from:"Jeff Bachtel"

[Puppet Users] ploperations modules/releases

2014-05-06 Thread Jeff Bachtel

The ploperations Forge user (and associated puppetlabs-operations GitHub 
account) have some very useful modules that are kept up-to-date on 
GitHub, but haven't been seeing releases to Forge (in more than a year, 
actually).


Is this a matter of lack of time or interest by the PL ops team on 
pushing out releases, or is there a more technical reason that these 
modules haven't seen releases cut and pushed to Forge?


Jeff

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/53695C10.1010803%40bericotechnologies.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Building Amazon Linux RPMs (PRs, quick howto)

2014-05-05 Thread Jeff Bachtel

I made the really minor tweaks required to make RPMs that build on and 
are compatible with Amazon's RedHat-derived Linux distribution (for 
EC2). Understandably PL might not have the customer demand for azn-linux 
builds, but given how little the patches touch, I hope they can get 
integrated so that building packages is easy for community members at 
any rate.


To build your own packages, on an EC2 instance*

# install build tools
sudo yum install git rpm-build rubygem-rake
# clone and install facter
git clone https://github.com/jeffb-bt/facter.git; cd facter
git checkout feature/azn-linux-build-2.0.1
rake package:bootstrap
rake package:rpm
sudo yum install pkg/rpm/facter-2.0.1.1-1.amzn1.x86_64.rpm
# clone and install hiera
git clone https://github.com/jeffb-bt/hiera.git; cd hiera
git checkout feature/azn-linux-build-1.3.2
rake package:bootstrap
rake package:rpm
sudo yum install pkg/rpm/hiera-1.3.2.1-1.amzn1.noarch.rpm

# install puppet preq
sudo yum install 
http://yum.puppetlabs.com/el/6/dependencies/x86_64/ruby-rgen-0.6.5-2.el6.noarch.rpm


# clone and install puppet
git clone https://github.com/jeffb-bt/puppet.git; cd puppet
git checkout feature/azn-linux-build-3.5.1
rake package:bootstrap
rake package:rpm
sudo yum install pkg/rpm/{puppet,puppet-server}-3.5.1.1-1.amzn1.noarch.rpm

Pull requests are up at

https://github.com/puppetlabs/facter/pull/674
https://github.com/puppetlabs/puppet/pull/2618
https://github.com/puppetlabs/hiera/pull/189

I hope that's useful for some others,
Jeff

* - yum install commands included to illustrate where the target rpms end up

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/53685411.4060609%40bericotechnologies.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Announcing our new quest based Learning VM

2014-04-21 Thread Jeff Bachtel

Is there by chance a torrent available of these files? For whatever 
reason, downloads.puppetlabs.com is being especially slow with the ovf 
file for me.


Jeff

On 04/17/2014 07:45 PM, Ben Ford wrote:

Hi,

We just rolled out the new and improved Learning VM — now with fun quests to 
learn Puppet at your own pace. If you've been meaning to explore the technology 
in depth, now you can do so with a series of detailed, multi-step quests. The 
Learning VM covers topics such as: accessing the Puppet Enterprise console, 
writing and using Puppet modules, and delving into Puppet resources, manifests, 
facts and more.

Check out the new Learning VM: http://puppetlabs.com/download-learning-vm

Happy learning.

- Ben



--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/5355818E.1010007%40bericotechnologies.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] How to force a puppet service to restart - Not restarting automatically when config is initially updated.

2014-03-01 Thread Jeff Bachtel

While implementing restart is good, if for some reason you were unable
to do that you need only set *hasrestart => false* for the service
resource, per
http://docs.puppetlabs.com/references/latest/type.html#service . That
will cause Puppet to issue a service stop then service start, instead of
attempting service restart.

Jeff

On 03/01/2014 08:55 AM, Robert Shady wrote:
Sorry for such a delay in replies, I had figured this out and forgot
about this thread. ;)

Yes, I did run it in debug mode and found out the problem was that
pdns-recursor

does not have a 'status' available, so puppet didn't know what to do.

I implemented the status function in /etc/init.d/pdns-recursor and now
everything

is working properly. Thank you so much for your help!

-- Rob

On Saturday, February 22, 2014 10:50:14 PM UTC-5, Ygor wrote:

The "notify" parameter on the file resource should make it happen.
Have you tried a run in debug mode ?
It can maybe show you what might be missing.

On Feb 22, 2014, at 10:35 PM, Robert Shady > wrote:

(I posted this yesterday, but for some reason it never showed up)...

First off, master & agent are Debian Linux boxes running Wheezy
(Debian 7.4).
Puppet Master and Agent are V3.4.3

So here's the deal.. I'm trying to install PowerDNS recursor on
my agent
with a custom configure file (/etc/powerdns/recursor.conf). All
of that
works, but what is happening is:

1. The package is installed...
2. The service is started...
3. The configuration is updated..
4. The service is NOT restarted..

So pdns-recursor is running with the old configuration.

Here is my setup on my master:

package { 'pdns-recursor':
ensure => installed,
}

file { '/etc/powerdns/recursor.conf':
ensure => file,
owner => 'pdns',
group => 'pdns',
mode=> '0644',
require => Package['pdns-recursor'],
notify => Service['pdns-recursor'],
source => 'puppet:///configs/powerdns/recursor.conf',
}

service { 'pdns-recursor':
ensure => 'running',
enable => 'true',
}

Any ideas on how to fix this? I have a similar problem with
another service (fail2ban)
that installs a custom configuration in /etc/fail2ban/jail.local
(which doesn't exist
in the default installation, but Debian does a smart include).

1. Fail2Ban is installed
2. Fail2Ban is started.
3. Custom configuration is installed
4. Fail2Ban does NOT restart.

P.S. On a side note, I have a bootstrap process that takes a new
server, installs
Salt & Puppet, puppet then connects to the master, I sign the key
- but then
nothing happens. I have to service puppet restart on the agent
in order for it
to pick up any of the changes. Once I do that, it automatically
checks every
1800 seconds as normal. Is there some way around this?

-- Rob

--
You received this message because you are subscribed to the

Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to puppet-users...@googlegroups.com .
To view this discussion on the web visit

https://groups.google.com/d/msgid/puppet-users/8075eb6a-8b3e-4be8-baae-8629a8dffc6b%40googlegroups.com

.
For more options, visit https://groups.google.com/groups/opt_out
.

--
You received this message because you are subscribed to the Google
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/49241366-9fd9-4b82-97c0-539a08966e68%40googlegroups.com.

For more options, visit https://groups.google.com/groups/opt_out.

--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/5311FF89.30806%40bericotechnologies.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] facter-1.7.3 and puppet-3.3.1 on OS X Mavericks 10.9

2014-01-14 Thread Jeff Bachtel

I don't have a Maverick box to test on, but the PRs in question are
applied to the 3.4.0 and onward tags, so I would bet that current OS X
packages would do the right thing and work with the Ruby 2.0 on Maverick.

Jeff

On 01/14/2014 01:15 PM, Khoury wrote:
Does anyone know what the status is on Mavericks support? Has anyone
tested it? It's been a while since the public release and Apple's
policy of forcing new Macs to use Mavericks puts is in a tight spot if
we can't get Puppet support for the OS.

Thanks,
Khoury

On Friday, November 1, 2013 7:52:24 AM UTC-7, Hannes Juutilainen wrote:

I don't know anything about the release plan or schedule (perhaps
someone from Puppet Labs could chime in)… Looks bad though:
https://projects.puppetlabs.com/issues/21868

—
Hannes

On 1.11.2013, at 15.16, Paul Tötterman > wrote:

It's the same issue as this:
https://projects.puppetlabs.com/issues/18205

Thank you for digging it up for me. Somehow google just failed me.

It seems to be fixed already but not included in the current
release version. Building Puppet and Facter from source
resolves this issue so I'd expect it to be fixed in near future.

Are you saying that no official released packages from PuppetLabs
work on OS X 10.9? And the fix is to be released on Puppet 3.4.0?
For which no release date is set and there seems to be at least
3.3.2 before 3.4.0 will come out.

Cheers,
Paul

--
You received this message because you are subscribed to the

Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to puppet-users...@googlegroups.com .
To view this discussion on the web visit

https://groups.google.com/d/msgid/puppet-users/e86bff0a-72e1-4dc8-a1a2-6878f27b4dc3%40googlegroups.com

.
For more options, visit https://groups.google.com/groups/opt_out
.

--
You received this message because you are subscribed to the Google
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/68a1f653-66ec-4c31-bfe9-7e5ad7d01426%40googlegroups.com.

For more options, visit https://groups.google.com/groups/opt_out.

--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/52D58A95.1090308%40bericotechnologies.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Single certificate, multiple nodes... or image-based systems

2014-01-09 Thread Jeff Bachtel

On 01/09/2014 10:12 AM, Pablo Fernandez wrote:
I understand your point. I guess the SSL layer will render the request
as illegitimate, but even if it doesn't, it may be playing with fire :)

No, actually it doesn't verify certname against fqdn or any such, so
technically you could bake in a single cert for an image. It's a bad
idea because the Puppet master is supposed to know the state of a node,
and it can't in that case (facts associated with the node like fqdn and
ip and mac addresses will be constantly churning).

I use Puppet on image-based systems. As part of the sysprep step (making
the image generic for future spawning), I go and delete ssl certs from
either /var/lib/puppet/ssl or the Windows equivalent. I make sure the
agent is configured to hit the correct puppet master on first run,
although I don't personally autosign.

With 3.4's autosign hooks, you can presumably configured a shared key
between your puppet master and baked images such that a node signals
that it should be issued a certificate on provision.

Jeff

Thanks all for your thoughts, let me then present this as a generic
question: did anybody try puppet on image-based systems? It would be
wonderful to get some first-hand hints.

Thanks again!
BR/Pablo

On 01/09/2014 04:05 PM, jcbollinger wrote:

On Thursday, January 9, 2014 6:40:42 AM UTC-6, pablo.f...@cscs.ch wrote:

Thanks for your suggestions,

Running masterless is a bit too exotic, since we would like to
use all those nice features that make a Puppet installation
complete: specially hiera searches and PuppetDB. Modules, too,
should be compatible with other clusters, so no big deviations
can occur.

Enabling auto-sign, as Jose Luis suggested, may be a possibility.
I have just checked myself if autosign works if the same node was
already registered in the CA... but according to the
documentation it does not look like it, not to mention the
security issues that come with it.

Does the certificate name need to match the fqdn for puppet to
allow connections?

I'm not certain, but even if not, what you propose is dangerous. The
master uses the certificate presented by the agent not just to
authorize the agent, but also to /identify/ it. If all your nodes
present the same certificate to the master, then they all claim to be
the same machine, which is a lie. I don't foresee any specific
failure scenarios associated with that, but it is unwise to mess with
the system's underlying assumptions in such a way.

John

--
You received this message because you are subscribed to the Google
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/3c8f53f8-09a2-4bd8-8fa8-1986efdafeb3%40googlegroups.com.

For more options, visit https://groups.google.com/groups/opt_out.

--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/52CF2955.2000306%40bericotechnologies.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] What is a good way to manage individual XML settings on Windows?

2014-01-08 Thread Jeff Bachtel

Depending on your comfort level you could use PowerShell to do it, see
http://powershell.com/cs/blogs/tobias/archive/2009/02/02/xml-part-2-write-add-and-change-xml-data.aspx

You could combine that XML read/manipulate/write technique with the
Powershell exec provider from
https://forge.puppetlabs.com/joshcooper/powershell to create a Windows
XML-manipulation resource if you found yourself doing that a lot.

Hopefully someone has an easier answer, I know that's a bit of coding to
have to do,

Jeff

On 01/08/2014 06:51 AM, Ger Apeldoorn wrote:

Hi,

I'm looking for a good way to manage individual XML values on Windows.

Apparently, Augeas does not work on Windows and we cannot manage the
entire file as a template because of some values that are generated
during installation of the package.

How would I manage individual values in XML files on Windows machines?

Thanks in advance,
Ger
--
You received this message because you are subscribed to the Google
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/00dbf19e-660c-41f2-a0cb-84ffb91f817e%40googlegroups.com.

For more options, visit https://groups.google.com/groups/opt_out.

