Re: [Puppet Users] Announce: cis-puppet 0.2.0 is now available

[Peter Brown]

Awesome!
Thanks Arild!

I was working on implementing those with puppet in my organisation but have
yet to finish them.
I will definitely have a look at your implementation and may offer help
with your module if I get some spare time.

Pete.



On 8 May 2013 02:34, Arild Jensen  wrote:

> Overview
> 
>
> This module implements the Center for Internet Security (CIS) Security 
> Configuration Benchmark for Red Hat Enterprise Linux 6 v.1.1.0 (avilable at 
> http://benchmarks.cisecurity.org). Each scored control has been implemented 
> as a class or a custom fact.
>
> Installation
> 
>
> Please either:
>
> - Clone git repo from https://github.com/arildjensen/cis-puppet
> - Run "puppet module install arildjensen/cis" and install from PuppetForge 
> (http://forge.puppetlabs.com/arildjensen/cis)
>
> Use
> ===
>
> The class cis::el6all will enforce all the controls. If you wish to deviate 
> please look for the el6all.pp file and use that as a template. Note that some 
> of the scored controls not able to be written in Puppet code have been 
> implemented as custom facts using Facter. Controls labeled "not scored" by 
> the benchmark are not included.
>
> Also note that there are two subclasses in the cis module, cis::linuxcontrols 
> and cis::el6. The former implements the specific controls with a general name 
> (such as cis::linuxcontrols::c0001), allowing for future re-use. The latter 
> maps directly to a specific CIS control for RHEL6 (such as cis::el6::1_1_17 
> for control 1.1.17 in the benchmark).
>
> User-Controlled Settings
> 
> Some of the settings, such as which log server to use, can be specified by the
> user. Below is a sample hiera file containing all the current configurable
> settings:
>
> cis::logserver: 'syslog.localdomain'
> cis::ntpserver:
>   - ntp1
>   - ntp2
>   - ntp3
> cis::aide_cron_check:
>   hour: 6
>   minute: 30
>
> Author
> ==
>
> Written by Arild Jensen  with source code 
> repository at https://github.com/arildjensen/cis-puppet.
>
>
> Release History
> ===
> - 0.2.0 - Added comments and implemented hiera support for some of the 
> settings.
> - 0.1.0 - Initial release
>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To post to this group, send email to puppet-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] What do YOU do to catch undefined variables

[Peter Brown]

On 3 May 2013 06:43, Larry Fast  wrote:

> I'm still a puppet newbie and these days I'm struggling with undefined
> variables.  At least once a week I hit an error message like this:
>Error: Failed to apply catalog: '' is not qualified and no path was
> specified. Please qualify the command or specify a path.
>
> IMO, the core issue is that Puppet has no mechanism for reporting read
> attempts on undefined variables.  So my question to the community is, what
> do YOU do to catch undefined variables?  If anyone has a first class
> solution I'd love to hear it.  But I'm also happy to consider ANY means to
> detect undefined variables. I may resort to explicitly listing all my
> variables and checking them with a custom ruby function.
>

I use vim with vim-puppet (and a bunch of other vim plugins).
It does syntax highlighting and does syntax and a few other check on saving
a file and lets you know if something is amiss.

I tried Gepetto but I can't us that over an ssh connection to a server if I
need to.

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] puppet master on the internet

[Peter Brown]

On 28 April 2013 19:48, Alberto Besana  wrote:

> We're about to run a bunch (< 50) machines scattered around a (physical)
> town and using a machine with a public IP to recover logs and report. We
> can not change this setting: it's a kind of experiment and it will last few
> weeks.
>
> Have anyone experience about safety issues trying to run a puppet master
> on a machine using a public IP?
> For the log-report part we use ssh to connect to the server and the idea
> is to use puppet agent to perform maintenance and tuning.
>

Hi,

I run my puppet master on a public ip.
I manage servers in remote datacentres as well as a bunch of virtual
machines in the office.

What do you mean by safety issues?
Do you mean security?
All communication between the node and the master is secured with ssl
certificates.
A node can't communicate with the puppet master without a signed
certificate.

Hope that helps.


>
> Thank you!
>
> Alberto
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To post to this group, send email to puppet-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] can puppet agent use 2 independent puppet master ?

[Peter Brown]

On 27 April 2013 18:32, Alex Leonhardt  wrote:

> Hi all,
>
> I havent seen a similar post, so thought I'd ask -
>

There have actually been quite a few people asking this very thing.

Is it possible to make a puppet agent use 2 different puppet masters ? E.g.
> I want to use 1 master to do basic configuration changes, etc. and a 2nd
> master to do other more application specific changes - the idea is to keep
> the system changes fully separated from the application changes that would
> be applied.
>

Why do you need to do this?
The general consensus on using two different puppet masters for a node is
that it's a very bad idea.

Doing what you describe about is very easy with one puppet master.
I manage a very wide range of services and applications all on one master.
I use a bunch of different modules each managing one service.


