Environments (branches) are something like > devel, staging, production. > > Every new implementation starts on devel and they are tested on > development environments. If everything is ok, these changes are merged > to staging, after that to production. One base configuration, one > system. So far so good. > > Problems start when I try to create a workflow with more than one system > that share the same base configuration. > > For instance: environments dev and prod; systems A and B. > > A) I cannot merge base configurations, eg fix vulnerabilities, from dev > to prod because this would also promote configurations of systems A and > B. Sometimes base configurations and system configurations does not > evolve at the same time. Currently I workaround this creating a branch > `root` where all the base configurations are commited; dev and prod > receive merge from root. Btw this sounds to me as a poor solution, I > cannot think about a fast-forward merge anymore. > > B) It it just impossible to use automatic merges to promote system > configurations because A and B are not related. So although I am using a > super-killer repository, I need to copy files from one branch to another > by hand. > > I am miserably failing to improve this scenario without creating a > hard-to-maintain-workaround. Your ideas and thoughts will be very much > appreciated. > Hi Joao, What do you mean by base configuration and system configuration? Also, are you using separate repo's for each module? Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/56131460.5060300%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Package install_options
On 9/18/15 1:55 PM, Alexander Dacre wrote: > Hi, > > I'm having some difficulty with specifying a nogpgcheck option when > installing custom RPM packages via Puppet. The problem is that the > install_options do not get picked up by the agent. > > I've tried the following syntax: > > package { blah: > ensure => latest, > install_options => [ '--nogpgcheck'], > } > > package { blah: > ensure => latest, > install_options => '--nogpgcheck', > } > > But the client just doesn't pick it up and the run fails due to the > package not being signed. > > Any suggestions? > > Thanks, > A > Hi, Suggest signing the packages ;> But in efforts to help with your Puppet configuration, it seems that the provider might not understand the install option. What messages do you get when running with --debug? What type of system is this? Which package system are you using? Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/55FC73CD.20701%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Re: How to get tag email for specific notice while overall tag level set to err?
On 9/1/15 1:21 PM, staceytian4...@gmail.com wrote: > Hi, > > I made some progress. > > 1. Add the metaparameter tag => send_me_email (or any arbitrary set of > tag values) to the resource you want to monitor via email. > 2. Enable reports = tagmail in puppet.conf [master] section, > 3. In tag.conf set tag and email address: send_me_email: us...@test.com > > class javalinks { > > file { > "/usr/java/latest": > ensure => link, > noop => true, > tag => send_me_email, > } > } > > Now I get email for this class even if my overall tag log level is set > to err and above, while this class is giving Notice log. > > However, there is another Notice for this class which I don't want to > get email notification: > > Notice: /File[/usr/java/latest]/seluser: current_value unconfined_u, > should be system_u (noop) > > I only want to get email for this message in this class: > *Notice: /Stage[main]/Javalinks/File[/usr/java/latest]/ensure: > current_value absent, should be link (noop) > > *So here is the quesetion: > How to tag a specify notice in a class? > > Thanks, > Stacey > > On Monday, August 31, 2015 at 2:59:21 PM UTC-4, staceyt...@gmail.com wrote: > > Hi all, > > I am using Puppet 3.7.3 and have a question about tagmail. > > My tagmail.conf is setup to send email only when there is err and above: > *err, alert, emerg, crit: us...@test.com <mailto:us...@test.com>* > > I have a module to check javalinks: > > class javalinks { > > file { > "/usr/java/latest": > ensure => link, > noop => true, > } > } > > I want the module to ensure /usr/java/latest is a link, but don't do > anything (noop => true). > I want to get an email notifcation if the link is missing. > > If I don't have such a link, run "puppet agent -t" on the machine > will display this on console: > > * Notice: /Stage[main]/Javalinks/File[/usr/java/latest]/ensure: > current_value absent, should be link (noop)* > > Since it is "Notice" level log, I don't get any email notification. > > So here is my question: > > *How could I get email notification for this specific Notice > message, without changing my tagmail.conf log level?* > > Thanks, > Stacey > > -- Hi Stacey, The tag() function might be of use to you in conjunction with tagmail. http://docs.puppetlabs.com/references/latest/function.html#tag Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/55E64FF5.60803%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] How do you track large lists of modules?
On 8/28/15 5:00 PM, leam hall wrote: I'm wondering how people track large lists of modules, to ensure new team members know which does what, when the last time a module was reviewed for usefulness, etc. How do you handle growth and complexity? Leam -- Mind on a Mission http://leamhall.blogspot.com/ Hi Leam, Suggest using a Puppetfile[1] that tracks which modules you use, where you get them from and at what version. There are multiple tools to install the modules based on the Puppetfile including r10k, librarian-puppet and librarian-puppet-simple. Here's a link to the talk[2], Multiple Approaches to Managing Your Puppet Modules, that I gave last year at a few Puppet Camps. It contains descriptions of each of the methods along with their pro's, con's and analysis. [1] - https://github.com/ghoneycutt/puppet-modules/blob/master/Puppetfile [2] - http://www.slideshare.net/gh/2014-multiple-approaches-to-managing-puppet-modules-puppet-camp-seattle Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/55E222C8.3010303%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Puppet Module spec testing
On 8/4/15 3:37 PM, Peter Berghold wrote: Is there a newer set of documents on doing Spec testing of Puppet modules than this link? https://puppetlabs.com/blog/the-next-generation-of-puppet-module-testing I am running into a brick wall getting this to work so I have to assume I'm doing something wrong... Hi Peter, Take a look at the spec tests[1] in my vim module. It shows how to test for multiple OS's and how to handle parameters and their validation. The module itself is simple in that it only handles three resources and a handful of parameters. Here's a link[2] to a tutorial I gave last year at LOADays in Antwerp. This[3] is the vagrant environment we used, though I'm not confident that it will still work today without some tweaks. [1] - https://github.com/ghoneycutt/puppet-module-vim/blob/master/spec/classes/init_spec.rb [2] - http://www.slideshare.net/gh/20140406-loa-daystddwithpuppettutorial [3] - https://github.com/ghoneycutt/learnpuppet-tdd-vagrant Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/55C23D62.6080406%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] puppetlabs-splunk needs LOTS of usage examples
On 7/28/15 1:15 PM, Sandor W. Sklar wrote: I had the same experience; I wound up rolling my own, because I just needed something simple that worked to set up the forwarder. I’ve attached it, maybe you’ll find it useful. - Sandy Sandy, Thanks for sharing your code! Would you consider putting in on github or a similar place with a corresponding license. Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/55B9294F.3030001%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Collecting CPU load / usage facts
On 7/13/15 3:40 PM, JonY wrote: I'm wondering if puppet could be used to collect `sar` style data. Does such a module exist? Is this outside the intended use of facter? -- Hi JonY, You could have custom facts for the data you want, such as load and other system metrics. Throw PuppetDB into the mix and the facts would get stored in a database for you to query. The issue is that the resolution would be that of your puppet runs where the default is every thirty minutes. To do any real debugging with the data you would need a higher resolution. Suggest looking at tools like collectd. Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/55A593B2.4060201%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] uncomment line in file
On 6/25/15 2:09 AM, hoize wrote: Hello! I want to uncomment a line in a file, for example: _/root/.bashrc_ # export LS_OPTIONS='--color=auto' _after change:_ export LS_OPTIONS='--color=auto' After some searching for a solution, I found the Augeas-Tool and then the Augeas-Shellvar-Provider. So I tried it: shellvar { export LS_OPTIONS: ensure = present, target = /root/.bashrc, uncomment = true, } But I always get this error, regardless how I paraphrase the ressource shellvar. An alternative solution would be great, too. But with the file_line ressource, I can't imagine, that there is an very short and easy way. I hope someone can help me! Thank You! Hoize Hi Hoize, Since we're talking about a comment, does it really matter if it is still in the file? Bash certainly does not think so. The file_line() function should work well for you if you want to manage individual lines as opposed to the entire file. I would recommend this approach for its simplicity instead of Augeas. Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/558BA8F5.9010708%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Using puppetlabs-apache to help install and secure Apache httpd 2.2?