--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/52CD72AE.7080300%40bericotechnologies.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Re: mco package fail with puppet 3.4.0

2014-01-07 Thread Jeff Bachtel


https://tickets.puppetlabs.com/browse/MCO-144

It's fixed in package agent 4.2.1 (not yet pushed to yum repo, alas)

Jeff

On 01/07/2014 01:18 PM, Nikolay Georgieff wrote:

Same issue here.

[root@puppet ucla_gateway]# mco package puppet update -F 
foreman_env=testing -v

Discovering hosts using the redisdiscovery method  58

 / [ ==> ] 29 / 58
The package application failed to run, use -v for full error details: 
undefined class/module Puppet::


undefined class/module Puppet:: (ArgumentError)
from /usr/libexec/mcollective/mcollective/security/psk.rb:27:in `load' 
 <
from /usr/libexec/mcollective/mcollective/security/psk.rb:27:in 
`decodemsg'
from 
/usr/lib/ruby/gems/1.8/gems/stomp-1.2.2/lib/mcollective/message.rb:182:in 
`decode!'
from 
/usr/lib/ruby/gems/1.8/gems/stomp-1.2.2/lib/mcollective/client.rb:93:in `receive'
from 
/usr/lib/ruby/gems/1.8/gems/stomp-1.2.2/lib/mcollective/client.rb:152:in 
`req'
from 
/usr/lib/ruby/gems/1.8/gems/stomp-1.2.2/lib/mcollective/client.rb:151:in 
`loop'
from 
/usr/lib/ruby/gems/1.8/gems/stomp-1.2.2/lib/mcollective/client.rb:151:in 
`req'

from /usr/lib/ruby/1.8/timeout.rb:67:in `timeout'
from 
/usr/lib/ruby/gems/1.8/gems/stomp-1.2.2/lib/mcollective/client.rb:148:in 
`req'
from 
/usr/lib/ruby/gems/1.8/gems/stomp-1.2.2/lib/mcollective/rpc/client.rb:834:in 
`call_agent'
from 
/usr/lib/ruby/gems/1.8/gems/stomp-1.2.2/lib/mcollective/rpc/client.rb:255:in 
`method_missing'
from /usr/libexec/mcollective/mcollective/application/package.rb:63:in 
`send'
from /usr/libexec/mcollective/mcollective/application/package.rb:63:in 
`main'
from 
/usr/lib/ruby/gems/1.8/gems/stomp-1.2.2/lib/mcollective/application.rb:287:in 
`run'
from 
/usr/lib/ruby/gems/1.8/gems/stomp-1.2.2/lib/mcollective/applications.rb:23:in 
`run'

from /usr/bin/mco:20
[root@puppet ucla_gateway]#



On Friday, December 27, 2013 7:03:06 AM UTC-8, Glenn Poston wrote:

I can confirm this.  Same issue here.

On Thursday, December 26, 2013 1:54:33 PM UTC-5, Fabrice Bacchella
wrote:

When I upgrade a node with puppet 3.4.0, puppet-package is
broken :

~$  mco package puppet status -I $(facter hostname) -v

 | [ >   ] 0 / 1
The package application failed to run, use -v for full error
details: undefined class/module Puppet::

undefined class/module Puppet:: (ArgumentError)
from
/usr/libexec/mcollective/mcollective/security/psk.rb:27:in
`load'  <
from
/usr/libexec/mcollective/mcollective/security/psk.rb:27:in
`decodemsg'
from
/usr/lib/ruby/site_ruby/1.8/mcollective/message.rb:182:in
`decode!'
from
/usr/lib/ruby/site_ruby/1.8/mcollective/client.rb:93:in `receive'
from
/usr/lib/ruby/site_ruby/1.8/mcollective/client.rb:152:in `req'
from
/usr/lib/ruby/site_ruby/1.8/mcollective/client.rb:151:in `loop'
from
/usr/lib/ruby/site_ruby/1.8/mcollective/client.rb:151:in `req'
from /usr/lib/ruby/1.8/timeout.rb:67:in `timeout'
from
/usr/lib/ruby/site_ruby/1.8/mcollective/client.rb:148:in `req'
from
/usr/lib/ruby/site_ruby/1.8/mcollective/rpc/client.rb:851:in
`call_agent'
from
/usr/lib/ruby/site_ruby/1.8/mcollective/rpc/client.rb:244:in
`method_missing'
from
/usr/libexec/mcollective/mcollective/application/package.rb:63:in
`send'
from
/usr/libexec/mcollective/mcollective/application/package.rb:63:in
`main'
from
/usr/lib/ruby/site_ruby/1.8/mcollective/application.rb:285:in
`run'
from
/usr/lib/ruby/site_ruby/1.8/mcollective/applications.rb:23:in
`run'
from /usr/bin/mco:20

I'm running this on a up to date scientific linux 6.4 with up
to date mcollective and puppet rpm directly from puppet labs :

~# rpm -qa | grep -e puppet -e mcollective
mcollective-package-agent-4.2.0-1.noarch
mcollective-package-client-4.2.0-1.noarch
mcollective-2.2.4-1.el6.noarch
puppet-3.4.0-1.el6.noarch
puppetlabs-release-6-7.noarch
mcollective-common-2.2.4-1.el6.noarch
mcollective-client-2.2.4-1.el6.noarch
mcollective-puppet-common-1.6.0-1.noarch
mcollective-puppet-client-1.6.0-1.noarch
mcollective-package-common-4.2.0-1.noarch

--
You received this message because you are subscribed to the Google 
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/9d4589aa-b7c5-47a4-b738-b38eb3e2a12d%40googlegroups.com.

For more opt

Re: [Puppet Users] Permissions for Windows Files Sourced from Puppet Master

2014-01-04 Thread Jeff Bachtel

I would not be at odds, it seems like that is a sensible default
behavior, while still preserving the ability to shoot one's self in the
foot if needs be.

Jeff

On 11/20/2013 01:40 PM, Rob Reynolds wrote:
With the changes for http://projects.puppetlabs.com/issues/18931
(Don't set mode on Windows if not specified) &
http://projects.puppetlabs.com/issues/5240 (Default ownership for
files when uid/gid are unspecified), we've created the ability to
specify whether to use source permissions, use when creating or
ignore. We've left the default to :use so things work as expected.

However with Windows, when things download they will not use source
permissions as it is not supported in Windows at all. So what you get
is a warning for sourced items:

Warning: Copying owner/mode/group from the puppet master to Windows
agents is not supported; use source_permissions => ignore.

That warning will go away when you've updated all sourced files to add
that in your manifests.

Would anyone be at odds with us moving the default for windows for
sourced items to ignore the source permissions? This would remove the
warning that gets displayed in the upcoming version until you would
change all sourced files to add `source_permissions => :ignore`.

That way you would only see the warning if you tried to explicitly set
the source_permissions for a file.

--
Rob Reynolds
Developer, Puppet Labs

Join us at PuppetConf 2014, September 23-24 in San Francisco

--
You received this message because you are subscribed to the Google
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/CAMJiBK6o-3dTkvFbsUsk5guZBTY0S0ZrNqqEJ8WCtQpoWvW8VA%40mail.gmail.com.

For more options, visit https://groups.google.com/groups/opt_out.

--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/52C87C07.4070507%40bericotechnologies.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] How to do "base" setup in a role/profile configuration

2014-01-02 Thread Jeff Bachtel

On 01/02/2014 12:11 PM, mjuszc...@gmail.com wrote:
Thanks Jeff.  That all makes sense.  One final question: you suggest 
::site.  Is that literally a module named site?  Or do you often see 
::site replaced with the actual name of the site (IE: dfw01)?  I'd 
think you'd have a ::site module and then use hiera to define the 
actual sites and what values should be placed in each class within 
that module, correct?

Correct, literally a module named site, and correct as well regarding 
using hiera to customize for different sites/environments. There's 
probably a better or more descriptive name to use, that's just what I've 
seen most often. If you like ::general you should roll with it,

Jeff

Thank you!

On Thursday, January 2, 2014 6:47:02 AM UTC-8, Jeff Bachtel wrote:

On 01/01/2014 08:38 PM, mjus...@gmail.com  wrote:
> Hi all,
>
> I have a role/profile setup that's working quite well.  However,
I'm
> finding that there are *super* simple things that don't really
require
> the setup of their own module, such as installing "nano" or
setting up
> a yumrepo {}.  Do I really need an MOTD module?  I have a
> profile::base class which includes things like ::ntp, which because
> it's a daemon and requires monitoring/service statements, etc.
makes
> sense to keep separate.  But do I really need a yum module when I'm
> just calling yumrepo{} or package{} that install a few .rpm
files? And
> for installing general, un-managed packages like bash, nano, etc.,
> surely I shouldn't create a component/module for each of those?  I
> think that'd be overkill.
>
> I've thought about doing a few things.  Perhaps creating a
"general"
> class that includes subclasses, like so:
>
> include general::yum
> include general::motd
>
> Alternatively, inside the puppet "base" profile, I can have the
> include ::ntp statements, and then also add some package{} and
> yumrepo{} statements... but not sure if that's anti role/profile.
>

According to Craig Dunn's original blog post on the role/profile
model,
yes you should be defining modules for motd/yum repos and whatnot.
I've
seen that implemented most often under the ::site namespace, but
::general would work as well. And really, it's for the best if no one
working with your code base has to worry about a ::profile class
defining non-class resources directly. And the time overhead of
writing
"class site::motd { (blah blah)" is only marginally more than
writing it
directly in the profile class.

No one's going to call the Puppet police if you put a yumrepo{} in a
profile class, or create a ::site class that opaquely creates a motd,
sets yumrepo, and installs nano. Eventually you might regret it and
break things out more properly, but "eventually" can be pretty far in
the future. But the level of effort to create a bunch of tiny
::general
classes for piddly stuff is really pretty small, too.

Jeff

> Any thoughts would be appreciated.  Thank you!
>
> -Matt
> --
> You received this message because you are subscribed to the Google
> Groups "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from
it, send
> an email to puppet-users...@googlegroups.com .
> To view this discussion on the web visit
>

https://groups.google.com/d/msgid/puppet-users/68770970-0fee-4b11-a6d4-8484f3867265%40googlegroups.com

<https://groups.google.com/d/msgid/puppet-users/68770970-0fee-4b11-a6d4-8484f3867265%40googlegroups.com>.

> For more options, visit https://groups.google.com/groups/opt_out
<https://groups.google.com/groups/opt_out>.

On Thursday, January 2, 2014 6:47:02 AM UTC-8, Jeff Bachtel wrote:

On 01/01/2014 08:38 PM, mjus...@gmail.com  wrote:
> Hi all,
>
> I have a role/profile setup that's working quite well.  However,
I'm
> finding that there are *super* simple things that don't really
require
> the setup of their own module, such as installing "nano" or
setting up
> a yumrepo {}.  Do I really need an MOTD module?  I have a
> profile::base class which includes things like ::ntp, which because
> it's a daemon and requires monitoring/service statements, etc.
makes
> sense to keep separate.  But do I really need a yum module when I'm
> just calling yumrepo{} or package{} that install a few .rpm
files? And
> for installing general, un-managed packages like bash, nano, etc.,
> surely I shouldn't c

Re: [Puppet Users] How to do "base" setup in a role/profile configuration

2014-01-02 Thread Jeff Bachtel



On 01/01/2014 08:38 PM, mjuszc...@gmail.com wrote:

Hi all,

I have a role/profile setup that's working quite well.  However, I'm 
finding that there are *super* simple things that don't really require 
the setup of their own module, such as installing "nano" or setting up 
a yumrepo {}.  Do I really need an MOTD module?  I have a 
profile::base class which includes things like ::ntp, which because 
it's a daemon and requires monitoring/service statements, etc. makes 
sense to keep separate.  But do I really need a yum module when I'm 
just calling yumrepo{} or package{} that install a few .rpm files? And 
for installing general, un-managed packages like bash, nano, etc., 
surely I shouldn't create a component/module for each of those?  I 
think that'd be overkill.


I've thought about doing a few things.  Perhaps creating a "general" 
class that includes subclasses, like so:


include general::yum
include general::motd

Alternatively, inside the puppet "base" profile, I can have the 
include ::ntp statements, and then also add some package{} and 
yumrepo{} statements... but not sure if that's anti role/profile.