>
> Any clues / hints / links ?
>
> Thanks!
> Alex
>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To post to this group, send email to puppet-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Need some suggestions about how to handle dependencies between different Puppet nodes

[Peter Brown]

Someone else was asking something similar a while ago.

The only solution I can remember is to export a file from the 1st node with
the server id in it and require that on the second node.

I would be using the ripienaar-concat module on puppet forge to manage the
config file and export the server id stanza from the first node.
You would need to put a require on the second node or some other check to
make sure it exists before building the second node.
You could also run a query against puppetdb and require that on the second
node.

Does that make sense?




On 19 April 2013 11:52,  wrote:

>
> I'm trying to use puppet to automate IBM Domino installation. The first
> demo that I want to make is including two servers.
>
>- One will be the primary Domino Server.
>- The other will be the additional server.
>
> Now the problem I met is when I have to define an sequence there because
> Domino additional server requires a server id that must be generated by the
> 1st node. In other way, the 2nd node have to wait the 1st node finished,
> then it can be installed and configured.
>
> I tried to Google this similar issue. I found MCollective could be the
> answer but I can not find a example. Is there anyone knows how to handle
> dependencies between different Puppet nodes.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To post to this group, send email to puppet-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Question on Variable Scope

[Peter Brown]

Hiera is probably the best way to do that but not sure if it works in 2.6.
Using an ENC is another possible way to achieve this.


On 13 April 2013 10:10, Doug_F  wrote:

> List
>
> I want to have a per server snmp password setup. When I set it up as below
> and run the client it is unable to process the module because it cannot
> find the $snmp_password.
>
> Is there a way to export a $variable from a node so it can be read when
> the node processes one of its inherited modules?
> Is there something I can put in the inherited node like import $variable
> before the included modules execute?
>
> FYI running puppet 2.6.16
>
> From nodes.pp:
> node basenode-core {
> $snmp_server = "10.0.0.10"
> include snmpd
> }
>
> node 'myserver.domain.com' inherits basenode-core {
> $snmp_password = "mypassword"
> }
>
> Thanks,
> Doug F
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To post to this group, send email to puppet-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Managing multiple nagios servers with puppet and virtual resources

[Peter Brown]

You are welcome Phil.

Hope it helps you achieve your goals.
Let me know if you get stuck.

Pete.


On 11 April 2013 18:12, Phil Cole  wrote:

> Thanks Pete,
>
> I'll take a look at your module and see how things go.
>
> Phil
>
>
>
> On Thursday, April 11, 2013 12:02:14 AM UTC+1, Pete wrote:
>>
>> Hi Phil,
>>
>> The monitoring module I wrote does this very well.
>> It is on puppet forge if you want to have a look for some inspiration or
>> install it and go from there :) http://forge.puppetlabs.com/**
>> rendhalver/monitoring 
>> The docs are pretty comprehensive now and explain how it all works.
>>
>> I basically set it up so everything is abstracted and exported using
>> stored configs and imported to the monitoring server set in a class
>> variable I set with hiera.
>> The monitoring_server variable accepts an array so setting multiple
>> monitoring servers is easy.
>>
>> I haven't finished my nagios class yet because I recently switched to
>> icinga but my monitoring module is completely agnostic.
>>
>>
>>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To post to this group, send email to puppet-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Anyone managed to integrate Ambari/Hortonworks with an existing puppet installation?

[Peter Brown]

That sounds a bit restrictive.

I would be investigating whether you can add your modules and manifests to
the puppet master they use for the management server.


On 11 April 2013 10:22, John Warburton  wrote:

> Hi All
>
> We're investigating the Hortonworks Hadoop Data Platform. It uses the
> Apache Ambari installer, and we are running into problems as the
> installation notes (http://hortonworks.com/hdp110-hmc-quick-start-guide/)
> for the application say (and I kid you not):
>
> *Remove or disable any existing Puppet agent configurations
> *
> It seems that its management centre runs as a puppet master and all nodes
> are puppet agents. So, it is implying we can't run the management centre
> using *our* puppet masters. And really, we're not going to do that -
> we're not going back to having special little snow flakes scattered around
> the place
>
> So, do people use Hortonworks/Ambari within their own puppet
> installations? And what do people think about this sort of package that
> assumes it is the only puppet installation within an organisation? It seems
> Ambari are aware of the situation (
> https://issues.apache.org/jira/browse/AMBARI-665), but aren't doing much
> about it
>
> Thanks
>
> John
> --
> John Warburton
> Ph: 0417 299 600
> Email: jwarbur...@gmail.com
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To post to this group, send email to puppet-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Managing multiple nagios servers with puppet and virtual resources

[Peter Brown]

Hi Phil,

The monitoring module I wrote does this very well.
It is on puppet forge if you want to have a look for some inspiration or
install it and go from there :)
http://forge.puppetlabs.com/rendhalver/monitoring
The docs are pretty comprehensive now and explain how it all works.

I basically set it up so everything is abstracted and exported using stored
configs and imported to the monitoring server set in a class variable I set
with hiera.
The monitoring_server variable accepts an array so setting multiple
monitoring servers is easy.