On 6/9/15 7:16 PM, Brad Knowles wrote: Folks, So, I’m running into some issues with this module, and I wanted to ask for your advice. First, some background. I’m helping develop the systems that will allow a certain government agency to deploy their own public and private cloud systems. One of the web servers they want to include is Apache httpd. Of course, they also have an extensive document that they want us to follow with regards to hardening this system, an example of which can be found at https://web.nvd.nist.gov/view/ncp/repository/checklist/download?id=909checklistId=392. Now, I know about the module at https://forge.puppetlabs.com/arildjensen/cis, but that’s not going to do it for us. We’re following a government standard that is similar to the CIS benchmark, but somewhat different. Multiple parties and organizations have had their fingers in this pie, so off-the-shelf solutions in this space won’t help. The particular problem I’m having at the moment is that, within the “Directory” option for a given vhost, we need to control the “order deny,allow” as well as the “deny from all” settings. This is easy enough to do with the puppetlabs-apache module for the main vhost definition, because it exposes options to do exactly that. However, we also need to control these settings for all the other configuration files in /etc/httpd/*, and the puppetlabs-apache module deploys the configuration file /etc/httpd/conf.d/alias.conf directly from a template where these values are hard coded (see https://github.com/puppetlabs/puppetlabs-apache/blob/master/manifests/mod/alias.pp and https://github.com/puppetlabs/puppetlabs-apache/blob/master/templates/mod/alias.conf.erb). And this doesn’t appear to be the only configuration file where it’s doing this. I don’t want to get into warring modules over who is going to be putting what content into this file, and since they aren’t using Augeas to perform this function, I don’t think that I can use Augeas myself to do configuration-file-surgery on it after-the-fact. So, is there an easy solution here? I really don’t want to have to fork the puppetlabs-apache module and then have to explain why we can’t use the standard puppet module for doing this kind of stuff, but I’ll do that if I have to. I just would prefer to find a solution to this issue that allows me to avoid that fight. Suggestions? Thanks! -- Brad Knowles b...@shub-internet.org LinkedIn Profile: http://tinyurl.com/y8kpxu Hi Brad, The puppetlabs/apache module has started using a pattern[1] where you can override the template that they use with your own, though currently this only applies to the template for httpd.conf. Would suggest adding that type of functionality to the module, so that you can specify your own templates. Given that the pattern already exists, Puppet Labs will likely entertain your pull requests. [1] - https://github.com/puppetlabs/puppetlabs-apache#conf_template Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/5577832C.6010908%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Re: puppetdb module fails to install or work with fresh node
On 5/28/15 4:17 PM, Robert Hafner wrote: Even using the “embedded” database is apparently useless, as puppet is still not able to connect to puppetdb. In addition, puppetdb is very obviously not creating it’s firewall rules even though I haven’t disabled that feature. Does anyone have an example of this module actually working? It’s hard to imagine a more simple setup than the one I have right here, but this module is not working or giving me any reasons why it’s not working. PuppetDB is just failing completely, and with all the default settings. Rob On May 28, 2015, at 12:43 PM, Robert Hafner ted...@tedivm.com mailto:ted...@tedivm.com wrote: Using the documented database_validation option to disable database validation also fails, but in a different way: class profiles::puppetdb { class { '::puppetdb': database_validate = false } } Results in: Error: Failed to apply catalog: Could not find dependent Class[Puppetdb::Server::Validate_db] for Class[Puppetdb::Database::Postgresql] at /etc/puppet/modules/puppetdb/manifests/init.pp:133 Looking at the code in the puppetdb module I'm not even sure if the 'database_validate = false ' option ever worked as advertised. On Thursday, May 28, 2015 at 12:31:29 PM UTC-7, Robert Hafner wrote: I'm creating a puppetdb machine using puppetdb module. My code is simple: class profiles::puppetdb { class { '::puppetdb': } } This, unfortunately, fails with the following error: Debug: Executing '/usr/local/bin/validate_postgresql_connection.sh 2 10 '/usr/bin/psql --tuples-only --quiet -h localhost -U puppetdb -p 5432 --dbname puppetdb '' Error: /Stage[main]/Puppetdb::Server::Validate_db/Postgresql::Validate_db_connection[validate puppetdb postgres connection]/Exec[validate postgres connection for puppetdb@localhost:5432/puppetdb]/unless: Check /usr/local/bin/validate_postgresql_connection.sh 2 10 '/usr/bin/psql --tuples-only --quiet -h localhost -U puppetdb -p 5432 --dbname puppetdb ' exceeded timeout I'm a bit at a loss as to what to do here, as there's nothing in the logs that can tell me why I'm getting this error. Robert Hi Robert, I put this in Hiera to extend the timeout to 30 seconds. This is often needed when using underpowered VM's as PostgreSQL can take awhile to start. puppetdb::master::config::puppetdb_startup_timeout: 30 Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/55678678.8010802%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] odd new error with puppet version 3.8.1
On 5/27/15 5:02 PM, Josh Cooper wrote: On Wed, May 27, 2015 at 1:02 PM, Peter Berghold salty.cowd...@gmail.com mailto:salty.cowd...@gmail.com wrote: Ever since I upgraded to Puppet version 3.8.1 I now see this error: Error: /File[/var/lib/puppet/facts.d]: Could not evaluate: Could not retrieve information from environment production source(s) puppet://mcadprod1.mca.sharkrivertech.com/pluginfacts http://mcadprod1.mca.sharkrivertech.com/pluginfacts What's that about? Should I worry. Something need configuring? When the agent runs, it will attempt to download external facts from all of the modules on the master to the /var/lib/puppet/facts.d directory on the agent. If no module has a facts.d directory on the master, e.g. in 3.8.x that'd be /etc/puppet/modules/some_module/facts.d, then the agent will display the above message. I think there is a ticket to not display an error message, as it's not really an error. And I think you can work around the issue by creating an empty facts.d directory for one of your modules. Josh -- Josh Cooper Developer, Puppet Labs Hi, This seems to be what I described in PUP-3324. https://tickets.puppetlabs.com/browse/PUP-3324 Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/556647FE.8050303%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Anyone really using Postgres for a Hiera backend?
On 5/14/15 9:36 AM, jcbollinger wrote: On Wednesday, May 13, 2015 at 3:10:29 PM UTC-5, Martin Marcher wrote: Funny, I'd rather ask: is anyone *not* using Postgres? Postgres for PuppetDB for sure, but for an Hiera back end? I'm sure there indeed are people who use a Postgres-based Hiera back end, but I have seen no evidence to suggest that doing so is remotely common. The most commonly used Hiera backend seems to be the built-in YAML one, which should be no surprise to anyone. The JSON back end also seems popular, and the eYAML backend sees some use, too. As judged by traffic on this group, no other Hiera backend moves the needle. John Hi, I'm actually using PostgreSQL for some Hiera data, but using a simple Sinatra web app to present that data to Hiera. From a security perspective, this allows me to limit my exposure by only allowing puppet masters to speak to the web app, which in turn can speak to the database. It also makes it easier to switch between database backends and most importantly, do multiple queries and data munging. Recommend checking out hiera-http[1] and hiera-rest[2] from Craig Dunn and Ben Ford, respectively. [1] - https://github.com/crayfishx/hiera-http [2] - https://github.com/binford2k/hiera-rest Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/555B88DE.3010202%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Looking for recommendations on double DTAP environments
On 4/1/15 11:33 AM, Walter Heck wrote: Hi all, I'm working on an environment and encounter the same issue I have encountered a couple of times before. This'll be a bit of a long one, so brace yourselves ;) Situation: We have a large managed hosting enterprise organisation where we're implementing puppet.The tooling team develops and maintains a set of puppet modules for usage by the infracoders. The infracoders write hiera databases and do classification which needs to move through a normal DTAP workflow. We'll refer to these as puppet environments. The customers though maintain their servers also in DTAP: some of the webservers are in testing, others are in production. From a puppet perspective though, these machines are all in production. So far so good, so what's the challenges? We'll refer to these as customer environments Challenges: * different module versions on different customer environments. When a new version of the apache module becomes available from the tooling team, the infracoders might not want to use it straight on production * if there needs to be a change on a server in the customer environment Acceptance, do we go through puppet DTAP for Customer environments DT also? That depends on wether this customer wants that change in their D and T environments * if there needs to be a change across all servers, how does this flow through puppet DTAP and customer DTAP? * rights: some admins can only have rights to change things on the customer DTA, but not P. They need to go through a senior engineer for that. Solution: We've so far settled on this: * having 4 hiera git repo's per customer, where their D systems live in the D hiera repository. main reasons are: ** we want to have different puppet module versions per DTAP stage in a customer environment ** junior offshore admins cannot edit or even see systems/configs in the customer environment production ** a system that is a live system for a customer has the puppet environment set to production, regardless of wether the customer runs it in their DTA or P environment. The infracoders move hiera/puppet code through puppet environments DT and A within for instance the T hiera git repo. How do others solve this problem? Insights more then welcome :) cheers, Walter Hi Walter, I'm using r10k with the Hiera data in the same repo as your Puppetfile. This allows for arbitrary environments and for each environment to have its own copy of the code which is likely at different versions. Using gitlab to prevent pushing to named environments such as production. This way you can create an environment to test some specific new functionality or a fix and then request that it be merged into a more regulated environment. You can make use of gitlab groups and permissions to enforce who can merge into which branch (environment). Add git hooks for more granularity if needed or in lieu of the whole gitlab setup. Making use of hiera-eyaml to encrypt sensitive data. We want more junior and off-shore people to see the keys, so that they understand how systems are configured and eyaml ensures that they do not see the actual data. If your code is truly data driven and the data is in Hiera and you hide that from people, there is no way they will be able to understand how the model is created. Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/551BE2E1.5070401%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Re: adding new users to /etc/sudoers
On 3/30/15 2:50 PM, manyi wrote: Thanks for the responds Russel, responding to where the sudo class /module is from, I created it any pointers??? On Saturday, March 28, 2015 at 10:40:20 AM UTC-4, Russell Anderson wrote: First, the visudo check didn't work otherwise it would have given actual feedback, not usage info. Second, where is this sudo class / module come from. Nothing in the command snippets creates it. On Friday, March 27, 2015 at 3:24:58 PM UTC-4, manyi wrote: Help needed!! I am trying to add 2 users to /ect/sudoers john.smith and jane.may granting privileges to all servers _*step 1. *__*modules/user/manifests/init.pp *_ class user { user { 'john.smith': ensure = present, comment = 'john.smith', home = '/home/john.smith', managehome = true } } _*Step 2 manifests/site.pp*_ /etc/puppet/manifests/site.pp node 'mydomain.local.org http://mydomain.local.org' { include user } _*step 3 :*_ sudo mkdir -p modules/sudoers/manifests _*Step 4*_ sudo mkdir -p modules/sudoers/files step 5 Create the file modules/sudoers/manifests/init.pp # Manage the sudoers file class sudoers { file { '/etc/sudoers': source = 'puppet:///modules/sudoers/sudoers' mode = '0440', owner = 'root', group = 'root', } } _*Step 6 *_Check the syntax of the sudoers file visudo -c -f modules/sudoers/files/sudoers modules/sudoers/files/sudoers _*output*_: usage: visudo [-chqsV] [-f sudoers] step 7: back in manifests/site.pp node 'mydomain.local.org http://mydomain.local.org' { include user include sudoers } step 8 puppet$ sudo puppet agent --test does respond I finally tried: node 'mydomain.local.org http://mydomain.local.org' { class { 'sudo': } sudo::conf { 'john.smith': priority = 10, source = 'puppet:///files/etc/sudoers.d/users/john.smith', } } still the agent doesn't respond can someone point me to the right direction please Hi Manyi, Suggest checking out saz/sudo[1] instead of rolling your own. [1] - https://github.com/saz/puppet-sudo Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/55199558.9060104%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Trouble with service resource detecting systemd as provider on FC19
On 3/26/15 1:17 AM, Felix Frank wrote: Hi, it sure is disappointing that the most recent agent version will not select the correct default provider on your FC19. Is systemd default on this platform? Or have you configured this box this way explicitly. If you want your manifest to behave like this on your FC19 boxen only, you can do this on the global scope (e.g., site.pp) if $operatingsystem == 'Fedora' and $operatingsystemmajrelease == '19' { Service { provider = 'systemd' } } This sets a resource default if the node in question uses the specified operating system. HTH, Felix On 03/13/2015 03:05 PM, James Olin Oden wrote: I am on Fedora Core 19 using Puppet version 3.7.4. When I was trying ensure a service was configured to start I would do something like: service { 'someservice': ensure = 'running', enable = true, } But when I would run puppet apply I would get the following error: Error: Could not enable someservice: Execution of '/sbin/chkconfig --add someservice' returned 1: error reading information on service someservice: No such file or directory Error: /Stage[main]/Firewall::Linux::Redhat/Service[someservice]/ensure: change from stopped to running failed: Could not enable someservice: Execution of '/sbin/chkconfig --add someservice' returned 1: error reading information on service someservice: No such file or directory However if I told it the provider like: service { 'someservice': ensure = 'running', enable = true, provider = 'systemd', } The puppet apply would work fine. This however makes my resource non portable to systems not using systemd. Is this a bug of some sort? Am I doing something wrong? Thanks...James Hi, +1 to Felix's hack for getting this working. It appears[1] that systemd should work without modification on FC19. James, what version of facter do you have? Most importantly does it have a fact for operatingsystemmajrelease? Looks like the redhat provider would also match[2]. Anyone know how precedence is determined? [1] - https://github.com/puppetlabs/puppet/blob/master/lib/puppet/provider/service/systemd.rb#L10 [2] - https://github.com/puppetlabs/puppet/blob/master/lib/puppet/provider/service/redhat.rb#L11 Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/551418FD.7030101%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] How to setup Puppet agent run interval at a specific time?