According to Craig Dunn's original blog post on the role/profile model, 
yes you should be defining modules for motd/yum repos and whatnot. I've 
seen that implemented most often under the ::site namespace, but 
::general would work as well. And really, it's for the best if no one 
working with your code base has to worry about a ::profile class 
defining non-class resources directly. And the time overhead of writing 
"class site::motd { (blah blah)" is only marginally more than writing it 
directly in the profile class.


No one's going to call the Puppet police if you put a yumrepo{} in a 
profile class, or create a ::site class that opaquely creates a motd, 
sets yumrepo, and installs nano. Eventually you might regret it and 
break things out more properly, but "eventually" can be pretty far in 
the future. But the level of effort to create a bunch of tiny ::general 
classes for piddly stuff is really pretty small, too.


Jeff


Any thoughts would be appreciated.  Thank you!

-Matt
--
You received this message because you are subscribed to the Google 
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/68770970-0fee-4b11-a6d4-8484f3867265%40googlegroups.com.

For more options, visit https://groups.google.com/groups/opt_out.


--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/52C57BE6.7040601%40bericotechnologies.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Re: Error "Illegal instruction (core dumped)" when running puppet agent (version 3.2.1)

2013-12-21 Thread Jeff Bachtel

On 12/18/2013 06:00 AM, asim patel wrote:

Hi All,

even i am facing the same prob, when i am trying to start the puppet
agent getting an error illegal instruction (core dump)

please let me know the resolution

On Tuesday, 28 May 2013 13:04:14 UTC+5:30, Aqeel Nazeer wrote:

Hi,
I just upgraded my puppet to version to 3.2.1, and when running
the agent, I get an error saying "Illegal instruction (core
dumped)". Here is some details:

- both master and agent is run on the same machine

- # cat /etc/redhat-release
CentOS release 6.2 (Final)

- # uname -r
3.9.3-x86_64-linode33

So uh, that's very interesting. Do you have a CentOS 6.2 kernel you
could boot for testing purposes? It sounds somewhat likely that ruby or
one of the libraries it depends on is not binary-compatible with the
3.9.3 kernel (which given that it was all compiled to work against
2.6.32 kernel ABI, falls under "not at all surprising").

If you can do the reboot and the test passes with the older kernel and
you want to pursue this, you're going to be in for a long, tortuous
ordeal of tracking down the incompatibility (most likely somewhere in
libc), recompiling the library for your kernel and either trying to copy
it in place (which will very possibly break other things on the system)
or putting it in /usr/local and then building a local ruby pulling in
the library built against your kernel.

I cannot strongly enough recommend avoiding all that pain if at all
possible,

Jeff

- #ruby --version
ruby 1.8.7 (2011-06-30 patchlevel 352) [x86_64-linux]

- RPM installed is "puppet-3.2.1-1.el6.noarch.rpm"

However when I run puppet agent with the same version on another
host, everything goes fine. Problem is only while running agent on
the same machine as the server.
Any idea what is going on ?

--
You received this message because you are subscribed to the Google
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/35e7f2e2-b75a-4b23-9cc4-5e6fdb3f3b3f%40googlegroups.com.

For more options, visit https://groups.google.com/groups/opt_out.

--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/52B6583C.5020702%40bericotechnologies.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Push message from Windows Agent to Unix (puppet Master)

2013-12-20 Thread Jeff Bachtel

I don't think filebucket/file is really the technique you want here. You 
might be able to do this with exported file resources, but you should 
instead consider using cygwin and ssh for this, called from the end of 
your build job. It will be a far simpler and more performant solution.


Jeff

On 12/20/2013 01:15 PM, Harshita Sinha wrote:


Thanks Jeff.
Just to confirm on terminologies,  is push different from copy ?
I want to copy file from windows D:/puppet/Anshita.txt to Unix in 
/root/Harshita.
My basic requirement is to copy the war and tar files from windows to 
Unix when the build is over in windows. Then when the tar is copied to 
Unix location I want to untar it.


Since I m new to puppet I was experimenting on file transfer . Once I 
m successful in my experiment I would explore more for automation.


Kindly suggest.
Many thanks
Harshita

Regards Harshita

On 20 Dec 2013 20:28, "Jeff Bachtel" <mailto:jbach...@bericotechnologies.com>> wrote:


(adding puppet-users@ back in case others have better information
on handling filebuckets)

On 12/20/2013 12:53 AM, Harshita Sinha wrote:

Dear Jeff,

Thanks for your guidance.
Basically I want to achieve sending files from Windows to unix.


I missed "push the file from windows to unix" in your original
email, my apologies.

In that case, I propose the following (reference
http://docs.puppetlabs.com/references/latest/type.html#filebucket)

## site.pp

filebucket { 'main':
  path => false,
}

File { backup => 'main', }

node default {
  file { 'D:\Puppet\Anshita.txt':
ensure => 'file',
  }
}


This should back up Anshita.txt IF there is a change. I don't know
how it will work when the content isn't specified, but if
filebucket will work for you at all in this, that will work. Now
here is the problem: filebucket, being designed for large
deployments, does not simply store the file in a directory on
puppetmaster where it's easy to get to, but in
/var/lib/puppet/bucket by md5 sum. To retrieve the file you will
Instead need to use the puppet filebucket command as

find /var/lib/puppet/bucket/ -name paths | xargs grep Anshita.txt
to get the md5sum of the file, then
puppet filebucket restore /tmp/Anshita.txt (md5sum from previous)

Things to note:
You cannot specify *path* for the remote filebucket. This is an
explicit limitation.
You must still have a *file* resource in the node definition for
your Windows agent, or Puppet will be unaware of the file to back
it up.
You do not need to specify your server in the filebucket statement
unless it is different than your puppetmaster.
My command for finding the md5 of the file (*find...xargs*) is for
Puppet community edition, not Puppet Enterprise.

Jeff



--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/52B4AA1E.1000200%40bericotechnologies.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Push message from Windows Agent to Unix (puppet Master)

2013-12-20 Thread Jeff Bachtel

(adding puppet-users@ back in case others have better information on 
handling filebuckets)


On 12/20/2013 12:53 AM, Harshita Sinha wrote:

Dear Jeff,

Thanks for your guidance.
Basically I want to achieve sending files from Windows to unix.


I missed "push the file from windows to unix" in your original email, my 
apologies.


In that case, I propose the following (reference 
http://docs.puppetlabs.com/references/latest/type.html#filebucket)


## site.pp

filebucket { 'main':
  path => false,
}

File { backup => 'main', }

node default {
  file { 'D:\Puppet\Anshita.txt':
ensure => 'file',
  }
}


This should back up Anshita.txt IF there is a change. I don't know how 
it will work when the content isn't specified, but if filebucket will 
work for you at all in this, that will work. Now here is the problem: 
filebucket, being designed for large deployments, does not simply store 
the file in a directory on puppetmaster where it's easy to get to, but 
in /var/lib/puppet/bucket by md5 sum. To retrieve the file you will 
Instead need to use the puppet filebucket command as


find /var/lib/puppet/bucket/ -name paths | xargs grep Anshita.txt
to get the md5sum of the file, then
puppet filebucket restore /tmp/Anshita.txt (md5sum from previous)

Things to note:
You cannot specify *path* for the remote filebucket. This is an explicit 
limitation.
You must still have a *file* resource in the node definition for your 
Windows agent, or Puppet will be unaware of the file to back it up.
You do not need to specify your server in the filebucket statement 
unless it is different than your puppetmaster.
My command for finding the md5 of the file (*find...xargs*) is for 
Puppet community edition, not Puppet Enterprise.


Jeff

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/52B45B12.8030804%40bericotechnologies.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Push message from Windows Agent to Unix (puppet Master)

2013-12-19 Thread Jeff Bachtel

Your default node definition does not define any resources. filebucket
does not itself define a file, it defines a location where files are
backed up to.

If you're just beginning with Puppet, then the method for using a
filebucket to distribute file content is not something you really want
to be doing.

Instead do something like:

From the command line:

echo -e "\n[harshita]\npath /root/harshita\nallow *" >>
/etc/puppet/fileserver.conf

service puppetmaster restart

then add a resource to your default node definition such as

file { 'D:\Puppet\Anshita.txt':
source => 'puppet:///harshita/Anshita.txt',
mode => '0644',
}

This will ensure the creation of D:\Puppet\Anshita.txt, sourced from
/root/harshita/Anshita.txt . Note that the unix user puppet must have
read access to that file and directory.

Jeff

On 12/19/2013 05:41 AM, Harshita Sinha wrote:

Hi All,
I refered the link
http://www.copperykeenclaws.com/setting-up-puppet-on-windows/#comment-1201
to
make Windows Agent introduce to Unix Puppet master.
I have attached screenshot, but not sure if the connectivity has been
established . As I got no error , I presume so.

I followed
http://docs.puppetlabs.com/references/stable/type.html#file so that I
make sure I have done the "site.pp" settings properly to push the file
from windows to unix. Not sure if its fine, because I neither see the
file copied nor I see any thing in log files.

I have attached screenshot to ensure that connectivity is done, and
also the site.pp file that I run from the master.

Awaiting your reply,

Many thanks,
Harshita
--
You received this message because you are subscribed to the Google
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/e66dc07c-90cf-4e48-9bd8-56f3b1f74cdf%40googlegroups.com.

For more options, visit https://groups.google.com/groups/opt_out.

--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/52B31385.80303%40bericotechnologies.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Mcollective agent sync

2013-12-19 Thread Jeff Bachtel

[main] pluginsync = true

In /etc/puppet/puppet.conf on your agents is really the way to go (from
http://docs.puppetlabs.com/guides/plugins_in_modules.html#enabling-pluginsync).
Otherwise you're looking at something like MCollective to remotely force
a plugin sync when you make changes.

But just leave pluginsync on.

Jeff

On 12/19/2013 02:25 AM, Hrishi D wrote:

Hi,

I am using custom facts and have deployed them using modules in
puppet master. Each time a change is made i have to execute

$ sudo puppet agent --test --pluginsync on the agent nodes to get
sync with the master. Is there a way to resync all the agent nodes
from the master by executing some command,

Thanks,
--
You received this message because you are subscribed to the Google
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/99bbd165-4ce7-41d8-b963-151334cbc0a2%40googlegroups.com.

For more options, visit https://groups.google.com/groups/opt_out.

--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/52B30FF0.8080807%40bericotechnologies.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Help with Ubuntu Preseed Repository for Puppet Open Source

2013-12-18 Thread Jeff Bachtel


http://askubuntu.com/questions/150267/how-to-add-a-local-repository-in-kickseed-based-install

Has an example that doesn't seem to use late_command.

https://help.ubuntu.com/10.04/installation-guide/example-preseed.txt has 
it integrated into the preseed file (grep for local0 in the file),


Jeff

On 12/18/2013 09:08 PM, Louis wrote:

Hi,

I would like to set the puppet labs repository on my preseed ubuntu 
file. So far I think i can use only the*late_command* as a post 
installation process but wondering if there is another way of adding 
this repository.**

--
You received this message because you are subscribed to the Google 
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/64e7bbda-b2c3-4176-9cc4-2e46a9f1b16c%40googlegroups.com.

For more options, visit https://groups.google.com/groups/opt_out.


--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/52B25D89.4010309%40bericotechnologies.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] custom fact should not run on Solaris

2013-12-18 Thread Jeff Bachtel

I think that pattern's still good. Possibly that's the difference 
between a nil fact being set and the fact being missing, however.


Jeff

On 12/18/2013 10:40 AM, Felix Frank wrote:

Yes, exactly, but this begs the question: Am I out of date for adding

confine :operatingsystem => %w{Debian SLES OpenSUSE CentOS}

outside the setcode block?

Thanks,
Felix

On 12/18/2013 04:34 PM, Jeff Bachtel wrote:

Facts are autoloaded from all modules and distributed to all agents,
because that step occurs before the DSL is parsed for manifests (as it
should be, because the DSL can be (is) impacted by facts).

It is up to the custom fact to case itself out of execution for certain
operating systems. For instance, from the postgresql pupmod comes this
snippet from the customer fact about default versions:

Facter.add("postgres_default_version") do
   setcode do
 result =
   case Facter.value('osfamily')
 when 'RedHat'
   get_redhatfamily_postgres_version()
 when 'Linux'
   get_redhatfamily_postgres_version()
 when 'Debian'
   get_debianfamily_postgres_version()
 else
   nil
   end

Jeff


--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/52B1DCF4.5%40bericotechnologies.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] custom fact should not run on Solaris

2013-12-18 Thread Jeff Bachtel

Facts are autoloaded from all modules and distributed to all agents,
because that step occurs before the DSL is parsed for manifests (as it
should be, because the DSL can be (is) impacted by facts).