I haven't finished my nagios class yet because I recently switched to
icinga but my monitoring module is completely agnostic.



On 11 April 2013 02:01, Phil Cole  wrote:

> Hi,
>
> For several years, we have @work had a puppet environment where when we
> add a new host/node, some basic monitoring is fed through to a nagios
> server using virtual resources and an old nagios class which either someone
> here wrote themselves, or found on the internet at the time.
>
> We are trying to move away from the existing puppet environment for a
> number of reasons, and using this as an opportunity to tidy up our puppet
> classes wherever possible.
>
> Nagios integration is one area that we haven't yet got our heads around.
>
> We would like (I think...) to be able to:
> * add a new node to puppet and give it an identifier to say whether it's
> (say) dev/test/production etc
> * for the new node, define a number of basic monitors - ping, ssh etc.
> * have a number of nagios servers (also defined in puppet) which collect
> the appropriate resources for dev or test or production
>
> ie, a "dev" node would be monitored by nagios instance 1
> a "test" node would be monitored by nagios instance 2
> a "production" node would be monitored by nagios instance 3
> etc
>
> But I'm struggling to see how I can collect the appropriate resources up
> on each nagios server.
>
> Has anyone tried this sort of thing?  Can it be done?
>
> Any pointers in the 'right' direction appreciated.  If it's documented
> anywhere and it's just a case of RTFM, please point me in the direction of
> which manual to read :)
>
> Thanks in advance
>
> Phil
>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To post to this group, send email to puppet-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Realize a virtual parametriced class

[Peter Brown]

This seems like entirely the wrong way to use classes.

Classes are a set of resources that can be applied to a node.

The easiest way to use classes is to include them in a node definition like
so

node 'blah.example.com' {
include blackup::client
}

if you need to set the variable for a class you can use hiera or an enc or
do something like this.

node 'blah.example.com' {
class{'backup::client':
backup => 'blah',
}

for more detailed explanations of classes please have a look here.
http://docs.puppetlabs.com/puppet/3/reference/lang_classes.html



On 9 April 2013 20:20, Israel Calvete  wrote:

> Hi,
>
> I try some like this...
>
> I need  virtual parametriced class.
>
> *@class {backup::client:*
> *   backup => xx*
> *}*
>
> Is posible to do something like this? If
>
>
> To realice...
>
> This don't works. (err: Could not retrieve catalog from remote server:
> Error 400 on SERVER: Resource* type class *doesn't exist at ..)
>
> *Class <| title == 'backup::client' |> {*
> *backup => $backup_remote*
> *}*
>
> This works fine but i can't set any parameter ( I need set the param value)
>
> *realize('backup::client')*
>
>
> So, the question is... How i can do to realize a virtual parametriced
> class?
>
> Thanks.
>
>
>
>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To post to this group, send email to puppet-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Re: Puppet parameterized class - include for declaration?

[Peter Brown]

On 9 April 2013 17:18, joe  wrote:

> You can include a parameterized class as long as all it's parameters have
> default values.


or you use hiera or an External Node Classifier to automagically set the
variables that don't have defaults or override that ones you need to.


>
>
> On Monday, April 8, 2013 3:10:03 PM UTC-6, Shantanu wrote:
>>
>>
>> The parameterized classes guide mentions that a parameterized class is
>> declared using following syntax [1]:
>>
>> class {'classname': }
>>
>>
>> But the puppetlabs postgresql 
>> modulementions that a 
>> parameterized class '
>> postgresql::server'
>> can be declared using 'include' syntax [2].
>>
>> So is 'include' syntax supported for parameterized classes now?
>>
>> --
>> Shantanu
>>
>>
>> 1. 
>> http://docs.puppetlabs.com/**guides/parameterized_classes.**html
>> 2. 
>> https://github.com/puppetlabs/**puppet-postgresql#setup
>>
>>
>>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To post to this group, send email to puppet-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] How to executing puppet module via puppetrun

[Peter Brown]

As far as I am aware puppetrun (Which is being phased out) only tells a
client node to start a normal puppet run.
I don't believe it is possible to tell it to only do particular parts of
it's manifest.

puppet apply is probably more useful to you but as far as I am aware it
only runs on the node itself so you will need some way of triggering it
remotely.

Please note I have only user puppet run and have never used puppet apply or
had a need to use it so I don't know much else.

Hope that helps.

Pete


On 9 April 2013 11:51, Love Anthony Vish  wrote:

> Hello Guys,
>
> I am able to execute puppetrun on specified client.
> #puppetrun mars.example.co.in
>
> But the above command only load or read .pp file under *
> /etc/puppet/manifests*.
>
> Is there any way, Where i can describe my own module or specified module
> for specific puppet client.
>
> e.g. #puppetrun jupiter.example.co.in (and it should load
> /etc/puppet/modules/sudo/manifests/.pp)
>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To post to this group, send email to puppet-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Using Puppet for Application package installation

[Peter Brown]

If you have them in a yum repository just add the repo to your node and
install it the usual way with package.

Or do you want to manage the packages in the custom yum repository?