On 3/26/15 2:06 PM, staceytian4...@gmail.com wrote: Hi all, I am using puppet 3.7.3. I want my puppet agent to run twice a day, so in puppet.conf, I set runinterval: # This setting can be a time interval in seconds (30 or 30s), minutes (30m), hours (6h), days(2d), or years (5y) runinterval = 12h However, how could I setup the puppet agent run to happen at a specific time? For example, 2:00am and 2:00pm respectively? Now it seems random. And whenever the machine is rebooted, it will run puppet agent. Thanks, Zaiwen Hi Zaiwen, The easiest way to manage when and how your agent runs is through cron. Highly recommend running in that fashion. Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/55141320.6020003%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] rspec Error
On 3/25/15 2:35 PM, Afroz Hussain wrote: Hi All, I am currently using 3.7.4 version of puppet and tried setting up rspec(http://rspec-puppet.com/ ) to run some test cases. I have installed ruby 2.2.0 with the help of rvm but still getting below errors: # cd /etc/puppet/modules/apache/ # rspec spec/classes/apache_spec.rb /usr/lib/ruby/gems/1.8/gems/rspec-core-3.2.2/lib/rspec/core/hooks.rb:512:in `all_hooks_for': return from proc-closure (LocalJumpError) from /usr/lib/ruby/gems/1.8/gems/rspec-core-3.2.2/lib/rspec/core/hooks.rb:564:in `process' from /usr/lib/ruby/gems/1.8/gems/rspec-core-3.2.2/lib/rspec/core/flat_map.rb:11:in `map' from /usr/lib/ruby/gems/1.8/gems/rspec-core-3.2.2/lib/rspec/core/flat_map.rb:11:in `flat_map' from /usr/lib/ruby/gems/1.8/gems/rspec-core-3.2.2/lib/rspec/core/hooks.rb:563:in `process' from /usr/lib/ruby/gems/1.8/gems/rspec-core-3.2.2/lib/rspec/core/hooks.rb:429:in `register_globals' from /usr/lib/ruby/gems/1.8/gems/rspec-core-3.2.2/lib/rspec/core/example_group.rb:394:in `set_it_up' from /usr/lib/ruby/gems/1.8/gems/rspec-core-3.2.2/lib/rspec/core/example_group.rb:361:in `subclass' from /usr/lib/ruby/gems/1.8/gems/rspec-core-3.2.2/lib/rspec/core/example_group.rb:253:in `describe' from /usr/lib/ruby/gems/1.8/gems/rspec-core-3.2.2/lib/rspec/core/dsl.rb:43:in `__send__' from /usr/lib/ruby/gems/1.8/gems/rspec-core-3.2.2/lib/rspec/core/dsl.rb:43:in `describe' from /usr/lib/ruby/gems/1.8/gems/rspec-core-3.2.2/lib/rspec/core/dsl.rb:82:in `__send__' from /usr/lib/ruby/gems/1.8/gems/rspec-core-3.2.2/lib/rspec/core/dsl.rb:82:in `describe' from /etc/puppet/modules/apache/spec/classes/apache_spec.rb:3 from /usr/lib/ruby/gems/1.8/gems/rspec-core-3.2.2/lib/rspec/core/configuration.rb:1226:in `load' from /usr/lib/ruby/gems/1.8/gems/rspec-core-3.2.2/lib/rspec/core/configuration.rb:1226:in `load_spec_files' from /usr/lib/ruby/gems/1.8/gems/rspec-core-3.2.2/lib/rspec/core/configuration.rb:1224:in `each' from /usr/lib/ruby/gems/1.8/gems/rspec-core-3.2.2/lib/rspec/core/configuration.rb:1224:in `load_spec_files' from /usr/lib/ruby/gems/1.8/gems/rspec-core-3.2.2/lib/rspec/core/runner.rb:97:in `setup' from /usr/lib/ruby/gems/1.8/gems/rspec-core-3.2.2/lib/rspec/core/runner.rb:85:in `run' from /usr/lib/ruby/gems/1.8/gems/rspec-core-3.2.2/lib/rspec/core/runner.rb:70:in `run' from /usr/lib/ruby/gems/1.8/gems/rspec-core-3.2.2/lib/rspec/core/runner.rb:38:in `invoke' from /usr/lib/ruby/gems/1.8/gems/rspec-core-3.2.2/exe/rspec:4 from /usr/bin/rspec:19:in `load' Any help will be appreciated!!! Thanks, Afroz Hussain -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com mailto:puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/1c47e572-b756-45fe-95e9-bf251d5bfeef%40googlegroups.com https://groups.google.com/d/msgid/puppet-users/1c47e572-b756-45fe-95e9-bf251d5bfeef%40googlegroups.com?utm_medium=emailutm_source=footer. For more options, visit https://groups.google.com/d/optout. Hi Afroz, Looks like you are not using ruby v2.2.0 as rspec is looking in '/usr/lib/ruby/gems/1.8'. Be sure to run `rvm use 2.2.0` before running rspec and familiarize yourself with bundler. Also ruby v2.2.0 is not supported by v3.7, so you might want to run rspec with v2.1.0. Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/5512D32B.7070802%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] testing and roles/profiles
On 3/18/15 10:02 PM, Johan De Wit wrote: Hi all, Looking for some best practice, guideline, documentation puppet testing in all its aspect, sometimes I try to figure out the following : How does one tests roles and profiles ? Do we still write rspec-puppet for profiles ? Since we are using modules that have there own unit (rspec) testing, at first sight, this looks like overhead. what about the profiles we make using other profiles ? Do we unit-test our 'base' profiles only ? Or does one only do integration testing (aka beaker ...) for the roles/nodes level only, and doing no (unit ?) testing on the profiles ? I hope to just trigger a discussion on this topic that will bring me one step closer to my own Test Driven Infrastructure. Grts Johan Hi Johan, Good timing, I just gave a talk[1] about this subject last week at Cascadia IT Conference in Seattle. Slide 41 starts talking about this. Using tools like beaker and serverspec are great for testing individual modules. A role is composed of many classes. A quick look at a simple role I have for a yum repo server has 36 classes in 23 modules. Monitoring is how we all test if production is working. Before deploying new code, suggest creating a representative system for each role that you manage and using your monitoring to ensure that it is working correctly. Tools like serverspec generally test locally on the system with tests such as is a port listening? is the service running? We want to test a system from the point of view of the consumer. In the example of the yum repo, you would want to have a separate system attempt to install a package served from that host. This approach also creates a nice loop between deployments and monitoring so that your monitoring (aka testing) of the services will improve. [1] - http://www.slideshare.net/gh/functional-testing-for-configuration-management-20150314-cascadia-it-conference/41 Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/550A7BF6.2060800%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Hiera testing
On 3/19/15 12:07 AM, Alfredo De Luca wrote: Hi all. I am testing hiera in our enviroment and I wonder if I can manage everything from hiera without using the main site.pp. Do you think is the right way? or I should use site.pp as well? Here is what I am testing and so far so good. - hiera.yaml --- :backends: - yaml :hierarchy: - environments/%{::environment} - nodes/%{::fqdn} - common :yaml: :datadir: /etc/puppet/hieradata/ - hiera.yaml - common.yaml --- classes: - ntp - resolver - yum - motd ntp::restrict: ntp::autoupdate: false ntp::service_enable: true ntp::service_ensure: running ntp::servers: - 10.4.123.3 - 10.4.123.4 - 10.5.123.3 - 10.5.123.4 resolver::search: - xxx.xxx.com resolver::dns_servers: - 10.4.17.18 - 10.4.17.20 - 10.5.17.18 - 10.5.17.20 yum::source_repo_dir: 'puppet:///REPO_FILES/' yum::clean_repos: true motd::content: '# TEST #' - common.yaml Hi Alfredo, Here is a link[1] to the site manifest that I use. Everything else is driven through Hiera. Your hierarchy should be ordered such that the most specific level is first and each subsequent level describes your systems with less specificity. So the fqdn level should be swapped with the environment. Here is a link[2] to a good starting point for your hiera configuration. If you were to visualize the number of keys in each level of the hierarchy it would appear as a pyramid with the the top having the fewest keys and the bottom having the most. If you find that's not the case, it is a good sign to refactor your hiera levels. [1] - https://gist.github.com/ghoneycutt/14855c4890cb400165f3 [2] - https://gist.github.com/ghoneycutt/5b6034f9bb381c56a950 Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/550ADCFB.8020705%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] how to install multiple packages from the list
On 3/13/15 10:45 AM, Alex Miroshnik wrote: Hi Guys, I need to install multiple packages on the Ubuntu 14.0.4 using puppet. All packages are listed in the file (about 100 packages) one package name on the row. Is this possible? If it is possible, could you please give me a hint how to do this. I know I can specify the array of the packages: $pkg_list = [ pkg1, pkg2, pkg3 ] package { $pkg_list: ensure = installed } but this is not my case as I have quite a few packages in the list. Thank you in advance! Hi Alex, You could do this with my types module[1]. You would list all of the packages in Hiera and then simply 'include types' on your node and all of the packages you have listed would be installed. Here's a quick shell script to format your list of packages into YAML[2]. [1] - https://github.com/ghoneycutt/puppet-module-types#package [2] - https://gist.github.com/ghoneycutt/03102b7f95f09bf45af9 Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/55097B05.8090704%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Facts which depend on (not-yet-installed) packages
On 3/15/15 8:04 PM, Jan Schütze wrote: Hello, I have the following use case: For a custom class/type I need to know which php_version is installed on the machine. So I wrote a custom fact like this: Facter.add('php_version') do setcode do Facter::Util::Resolution.exec('/usr/bin/php -i | /bin/egrep -e ^PHP Version | /usr/bin/head -n 1 | /usr/bin/cut -d -f 4 | /usr/bin/cut -d - -f 1') end end It works great. Except: When php is not yet installed (there is a Package['php'] definition, too). Then it will return an empty string. Thus I have to run puppet two times to get the expected result. I am sure that this is expected behavior of puppet. How do I handle such case? Regards Jan -- http://dracoblue.net Hi Jan, Since your module installs PHP, you're kind of stuck with two runs, unless you can provide some sane default when php_version is not present. Suggest implementing your module such that PHP always gets installed and whatever resources require that php_version be present are wrapped in some conditional logic. Here's a quick fix[1] to make your code faster and more portable and not throw errors when PHP is not found. It does require that PHP be in your $PATH. Facter.add(php_version) do setcode do test_exists = which php 21 /dev/null ; echo $? if Facter::Util::Resolution.exec(test_exists) == '0' php_output = Facter::Util::Resolution.exec('php --version') php_output.split[1] end end end [1] - https://gist.github.com/ghoneycutt/42ab87c20f84ec422535 Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/5505F583.4090209%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] puppet module list upgrades-available