It is up to the custom fact to case itself out of execution for certain
operating systems. For instance, from the postgresql pupmod comes this
snippet from the customer fact about default versions:

Facter.add("postgres_default_version") do
setcode do
result =
case Facter.value('osfamily')
when 'RedHat'
get_redhatfamily_postgres_version()
when 'Linux'
get_redhatfamily_postgres_version()
when 'Debian'
get_debianfamily_postgres_version()
else
nil
end

Jeff

On 12/18/2013 09:29 AM, Andreas Dvorak wrote:

Dear all

I have a module spacewalk with a custom fact to define if the server
has been registered to spacewalk.

The module should only run on RedHat server

class profiles::base {
...
case $::osfamily {
redhat:{
include spacewalk
include logrotate
include postfix
}
solaris:{
include sendmail
}
default:{
fail("Unsupported platform: ${::osfamily}")
}
}
}

but the fact of the module spacewalk is run on Solaris.
bash-3.00# /opt/csw/bin/facter osfamily
Solaris
bash-3.00# /opt/csw/bin/puppet agent --test
Info: Retrieving plugin
Notice: /File[/var/opt/csw/puppet/lib/facter/spacewalk.rb]/ensure:
defined content as '{md5}9aea0fbd79bc329b3685b7cfd22a5809'

I have another custom fact that should only run on certain server but
it is installed on every server.

Can you please help me?
Are facts always installed on every server even if the module of the
fact in only installed on certain server?

Best regards,
Andreas
--
You received this message because you are subscribed to the Google
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/95b66593-0ff9-4ffe-b54c-963bb84f7010%40googlegroups.com.

For more options, visit https://groups.google.com/groups/opt_out.

--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/52B1C08F.80800%40bericotechnologies.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] How Puppet can evaluate the output od command?

2013-12-18 Thread Jeff Bachtel

The command should be in single quotes, try

exec { "ls":
command => 'test $(grep -c aa /tmp/aao) -gt 0',
returns => 1,
path   => "/usr/bin:/usr/sbin:/bin",
}

Note also that you were missing a comma after the command property, that 
must be present.

Jeff

On 12/18/2013 04:40 AM, shlo.af...@gmail.com wrote:

I did not understand where exactly put the test line. I tried:
 exec { "ls":
command => test $(grep -c aa /tmp/aao) -gt 0
returns => 1,
path   => "/usr/bin:/usr/sbin:/bin",
}
I got the error:
Error: Could not retrieve catalog from remote server: Error 400 on 
SERVER: Could not match $(grep at /etc/puppet/.../init.pp:4 on node 
agent

I need the test to run each time Puppet run.
Thank you for your quick response.

On Wednesday, December 18, 2013 11:11:00 AM UTC+2, Stephen Gran wrote:

On 12/18/2013 08:41 AM, shlo@gmail.com  wrote:
>
> Hi,
>
> I want to run a command something like:
> /cat /tmp/aao | grep aa | wc -l/
> Check the output of that command,  if the output is '0', I want
to get a
> failure from puppet.
> I tried to use 'exec' with 'returns' but it's seem that
'returns' take
> the return code of the command and not the output of the command.
> How can I do it right?

test $(grep -c aa /tmp/aao) -gt 0

Cheers,

-- 
Stephen Gran

Senior Systems Integrator - theguardian.com 
Please consider the environment before printing this email.
--
Visit theguardian.com 

On your mobile, download the Guardian iPhone app
theguardian.com/iphone  and our
iPad edition theguardian.com/iPad 
Save up to 33% by subscribing to the Guardian and Observer -
choose the papers you want and get full digital access.
Visit subscribe.theguardian.com 

This e-mail and all attachments are confidential and may also
be privileged. If you are not the named recipient, please notify
the sender and delete the e-mail and all attachments immediately.
Do not disclose the contents to another person. You may not use
the information for any purpose, or store, or copy, it in any way.

Guardian News & Media Limited is not liable for any computer
viruses or other material transmitted with or as part of this
e-mail. You should employ virus checking software.

Guardian News & Media Limited

A member of Guardian Media Group plc
Registered Office
PO Box 68164
Kings Place
90 York Way
London
N1P 2AP

Registered in England Number 908396

--

--
You received this message because you are subscribed to the Google 
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/d0a7ec9b-82a7-4f1d-800c-29ddd53cc480%40googlegroups.com.

For more options, visit https://groups.google.com/groups/opt_out.

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/52B1B810.5090906%40bericotechnologies.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] very odd Duplicate declaration problem.

2013-12-17 Thread Jeff Bachtel

Do you have use_cached_catalog set on puppet agents or puppetmaster? Are
you using storeconfigs / puppetdb?

Offhand, I'd guess that when you modify mtime of site.pp by saving, that
forces puppet to invalidate the cached catalog and temporarily resolve
the problem.

If necessary, are you able to update to the latest 3.4rc (agent might
suffice) for testing?

Jeff

On 12/17/2013 03:35 PM, Nathan Earixson wrote:

puppet 3.3.2 on RHEL6

If I run puppet on a node:
# sudo puppet agent --test --noop

I get the following error:

/Error: Could not retrieve catalog from remote server: Error 400 on
SERVER: Duplicate declaration: Package[bind] is already declared in
file /etc/puppet/modules/site/manifests/dns_test.pp:4; cannot
redeclare at /etc/puppet/modules/site/manifests/dns.pp:4 on node
bushlnxadm01.chicagobooth.edu

Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run/

That's weird. That node isn't a DNS server and shouldn't even be
thinking about running bind.

If I open /etc/puppet/manifests/site.pp and save the file, the error
goes away on next puppet agent run.

After about 15 minutes the node starts trying to apply the classes
from //etc/puppet/modules/site/manifests/dns_test.pp /and after
another 5 or so minutes I start getting the duplicate declaration
error again.

If I save the manifest the puppet agent command works as expected for
another 15 minutes or so.

I can't even begin to think of where to start looking on this. Any
thoughts would be appreciated.

This seems to be happening on every node.

-n

--
You received this message because you are subscribed to the Google
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/74814870-7ff7-49f1-b764-a155afd31168%40googlegroups.com.

For more options, visit https://groups.google.com/groups/opt_out.

--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/52B0F991.4020606%40bericotechnologies.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Process hang on FreeBSD

2013-12-17 Thread Jeff Bachtel

First, to clarify - do you have pkgng installed on your FreeBSD box?
That is, should you be using /usr/sbin/pkg instead of
/usr/local/bin/pkg_info if you are doing local package management?

If so, the current freebsd provider is not likely to work well for you,
as it's pretty tied into the old framework. There's a new pkgng provider
for freebsd+puppet available at https://github.com/xaque208/puppet-pkgng
that might be worth trying.

Second, to debug you can try changing
/usr/lib/ruby/site_ruby/1.8/puppet/provider/package/ports.rb (or
equivalent, on FreeBSD that could all be under
/usr/local/lib/ruby/site_ruby/2.0/puppet/provider/package/ports.rb or
elsewhere) line 19 from

cmd = %w{-N -M BATCH=yes} << @resource[:name]
to
cmd = %w{-v -N -M BATCH=yes} << @resource[:name]

to turn on portupgrade's verbosity.

Third, no running Puppet on FreeBSD is not a bad idea. Lots of people
work pretty hard to make it work, but it unfortunately doesn't get the
exposure and attention that Linux does, and thus stuff might not be as
well tested.

Jeff

On 12/17/2013 07:31 PM, Patrick Gibson wrote:
I'm a first-time Puppet user, working with FreeBSD 9.2, Puppet 3.3.1,
and Ruby 2.0. I'm starting out with a very simple setup to test the
waters:

node 'myhost' {
package { 'devel/jsmin':
ensure => 'installed',
provider => 'ports'
}
}

When I run:

puppet apply -v --debug manifests/site.pp

I get a bunch of output with various Linuxisms like selinux, rpm,
apt-get, dpkg, etc (making me think I need to specify that this is a
FreeBSD host?), and then:

Debug: Prefetching ports resources for package
Debug: Executing '/usr/sbin/pkg_info -aoQ'
Debug: Executing '/usr/sbin/pkg_info -aoQ'
Debug: Executing '/usr/local/sbin/portupgrade -N -M BATCH=yes devel/jsmin'

It all looks good, except that the process seems to stall out here.
Running '/usr/local/sbin/portupgrade -N -M BATCH=yes devel/jsmin'
manually works fine and completes in a few seconds. I can see from the
`ps` listing that command is active, but it just sits there, not
completing.

I'm not sure how to debug this any further. Is it considered a bad
idea to run Puppet on a FreeBSD host? Based on my Google searches and
amount of discussion around it, it seems like there are very few
people who are doing this.

Any insight would be greatly appreciated.

Thanks,

Patrick
--
You received this message because you are subscribed to the Google
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/5f2d0086-69b5-4a5e-8d36-419e294f1695%40googlegroups.com.

For more options, visit https://groups.google.com/groups/opt_out.

--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/52B0F81C.60500%40bericotechnologies.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Re: yamlyzer

2013-12-17 Thread Jeff Bachtel

Have you tried a yaml to csv converter like
https://github.com/tokland/yaml2csv ? Note that it seems to require the
csv module syntax from ruby 1.9.3.

Jeff

On 12/16/2013 03:29 PM, Stuart Cracraft wrote:
Is the back-end piece of Puppet Dashboard which implements the
CSV-capability

of the YAML interpretation available as a standalone?

On Thursday, December 12, 2013 3:20:41 PM UTC-8, Stuart Cracraft wrote:

Hi everybody,

Is there a command-line program which parses:

puppetmasters*:/var/lib/puppet/reports/*/*.yaml

into simple a simple (though lengthy) report perhaps with
column/field/etc. selection based on a straightforward method.

Holler if you know of any. I know this was queried by me
on this list recently and all sorts of stuff was posted. If
I don't get it here, I'll need to go over to puppet-developers
and ask there.

Surely, someone has written something they're proud of and
will share it forward.

Stuart

--
You received this message because you are subscribed to the Google
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/d333f68c-ad66-40bb-b969-9248114cd766%40googlegroups.com.

For more options, visit https://groups.google.com/groups/opt_out.

--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/52B0CA5A.2010505%40bericotechnologies.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] puppet environments not working

2013-12-17 Thread Jeff Bachtel

There is a problem with variable hooks in puppet.conf that is fixed in 
the latest 3.4 release candidates (or so sayeth the bugreps).


Can you try explicitly specifying your directories instead of using 
$confdir in that puppet.conf, at least to test?


Jeff

On 12/17/2013 09:18 AM, Chantal Rosmuller wrote:
Thnaks, i tried but it didn't work. We do not start puppetmaster as a 
standalone service so I stopped and started apache. (can that have 
anything to do with the problem ?)


On Tuesday, December 17, 2013 3:08:41 PM UTC+1, John Pyeatt wrote:

Not certain if this is the issue or not, but there seems to be a
bug in the master regarding when the configuration file is read to
override the default settings. Try doing this:
1) start up your puppet master
2) after it is up and running try running this from the command
line *touch /etc/puppet/puppet.conf* this will force the puppet
master to reparse the configuration settings.

I had a similar problem reading modulepath=.  There is apparently
a fix for this in 3.4


On Tue, Dec 17, 2013 at 7:02 AM, Chantal Rosmuller
> wrote:

Hi,

On our puppet server the puppet environments do not seem to
work. This is our puppet.conf:

[main]
logdir=/var/log/puppet
vardir=/var/lib/puppet
ssldir=/var/lib/puppet/ssl
rundir=/var/run/puppet
factpath=$vardir/lib/facter
confdir=/etc/puppet
templatedir=$confdir/templates
modulepath=$confdir/modules
manifest=$confdir/manifests/site.pp
manifestsdir=$confdir/manifests
hiera_config=/etc/puppet/hiera.yaml
pluginsync = true

[master]
certname= puppet3.domain.com 
hostprivkey =
/var/lib/puppet/ssl/private_keys/puppet3.domain.com.pem {mode
= 640}
ssl_client_header = HTTP_X_CLIENT_DN
ssl_client_verify_header = HTTP_X_CLIENT_VERIFY
#ssl_client_header = SSL_CLIENT_S_DN
#ssl_client_verify_header = SSL_CLIENT_VERIFY
reports = store,tagmail
#reports = store,tagmail,puppetdb
storeconfigs = true
storeconfigs_backend = puppetdb

[dev]
modulepath=$confdir/environments/dev/modules
manifest=$confdir/environments/dev/manifests/site.pp

When i try

puppet agent --environment dev --no-daemonize --verbose --onetime

The changes in dev are not applied. Can it have anything to do
with puppetdb?