On 4 April 2013 23:39, Dhaval  wrote:

> Hello Guys,
>
> i want to know, can we use puppet to install application packages ( not
> system packages ) .. if yes how , if someone can through some light ..
>
> my requirement is
>
> 1) application team can create package on their own and update in yum repo
> ( without root )
> 2) application team can install package on their own ( without root ) to
> the directories mention in rpm ..
>
> let me know if anyone is aware of similar things available ?
>
> Thanks in advance ...
>
> Regards,
> D
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To post to this group, send email to puppet-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Running ENC alongside site.pp (node defn)

[Peter Brown]

On 27 March 2013 01:02, Martin Alfke  wrote:

> Hi.
> On 26.03.2013, at 15:44, iamauser wrote:
>
> Hello,
>
> Is it possible to configure an ENC to provide class definition to a number
> of nodes at the same time where a few other nodes are controlled in the
> site.pp by node 'FQDN' {blah}  for the same puppetmaster ?
>
>
> ENC and site.pp do not replace each other.
> You can use them in parallel at the same time.
>
> Please note that you even may have one node in both (ENC and site.pp).
> Puppet will merge all classes and parameters.
>

It also seems that if you put some nodes in site.pp et al you need a
definition for all of them.
You can get around having to put an entry in for all of your nodes by
putting in an empty default node.



>
>
> I am wondering once parameters are set for the master to look for an ENC
> based definitions, will it conflict with the site.pp node definitions ?
> For example these two basic parameters for ENC :
>
> node_terminus = exec
> external_nodes = /usr/local/bin/enclassifier
>
> Thanks for any suggestion.
>
> --
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To post to this group, send email to puppet-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
>
>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To post to this group, send email to puppet-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Re: What's your hiera tree look like?

[Peter Brown]

On 25 March 2013 10:12, Robin Lee Powell wrote:

> On Fri, Mar 22, 2013 at 04:22:19PM -0700, Aaron Mills wrote:
> >
> > The biggest pain point for us is that having hiera + puppet in the
> > same repo feels like extra work. If they're going to live
> > together, why even use hiera? Why not just set variables at the
> > node level?
>
> For me, here are some reasons to want to do it that way (I'm looking
> at moving to Hiera right now):
>

These are exactly the reasons I moved to hiera when I switched my
environment over to puppet 3 from 2.6.
It was mostly about separating my data from the code and making my modules
easy to read and portable.
My modules and node templates were getting insane and so hard to read (I
started using puppet 0.24 so it was the only way to do it at the time apart
from setting up and ENC)

Nail all this to a puppetmaster with a puppetdb backend and set up foreman
as an ENC and everything is lovely.
Especially my node definitions which are only used for adding the
occasional define and occasionally adding a module include for testing
before I add it to my nodes in foreman.

1.  Hiera stuff is set before everything, which fixes a lot of
> scoping issues in puppet.
>
> 2.  You can drive other tools off the Hiera YAML; you can basically
> use it as an inventory system.  Multiple sources of truth is *bad*.
> Alternatively, you can have an inventory system generate Hiera YAML
> very easily; generating well-formed puppet instructions with
> reasonable flexibility is *HARD* (I've written a system to do this,
> trust me).
>
> 3.  Tweaking a YAML value means you are, in some sense at least,
> tweaking *data*, but if you're messing with puppet variables you're
> always messing with *code*, with all the joy that entails.
>
> -Robin
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To post to this group, send email to puppet-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Re: Host name lookup failure

[Peter Brown]

You need to reboot for selinux to be disabled.
Try "setenforce permissive" to switch off enforcing mode.


On 20 March 2013 15:28, yarlagadda ramya  wrote:

> Hi krish,
>
> I also tried modifying SELINUX=disabled in /etc/selinux/config  but
> its of no use..it dint get disabled
>
> Regards,
>
> Ramya Y
>
>
> On Wednesday, 20 March 2013 10:29:17 UTC+5:30, yarlagadda ramya wrote:
>>
>> Hi..
>>
>> I tried to disable selinux but it dint worked...it is enabled..only...
>>
>> I used this command to check whether it is enabled or diabled  -   
>> selinuxenabled
>> && echo enabled || echo disabled
>>
>> As u said to disable it, i tried to do it...using this command  -  echo
>> 0 > /selinux/enforce
>>
>> but itis not working...
>> please check it out...
>>
>> Regards
>>
>> Ramya Y
>> On Monday, 18 March 2013 20:16:20 UTC+5:30, krish wrote:
>>>
>>>
>>>
>>> On Mon, Mar 18, 2013 at 6:24 PM, yarlagadda ramya wrote:
>>>
 Hi krish..

 Am able to reach the master through user..and am mentioning down  the
 debugging results..please do help me in getting a solution..


 dnsdomainname: Host name lookup failure
 dnsdomainname: Host name lookup failure
 debug: Failed to load library 'selinux' for feature 'selinux'

>>>
>>> Holy carp... can you use pastebin/pastie next time!!!
>>>
>>> Anyway, please try disabling selinux and then clearing certs from master
>>> and agent and try to req cert again.
>>> And what is that lookup failed? :) Should tell you something.
>>>


>>>
>>>
>>>
>>> --
>>> Krish
>>
>>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To post to this group, send email to puppet-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Re: how to customize hiera lookups per node?