On 3/9/15 9:29 AM, James Green wrote: I have a need to report on the modules we have installed and for each: 1. The version installed 2. The latest version available to upgrade to Any ideas how to get this as I'm not seeing a puppet module command to match. [ Fairly convinced I cannot be the first to ask this too... ] Thanks, James -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com mailto:puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAMH6%2BayCLvVZM8aJX2a1NqR6BVkKv%2BFwLrh4eeRk3ZWfAM-wmg%40mail.gmail.com https://groups.google.com/d/msgid/puppet-users/CAMH6%2BayCLvVZM8aJX2a1NqR6BVkKv%2BFwLrh4eeRk3ZWfAM-wmg%40mail.gmail.com?utm_medium=emailutm_source=footer. For more options, visit https://groups.google.com/d/optout. Hi James, To get the versions installed, highly recommend using a Puppetfile[1]. This file lists all of your modules tied to where you download them from and at what git reference, which could be a tagged version or branch or commit SHA. I use a mix of librarian-puppet-simple[2] and r10k[3] which do not do any dependency resolution of modules, so I always know exactly what code is being deployed. To see what is available is trickier, though if you are using modules from the Forge, you could use their API[4]. [1] - https://github.com/ghoneycutt/puppet-modules/blob/master/Puppetfile [2] - https://github.com/bodepd/librarian-puppet-simple [3] - https://github.com/puppetlabs/r10k [4] - https://forgeapi.puppetlabs.com/#!/release/getReleases Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/54FDC0C6.6070603%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Selectively Install Packages
On 3/4/15 9:57 AM, Steve Harp wrote: Hi Guys, I'm using Puppet for many configuration items and package deployments. I need to be able to only deploy certain packages/classes when the Agent sends a definable command line option. Example: puppet agent --onetime --no-daemonize --verbose --do_something_special I want to be able to execute a class only when the '--do_something_special' flag is passed. Is this possible? Thanks for any suggestions. Hi, It is possible and pretty straight forward if you use a master-less setup. In that case you run `puppet apply -v some_manifest.pp`. From what you are describing it seems that you want to use Puppet as a method for invoking scripts in an ad-hoc fashion, which is not at all what Puppet is really built to do. With a configuration management tool, you want to build a model (aka desired system state) and then apply that model to your systems. If your goal is to simply install different packages, first figure out what your criteria is. Is it based on the role of the system, the OS, its location, ... ? With that information, you could add the appropriate levels to Hiera's[1] lookup hierarchy and do your modeling there. Here's a module[2] that would let you do that. [1] - https://docs.puppetlabs.com/hiera/1/complete_example.html [2] - https://forge.puppetlabs.com/ghoneycutt/types#package Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/54F74003.3030203%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Copying a hash with changes
On 2/28/15 1:27 PM, Tom Limoncelli wrote: I want to copy a hash to a variable but change some settings along the way. For example: I have $haproxy::params::global_options (which is a hash) and I want to create a copy with some changes. I tried this: $global_options = $haproxy::params::global_options += { 'log' = ${log_ip} local0, } But that gives me: Error: Syntax error at '+='; expected '}' at ... If I do: $global_options = $haproxy::params::global_options $global_options['log'] = ${log_ip} local0 This gives me: Error: Assigning to the hash 'global_options' with an existing key 'log' is forbidden Suggestions? Tom Hi Tom, Suggest using a template as it provides a way to hack around issues involving munging data and types by going straight to ruby. You could use the inline_template() function, though I prefer having it in a separate file for readability and for syntax checking. Here's a quick and dirty hack that might work for you. Notice in the template that the ruby code is between % % and the interpolation that is being returned to $hn in your manifest is between %= %. manifests/init.pp class tl ( ) { $h = { 'k' = 'v', } $hn = template('tl/hack.erb') notify { 'asdf': message = h = ${h}, } notify { hn = ${hn}: require = Notify['asdf'], } } # templates/hack.erb % ht = {} ht = @h.merge 'log' = #{@ipaddress} local0% %= ht % # puppet apply -v tests/init.pp Notice: h = {k=v} Notice: hn = {k=v, log=10.0.1.3 local0} Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/54F21A1F.2090207%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Inter-node dependency
On 2/26/15 9:59 AM, lupindet...@gmail.com wrote: Hello, I'm pondering what is the best way to approach this problem( without MCollective). I have a serverA than will run a DB backup copy it over to serverB, then serverB do restore then notify serverA for it to execute the next phase of action. This scenario will have to take at least four occurences back and forth between the two servers, this is to setup a log shipping for a DB server. In my mind I can think of; A) scp a file as flag every after execution between servers so it will only proceed to next step if flag file is present. B) Export an Exec resources from one server to another C) Create a wrapper script for tasks intended for serverB, execute the script from serverA using Exec resource. I'm biased on B) if it's doable as I would love to have this pure DSL as much as possible but what would be the downside, performance? Appreciate any input and further ideas. cheers lupin Hi, What is sounds like you have is a recurring task, not a desired system state. Suggest using puppet to setup ssh keys and a cron job that runs your backup script. Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/54F2202F.8000404%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] delete line in file with substring xyz
On 2/25/15 10:56 AM, Martin Alfke wrote: The single quotes take the argument as it is. In this case you are looking for a line with *xyz* Maybe you want to try double quotes. hth, Martin On 25 Feb 2015, at 13:58, Andreas Dvorak andreas.dvo...@gmail.com wrote: Dear all I would like to use the stdlib Modul with file_line to delete a line that matches *xyz*. But the resource file_line {'delete line': ensure = absent, path = '/etc/file', line = '*xyz*', } or file_line {'delete line': ensure = absent, path = '/etc/file', match = '*xyz*', } does not work. My current solution is with an exec resource but I don't like it. Does anymbody know how to do it with file_line? Andreas Hi, The single quotes are good. The issue is with your regex. You are using wildcards '*' which is not a valid regex. Try just 'xyz' without the stars[1]. Recommend checking out Rubular[2] to test your regex's. [1] - http://rubular.com/r/RjAnADs5x3 [2] - http://rubular.com/ Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/54EE028D.8090402%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Re: Is there a better way to limit module actions based on facts?
On 2/11/15 7:33 PM, Joseph Karns wrote: Leam: The reason you are getting the 400 Error is because you don't have $osfamily defined. You can write your case statement as such: case $::osfamily { 'redhat': { # do something RHEL specific } 'debian': { # do something Debian specific } default: { # ... } } Thanks Joey Hi Leam, I agree with Joseph's example here of using the case statement with the addition that the default case be to fail(). This way the module will work for explicitly defined platforms and fail on anything else. Better to fail the compilation of the catalog than to make assumptions about the agent and do the wrong thing. Here's an example[1] from my nscd module. You will generally just have variables set to different values based on the platform, though you may have actual resources as well. Just be sure that you are not duplicating resources in each of the cases as this violates DRY[2]. [1] - https://github.com/ghoneycutt/puppet-module-nscd/blob/master/manifests/init.pp#L103-172 [2] - http://en.wikipedia.org/wiki/Don%27t_repeat_yourself Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/54DBAECF.2080004%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] manage users and ssh_authorized_key from hiera
On 1/30/15 4:53 PM, Sans wrote: This is the class I have for the user creation: /*#users.pp */ class common::users { create_resources('group', hiera_hash('groups')) define create_ssh_users () { user { $name: password = $password, managehome = $managehome, groups = $groups, ensure = $ensure, } - ssh_authorized_key { $name: user = $name, type = $type, key= $key, ensure = $ensure, purge_ssh_keys = $purge_ssh_keys, } } create_resources('create_ssh_users', hiera_hash('ssh_users')) } in my */nodes.pp/*: hiera_include('classes') and the associated hiera file is like this: /*#users.yaml*/ classes: - 'common::users' groups: 'admins': ensure: present gid: '2001' 'network': ensure: present gid: '2002' ssh_users: 'sans': password: '$1$33mRSE$deEDRKq2aGPu0' managehome: true key: 'B3NzaC1yc2EAAAzdqs8etdh' purge_ssh_keys: true groups: - 'admins' - 'networks' ensure: present 'joe': When I run puppet, I see errors like: Error: Invalid parameter managehome on Common::Users::Create_ssh_users[andy] on node p19-d-nagios-001 or Error: Invalid parameter purge_ssh_keys on Common::Users::Create_ssh_users[sans] on node p19-d-nagios-001 The errors are pretty inconsistent - changes the parameter (i.e. sometimes it's managehome, next time is key etc.) and the user-name over time. Can anyone tell what am I missing please? Best! Hi, I have a module with all of this functionality and tests :) https://github.com/ghoneycutt/puppet-module-common#usage Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/54D8EC16.6040009%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Virtual Resource Visibility
On 2/9/15 5:33 PM, Peter Berghold wrote: OK.. so I'm having a major brain fart here... I have a class thusly: class scripts::myscript { @file{'my neat script': path=/path/to/the/script, source=puppet:///modules/scripts/myscript.pl http://myscript.pl } realize File['my neat script'] } and in a module far far away I have the following sniglet: cmd { 'do my thing': command ='/path/to/the/script', require = File['my neat script'] } Shouldn't the file resource be visible to the other module? (it's not acting that way...) -- Peter L. Berghold salty.cowd...@gmail.com mailto:salty.cowd...@gmail.com h http://blog.berghold.netttp://science-fiction.berghold.net http://science-fiction.berghold.net Hi, The virtual file is not realized when you call it from your farfaraway class. Add `include scripts::myscript` before your cmd resource in that class and it should work. Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/54D8ED5F.2070401%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Passing Blank Values in Hiera Hashes
On 2/5/15 11:24 AM, Danny Roberts wrote: I am trying to configure NGINX entirely within Hiera. For the most part this is very easy as the module directly supports setting things up in Hiera. Where I am having an issue though is when creating an upstream in Hiera I am wanting to pass the 'ip_hash' parameter to it. The in source docs https://github.com/jfryman/puppet-nginx/blob/master/manifests/resource/upstream.pp#L28-L40 show an example of doing this from in a manifest but not Hiera. So I came up with this Hiera code for the upstream: | nginx::nginx_upstreams: 'mycluster': ensure:'present' members:['192.168.0.1:80','192.168.0.2:80'] upstream_cfg_prepend: ip_hash:'' | Though presumably because the value of that hash key/value pair is empty the ip_hash variable does not get added to the resulting config file on the server, you just get a blank line inserted. I've done some searching and cannot find a way to make this work in Hiera so it may simply not be possible, but does anyone know a way around this? Hi, It appears that ip_hash is being represented as a string instead of a hash itself. If you are not going to give ip_hash any values, I don't think you need to specify it at all. HTH, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/54D35B27.2020702%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Announce: Puppet Language Style Guide 2.0