The servers seems to recognize the puppet environment:

puppet module list --environment 'dev'

returns:

/etc/puppet/environments/dev/modules
├── aliases (???)
├── apt (???)
 etc


versions on the server:

ii  puppet 3.3.1-1puppetlabs1all  Centralized
configuration management - agent startup and compatibility scripts
ii  puppet-common  3.3.1-1puppetlabs1all
 Centralized configuration management
ii  puppetdb 1.5.0-1puppetlabs1all  PuppetDB
Centralized Storage.
ii  puppetdb-terminus  1.5.0-1puppetlabs1all
 Connect Puppet to PuppetDB by setting up a terminus for PuppetDB.
ii  puppetmaster 3.3.1-1puppetlabs1all
 Centralized configuration management - master startup and
compatibility scripts
ii  puppetmaster-common  3.3.1-1puppetlabs1all
 Puppet master common scripts





-- 
You received this message because you are subscribed to the

Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from
it, send an email to puppet-users...@googlegroups.com
.
To view this discussion on the web visit

https://groups.google.com/d/msgid/puppet-users/2b3130a5-1641-4f60-9bc7-88b4bfb4fff5%40googlegroups.com

.
For more options, visit
https://groups.google.com/groups/opt_out
.




-- 
John Pyeatt

Singlewire Software, LLC
www.singlewire.com 
--
608.661.1184
john@singlewire.com 

--
You received this message because you are subscribed to the Google 
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/cf56d648-a42a-49c2-abab-59678409e802%40googlegroups.com.

For more options, visit https://groups.google.com/groups/opt_out.


--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group

Re: [Puppet Users] Re: Puppet Dashboard: how to connect?

2013-12-13 Thread Jeff Bachtel


yum-config-manager --enable rhel-6-server-optional-rpms

Has worked on some RHEL machines, for me. It depends on how your system 
is subscribed whether that will work or whether you'll need to use 
another command.


Jeff

On 12/13/2013 04:50 PM, Stuart Cracraft wrote:

Great!

What is the .repo file format for the optional channel for rhel 6.

I would like to install puppet-dashboard using the above as soon as 
possible.


Stuart

On Friday, December 13, 2013 11:27:41 AM UTC-8, Matthaus Litteken wrote:

Stuart,
rubygem(rake) is provided by the rubygem-rake package, available in
centos 6 or in the optional channel for rhel 6.

On Fri, Dec 13, 2013 at 9:44 AM, Stuart Cracraft
> wrote:
> yum install puppet-dashboard gives a requirement for dependency
resolution:
>
>   Error: Package: puppet-dashboard-1.2.23-1.el6.noarch (puppetlabs)
>  Requires: rubygem(rake)
>
> My question is, how to install rubygem so that puppet-dashboard
installs?
>
> Stuart
>
>
> On Friday, December 13, 2013 9:25:55 AM UTC-8, Stuart Cracraft
wrote:
>>
>> Hi - I run puppet 3.3.2 currently of Open Source Puppet.
>>
>> I am looking for anyone who has run Puppet Dashboard.
>>
>> How do I connect to the dashboard?
>>
>> Stuart
>>
> --
> You received this message because you are subscribed to the
Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from
it, send an
> email to puppet-users...@googlegroups.com .
> To view this discussion on the web visit
>

https://groups.google.com/d/msgid/puppet-users/b501fed0-1922-4445-b577-1d212c70970d%40googlegroups.com

.

>
> For more options, visit https://groups.google.com/groups/opt_out
.



-- 
Matthaus Owens

Release Manager, Puppet Labs

Join us at PuppetConf 2014, September 23-24 in San Francisco

--
You received this message because you are subscribed to the Google 
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/650e0e91-ff04-4eb8-aa2e-31aa2fe98add%40googlegroups.com.

For more options, visit https://groups.google.com/groups/opt_out.


--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/52AB8374.1010500%40bericotechnologies.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Can't seem to get modulepath attribute recognized by puppetmasterd

2013-12-12 Thread Jeff Bachtel

Felix, could that above behavior be linked to
http://projects.puppetlabs.com/issues/23349 ? That is, could there be a
hook/ordering issue?

Sprang to mind, anyway. Probably cargo cult.

Jeff


On Thu, Dec 12, 2013 at 12:36 PM, John Pyeatt wrote:

> OK,
> Here is something I found with this problem
>
> When I run /etc/init.d/puppetmaster start  in node/environment.rb
> validate_dirs is being passed /etc/puppet/modules:/usr/share/puppet/modules
> which isn't what I have in /etc/puppet/puppet.conf modulepath=.
>
> BUT! if I just do a  *touch /etc/puppet/puppet.con*fthen
> puppetmaster calls reparse_config_files and it does in fact read my
> /etc/puppet/puppet.conf modulepath= correctly
>
> Like I said in the original thread, I don't know the ruby language. But I
> suspect that there is some type of calling sequence issue going on.
>
>
> On Thu, Dec 12, 2013 at 2:57 AM, Felix Frank <
> felix.fr...@alumni.tu-berlin.de> wrote:
>
>> Yes.
>>
>> The agent does default to environment=production if not specified
>> otherwise. Your [production] should match your [main] wrt. modulepath etc.
>>
>> HTH,
>> Felix
>>
>> On 12/11/2013 09:59 PM, John Pyeatt wrote:
>> > Could it be because my puppet.conf has a [production], [test] and
>> > [development] environment with a modulepath= for each one?
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to puppet-users+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/puppet-users/52A97A8E.2000308%40alumni.tu-berlin.de
>> .
>> For more options, visit https://groups.google.com/groups/opt_out.
>>
>
>
>
> --
> John Pyeatt
> Singlewire Software, LLC
> www.singlewire.com
> --
> 608.661.1184
> john.pye...@singlewire.com
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/CAEisTLkPc7J_ofHZU0o1psP8QOiZFwe7ggcOg3B9%3Dk3Xbs_8Ww%40mail.gmail.com
> .
>
> For more options, visit https://groups.google.com/groups/opt_out.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAHahqg1dwEwx1fRtu3z8p7bv2KG7BfXezmdGjy9vjEaN7Dkrug%40mail.gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Puppet and MCollective

2013-12-12 Thread Jeff Bachtel

I install puppet agent on provision (kickstart, VM template, whatever)
and do a puppet agent -t -w 1 (we don't autosign) at the end of the
provision script. MCollective in our environment is handled as part of
the puppet manifest, so after the agent run the host should be
registered in mco.

Jeff

On 12/12/2013 11:54 AM, ro001 wrote:

Hi,

I am writing scripts for deployment of our software and I am also
using MCollective on linux.

I hope to use MCollective in order to reduce the requirement of
opening a putty session to each VM and running the puppet agent
manually the first time (when its registers/ creates keys etc). The
problem I see with this is that I need to log in to each machine and
install/configure mcollective (server.cfg & client.cfg), so for this
reason I do not save myself very much effort by using mcollective.

I am using vms so I can add mcollective to the vm template, but I wont
know the name of mcollective/activemq machine nor would I know the
name of the machine at that point.

How do you guys deploy mcollective? It seems abit like a chicken/egg
scenario!

--
You received this message because you are subscribed to the Google
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/d1e0fc41-6558-4abf-bcc3-1a19e418d6f5%40googlegroups.com.

For more options, visit https://groups.google.com/groups/opt_out.

--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/52A9F65B.203%40bericotechnologies.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Puppetlabs-firewall and Logging

2013-12-11 Thread Jeff Bachtel

Are you seeing the not-working rules generate iptables rules (verify 
with iptables-save after applying manifest)?


Also, it's been a while since I dug into the ruby that generates the 
rules, you should probably use the before operator -> between rules to 
enforce ordering, like


  firewall { '016 fwd to dns_out': chain => 'OUTPUT', outiface => 
'eth0', destination => '10.x8.x0.x5', proto => 'udp', port => '53', 
action => 'accept', } ->
  firewall { '016 fwd to dns_out': chain => 'OUTPUT', outiface => 
'eth0', destination => '10.x8.x0.x5', proto => 'tcp', state => 'NEW', 
port => '53', action => 'accept', }


Jeff

On 12/11/2013 10:24 PM, Jim Miller wrote:
We're testing out the Puppetlabs-Firewall module. And it seems I'm 
either missing something fundamental or Logging/Accpet works/doesn't 
work in an irregular way.  I would be most grateful for some input.


_COMMON:_
  firewall { '002 accept related established rules INPUT': proto => 
'all', state => ['RELATED', 'ESTABLISHED'], action => 'accept' }
  firewall { '003 accept related established rules OUTPUT': chain => 
'OUTPUT', proto => 'all', state => ['RELATED', 'ESTABLISHED'], action 
=> 'accept' }


_This works for new inbound SSH connections:_
  firewall { '007 fwd to ssh_in': chain => 'INPUT', iniface => 'eth0', 
source => '10.x8.xx1.0/24', proto => 'tcp', state => 'NEW', port => 
'22', action => 'accept' }


_This works for inbound SSH connections:
_  firewallchain { 'ssh_in:filter:IPv4': ensure => present, }

  firewall { '008 fwd to ssh_in': chain => 'INPUT', iniface => 'eth0', 
source => '10.x8.xx1.0/24', proto => 'tcp', state => 'NEW', port => 
'22', jump => 'ssh_in' }
  firewall { '009 ssh_in': chain => 'ssh_in', jump => 'LOG', 
log_prefix => 'ssh_in ' }

  firewall { '011 ssh_in': chain => 'ssh_in', action => 'accept' }


_This works for DNS:_
  firewall { '016 fwd to dns_out': chain => 'OUTPUT', outiface => 
'eth0', destination => '10.x8.x0.x5', proto => 'udp', port => '53', 
action => 'accept', }
  firewall { '016 fwd to dns_out': chain => 'OUTPUT', outiface => 
'eth0', destination => '10.x8.x0.x5', proto => 'tcp', state => 'NEW', 
port => '53', action => 'accept', }
  firewall { '016 fwd to dns_out': chain => 'OUTPUT', outiface => 
'eth0', destination => '10.x8.x0.x6', proto => 'udp', port => '53', 
action => 'accept', }
  firewall { '016 fwd to dns_out': chain => 'OUTPUT', outiface => 
'eth0', destination => '10.x8.x0.x6', proto => 'tcp', state => 'NEW', 
port => '53', action => 'accept', }



_This does NOT work for DNS:_
  firewallchain { 'dns_out:filter:IPv4': ensure => present, }

  firewall { '016 fwd to dns_out': chain => 'OUTPUT', outiface => 
'eth0', destination => '10.x8.x0.x5', proto => 'udp', port => '53', 
jump => 'dns_out', }
  firewall { '016 fwd to dns_out': chain => 'OUTPUT', outiface => 
'eth0', destination => '10.x8.x0.x5', proto => 'tcp', state => 'NEW', 
port => '53', jump => 'dns_out', }
  firewall { '016 fwd to dns_out': chain => 'OUTPUT', outiface => 
'eth0', destination => '10.x8.x0.x6', proto => 'udp', port => '53', 
jump => 'dns_out', }
  firewall { '016 fwd to dns_out': chain => 'OUTPUT', outiface => 
'eth0', destination => '10.x8.x0.x6', proto => 'tcp', state => 'NEW', 
port => '53', jump => 'dns_out', }


  firewall { '024 dns_out': chain => 'dns_out', jump => 'LOG', 
log_prefix => 'dns_out', }

  firewall { '025 dns_out': chain => 'dns_out', action => 'accept', }


None of the above rules generates any errors.
My understanding of reading the doc is the default policy is 'accept' 
when not specified (not sure about custom chains). When I try to 
connect to the server, I don't see logs being generated.