[Peter Brown]

You can apparently use LDAP as an ENC...
I run FreeIPA here but I haven't tried setting it up as an ENC yet (I
currently use Foreman)

Here are the official docs on the subject.
http://projects.puppetlabs.com/projects/puppet/wiki/LDAP_Nodes

The ENC docs may help as well.
http://docs.puppetlabs.com/guides/external_nodes.html



On 19 March 2013 19:26, Felix Frank  wrote:

> On 03/18/2013 03:02 PM, Klavs Klavsen wrote:
> > I solved this issue, by using netgroups (in LDAP) - which is loaded into
> > puppet, by a script which is run by external_nodes setting (it just
> > provides parameters - no actual nodes).
> >
> > This way, a server can have multiple roles (by being in multiple
> > netgroups).
>
> Hmm, external nodes? You have an ENC?
>
> Well, sure - with one of those, the problem can be worked around, I
> guess...
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To post to this group, send email to puppet-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] How to iterate over a string to construct nagios_service check as exported resource?

[Peter Brown]

It's pretty tricky to "program" puppet like your usual programming language.

Given the nature of how puppet does things you will have to write a define
that accepts the array you have split and then split the $title variable on
","

That looks like a very complex way of generating nagios services.

I am going to hope that the services you are monitoring aren't managed by
puppet at all and that's the only way to do it.





On 15 March 2013 09:35, Sans  wrote:

> Dear all,
>
> I wrote a custom fact, which returns a comma separated list of addr:port,
> like this:
>
>
>> sb_intl_conn =>
>> sbcms-t:22,sbsql05-wvuk-inst5:1434,sborc07-uk-t:1533,..,..,..
>>
>
> The number of elements in the string varies from node to node. I need to
> do a Nagios tcp-port-check on each of them. I think
> sb_intl_conn.split(",") will turn this string into an array and then how
> can I iterate over it to do something like this?
>
>
> @@nagios_service { "check_stat_${::fqdn}_${addr}_${port}":
>> use => 'generic-service',
>> check_command   => "remote-nrpe-tcp-check!${addr}!${port}",
>> service_description => "V2::CON: ${addr} [Palms]",
>> display_name=> "Connection check: ${addr}:${port}",
>> servicegroups   => 'batch-worker',
>> hostgroup_name  => 'batch-job',
>> }
>>
>
> Any help would be greatly appreciated. Cheers!!
>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To post to this group, send email to puppet-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Re: hiera_hash lookups for included classes?

[Peter Brown]

Second Ellison's idea.
That's what I do for hashes as well.



On 14 March 2013 11:51, Ellison Marks  wrote:

> You can just call hiera_hash() from within your manifest, no? It's not
> quite as pretty as auto lookup, but it works, and we can hope we get some
> prettier syntax in the future.
>
>
> On Wednesday, March 13, 2013 6:28:00 PM UTC-7, Scott Merrill wrote:
>>
>> When using "include" to include a class Hiera helpfully performs an
>> autolookup on the parameters of the included class. Specially-named
>> variable names are automatically pulled from the Hiera datastore(s) and
>> passed into the included module. This is pretty awesome.
>>
>> But it looks like included resources _only_ perform a hiera() lookup. If
>> we have a hash defined in several levels of our Hiera data, and we want the
>> hash to be collapsed into a single hash following hierarchy order, does
>> Hiera offer a way to perform a hiera_hash() lookup for the autolookup?
>>
>> The documentation discourages mixing defined-type module inclusion and
>> "include"-type module inclusion. So if there's no hiera_hash() option for
>> autolookups, we're required to use defined-type inclusion, yes?
>>
>> Thanks.
>>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To post to this group, send email to puppet-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Puppet and mobile OS

[Peter Brown]

It would have run on MeeGo...

Android doesn't have enough of a linux stack to make ruby easy to setup
I have no idea bout iPhone so can't comment on that.


On 13 March 2013 20:50, bernard.gran...@morpho.com <
bernard.gran...@morpho.com> wrote:

> Hi,
>
>
>
> Is there a puppet agent available for Android or IPhone ?
>
>
>
> Sincerly,
>
>
>
> Bernard Granier
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To post to this group, send email to puppet-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Re: Restructure puppet modules

[Peter Brown]

I would recommend having a look at the modules on puppet forge to give you
a kickstart into the process.
http://forge.puppetlabs.com/

There are a bunch of useful modules in there.