On 2/2/15 1:21 PM, Lauren Rother wrote: The Modules team and I are excited to finally announce the newest version of the Puppet Language Style Guide. We've reworked the guide to reflect the new features and capabilities of Puppet 3.7, and we've expanded it to cover more topics related to building manifests and modules. If you're interested in publishing a module to the Puppet Forge or are looking to get your module Puppet Approved, the updated guide is a great place to start. It was a massive, company-wide effort to update this style guide, but I'm sure we didn't catch everything. If you notice a mistake or would like more information on something that's not currently covered, please file a ticket. We plan to regularly update the guide from here on out, and we definitely anticipate another big release in the months after Puppet 4 comes out. Puppet Language Style Guide: https://docs.puppetlabs.com/guides/style_guide.html File a ticket: https://tickets.puppetlabs.com/browse/DOCUMENT/ The Puppet Approved program: https://forge.puppetlabs.com/approved Thanks! Lauren -- *Lauren Rother* Technical Writer Puppet Labs, Inc. Hi, Awesome work on the new style guide! I've got a few questions and some suggestions. == Section 5 Why the arbitrary line length? Puppet's DSL does not have the ability to break lines, such as '\' in bash, so imposing any limit does not buy anything, certainly not readability. If you want to give clear error messages that improve readability they will include the variable and its data which could be greater than 140 characters. In essence, until there is a way to break lines in the DSL, there should not be any limit to how long a line could be. == Section 9.6 This suggests that using symbolic modes (mode = 'u=rw,g=r,o=r') are acceptable. What is the purpose of this? This decreases readability and understanding. == Section 10.2 Would add that includes should happen right after defining parameters and before validation. == Section 10.4 Suggest adding that chaining arrow syntax should only be used with the reference syntax and not between resources. The example below is a bad use of the chaining arrows that leads to changing ordering by inadvertently moving resources around. This is easy to do when merging software. package { 'foo': ensure = present, } - service { 'food': ensure = running, } == Section 10.6 Suggest that while having required parameters for defines is OK, having them for classes is not. There should never be required parameters for a class. This breaks the ability to `include` a class. == Section 18 This wording is not very clear. Are you saying that parameters should be listed in the order that they are used instead of alphabetical order? Agree with adding resources, though how this actually works with adding parameters is unclear. Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/54CFDD0D.40801%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Puppet EPEL RHEL5/6 vs RHEL7 (2.7.25 master with 3.6.2 clients)
On 2/1/15 10:31 PM, Ugo Bellavance wrote: Hi, I'm using the EPEL puppet packages and my puppet master (server) is on RHEL 5, so version 2.7.25. I'm introducing some RHEL 7 test machines in my infrastructure and for now I've found that /etc/sysconfig/puppet is not used anymore so I had to change my puppet config for /etc/puppet/puppet.conf. Anyone else running this kind of configuration? I remember that when EPEL upgraded from 2.6 to 2.7, the 2.7 client didn't work with 2.6 server. Now 3.6.2 clients work. Is that expected? I choose to stick with EPEL since puppet is only about 10% of my job so using EPEL packages allow me to have a stable environment for longer and I don't really mind not having the latest features. Of course, I'll eventually upgrade my server to a RHEL 7 machine with 3.6.2 server. Any comments or advice welcome. Thanks, Ugo Hi Ugo, The master must be upgraded before the agents or in other words, the agents cannot have newer versions than the master. The easiest and most reliable path forward is to use yum.puppetlabs.com (ideally, your own local mirror) as the source for your packages, if you want to support EL 5 - 7. Using the corresponding EPEL repo for each distro is not going to work. Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/54CEFAC7.1090801%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Puppet: installing package via pip
On 1/9/15 8:40 PM, Jason Price wrote: Puppet version 3.7.3 Master and agent are running on Centos v7.0 When the manifest includes the following block, it fails with the error below: code block: package {'s3cmd': ensure = present, provider = 'pip', require = Package['python-pip'] } (for reference, the python-pip package installs just fine). The error: $ sudo puppet agent -t Notice: Ignoring --listen on onetime run Info: Retrieving pluginfacts Info: Retrieving plugin Info: Loading facts Info: Caching catalog for toy9x123.analytics-qa.weather.com http://toy9x123.analytics-qa.weather.com Info: Applying configuration version '1420853760' *Error: Could not set 'present' on ensure: Could not locate the pip command. at 35:/etc/puppet/modules/etc/manifests/packages.pp Error: Could not set 'present' on ensure: Could not locate the pip command. at 35:/etc/puppet/modules/etc/manifests/packages.pp* Wrapped exception: Could not locate the pip command. Error: /Stage[main]/Etc::Packages/Package[s3cmd]/ensure: change from absent to present failed: Could not set 'present' on ensure: Could not locate the pip command. at 35:/etc/puppet/modules/etc/manifests/packages.pp so, this is odd. I've done some googling that indicates that a $PATH issue might be in play, but when I do things like 'sudo which pip' I get '/bin/pip' (centos symlinks /bin to /usr/bin). I've validated that pip can install s3cmd without issue. The manifest still fails even if s3cmd is installed, so it's completely a problem with how puppet is trying to call pip. Any insights? Thank you; Jason Hi Jason, You found a bug in the pip package provider. It is incorrectly looking for pip-python in your path. I have created a ticket[1] for this issue along with the correspond patch[2] to fix it. A quick hack would be to symlink /usr/bin/pip-python to /usr/bin/pip. [1] - https://tickets.puppetlabs.com/browse/PUP-3829 [2] - https://github.com/puppetlabs/puppet/pull/3468 Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/54B18A43.3090001%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] type as a reserved word
Hello, Noticed Zach's recent contribution[1] to the r10k module and saw that 'type' is now reserved[2] for future use. What is Puppet Labs' plan for changing stdlib? Any recommendations to help with this migration? Any tickets around this initiative? FWIW, my modulepath has 24 modules affected with 94 occurrences of type(). [1] - https://github.com/acidprime/r10k/pull/96 [2] - https://docs.puppetlabs.com/puppet/latest/reference/lang_reserved.html#reserved-words Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/546E5E72.7050400%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Filebucket
On 10/30/14 12:01 AM, Tom Tucker wrote: Hello. I have a file bucket question. I believe I have file bucket configured correctly. I am able to backup a change file and restore it My question is how do get a list of files for a particular host or revisions for a particular file. Thanks Info: /Stage[main]/Sudo/File[/etc/sudoers]: Filebucketed /etc/sudoers to main with sum a22374b27a4cde79f8416648e567a77c Hi Tom, The filebucket takes a MD5 sum of each file and stores it based on that. Only file contents and path are part of the backup, not the host(s) that it came from. If you want to want to correlate files in the filebucket with your hosts, you will need to consult the logs from the puppet agent. The filebucket is not a replacement for a backup system and is more a safety mechanism if you change something and want to see the old file and possibly restore it. If you are adhering to good change management processes, you will likely never use the thing at all. Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/5451D890.5060601%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Puppetmaster can't keep up with our 1400 nodes.
On 10/30/14 10:45 AM, Georgi Todorov wrote: Hi group, We have a VM with 24 E7-8857 v2 @ 3.00GHz cores and 32G of ram (on big ESX hosts and fast backend) that is our foreman/puppetmaster with the following tuning params: Passanger: PassengerMaxRequests 1 PassengerStatThrottleRate 180 PassengerMaxRequestQueueSize 300 PassengerMaxPoolSize 18 PassengerMinInstances 1 PassengerHighPerformance on PGSQL: constraint_exclusion = on checkpoint_completion_target = 0.9 checkpoint_segments = 16 max_connections = 100 maintenance_work_mem = 1GB effective_cache_size = 22GB work_mem = 192MB wal_buffers = 8MB shared_buffers = 7680MB Apache StartServers50 MinSpareServers 5 MaxSpareServers 20 ServerLimit 256 MaxClients 256 MaxRequestsPerChild 4000 IPv6 disabled vm.swappiness = 0 SELinux disabled iptables flushed. We have about 1400 hosts that checkin every 30 minutes and report facts. Facter execution time is less than 1 second on the nodes. The bottleneck seems to be Passenger RackApp: /etc/puppet/rack There is one of these for each passenger proc that sits at 100% all the time. A typical strace of it looks like this: % time seconds usecs/call callserrors syscall -- --- --- - - 96.17 42.2358081320 31988 15964 futex 3.171.393038 0 5722020 rt_sigprocmask 0.510.225576 14 16157 3 select 0.120.051727 1 93402 83142 stat 0.010.006303 0 13092 13088 lstat 0.010.0030001500 2 fsync ... Here are the versions of software we've moved through: Master OS: Centos 6.5, 6.6 Foreman: 1.4.9, 1.5.1, 1.6.2 puppet: 3.5.1, 3.6.2, 3.7.2 Ruby: 1.8.7 (centos...) Passenger: 4.0.18, 4.0.53 Settings we've tried in various combinations: PassengerMaxPoolSize 12, 18, 24 PassengerMaxRequestQueueSize 150, 200, 250, 350 PassengerStatThrottleRate 120, 180 ServerLimit 256, 512 MaxClients 256, 512 Requests in queue are always maxed out and a lot of nodes just timeout. What am I missing? Our node count doesn't seem to be that big, our catalogs are fairly small too (basically just a bunch of autofs maps via module and 2-3 files). Thanks! Hi Georgi, How long does it take to compile a catalog? Is your VM server over subscribed? Here's the formula for figuring out how many cores you need dedicated to compiling catalogs. Note this is *dedicated* to compiling, so minus two for the OS, if you run Dashboard minus the number of workers, if you are running PuppetDB and Postgres, minus a few more. Take a look at my post[1] to ask.puppetlabs.com regarding sizing. cores = (nodes) * (check-ins per hour) * (seconds per catalog) / (seconds per hour) Another way to look at this is how many nodes should the current hardware support. nodes = (cores) * (seconds per hour) / (check-ins per hour) / (seconds per catalog) [1] - http://ask.puppetlabs.com/question/3/where-can-i-find-information-about-sizing-for-puppet-servers/?answer=101#post-id-101 Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/54528BD4.5010800%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Re: Puppetmaster can't keep up with our 1400 nodes.