Thanks,
Jim



--
You received this message because you are subscribed to the Google 
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/e12d97d9-2e43-482c-aa22-7bccaf6de17d%40googlegroups.com.

For more options, visit https://groups.google.com/groups/opt_out.


--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/52A93540.6030500%40bericotechnologies.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Access class results variables in puppet

2013-12-11 Thread Jeff Bachtel

In the case of the module you're using ( 
https://github.com/luxflux/puppet-openvpn it appears) and you seem to 
have already understood this, the client resource has a hard dependency 
on files that should only exist on the server (due to client cert 
generation process).


All is really not lost, though. Because the openvpn::client script 
generates two files for the openvpn configuration, you can easily enough do:



case $::role {

'access': {

notify {"Applying access packages" :}

include access_packages

freebsd::rc_conf { 'test' :

value  => 'yes',

ensure => 'present'

}

openvpn::server {'winterthur' :

country  => 'CH',

province => 'ZH',

city => 'Winterthur',

organization => 'example.org',

email=> 'r...@example.org',

server   => '10.200.200.0 255.255.255.0'}

openvpn::client { 'client1':
server => "winterthur"
} -> @@file { 
'/etc/openvpn/winterthur/download-configs/client1.ovpn' }

openvpn::client_specific_config { 'client1':
server => "winterthur"
} -> @@file { 
'/etc/openvpn/winterthur/client-configs/client1' }

}

'client': {

notify {"Applying client config" :}

File <<| name == 
'/etc/openvpn/winterthur/download-configs/client1.ovpn' |>>

File <<| name == 
'/etc/openvpn/winterthur/client-configs/client1' |>>
}

}


This will instantiate the files on your client (assuming the server has 
applied its manifest successfully) and it can then be the target of an 
actual openvpn client configuration. Note that you'll have to do the 
latter yourself, as the module you're using doesn't seem to actually 
handle OpenVPN client package installation.


The more traditionally puppet way to handle this would be to have the CA 
or delegate CA on the puppet server itself, and have it write out such 
keys to some place like /etc/puppet/keydist/$fqdn for hosts to pull down 
using normal puppet:/// fileserver syntax.


I've not tested my above code, and haven't reviewed the module from 
luxflux enough to guarantee that it will work for you. It'd definitely 
require some investigation, as you're extending the module a bit beyond 
its original intent.


Jeff

On 12/09/2013 05:32 PM, Derek Cole wrote:

Hello,

I am not exactly sure how to phrase this, but consider the following:

case $::role {
'access': {
notify {"Applying access packages" :}
include access_packages

freebsd::rc_conf { 'test' :
value  => 'yes',
ensure => 'present'
}
 openvpn::server {'winterthur' :
country  => 'CH',
province => 'ZH',
city => 'Winterthur',
organization => 'example.org',
email=> 'r...@example.org',
server   => '10.200.200.0 255.255.255.0'}

}
'client': {
notify {"Applying client config" :}
openvpn::client { 'client1':
server => "winterthur"
}

}
}


What I am trying to do in 'client' case is reference the server that 
was defined in the 'access' case. Is this possible? The openvpn module 
here; https://github.com/luxflux/puppet-openvpn


contains some examples and such that lead me to believe there should 
be a reference, but it seems like that only is applicable if they have 
the same scope. How would I go about storing off the 'winterthur' 
openvpn::server for use by the clients later? Puppet's class variable 
access and scoping in general are a little confusing to me at this 
point. I tried the obvious assigning a $variable but that didn't work 
either. Also, looking at the openvpn code, it seems like 
openvpn::server is "define"d instead of using the class keyword. does 
this make a difference?


Thanks
--
You received this message because you are subscribed to the Google 
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/9de48764-707d-4529-a018

Re: [Puppet Users] Puppet with Fuse

2013-12-11 Thread Jeff Bachtel

On 12/11/2013 04:11 PM, F. Y. wrote:

Hi folks,

I'm running into an issue where a home grown fuse module is mounting a
file structure, and it works the first time. But on the second run,
Puppet complains:

Warning: /Stage[main]/Test/File[/home/myhome/dir1/dir2/dir3/dir4]:
Could not stat; permission denied

Your key error, here. The stat() is failing (permissions, possibly, or
filesystem not supporting the command) and that leads to Puppet being
unable to decide whether the directory exists. It then assumes that
because stat() failed the directory doesn't exist and creates it (and
succeeds, the first time). On subsequent runs it still thinks the
directory doesn't exist, tries to create it, and fails.

You can use stat from the command line on
/home/myhome/dir1/dir2/dir3/dir4 to see if it succeeds when run as you
and more importantly when run as root. I'd expect to see something like
that if /home was a NFS mount that rewrote requests from uid 0 to an
anonymous user. Perhaps your FUSE filesystem is running into something
similar.

Jeff

Error: Could not set 'directory' on ensure: File exists -
/home/myhome/dir1/dir2/dir3/dir4 at
54:/etc/puppet/modules/test/manifests/init.pp
Error: Could not set 'directory' on ensure: File exists -
/home/myhome/dir1/dir2/dir3/dir4 at
54:/etc/puppet/modules/test/manifests/init.pp

Wrapped exception:
File exists - /home/myhome/dir1/dir2/dir3/dir4
Error:
/Stage[main]/Test/File[/home/myhome/dir1/dir2/dir3/dir4]/ensure:
change from absent to directory failed: Could not set 'directory' on
ensure: File exists - /home/myhome/dir1/dir2/dir3/dir4 at
54:/etc/puppet/modules/test/manifests/init.pp

There is a file {} resource which sets up the resources with:
ensure => directory,
mode => 0777,
owner => "myhome",

I am not sure how to trouble shoot this. Can anyone help?

Thanks.
--
You received this message because you are subscribed to the Google
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/bda3a334-eb23-4f28-b371-db5dd40d637c%40googlegroups.com.

For more options, visit https://groups.google.com/groups/opt_out.

--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/52A8D6DC.7020204%40bericotechnologies.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Re: Getting latest agent on debian for ARM?

2013-12-11 Thread Jeff Bachtel

You can fetch it directly (wget, curl, whatever) from

http://apt.puppetlabs.com/pool/squeeze/main/f/facter/facter_1.6.18-1puppetlabs1_all.deb

Jeff

On 12/11/2013 12:39 PM, Jon Yeargers wrote:

root@plugpc-005:~# apt-get install ruby libopenssl-ruby pciutils
Reading package lists... Done
Building dependency tree
Reading state information... Done
Note, selecting 'libruby' instead of 'libopenssl-ruby'
pciutils is already the newest version.
libruby is already the newest version.
ruby is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

There isn't a 'download' option for apt-get on this system so I tried 
'--download-only':

root@plugpc-005:~# apt-get --download-only install  facter
Reading package lists... Done
Building dependency tree
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
 facter : Depends: dmidecode but it is not installable
E: Broken packages

I added '--ignore-missing' but the result was the same.

On Wednesday, December 11, 2013 7:47:02 AM UTC-8, Jeff Bachtel wrote:

demidecode (which is a hard dependency for facter) is not
available for armel in Debian's repository. I have confirmed that
facter will not fail outright when dmidecode is missing.

The following facter variables will not be created, however:
bios_release_date
bios_vendor
bios_version
boardmanufacturer
boardproductname
boardserialnumber
manufacturer
productname
serialnumber
type
uuid

If that's acceptable for you, you can try

apt-get install ruby libopenssl-ruby pciutils
apt-get download facter
dpkg -i --force-depends facter*.deb
apt-get install puppet

This will manually install the other facter dependencies (which
should exist for armel), download the facter .deb file, then do an
install of it without checking depends. The puppet install should
succeed after that.

I think facter's dmidecode dependency should be a Suggests vice a
Depends, and it might be worth filing a bugrep to get it changed.

Jeff

On 12/11/2013 10:31 AM, Jon Yeargers wrote:

I also tried 'apt-get dist-upgrade'. This brought down 'hiera'
(along with a few other things).

Then tried 'apt-get install puppet-common' - this failed as
'facter' needed a higher version.

.. so tried 'facter' but this failed with:

facter : Depends : dmidecode but it is not installable

If I do 'apt-cache search dmidecode' it isn't available.

On Wednesday, December 11, 2013 7:26:02 AM UTC-8, Jon Yeargers
wrote:

'apt-get update' ran fine this time.

'apt-get install puppet':

Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the
unstable
distribution that some required packages have not yet been
created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
 puppet : Depends: puppet-common (= 3.3.2-1puppetlabs1) but
2.6.2-5+squeeze8 is to be installed
E: Broken packages

I also tried uninstalling puppet and then doing the install.
Same result.

On Tuesday, December 10, 2013 3:11:27 PM UTC-8, Moses Mendoza
wrote:

Hi all, apt.puppetlabs.com <http://apt.puppetlabs.com>
has been updated with additional
architectures so the 'all' packages should install. Can
you check if
you still have the same issues?

On Tue, Dec 10, 2013 at 12:01 PM, Moses Mendoza
 wrote:
> On Tue, Dec 10, 2013 at 10:52 AM, Jon Yeargers
 wrote:
>> I updated the repository file using the official
puppet-recommended version.
>> The corrected line is:
>>
>> deb http://apt.puppetlabs.com squeeze main   (i
mistakenly entered 'wheezy'
>> above).
>>
>> When I do 'apt-get update' I'm told:
>>
>> W: Filed to fetch
http://apt.puppetlabs.com/dists/squeeze/Release
<http://apt.puppetlabs.com/dists/squeeze/Release> Unable to
>> find expected entry main/binary-armel/Package

Re: [Puppet Users] Re: Getting latest agent on debian for ARM?

2013-12-11 Thread Jeff Bachtel

demidecode (which is a hard dependency for facter) is not available for 
armel in Debian's repository. I have confirmed that facter will not fail 
outright when dmidecode is missing.

The following facter variables will not be created, however:
bios_release_date
bios_vendor
bios_version
boardmanufacturer
boardproductname
boardserialnumber
manufacturer
productname
serialnumber
type
uuid

If that's acceptable for you, you can try

apt-get install ruby libopenssl-ruby pciutils
apt-get download facter
dpkg -i --force-depends facter*.deb
apt-get install puppet

This will manually install the other facter dependencies (which should 
exist for armel), download the facter .deb file, then do an install of 
it without checking depends. The puppet install should succeed after that.

I think facter's dmidecode dependency should be a Suggests vice a 
Depends, and it might be worth filing a bugrep to get it changed.

Jeff

On 12/11/2013 10:31 AM, Jon Yeargers wrote:
I also tried 'apt-get dist-upgrade'. This brought down 'hiera' (along 
with a few other things).

Then tried 'apt-get install puppet-common' - this failed as 'facter' 
needed a higher version.

.. so tried 'facter' but this failed with:

facter : Depends : dmidecode but it is not installable

If I do 'apt-cache search dmidecode' it isn't available.

On Wednesday, December 11, 2013 7:26:02 AM UTC-8, Jon Yeargers wrote:

'apt-get update' ran fine this time.

'apt-get install puppet':

Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
 puppet : Depends: puppet-common (= 3.3.2-1puppetlabs1) but
2.6.2-5+squeeze8 is to be installed
E: Broken packages

I also tried uninstalling puppet and then doing the install. Same
result.

On Tuesday, December 10, 2013 3:11:27 PM UTC-8, Moses Mendoza wrote:

Hi all, apt.puppetlabs.com  has
been updated with additional
architectures so the 'all' packages should install. Can you
check if
you still have the same issues?