On 12 March 2013 19:16, Andrea Crotti  wrote:

> Mm ok then I'll drop the idea and try to go with modules..
> The other problem now is that I should somehow switch from an architecture
> which was provisioned but never correctly maintained with puppet
> to using puppet master and all these nice things, which is not going to be
> trivial..
>
> On Monday, March 11, 2013 7:42:07 PM UTC, joe wrote:
>>
>> Modules are not overkill and are, in fact, the only way you can do what
>> you intend.
>>
>> There is currently no module structure that would allow you organize your
>> manifests the way you'd like and still be able to apply classes flexibly.
>>
>> The reason for this is that the module structure in puppet is mostly a
>> file naming convention that  allows the master to locate particular
>> classes. If you wish to flexibly include/declare classes as you wish, the
>> only way puppet would be able to find them and flexibly apply them would be
>> to follow the module convention.
>>
>> For instance, for a class nginx, the *only* place puppet can find that
>> and apply it flexibly is if it is located in $moduledir/nginx/manifests/*
>> *init.pp.
>>
>> Otherwise, you'd have to still rely on import and then have a *ton* of
>> conditionals everywhere to figure out whether to actually apply each class.
>> This is not maintainable at all.
>>
>> Go with modules. You'll have many fewer issues later.
>>
>> On Monday, March 11, 2013 12:23:47 PM UTC-6, Andrea Crotti wrote:
>>>
>>> So far we have a similar situation, for each different server one fabric
>>> and one puppet file, where the fabric file simply applies it in a brutal
>>> way.
>>>
>>>
>>> with settings(user='root'):
>>> put('qa.pp', 'qa.pp')
>>> put('puppet apply qa.pp')
>>>
>>> And puppet files don't use anything like classes or modules, but simply:
>>>
>>> package {["nginx", "python-virtualenv", "rsync", "autossh",
>>> "redis-server", "git-core", "python-dev", "ntp"]:
>>>   ensure => installed}
>>>
>>> service { 'nginx' :
>>>   ensure => "running",
>>>   enable => true,
>>>   hasrestart => true,
>>>   require => Package["nginx"]
>>> }
>>>
>>>
>>> Now there are many issues with the current setup, where the first is we
>>> are not really managing our servers, but we can only provision them..
>>>
>>> The second big problem is that there is a lot of repetition everywhere
>>> and the third is that I can't easily provision multiple services on a
>>> single machine (if they were supposed initially to run on different
>>> machines).
>>>
>>> Now I read some doc and in theory it looks like I should create one
>>> module per each service.
>>>
>>> - nginx
>>>  + templates
>>>  + manifests
>>>
>>> - couch
>>>  + templates
>>>  + manifests
>>>
>>> this is however overkill for me, what I think would make more sense
>>> would be
>>>
>>> - templates
>>>   + nginx
>>>   + couch
>>>
>>> - manifests
>>>   + base.pp
>>>   + couch.pp
>>>   ..
>>>
>>> Is it possible to use such a structure though?
>>>
>>> I just want to be able to use classes smartly, avoid duplication and
>>> start working with puppetmaster instead of this silly way..
>>>
>>> Any advice?
>>> Thanks
>>>
>>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To post to this group, send email to puppet-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Re: Boolean in hiera... problems again

[Peter Brown]

On 8 March 2013 06:43, Nick Fagerlund  wrote:

>
>
> On Thursday, March 7, 2013 11:28:23 AM UTC-8, Jakov Sosic wrote:
>>
>> On 03/07/2013 02:41 PM, llowder wrote:
>> >
>> >
>> > On Thursday, March 7, 2013 6:38:52 AM UTC-6, Ahmed Kamal wrote:
>> >
>> > I'm on 3.1, and I'm finding that "true" works as expected, but
>> > "false" does not! I think "false" is interpreted as "undef" or so,
>> > thus taking value from the module's default params
>>
>
> Yeah it's definitely a bug, but I think it's
> http://projects.puppetlabs.com/issues/17105 -- not sure when it'll be
> fixed, but I know they're working on it and consider it serious.
>
> If you need it to work today, you can use the "sloppy bools" pattern, and
> use a string (instead of a real bool) in your hiera data:
>
> class myclass ($myparam) {
>   $myparam_real = str2bool("$myparam")
>   #... use $myparam_real everywhere below here.
> }
>
> ---
> myclass::myparam: "false"
>
> This will make it so $myparam can be a string, a real boolean, or a number
> (0/1), and still work fine. Note the quotes in the str2bool call; those
> make it so you can later change the hiera data to a real bool (after the
> bug is fixed) without changing your code.


Awesome!
I was attempting to think of a quick fix for the problem but hadn't gotten
around to it.
My solution was to set the vars in each node definition but this idea is
nicer

Thanks Nick!


>
>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To post to this group, send email to puppet-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Boolean in hiera... problems again

[Peter Brown]

Last I tried I still had problems in 3.1.0.


On 7 March 2013 02:20, Jakov Sosic  wrote:

> On 03/06/2013 10:59 AM, Keith Burdis wrote:
> > I am running 3.1.0 and hiera booleans appear to be working fine.
>
> I am running 3.1.0 and still have problems...
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To post to this group, send email to puppet-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Boolean in hiera... problems again

[Peter Brown]

Getting booleans from hiera to puppet is not currently not functioning like
you would expect.
There is a bug reported for it and they are working on it but it's still in
progress last I looked.