On 10/30/14 4:32 PM, Georgi Todorov wrote: Chris, I sleep very well :). Our master is hourly backed up (the entire vm) and all configs go though git. Redeploying/restoring the master should be fairly quick (I have not tried though). Also, the way we use puppet, if it is down, it is no harm really. Only needed to push changes, which we don't do that often. Ramin and Garrett, I was considering throwing more CPU at it, seeing how it is CPU bound, however the strace told me something else is a problem. And I finally solved it. The culprit was Ruby. Puppet agent runs used to take anywhere from 30 to 250 seconds depending on ... the weather? I'm guessing it depended on where in the queue they were. The VM cluster is not oversubscribed, and in fact I had the VM isolated on a single DL580 host for testing, just to make sure nothing is interfering. I ended up compiled ruby 2.1.4, installed all the gems needed for foreman (about 75), and now have both foreman and puppet master running on ruby 2.1.4. My load average on the machine is now ~9 (down from about 17), requests in queue stays at 0 almost all the time with the occasional jump to 20 - nothing like my constantly full queue. So, hopefully this would be helpful for anyone who is trying to run puppet master on CentOS. And thank you guys, I have actually read both of those links before and when we add the rest of our infra, if we start hitting a bottleneck, I'll split the master and increase the CPU count. Cheers, Georgi Hi Georgi, The catalog compilation time is how long it takes to compile the catalog *on the master*. You can find it on CentOS with `grep Compile /var/log/messages`. The amount of time it takes for your agent to run is not at all tied with how long it takes to compile the catalog. Your puppet agents are not talking to the puppet master once they have received the catalog, except for file requests[1] and to submit a report. If you are solving for long agent runs, check out the logs which include timing information. A good visualization of this can be had with Puppet Dashboard which will break down a run with times for each resource type. Typically bottlenecks include exec, package, and service resources and custom functions. Especially packages if you talk to the internet instead of local mirrors. By chance are you serving any large binary files with Puppet? [1] - http://4.bp.blogspot.com/-0xlYPWw61Hw/UpVulZU1qTI/AwY/egPhvnpn0jI/s1600/puppet_technical_flow.jpg Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/54530840.7050707%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] schedule whole class and not only resources
On 10/26/14 9:50 AM, Felix Frank wrote: Hi, the intuitive approach would be: class { 'abc': schedule = ... } A tentative test seems to indicate that this does in fact not work. If this is important to you, you could open a feature request in Jira. Thanks, Felix On 10/01/2014 02:59 PM, Andreas Dvorak wrote: Dear all, I have a class with many resource that should only run at one certain time. I could add a schedule to every resource, but that is the same line at all the resources. Is there a solution to schedule the whole class at one place. something like this include abc { schedule } Best regards, Andreas You could use resource defaults[1] to achieve this. If your class is using the schedule metaparameter for a bunch of exec's you could add Exec { schedule = 'my_schedule', } schedule { 'my_schedule': period = daily, range = '2-4', } This would add the schedule parameter with the value 'my_schedule' to all of the exec{} resources within the class. [1] - https://docs.puppetlabs.com/puppet/latest/reference/lang_defaults.html Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/544D9A59.5010308%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Puppet, inventory, and single sources of truth.
On 10/26/14 4:46 PM, Robin Lee Powell wrote: So I've been using puppet for a long time, and the one thing I've never solved to my satisfaction is a way to have a single source of truth that acts as both instructions to puppet *and* as a system inventory that I can use for general opertaions (i.e. how many tomcat hosts do we have?). When Hiera came along I shifted to that, believing that it was the right solution here, and I've managed to hack together something that works, but it's pretty inelegant. The reason is that to get a proper inventory out of hiera requires collating all the hiera data from the point of view of each host, so that all the hierarchical processing is correct, and then mushing all those results together. I've got a system to do that, but it's pretty hacky. Is there some better way of combining a general inventory system and puppet? Is this a Puppet Enterprise sort of thing? Hi, Are you using PuppetDB? You can query it to see how many systems have the tomcat class associated with them. It also stores facts, so if you classify your node by setting a custom fact, such as `role`, you could query PuppetDB for all systems where role = 'app_server' or whatever. If you want real time data about the nodes instead of from the last puppet check in, MCollective can help you by querying your systems in real time. Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/544D9B34.6040609%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Adding then removing SW - best practices?
On 10/26/14 5:18 AM, JonY wrote: Let's say that I'm deploying a steady stream of identical hosts. Each has some piece of SW on it that's managed by Puppet. I continue to (regularly) add to and maintain this group over time. Day comes when this SW is no longer required. So I remove the module from Puppet to prevent it being included on future hosts in this group. What about the existing hosts? I ask. Add a module to remove the SW I think. What about the future hosts? Won't this seem a bit odd to tell puppet to remove SW that was never installed? I wonder. Puppet is idempotent! says the FM. Ok - but it still seems amiss. To a 'distant observer' it would seem an odd practice. says I. Should I break up the 'before' and 'after' hosts into separate groups / environments? I use an ENC to manage the modules. Maybe a DB entry to indicate who gets the extra module? Some other pathway? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com mailto:puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/7cf584ad-b697-4904-8428-9750a1444a93%40googlegroups.com https://groups.google.com/d/msgid/puppet-users/7cf584ad-b697-4904-8428-9750a1444a93%40googlegroups.com?utm_medium=emailutm_source=footer. For more options, visit https://groups.google.com/d/optout. Hi, If you take the approach of immutable systems, you would just provision new systems that do not have the software, transition to using them and then remove the old systems altogether. Getting into the practice of regularly rebuilding your hosts ensures that your provisioning process + configuration management is actually working. Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/544D9BD2.50407%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] puppet module for checking CVE's
On 10/12/14 5:16 PM, Felix Frank wrote: On 10/11/2014 02:22 AM, Garrett Honeycutt wrote: We could check if a file exists in a directory and if so, skip the fact. Suggest using /usr/local/etc/cve/fact_name What do you think? Sure, some thing in the file system. I suggest to not hard code locations. This should be a parameter. Cheers, Felix -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com mailto:puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/543AEFAB.1070906%40Alumni.TU-Berlin.de https://groups.google.com/d/msgid/puppet-users/543AEFAB.1070906%40Alumni.TU-Berlin.de?utm_medium=emailutm_source=footer. For more options, visit https://groups.google.com/d/optout. Hi Felix, I agree this should be configurable, though I'm not sure the best way to go about that. Facts do not take parameters, so I'm not sure what you mean by that. Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/543BFF9C.8090700%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] puppet module for checking CVE's
On 10/13/14 8:59 AM, Trevor Vaughan wrote: Would it be possible to side-load this into PuppetDB? For instance, instead of running the full list of checks with every run of puppet, have a cron job (or something) that runs the list and feeds the data directly into PuppetDB for the node. That would take the pressure off of each Puppet run but still make the data available. A nifty MCollective plugin for triggering full runs or targeting specific CVE regexes would be handy for catching things like Shellshock. For skipping facts, why not use a JSON/YAML file? Trevor Hi Trevor, Goal is to use facts so vulnerabilities could be determined without Puppet while also working with Puppet and its ecosystem - PuppetDB and MCollective. Good idea on skipping facts using structured data. While that is easy on the fact side to implement in ruby, it seems easier to implement from puppet using either file{} or file_line{} as I want to maintain the ability to specify an array of facts to skip through Hiera. BTW: Could really use help adding code to check for more CVE's :) Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/543C00CE.1000301%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] puppet module for checking CVE's
Hello, Published puppet-module-cve[1] to act as a framework for adding facts for specific CVE's that tell you if you are vulnerable to them. Inspiration came after ShellShock where I saw people had written modules with corresponding facts exclusively for that exploit. Our community needs a simple module that is easily extended to test for multiple CVE's instead of managing a bunch of separate modules that each check for one exploit. Each CVE has its own flat fact, such as 'cve_2014_6271'. $ facter -p cve_2014_6271 not_vulnerable There is a structured fact, 'cve', that returns a list of all tested CVE's, all vulnerable CVE's, and all CVE's to which you are not vulnerable. $ facter -p --yaml cve --- cve: vulnerable: - cve_666 tested: - cve_777 - cve_2014_6271 - cve_666 not_vulnerable: - cve_777 - cve_2014_6271 By default the module is quiet, though you can enable the ability to use notify{} to alert you to which CVE's you are vulnerable. Looking forward to your help in adding facts to check for more exploits. [1] - https://github.com/ghoneycutt/puppet-module-cve Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/543853CE.3080001%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] puppet module for checking CVE's
On 10/10/14 7:23 PM, Felix Frank wrote: Hi Garrett, cool idea. I think it could use a dial to explicitly whitelist the facts that I want to be populated. Deploying an ever growing range of (sometimes expensive) checks to all agents, all of which will forever return false after patching, is not a merry perspective. What do you think? Cheers, Felix On 10/10/2014 11:46 PM, Garrett Honeycutt wrote: Hello, Published puppet-module-cve[1] to act as a framework for adding facts for specific CVE's that tell you if you are vulnerable to them. Inspiration came after ShellShock where I saw people had written modules with corresponding facts exclusively for that exploit. Our community needs a simple module that is easily extended to test for multiple CVE's instead of managing a bunch of separate modules that each check for one exploit. Each CVE has its own flat fact, such as 'cve_2014_6271'. $ facter -p cve_2014_6271 not_vulnerable There is a structured fact, 'cve', that returns a list of all tested CVE's, all vulnerable CVE's, and all CVE's to which you are not vulnerable. $ facter -p --yaml cve --- cve: vulnerable: - cve_666 tested: - cve_777 - cve_2014_6271 - cve_666 not_vulnerable: - cve_777 - cve_2014_6271 By default the module is quiet, though you can enable the ability to use notify{} to alert you to which CVE's you are vulnerable. Looking forward to your help in adding facts to check for more exploits. [1] - https://github.com/ghoneycutt/puppet-module-cve Best regards, -g Hi Felix, I was thinking of that though my approach was to use a blacklist to disable specific facts. That way we go with least surprise so that the default would be to check for everything if you include the class. Hopefully folks would only blacklist expensive facts that they are confident in and not all cve facts after they patch, as the exploit could reappear in their environment. To that end, I could create a define that you pass the checks to blacklist which could be defined in Hiera. On the first puppet run, all facts would be synced and executed, then puppet would blacklist whatever you defined, and then on subsequent runs the facts would be skipped. Something like this in Hiera cve::blacklisted: - cve_666 - cve_777 We could check if a file exists in a directory and if so, skip the fact. Suggest using /usr/local/etc/cve/fact_name What do you think? Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/54387847.4050407%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] puppet module for checking CVE's