On Tue, Dec 10, 2013 at 12:01 PM, Moses Mendoza
 wrote:
> On Tue, Dec 10, 2013 at 10:52 AM, Jon Yeargers
 wrote:
>> I updated the repository file using the official
puppet-recommended version.
>> The corrected line is:
>>
>> deb http://apt.puppetlabs.com squeeze main (i mistakenly
entered 'wheezy'
>> above).
>>
>> When I do 'apt-get update' I'm told:
>>
>> W: Filed to fetch
http://apt.puppetlabs.com/dists/squeeze/Release
 Unable to
>> find expected entry main/binary-armel/Packages in
Meta-index file (malformed
>> Release file?)
>>
>>
>> On Tuesday, December 10, 2013 9:11:44 AM UTC-8, Felix.Frank
wrote:
>>>
>>> That's not the issue at all I think.
>>>
>>> Is that source.list entry from a howto?
>>>
>>> Have you tried the instructions here:
>>>
>>>

http://docs.puppetlabs.com/guides/puppetlabs_package_repositories.html#for-debian-and-ubuntu

>>>
>>> Because what apt is making of your configuration is plain
wrong.
>>>
>>> On 12/10/2013 05:50 PM, Jon Yeargers wrote:
>>> > If I create a '/etc/apt/sources.list.d/puppet.list' with:
>>> >
>>> > deb http://apt.puppetlabs.com/pool wheezy stable
>>> >
>>> > I get:
>>> >
>>> > Failed to fetch
>>> >
>>> >

http://apt.puppetlabs.com/pool/dists/wheezy/stable/binary-armel/Packages.gz

>>> > 404 Not Found
>>> >
>>> > I'm thinking that I might need to set this up on an x86
machine and then
>>> > rebuild the package file myself in a private repository.
>
> My apologies - this is a problem with our apt repository
configuration
> - we did not set it up to include architectures other than
i386 and
> amd64. We will be remedying this soon, so that while we may
not yet
> have arm-specific packages, at least our all-arch packages
will work.
>
>>
>> --
>> You received this message because you are subscribed to the
Google Groups
>> "Puppet Users" group.
>> To unsubscribe from this group and stop rec

Re: [Puppet Users] Cannot see Inventory in Dashboard & failed to use facer variable in manifest

2013-12-11 Thread Jeff Bachtel

Try

case $hostname {
'puppetagent': {include sendmail}
}

BUT, that's really the wrong pattern to be following, you should instead
create a node definition for "puppetagent" that includes the sendmail class.

node puppetagent.yourdomain {
include sendmail
}

Jeff

On 12/11/2013 10:00 AM, shlo.af...@gmail.com wrote:

Hi,

In Dashboard, in the 'Inventory' section I get nothing but the error:
Could not retrieve facts from inventory service: 403 "Forbidden"

When I tried to use facter variables in the manifest, it look like
it's not working. (I new in that so I never tried it before).

I have something like this:
case ${hostname} {
'puppetagent': {include sendmail}
}
But when I run puppet on the agent, I get the error:
Error: Could not retrieve catalog from remote server: Error 400 on
SERVER: Could not parse for environment production: Could not match
${hostname} at

/etc/puppet/manifests/nodes.pp:17 on node puppetagent

Is it possible that the problems are connected? How can I solve that
problem?

Any help welcome.

--
You received this message because you are subscribed to the Google
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/80e4abd7-1bad-48d3-94ac-1c61b00fae74%40googlegroups.com.

For more options, visit https://groups.google.com/groups/opt_out.

--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/52A87F5C.6010704%40bericotechnologies.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] puppetdb: no communication between PM and puppetdb

2013-12-11 Thread Jeff Bachtel

What messages are you seeing in /var/log/puppetdb/puppetdb-daemon.log
and puppetdb.log on 129.128.100.11? Did you previously have puppetdb
running on your puppet master?

Because you got the 403, puppetmaster is at least able to connect to and
receive a response from 129.128.100.11:8081 via HTTPS. That said, if
you're confident in your tcpdump that no traffic in fact occurred
between puppetmaster and that IP, then puppetmaster has another idea
about where that IP is (bound as an alias, for instance, and there's a
defunct puppetdb still running on the puppetmaster).

Jeff

On 12/11/2013 07:50 AM, Stefan Wiederoder wrote:

Hello out there,

I´m trying to add puppetdb (on a separate host,
puppetdb-1.5.2-1.el6.noarch) to my puppet setup (passenger,
puppet-3.1.0-1.el6.noarch).

I´ve used the PL documenation, but I receive the following message
after restarting apache:
2013-12-11T13:28:47.859827+01:00 belbo puppet-master[26103]: Could not
retrieve facts for host.where.ever: Failed to find facts from PuppetDB
at 129.128.100.11:8081: 403 "Forbidden"

strange this is that there´s absolutely no network communication on
port 8081 from my puppetmaster to my server running puppetdb ???

puppetdb is up and running, the port 8081 is used by the puppetdb java
process:

[root@puppetdb conf.d]# netstat -utlepn |grep 8081
tcp0 0 129.128.100.11:8081 0.0.0.0:*
LISTEN 496555873012 7864/java

using telnet/nc and tcpdump on my puppetdb shows that there´s no
firewall problem, the hosts are within the same subnet

(and no local iptables is running).

I´m helpless, I´ve checked everything two/three times, but it´s really
frustrating to have no communication at all.

any ideas?

thanks
,
Stefan
--
You received this message because you are subscribed to the Google
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/c45292d8-0027-40d9-b1b1-3d2de5ab6539%40googlegroups.com.

For more options, visit https://groups.google.com/groups/opt_out.

--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/52A86CA9.9050109%40bericotechnologies.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Re: Are storeconfigs without puppetDB possible?

2013-12-11 Thread Jeff Bachtel

Note that even with local file storage, the java container that puppetdb
runs in can take a longer-than-expected time to spawn listener threads.
No issue if you're running your development puppetdb somewhat persistent
(outside of your Vagrant VM), but if you put puppetdb on the Vagrant
machine you should anticipate needing to put in a delay before storing
resources (and puppet apply) will happen cleanly.

Jeff

On 12/10/2013 01:22 PM, Guy Knights wrote:
Ok, I discovered that you can configure puppetdb to use the file-based
embedded database, so I'll work with that. It was pretty hard to find
mention of this option, however. I actually discovered it through the
docs for the puppetdb module, although later I found the odd mention
of it buried deep in the puppetdb documentation. In any case, I'll
work with this option and see how I go.

On Monday, 9 December 2013 14:26:32 UTC-8, Guy Knights wrote:

I'm doing some testing with the puppetlabs/haproxy module on a
vagrant box with puppet 3 set up. The module we use requires
exported resources to be enabled in order to specify haproxy
backends, but I don't have it configured in puppet. I have our
puppet repo checked out to the VM and am using puppet apply,
pointed at the specific module path we use for development, to
configure the box.

From what I've read during my web searching, it seems that
basically the only way to do storeconfigs is by setting up
puppetdb. We do have a puppetdb server set up in production, but I
don't really want to have to point disposable dev environments at
it, just to test stuff. I also don't want to go to the effort of
setting up a puppetdb environment locally to do the same thing.

Is there any simple way to enable storeconfigs for basic
development purposes? ie, a file-based or sqlite solution? I know
there used to be an sqlite solution available but everything I
read tells me it's deprecated. There doesn't appear to be a
definitive resource for storeconfigs documentation, and AFAICT
it's puppetdb or nothing else.

Thanks,
Guy

--
You received this message because you are subscribed to the Google
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/ca47d992-d909-4bf9-b499-8dcc6aaa3eb9%40googlegroups.com.

For more options, visit https://groups.google.com/groups/opt_out.

--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/52A86A95.1090501%40bericotechnologies.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] puppet parser validate fails

2013-12-10 Thread Jeff Bachtel

When git feeds the file to puppet parser on your git repo server, it is
doing so via a temporary file (evidenced by remote: Error: Could not parse
for environment production: No file(s) found for import of 'fix.pp' at
/tmp/tmp.hujjYZKPpC/manifests/nodes.pp:9 ). Because it is a temporary file
it does not have the rest of the git tree available, and so the import
'fix.pp'  line cannot succeed (on your git repo server. Obviously the file
works perfectly fine with a working tree to use).

>From http://projects.puppetlabs.com/projects/1/wiki/puppet_version_control

# NOTE: There is an outstanding bug against `puppet parser` which causes #
the --ignoreimport option to turn the syntax check into a no-op. Until #
the bug is resolved, the syntax check hook should not include the #
--ignoreimport option and will only work correctly on manifests which # do
not contain "import" lines. # See http://projects.puppetlabs.com/issues/9670

You can try to work around this on your server-side hook by changing
git cat-file blob $new_sha1 > $tmp

to

git cat-file blob $new_sha1 | grep -v '^\s*import' > $tmp

disclaimer - I've not tested this, I am not a doctor, etc.

Jeff



On Tue, Dec 10, 2013 at 9:31 AM, Andreas Dvorak wrote:

> Dear all,
>
> In git I have a pre-receive script to checkt the puppet files. My git push
> comes with an error but if I run the same manually I get no error.
> Can anybody please help me?
>
> error message
> remote:  Checking manifests/nodes.pp for syntax errors and styleguide
> compliance...
> remote: 'puppet parser validate' failed on manifests/nodes.pp - push
> deniend. Run tests locally and confirm they pass before pushing.
> remote: Error: Could not parse for environment production: No file(s)
> found for import of 'fix.pp' at /tmp/tmp.hujjYZKPpC/manifests/nodes.pp:9
> remote: Error: Try 'puppet help parser validate' for usage
>
> pre-receive script
> for puppetmodule in `git diff-tree --no-commit-id --name-only -r $newrev`;
> do
> echo -e "\e[0;36m" "Checking $puppetmodule for syntax errors and
> styleguide compliance..." "\e[0m"
> tmpdir=`mktemp -d`
> tmpmodule="$tmpdir/$puppetmodule"
> tmperror="$tmpdir/errors.txt"
> mkdir -p $tmpmodule
> rmdir $tmpmodule
> git show $newrev:$puppetmodule > $tmpmodule
> case $puppetmodule in
> *.pp )
> puppet parser validate $tmpmodule 2&> $tmperror
> rc=$?
> if [[ $rc != 0 ]]; then
> echo -e "\e[0;31m'puppet parser
> validate' failed on $puppetmodule - push deniend. Run tests locally and
> confirm they pass before pushing. \e[0m"
> cat $tmperror
> rm -rf $tmpdir
> exit $rc
> fi
>  .
>
> this works without error in my local git and on the central git
> puppet parser validate nodes.pp
>
> cat nodes.pp
> node base {
>   include profiles::base
> }
>
> node 'sv2629.muc.baag' inherits base {
> }
>
> import 'fix.pp'
> import 'puppet_master.pp'
> #import 'sunray.pp'
>
> And it does not matter what I change in the file.
>
> Best regards
> Andreas
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/e2d78e37-0746-4fed-b590-fd9246d4d605%40googlegroups.com
> .
> For more options, visit https://groups.google.com/groups/opt_out.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAHahqg34z5Tue%3D8_VR6BkiyOWfTqm7tkKX%3DKAfyXz8-GRGOekA%40mail.gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] puppet apply or puppet agent -t fails on razor installation. Need help on razor too.

2013-12-10 Thread Jeff Bachtel

What is the output of "puppet agent -t -d" ? The -d debug flag should give
you much more detailed information about what child process, exactly, is
blocking.