On 6 March 2013 06:08, Jakov Sosic  wrote:

> Hi...
>
> I've been trying to set up boolean values in Hiera, but with no luck.
>
> For example, I'm using puppetlabs-haproxy module, and this is a code
> snippet:
>
> class haproxy (
>   $manage_service   = true,
>...
> ) inherits haproxy::params {
>...
>
>   if $manage_service {
>   }
> }
>
> Now, this is how I set up values in hiera:
>
> haproxy::manage_service: false
>
>
> But, it seems that $manage_service is always true... I tried by single
> quoting 'false', capital letter False, but nothing helps...
>
> Only thing so far I've found out is to change the manifest code to look
> like this:
>
>   if $manage_service == 'true' {
>   }
>
>
> Any ideas?
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To post to this group, send email to puppet-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Puppet experience better in Fedora 17 or Fedora 18?

[Peter Brown]

Actually scratch the comment about puppet having packages for Fedora 18.
The repo exists but it seems to be empty for now.
I guess they are still building it.


On 1 March 2013 10:26, Peter Brown  wrote:

> Fedora 18 is officially supported in the puppetlabs yum repos now.
> Last I looked it wasn't (only a couple of days ago).
> I have been running a couple of node on Fedora 18 for a while and there is
> a few issues that occur but I think they still affect 17 as well.
> Most of the issues I have seen relate to systemd especially when the
> service still has an init script. There are bug reports relating to those
> issues and they are still in progress.
> I am getting tempted to offer my services to test those bugs...
>
> I can't comment on cobbler or the bug you are seeing.
>
> Good luck either way.
>
> Pete.
>
>
> On 1 March 2013 07:38, thyrsus  wrote:
>
>> I've been struggling to get cobbler to bootstrap puppet in Fedora 17.
>> Currently I'm suffering from puppet bug #9084, and I'm about to see if
>> applying the changes from https://github.com/puppetlabs/puppet/pull/831get 
>> me functional (I've already tried the symlink to ca.pem workaround, and
>> it didn't get me there).  I'll find out this evening if that's already been
>> applied to the fedora 17 package, in which case I'm stuck.
>>
>> Would I have a better experience if I skipped to Fedora 18, since it's
>> using Puppet 3.0, or am I just trading in for a better class of "puzzles"?
>>
>> - Stephen
>>
>>  --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to puppet-users+unsubscr...@googlegroups.com.
>> To post to this group, send email to puppet-users@googlegroups.com.
>> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
>> For more options, visit https://groups.google.com/groups/opt_out.
>>
>>
>>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Puppet experience better in Fedora 17 or Fedora 18?

[Peter Brown]

Fedora 18 is officially supported in the puppetlabs yum repos now.
Last I looked it wasn't (only a couple of days ago).
I have been running a couple of node on Fedora 18 for a while and there is
a few issues that occur but I think they still affect 17 as well.
Most of the issues I have seen relate to systemd especially when the
service still has an init script. There are bug reports relating to those
issues and they are still in progress.
I am getting tempted to offer my services to test those bugs...

I can't comment on cobbler or the bug you are seeing.

Good luck either way.

Pete.


On 1 March 2013 07:38, thyrsus  wrote:

> I've been struggling to get cobbler to bootstrap puppet in Fedora 17.
> Currently I'm suffering from puppet bug #9084, and I'm about to see if
> applying the changes from https://github.com/puppetlabs/puppet/pull/831get me 
> functional (I've already tried the symlink to ca.pem workaround, and
> it didn't get me there).  I'll find out this evening if that's already been
> applied to the fedora 17 package, in which case I'm stuck.
>
> Would I have a better experience if I skipped to Fedora 18, since it's
> using Puppet 3.0, or am I just trading in for a better class of "puzzles"?
>
> - Stephen
>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To post to this group, send email to puppet-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] dependencies between nodes

[Peter Brown]

On 22 February 2013 06:24, Kyle Sexton  wrote:

> "GRANIER Bernard (MORPHO)"  writes:
>
> > Hi,
> >
> > I need to describe dependencies between nodes, for example,
> > to be sure that database is deployed on one node before
> > deploying web application on another node.
> >
>
> I haven't messed with inter-dependent nodes yet, but exported resources
> might fit the bill.  Something like:
>


I agree with Kyle.

This seems like the best way to achieve this sort of node interdependence.


,
> | node a {
> | # Do this when the DB is installed
> | @@file { "/tmp/dbdone.txt": content => "Woo, DB installed!\n", tag
> => "dbdone", }
> | }
> |
> | node b {
> | File <<| tag == 'foofile' |>>
> | }
> `
>
>
> Then if /tmp/dbdone.txt is on nodeb it's safe to install?  Again,
> haven't tried this but potentially worth looking at.  No matter what I'm
> curious what the solution is.
>
>
> --
> Kyle Sexton
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To post to this group, send email to puppet-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Puppet and storage devices

[Peter Brown]

How do you mean?
Storing it's modules or manifest data or hieradata on a "storage device"?

And what do you mean by storage devices?
Removable storage devices or non removable or remote storage devices?

Or do you want to maintain the configuration of a storage device?