On 10/10/14 8:07 PM, Jeremy T. Bouse wrote: Granted I haven't completed taking a good look at the code yet, but to address Felix's concerns. What about a method of caching successful (ie: non-vulnerable) CVE fact results for an administratively configured time? This could limit the number of facts that have to run through their logic to verify on each run but also allow the administrator to configure this cache to expire at some point in time to re-validate everything to ensure a regression hasn't occurred. I do agree with Garrett that a common framework to identify these vulnerabilities and be able to respond quickly is both needed and a very valuable framework to have in place. Fits nicely with being able to use your run reports for auditing and with PuppetDB very easy to query and determine risk assessment of your environment quickly. On 10/10/2014 07:23 PM, Felix Frank wrote: Hi Garrett, cool idea. I think it could use a dial to explicitly whitelist the facts that I want to be populated. Deploying an ever growing range of (sometimes expensive) checks to all agents, all of which will forever return false after patching, is not a merry perspective. What do you think? Cheers, Felix On 10/10/2014 11:46 PM, Garrett Honeycutt wrote: Hello, Published puppet-module-cve[1] to act as a framework for adding facts for specific CVE's that tell you if you are vulnerable to them. Inspiration came after ShellShock where I saw people had written modules with corresponding facts exclusively for that exploit. Our community needs a simple module that is easily extended to test for multiple CVE's instead of managing a bunch of separate modules that each check for one exploit. Each CVE has its own flat fact, such as 'cve_2014_6271'. $ facter -p cve_2014_6271 not_vulnerable There is a structured fact, 'cve', that returns a list of all tested CVE's, all vulnerable CVE's, and all CVE's to which you are not vulnerable. $ facter -p --yaml cve --- cve: vulnerable: - cve_666 tested: - cve_777 - cve_2014_6271 - cve_666 not_vulnerable: - cve_777 - cve_2014_6271 By default the module is quiet, though you can enable the ability to use notify{} to alert you to which CVE's you are vulnerable. Looking forward to your help in adding facts to check for more exploits. [1] - https://github.com/ghoneycutt/puppet-module-cve Best regards, -g Hi Jeremy, Thanks for taking a look at this project. As far as I can tell, Facter does not currently support any caching mechanism between Facter runs. This could be worked around by adding that logic to these facts in different ways, such as creating files and checking for their mtime, though this sounds like a lot of over engineering to me and would make the checks overly complex. I believe that the blacklist solves your use case, since you can disable facts through that mechanism and if you want to check them again, you either modify Hiera and do a Puppet run or just delete the files to the corresponding CVE's from the blacklist directory. Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/5438813C.2070700%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] My first module
On 9/30/14 2:50 PM, Nicolas lino wrote: Hello and sorry for my English. I have my first module but I have a prblem: My manifest: # # # class nginx { $nginx_conf = '/etc/nginx/conf.d' service { 'nginx': ensure = running, enable = true, hasrestart = true, require= File['/etc/nginx/nginx.conf'], restart= '/etc/init.d/nginx reload' } file { '/etc/nginx/nginx.conf': ensure = latest, mode= '0644', owner = 'root', group = 'root', source = puppet:///modules/nginx/nginx.conf, }line22 file { $nginx_conf: ensure = directory, mode= '0644', owner = 'root', group = 'root', } } Directory structure: [root@v702uprod manifests]# tree /etc/puppet/modules/ /etc/puppet/modules/ ├── API └── nginx ├── files │ └── nginx.conf ├── manifests │ └── init.pp └── templates The problem: Error: Failed to apply catalog: Validation of File[/etc/nginx/nginx.conf] failed: You cannot specify more than one of content, source, target at /etc/puppet/m odules/nginx/manifests/init.pp:22 Wrapped exception: You cannot specify more than one of content, source, target someone comes up with the problem??? -- Hi Nicolas, Try changing the file's ensure from 'latest' to file. You might also try using an existing module instead of reinventing the wheel. https://forge.puppetlabs.com/modules?utf-8=%E2%9C%93sort=rankq=nginx Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/542B081B.4070905%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Git Repo Strategy
On 9/30/14 7:17 PM, Tom Tucker wrote: I just got back from PuppetConf last week and several presenters mentioned using more than one Git repo with Puppet. Some even recommend having a repo per module. For our initial Puppet deployment this seems a bit excessive. My plan was to have three repos for each of our environments (Dev, QA and Production). The contents of these repos would contain Puppet Enterprise directory of /etc/puppetlabs/puppet. Hi Tom, One big repo full of modules stops scaling pretty quickly. This path makes it impossible to work in scenario where you have multiple parties using the same code base. Without individually versioning modules, you will give up the opportunity to ever make a breaking change, because you have to appease everyone. You also quickly get into situations where you cannot deploy the newest version of the code because it changes multiple modules and one of those causes issues. It leads to long running forks that will never merge, cherry picking changes, and copy/pasting code. Avoid this at all costs and save yourself the headaches. Here's an example[1] of how I manage a bunch of modules, each in their own repo. You could then use this Puppetfile with tools such as librarian-puppet-simple, librarian-puppet, and r10k. I use this repo to track all of my 'base' or 'common' modules and then use another repo to track site specific modules. For that repo, I highly recommend r10k. [1] - https://github.com/ghoneycutt/puppet-modules Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/542B5789.5080003%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Re: Custom facts and environments
On 9/24/14 9:34 AM, jcbollinger wrote: On Tuesday, September 23, 2014 7:30:40 AM UTC-5, JonY wrote: I'm attempting to make the jump to directory-based environments and am curious about what to do with custom facts. In my current config I've tried putting custom facts into a separate module as /etc/puppet/modules/facts/{manifest,lib} and /etc/puppet/modules/facts/lib/facter/modules go here. I haven't had any success in getting these to propagate to clients though. I've added 'pluginsync=true' to puppet.conf on server/clients. Reading the various docs doesn't make it sound like I need a manifest for custom facts. Truth? How about a class file? Correct, you do not need a manifest for custom facts. Manifests are instructions for constructing parts of nodes' catalogs. They can use the values of custom facts, but they are not involved in installing custom fact implementations on clients. That's what pluginsync is for. I don't know what you mean by a class file, as distinguished from a manifest. Questions: 1. What step(s) did I miss in getting my facts to be distributed? 2. When I split up my network into 'production', 'test', etc folders for use in environments - what happens to custom facts then? Custom facts should be in modules. Typically they are in the same module as the classes that use them, but in principle, it should not be a problem for them to appear in their own, separate module. For a given node, the pluginsync process will sync plugins, including custom facts, from the modules in the modulepath of the environment to which that node belongs. Therefore, if your facts are not getting distributed then a modulepath issue is one of the things to consider. Also, running plain 'facter' on a client will compute and present only the standard facts. If you want also custom facts from Puppet then use 'facter -p'. John Hi, Knowing or remembering that you have to type `facter -p` is confusing. I've created a ticket to have this the default behavior that you can vote on. https://tickets.puppetlabs.com/browse/FACT-713 Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/5422D8E1.4000202%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Based way to exclude systems?
On 9/24/14 1:12 PM, Tom Tucker wrote: I would like to use a profile that would be applied against all Linux based systems to ensure they have an appropriate /etc/ntp.conf based on their data center location as defined by Hiera. My question is how do I deploy this client based ntp.conf to all Linux systems, but also ensure my four Linux based NTP server feeding these clients continue to have unique server based NTP configs? In other words I have four data centers and 2000+ systems. If you are a Linux system and not marked as an NTP server then use this client ntp.conf. What is the best way to achieve such? Thanks in advance, Hi Tom, Instead of thinking in terms on exclusions, think in terms of roles of systems. In regards to NTP you have two, ntp clients and ntp servers. I would include an ntp class for all of your Linux based systems and if the role is ntp server then you have a level in Hiera for it that describes the changes that are particular to those systems such as different upstream NTP servers, options, etc. Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/54231FCB.60908%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Custom fact ( complete fail )
On 9/7/14 11:41 AM, omfg9899 wrote: I know I must be missing something stupid, but I have tried for 2 days now without success. I am using puppet stand alone, no master. I need a simple custom fact to be created to assist in deploying the correct configuration at build time. I made this super simple fact.. fact # envir.rb Facter.add('environment_class') do setcode '/bin/cat /etc/default/environment.info' end /fact I have placed this file in MANY different places as suggested and it never works. However, if i run facter envir.rb it will stick the fact into the fact list. This fact basically determines if the system is dev/cert or prod and assigns certain configs for various services based on that value. The only thing in the environment.info file is going to be prod or cer or prod. Out of desperation I ran strace to see if it was even looking at the file and to my surprise it was. I was surprised to see that it was infact touching the file but can't understand the output. output tat(/etc/facter/facts.d/envir.rb, {st_mode=S_IFREG|0755, st_size=104, ...}) = 0 geteuid() = 0 getegid() = 0 getuid()= 0 getgid()= 0 access(/etc/facter/facts.d/envir.rb, X_OK) = 0 ... open(/etc/facter/facts.d/envir.rb.ttl, O_RDONLY) = -1 ENOENT (No such file or directory) stat(/etc/facter/facts.d/envir.rb, {st_mode=S_IFREG|0755, st_size=104, ...}) = 0 rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0 pipe([5, 6])= 0 futex(0x7f5fe8480a84, FUTEX_WAKE_OP_PRIVATE, 1, 1, 0x7f5fe8480a80, {FUTEX_OP_SET, 0, FUTEX_OP_CMP_GT, 1}) = 1 futex(0x7f5fe8480ab0, FUTEX_WAKE_PRIVATE, 1) = 1 clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7f5fe86b19d0) = 4959 rt_sigaction(SIGVTALRM, {0x7f5fe81c74e0, [], SA_RESTORER, 0x7f5fe7f8c4a0}, {0x7f5fe81c74e0, [], SA_RESTORER, 0x7f5fe7f8c4a0}, 8) = 0 clone(child_stack=0x7f5fe2523ff0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tidptr=0x7f5fe25249d0, tls=0x7f5fe2524700, child_tidptr=0x7f5fe25249d0) = 4960 futex(0x7f5fe8480ae4, FUTEX_WAIT_PRIVATE, 7, NULL) = 0 futex(0x7f5fe8480ab0, FUTEX_WAIT_PRIVATE, 2, NULL) = 0 futex(0x7f5fe8480ab0, FUTEX_WAKE_PRIVATE, 1) = 0 close(6)= 0 fcntl(5, F_GETFL) = 0 (flags O_RDONLY) ./facter_dot_d.rb:148: command not found: /etc/facter/facts.d/envir.rb /output Any thoughts? Thanks in advance. J Hi, Take a look at external facts[1]. Since your fact is spawning a shell to cat a file, you could get the same functionality without the effort of maintaining that code. Given a text file, /etc/facter/facts.d/environment_class.txt with the contents environment_class=some_text you would have the custom fact 'environment_class' with the value 'some_text'. [1] - https://docs.puppetlabs.com/facter/latest/custom_facts.html#external-facts Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/540DEE24.8080109%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] .fixtures.yml functionality in spec helper