Jeff


On Sat, Dec 7, 2013 at 2:03 PM, Arvind P R  wrote:

> My puppet master server is working fine and i now installed razor module
> on the same server.
>
> i downloaded the tar.gz from https://forge.puppetlabs.com/puppetlabs/razor and
> did the installation using
>
> puppet module install  --ignore-dependencies.
> i took care of all the dependencies too.
>
> *My puppet server is behind a corporate authenticated proxy which prevents
> me from using "puppet module install". puppet bug!!*
>
> post razor installation, I included the following lines in
>
> /etc/puppetlabs/puppet/manifests/site.pp
>
> node puppet_master {
>   include razor
> }
>
> now if i try to run the following commands:
>
> puppet apply /etc/puppetlabs/puppet/manifests/site.pp
> OR
> puppet agent -t
>
> on the same server, the commands hang
>
> puppet apply hangs without any message while the following is shown on
> puppet agent -t
>
> [root@centos-razor ~]# puppet agent -t
> Info: Retrieving plugin
> Info: Loading facts in
> /opt/puppet/share/puppet/modules/stdlib/lib/facter/puppet_vardir.rb
> Info: Loading facts in
> /opt/puppet/share/puppet/modules/stdlib/lib/facter/facter_dot_d.rb
> Info: Loading facts in
> /opt/puppet/share/puppet/modules/stdlib/lib/facter/root_home.rb
> Info: Loading facts in
> /opt/puppet/share/puppet/modules/stdlib/lib/facter/pe_version.rb
> Info: Loading facts in
> /opt/puppet/share/puppet/modules/postgresql/lib/facter/postgres_default_version.rb
> Info: Loading facts in
> /opt/puppet/share/puppet/modules/concat/lib/facter/concat_basedir.rb
> Info: Loading facts in
> /opt/puppet/share/puppet/modules/pe_common/lib/facter/windows.rb
> Info: Loading facts in
> /opt/puppet/share/puppet/modules/pe_puppetdb/lib/facter/puppetdb_server_status.rb
> Info: Loading facts in
> /opt/puppet/share/puppet/modules/auth_conf/lib/facter/custom_auth_conf.rb
> Info: Loading facts in
> /opt/puppet/share/puppet/modules/firewall/lib/facter/ip6tables_version.rb
> Info: Loading facts in
> /opt/puppet/share/puppet/modules/firewall/lib/facter/iptables_persistent_version.rb
> Info: Loading facts in
> /opt/puppet/share/puppet/modules/firewall/lib/facter/iptables_version.rb
> Info: Loading facts in
> /var/opt/lib/pe-puppet/lib/facter/puppetdb_server_status.rb
> Info: Loading facts in /var/opt/lib/pe-puppet/lib/facter/puppet_vardir.rb
> Info: Loading facts in /var/opt/lib/pe-puppet/lib/facter/facter_dot_d.rb
> Info: Loading facts in /var/opt/lib/pe-puppet/lib/facter/windows.rb
> Info: Loading facts in /var/opt/lib/pe-puppet/lib/facter/root_home.rb
> Info: Loading facts in
> /var/opt/lib/pe-puppet/lib/facter/postgres_default_version.rb
> Info: Loading facts in /var/opt/lib/pe-puppet/lib/facter/pe_version.rb
> Info: Loading facts in
> /var/opt/lib/pe-puppet/lib/facter/ip6tables_version.rb
> Info: Loading facts in
> /var/opt/lib/pe-puppet/lib/facter/iptables_persistent_version.rb
> Info: Loading facts in /var/opt/lib/pe-puppet/lib/facter/concat_basedir.rb
> Info: Loading facts in
> /var/opt/lib/pe-puppet/lib/facter/iptables_version.rb
> Info: Loading facts in
> /var/opt/lib/pe-puppet/lib/facter/custom_auth_conf.rb
> Info: Caching catalog for centos-razor.a100.lab
> Info: Applying configuration version '1386442284'
>
> the command does not complete!!
>
> further i am looking for a simple installation guide with centos. i cant
> find one anywhere. most of the blogs and guides are for ubuntu.
>
> what I need to know is the bunch of files and config files I have to keep
> on the tftp server for puppet/razor to work. if anyone can point me to
> that, it would be helpful.
>
> thanks
>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/9e7b9931-cd55-40d8-9212-77444b5f96e2%40googlegroups.com
> .
> For more options, visit https://groups.google.com/groups/opt_out.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAHahqg3QF50FOmth%3DBAEPjuJgROjDy1TTaB%2BF-B7%2BFuv4pNwEw%40mail.gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Problem with report processor - undefined method

2013-12-10 Thread Jeff Bachtel

If this is accurate, I can only warn that I've run into horribly annoying,
manifest-breaking issues trying to run 2.6/2.7 clients with 3.3 servers. It
may not be official advice, but if you can make puppet client versions
track your puppet server closer, you will have much less headache.

Jeff


On Thu, Dec 5, 2013 at 7:29 PM, Jon Yeargers  wrote:

> After I got puppetdb working I was looking about at the various bits of
> data available. Looking at the 'nodes' option I was suprised to see this:
>
>   "report_timestamp" : null
>
> for every node. They all have this for their puppet.conf:
>
> [main]
> logdir=/var/log/puppet
> vardir=/var/lib/puppet
> ssldir=/var/lib/puppet/ssl
> rundir=/var/run/puppet
> factpath=$vardir/lib/facter
> templatedir=$confdir/templates
> [agent]
> server=server_name
> certname=client_name
> pluginsync=true
> report=true
>
> so I assumed they were reporting.
>
> TL;DR
>
> Looking at /var/log/messages on the server I found these messages
> appearing:
>
> puppet-master[1090]: Report processor failed: undefined method `>=' for
> nil:NilClass
>
> What's up? Have I misconfigured something?
>
> Clients: v 2.6
> Server: v 3.3
>
>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/d0e27c25-4970-4ee8-bc75-680d057ff9aa%40googlegroups.com
> .
> For more options, visit https://groups.google.com/groups/opt_out.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAHahqg23m9mitoPJGxRTNbdBCQ1JVG19mJOU5io%2BmqP-k3q08A%40mail.gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Pattern question for providers

2013-12-09 Thread Jeff Bachtel

When creating a provider that uses a command not in PATH, what is the
best-practice pattern for case'ing out different potential locations? As an
example, the puppetlabs rabbitmq pupmod has a rabbitmqplugins provider that
falls down on CentOS using the rabbitmq upstream package due to
rabbitmq-plugins being in /usr/lib/rabbitmq/bin

As an aside (I don't know how often Puppet devs read this list), could the
Puppet::Util::which method perhaps be extended to add a non-user PATH-like
variable to the path search string? Something like PUPPET_PROVIDER_PATH, if
it exists, being concatenated before PATH. I could then configure the
system environment on weird hosts to provide that variable for puppet
without mucking with user/system PATH.

Thanks,

Jeff

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAHahqg2wmzrDw7AZ2Vi3PL0Qew72J0HutVmmHwx46xfqrB%2B9pQ%40mail.gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Re: Nagios XI + Puppet?

2013-12-08 Thread Jeff Bachtel

I don't have Nagios XI (still using Icinga) but could you copy out the code
from */usr/local/nagiosxi/scripts/reconfigure_nagios.sh* needed to import
files (but not the removal code) and put it in an exec resource (directly
or via a new customer shell script) that subscribes to your target
directory? You'd get the benefit of automated updates, and because your
subset of the code wouldn't rm imported files, you wouldn't kick off every
30 minutes.

Jeff


On Thu, Dec 5, 2013 at 6:13 PM, loxo  wrote:

> I use NagiosXI and Puppet and have had some success in developing some
> interoperability without sacrificing the controls of the gui. My
> environment consists of linux hosts running puppet and a myriad of windows
> and netowrking devices which were all configured in NagiosXI via the gui.
>
> Generally speaking, building service and host configurations for NagiosXI
> are the same as they were for Nagios Core. You'll use exported resources to
> generate configurations.
>
> To then import them to NagiosQL (what Nagios XI uses for a database in
> lieu of traditional nagios flat-file configurations) you place the
> configurations built by puppet into the import directory, which for their
> CentOS release is located at */usr/local/nagios/etc/import/*.
> You have two options for the import routine. You can use the import tool
> from within NagiosXI located within the core config manager, or you can use
> the bash script at */usr/local/nagiosxi/scripts/reconfigure_nagios.sh*
> The script must be executed with /usr/local/nagiosxi/scripts/ as its
> current working directory.
> I prefer the script. Others prefer the gui. The choice is yours.
>
> There's an option here to create an Exec resource for that script that
> then subscribes to the import directory and automate the whole procedure.
> The caveat is that the import directory is cleared out whenever the script
> is run. In effect, this will fire off that reconfigure script every 30
> minutes when the nagiosxi server initiates a puppet run and populates that
> directory with the configuration files.
>
> For now, what I do is create a directory in which the Puppet uses as a
> target, then manually copy the files over as they get updated with new
> services/servers. My Nagios configs rarely change so it works for the level
> interaction I need. I'd love to hear if anyone has a more elegant ways to
> do this.
>
> Cheers,
> Sam
>
> On Wednesday, August 7, 2013 3:34:07 PM UTC-4, Ryan Bowlby wrote:
>>
>> Hi All,
>>
>> I currently make use of Icinga (nagios fork) + Puppet for fully automated
>> monitoring. It's worked great up to this point. I've recently been asked to
>> integrate fine grained notifications support into icinga. I'm not entirely
>> sure puppet manifests are the right place to manage contacts, contact
>> groups, and their use within host and service definitions for notifications.
>>
>> Has anyone made use of the puppet + Nagios XI? Would it be possible to
>> manage notifications within the webUI while still using puppet for
>> generating the host,hostgroup,service configs?
>>
>> Pagerduty isn't an option for reasons I can't get into here.
>>
>> Thanks,
>> Ryan
>>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/30fa41ee-f06b-4042-b759-9bfdd1e01bb2%40googlegroups.com
> .
>
> For more options, visit https://groups.google.com/groups/opt_out.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAHahqg2_M%2B0gYffMPyLZHws9%3DkrkQKtgDkcLPuCKkEZX55cR_w%40mail.gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] testing and exported (nagios) resources

2013-12-07 Thread Jeff Bachtel

Three thoughts. The first would be to have node definitions for monitor on
both dev and test environments, doing a minimal amount of work to generate
nagios host definitions in a disjoint directory that you include in your
nagios config.

So:
/var/lib/{puppet,puppet-dev,puppet-test}
/etc/{puppet,puppet-dev,puppet-test}
/etc/nagios/object/{dev,test}

To further isolate your nagios box from harm, dev and test environment runs
can be done from an unprivileged user and puppet agent runs can be tied to
host/service additions/removals in dev/test. I know this idea directly
violates you saying "So... setting up all 3 puppet stacks to export
resources that are realized somehow on the Nagios server isn't a
possibility, as bad manifests/modules could affect the monitoring of one of
the dev or test hosts." but it seems the least-harm least-gross way to do
this.

The other way that came to mind was an aperiodic dump/insert of relevant
postgresql tables relating to exported resources from dev/test into the
production postgresql puppetdb. This would require investigating the schema
in use, and cleanup could get tricky.

The third way that came to mind was to use the inventory service
http://docs.puppetlabs.com/guides/inventory_service.html to loop over
hostnames, GET'ing yaml from dev/test and PUT'ing it onto the production
server. I don't know how deletions would be handled, there, or even what
you'd want your failure mode to be.

Jeff

On Mon, Dec 2, 2013 at 8:39 PM, Jason Antman  wrote:

> Hello,
>
> I have 3 puppet stacks (master, puppetdb, enc) - dev, test/qa and prod.
> Dev is used for initial development and testing of code (including
> puppet), which is then promoted to test and then prod.
>
> I'd like to start using the nagios types to configure monitoring, via
> exported resources (yes I'm aware of the issues with the builtins, but
> they'll have to do for now). I only have one Nagios server, and I'd like
> to reliably monitor at least some stuff on the dev and test puppet
> nodes. So... setting up all 3 puppet stacks to export resources that are
> realized somehow on the Nagios server isn't a possibility, as bad
> manifests/modules could affect the monitoring of one of the dev or test
> hosts.
>
> What's the safe way to "freeze" exported resources, or prevent them from
> being changed? The best that I can come up with so far is to have the
> nagios server connected to the production puppetmaster, and when I want
> to update the (exported resource) monitoring configuration for one of
> the dev or test nodes, have to do a one-time run on each node in
> question against the prod puppet master.
>
> Any other thoughts or theories?
>
> Thanks,
> Jason Antman
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/529D363C.4030202%40jasonantman.com
> .
> For more options, visit https://groups.google.com/groups/opt_out.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAHahqg0BadZAtitdE75A0QLqT7VDU5U_2mm5yHCWNxurwEVSxw%40mail.gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Provider not using command functions

2013-12-07 Thread Jeff Bachtel

The gem package provider pretty extensively reads from commands[] and does
its own execute calls instead of using the command functions provided. This
makes it impossible to create a child provider that points to a different
gem command.

Would this be considered a defect worthy of a bugrep, or is the choice to
use command function vice commands array a matter of personal preference?

Jeff

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAHahqg0btg-OLpjh9_426W-741_adhgRjckEVOnjkReSPv3cHQ%40mail.gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Using scheduled_task for Windows startup

2013-12-04 Thread Jeff Bachtel

Is there a way that I'm not seeing to make scheduled_task create a task
that runs on Windows startup?

Unrelated (but too lazy to send 2 emails) does anyone have an example of
configuring the Windows time service from Puppet?

This is all on 3.3.1,

Jeff

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAHahqg1MdFOJ8XxzhHZkvN5Ufud7PEFHc0Sfz5Axv-pDpPYc7g%40mail.gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.

43 matches

Mail list logo