On 9/8/14 5:20 PM, Brett Swift wrote: https://github.com/puppetlabs/puppetlabs_spec_helper#using-fixtures I think I'm doing it wrong. I'm testing a module, and specified zack/r10k in my .fixtures.yml file. It complains that it can't find gcc. I see that in the r10k/metadata.json file.. weird, why isn't puppetlabs_spec_helper installing dependencies of my dependencies? I see this list that the puppet module tool takes care of for me: └─┬ zack-r10k (v2.2.8) ├─┬ gentoo-portage (v2.2.0) │ └── puppetlabs-concat (v1.0.4) ├── mhuffnagle-make (v0.0.2) ├── puppetlabs-gcc (v0.2.0) ├── puppetlabs-git (v0.2.0) ├── puppetlabs-inifile (v1.1.3) ├── puppetlabs-pe_gem (v0.0.1) ├── puppetlabs-ruby (v0.2.1) ├── puppetlabs-stdlib (v4.2.2) └── puppetlabs-vcsrepo (v1.1.0) but puppetlabs_spec_helper doesn't.grumble grumble I didn't see a ticket for this on tickets.puppetlabs.com. Is this a feature request, a defect, or pebcak ? Hi, puppetlabs_spec_helper does not do that. You need to specify all of your dependencies. I would not be interested in the functionality that you describe because as an author, I need to understand my dependencies and to properly test them, I want to specify tagged versions in the .fixtures.yml. all required modules should be listed in a file named .fixtures.yml in the root of the project.[1] [1] - https://github.com/puppetlabs/puppetlabs_spec_helper#using-fixtures Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/540E20FC.80600%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] User management
On 8/20/14 11:45 PM, Gregory Orange wrote: How do people manage users? I'm slowly marching toward LDAP (someone recently suggested FreeIPA, not sure if it's relevant), but trying to stave it off for the time being. I've read a few blogs and posts on the topic, but nothing clear comes out - except that if one gets too complicated, one should move to a proper user management system! I have a 'util::user' class to create individual users, and a 'users($profile)' class which uses 'util::user' to create sets of users and groups. If a group exists for a machine, then users who are assigned to that group should be in it. Otherwise, they're not put in that group (because that would give an error). I achieve this in 'users' with this code: case $profile { 'profile1': { $_management = 'management' $_dataentry = 'dataentry' $_users_grp = 'users' $_accounts = 'accounts' } 'profile2': { } 'profile3': { $_rel_m = 'releasemasters' } default: { fail(Unsupported users profile ${profile}) } then users are created with e.g. util::user 'username' ... groups = [$_users_grp, $_rel_m, $_dataentry] and the util::user class strips out any undefs or blanks. It all works quite nicely, but I'd like to clean up this last portion of it with a nicer way of saying if the group exists (or is defined by Puppet to exist) on this machine, and the user is to be put in this group, then put the user in this group on this machine. Any suggestions? TIA, Greg. PS: I discovered tags the other day, and now use that in 'users' to instantiate the right users and groups for a machine based on $profile. Clean and easy to follow. Hi Greg, Directory services like LDAP are definitely something to look into and can really make life simpler. Here[1] is the code that I use to manage local users. You could use it for your scenario by placing users in different levels in Hiera and keying off the profile. [1] - https://github.com/ghoneycutt/puppet-module-common#commonmkuser-define Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/53F63E5C.9030308%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Script to track orphaned resources
On 8/21/14 5:45 PM, Manuel Quiñones wrote: Hello, I'm working on a utility script to track orphaned resources. With orphans I mean: resources that were previously managed by Puppet, but they no longer are. I want to track those while I do a refactor in my manifests. Here is the script I wrote: https://gist.github.com/manuq/eec269ce7ba00974f46e It is based on some assumptions, and here is my question: are these assumptions correct? - Puppet generates the following files on each run, even when called with --noop: - last_run_report.yaml: contains the resources currently managed, in full detail (serialized Puppet objects) - state.yaml: contains the resources Puppet ever managed since the file was created, only their name and some timestamps checked and synced - last_run_summary.yaml: among other things, contain the timestamp of the run, and the total time it took Based on that, I have two methods that output the orphans: Method 1: use state.yaml and read the checked timestamp. If it was not checked in the last run, then it is an orphan. Method 2: orphans are the subset of resources that are contained in state.yaml and are not contained in last_run_report.yaml. Critics and suggestions welcome. Also I hope this can be useful to others. Cheers, PS Note that this topic was discussed earlier in May. I took it as initial reference: https://groups.google.com/forum/#!searchin/puppet-users/orphan/puppet-users/ghKfRBkPD5A/m7KTeymd2XwJ Hi Manuel, Your plan is quite clever though if your goal is to refactor your puppet modules and not leave anything out, spec tests are the way to go. http://rspec-puppet.com/tutorial/ Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/53F66DE9.4020705%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] How to make puppetlabs_spec_helper ignore modules inside fixtures
On 8/14/14 3:56 PM, Sebastian Otaegui wrote: I created a small POC module using puppet from master and `puppet module generate` I still have rspec-puppet go inside the apt module in fixtures and execute the tests: Failures: 1) poc with defaults for all parameters should contain Class[poc] Failure/Error: it { should contain_class('poc') } Puppet::Error: This module only works on Debian or derivatives like Ubuntu at /Users/otaeguis/projects/src/test-poc/spec/fixtures/modules/apt/manifests/init.pp:43 on node feniixhq.10.208.50.91 # ./spec/classes/init_spec.rb:5:in `block (3 levels) in top (required)' Here is a link to the puppet module with the POC https://github.com/feniix/puppet-module-rspec-issue Appreciate some guidance on how to solve this. On Wed, Aug 13, 2014 at 10:30 PM, Garrett Honeycutt g...@garretthoneycutt.com mailto:g...@garretthoneycutt.com wrote: On 8/13/14 9:08 PM, Wil Cooley wrote: On Aug 12, 2014 11:57 AM, Sebastian Otaegui fen...@gmail.com mailto:fen...@gmail.com mailto:fen...@gmail.com mailto:fen...@gmail.com wrote: Hello all, I have created this module: https://github.com/Spantree/puppet-thrift and everything worked fine all specs ran fine. Now I using the puppetlabs/apt module and when I run the 'rake spec' it is trying to run the 'apt' tests, and it is failing (I think) because I am not providing the appropriate facts. Is there a way to ignore the rspecs inside the fixtures/modules/ directory? I tried to do this: require 'rake' require 'rspec/core/rake_task' RSpec::Core::RakeTask.new(:spec) do |t| t.pattern = 'spec/*/*_spec.rb' end But it didn't work. How about just: require 'puppetlabs_spec_helper/rake_tasks' Hi, +1 to Will Cooley. When you generate a module with `puppet module generate` it will use that single line. https://github.com/puppetlabs/puppet/blob/master/lib/puppet/module_tool/skeleton/templates/generator/spec/spec_helper.rb Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 tel:%2B1.206.414.8658 Hi Sebastian, Your issue is because the module in question is failing if certain facts are not set. In puppetlabs/apt the module fails[1] if $osfamily is not 'Debian'. For your spec tests to succeed you need to set the osfamily fact to Debian. [1] - https://github.com/puppetlabs/puppetlabs-apt/blob/master/manifests/init.pp#L43-45 Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/53ED1BA9.6090107%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] How to make puppetlabs_spec_helper ignore modules inside fixtures
On 8/14/14 4:58 PM, Sebastian Otaegui wrote: Hi Garrett, thanks, just to clarify and make sure I understood, so it is not running the spec.rb files in apt/spec/* but it is just evaluating the facts within the puppet runtime in the apt/manifest/*.pp, right? Thanks On Thu, Aug 14, 2014 at 3:27 PM, Garrett Honeycutt g...@garretthoneycutt.com mailto:g...@garretthoneycutt.com wrote: On 8/14/14 3:56 PM, Sebastian Otaegui wrote: I created a small POC module using puppet from master and `puppet module generate` I still have rspec-puppet go inside the apt module in fixtures and execute the tests: Failures: 1) poc with defaults for all parameters should contain Class[poc] Failure/Error: it { should contain_class('poc') } Puppet::Error: This module only works on Debian or derivatives like Ubuntu at /Users/otaeguis/projects/src/test-poc/spec/fixtures/modules/apt/manifests/init.pp:43 on node feniixhq.10.208.50.91 # ./spec/classes/init_spec.rb:5:in `block (3 levels) in top (required)' Here is a link to the puppet module with the POC https://github.com/feniix/puppet-module-rspec-issue Appreciate some guidance on how to solve this. On Wed, Aug 13, 2014 at 10:30 PM, Garrett Honeycutt g...@garretthoneycutt.com mailto:g...@garretthoneycutt.com mailto:g...@garretthoneycutt.com mailto:g...@garretthoneycutt.com wrote: On 8/13/14 9:08 PM, Wil Cooley wrote: On Aug 12, 2014 11:57 AM, Sebastian Otaegui fen...@gmail.com mailto:fen...@gmail.com mailto:fen...@gmail.com mailto:fen...@gmail.com mailto:fen...@gmail.com mailto:fen...@gmail.com mailto:fen...@gmail.com mailto:fen...@gmail.com wrote: Hello all, I have created this module: https://github.com/Spantree/puppet-thrift and everything worked fine all specs ran fine. Now I using the puppetlabs/apt module and when I run the 'rake spec' it is trying to run the 'apt' tests, and it is failing (I think) because I am not providing the appropriate facts. Is there a way to ignore the rspecs inside the fixtures/modules/ directory? I tried to do this: require 'rake' require 'rspec/core/rake_task' RSpec::Core::RakeTask.new(:spec) do |t| t.pattern = 'spec/*/*_spec.rb' end But it didn't work. How about just: require 'puppetlabs_spec_helper/rake_tasks' Hi, +1 to Will Cooley. When you generate a module with `puppet module generate` it will use that single line. https://github.com/puppetlabs/puppet/blob/master/lib/puppet/module_tool/skeleton/templates/generator/spec/spec_helper.rb Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 tel:%2B1.206.414.8658 tel:%2B1.206.414.8658 Hi Sebastian, Your issue is because the module in question is failing if certain facts are not set. In puppetlabs/apt the module fails[1] if $osfamily is not 'Debian'. For your spec tests to succeed you need to set the osfamily fact to Debian. [1] - https://github.com/puppetlabs/puppetlabs-apt/blob/master/manifests/init.pp#L43-45 Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 tel:%2B1.206.414.8658 Sebastian, Yes. Your manifests include 'apt'. That code needs the osfamily fact and since it is not set to to Debian, the code fails and returns the error to your spec tests. You are not evaluating spec tests under apt. You can see this by changing the output of rspec. Try this before running your spec tests. export SPEC_OPTS=--format documentation Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/53ED2B8E.5090207%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.