Your question is quite vague so I (and likely others) have no idea how to
answer it.

On 21 February 2013 23:47, Raymond Regnier  wrote:

> Can puppet work on storage devices to maintain its configuration?
>
>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To post to this group, send email to puppet-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Multiple Puppet agents on one node?

[Peter Brown]

Actually scratch the why and replace it with what you are trying to achieve.


On 22 February 2013 09:08, Peter Brown  wrote:

>
> If you explain why you need to do this we may be able to provide a better
> solution that would work better than running two agents talking to two
> masters.
> There are a lot of people here with a great deal of experience with this
> sort of thing.
>
> Pete.
>
>
> On 21 February 2013 19:37, Michael Hüttermann wrote:
>
>> thank you for your opinion.
>> I've somehow lost the last post, sorry for bothering you again with the
>> same strange question.
>>
>>
>> On Thursday, February 21, 2013 5:28:10 AM UTC+1, Pete wrote:
>>
>>> On 21 February 2013 06:34, Michael Hüttermann wrote:
>>>
>>>> I'm just curious if this is possible, technically.
>>>> Is it?
>>>
>>>
>>> It is theoretically possible but like I said last time it isn't a good
>>> idea at all.
>>>
>>>
>>>>
>>>> On Wednesday, February 20, 2013 6:33:06 PM UTC+1, Ygor wrote:
>>>>
>>>>> I will ask the obvious:
>>>>>
>>>>> Why do you want to do this ?
>>>>>
>>>>> “Sometimes I think the surest sign that intelligent life exists
>>>>> elsewhere in the universe is that none of it has tried to contact us.”
>>>>> Bill Waterson (Calvin & Hobbes)
>>>>>
>>>>> --
>>>>> *From: *"Michael Hüttermann" 
>>>>> *To: *puppet...@googlegroups.com
>>>>>
>>>>> *Sent: *Wednesday, February 20, 2013 12:22:55 PM
>>>>> *Subject: *[Puppet Users] Multiple Puppet agents on one node?
>>>>>
>>>>> Hello,
>>>>>
>>>>> can I run two different Puppet agents on one node listening to two
>>>>> different Masters?
>>>>>
>>>>> Thank you for your help.
>>>>>
>>>>>
>>>>> Best regards
>>>>>
>>>>> Michael
>>>>>
>>>>> --
>>>>> You received this message because you are subscribed to the Google
>>>>> Groups "Puppet Users" group.
>>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>>> an email to puppet-users...@**googlegroups.**com.
>>>>> To post to this group, send email to puppet...@googlegroups.com.
>>>>>
>>>>> Visit this group at http://groups.google.com/**group**
>>>>> /puppet-users?hl=en<http://groups.google.com/group/puppet-users?hl=en>
>>>>> .
>>>>> For more options, visit 
>>>>> https://groups.google.com/**grou**ps/opt_out<https://groups.google.com/groups/opt_out>
>>>>> .
>>>>>
>>>>>
>>>>>
>>>>  --
>>>> You received this message because you are subscribed to the Google
>>>> Groups "Puppet Users" group.
>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>> an email to puppet-users...@**googlegroups.com.
>>>> To post to this group, send email to puppet...@googlegroups.com.
>>>> Visit this group at 
>>>> http://groups.google.com/**group/puppet-users?hl=en<http://groups.google.com/group/puppet-users?hl=en>
>>>> .
>>>> For more options, visit 
>>>> https://groups.google.com/**groups/opt_out<https://groups.google.com/groups/opt_out>
>>>> .
>>>>
>>>>
>>>>
>>>
>>>  --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to puppet-users+unsubscr...@googlegroups.com.
>> To post to this group, send email to puppet-users@googlegroups.com.
>> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
>> For more options, visit https://groups.google.com/groups/opt_out.
>>
>>
>>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Multiple Puppet agents on one node?

[Peter Brown]

If you explain why you need to do this we may be able to provide a better
solution that would work better than running two agents talking to two
masters.
There are a lot of people here with a great deal of experience with this
sort of thing.

Pete.


On 21 February 2013 19:37, Michael Hüttermann wrote:

> thank you for your opinion.
> I've somehow lost the last post, sorry for bothering you again with the
> same strange question.
>
>
> On Thursday, February 21, 2013 5:28:10 AM UTC+1, Pete wrote:
>
>> On 21 February 2013 06:34, Michael Hüttermann wrote:
>>
>>> I'm just curious if this is possible, technically.
>>> Is it?
>>
>>
>> It is theoretically possible but like I said last time it isn't a good
>> idea at all.
>>
>>
>>>
>>> On Wednesday, February 20, 2013 6:33:06 PM UTC+1, Ygor wrote:
>>>
 I will ask the obvious:

 Why do you want to do this ?

 “Sometimes I think the surest sign that intelligent life exists
 elsewhere in the universe is that none of it has tried to contact us.”
 Bill Waterson (Calvin & Hobbes)

 --
 *From: *"Michael Hüttermann" 
 *To: *puppet...@googlegroups.com

 *Sent: *Wednesday, February 20, 2013 12:22:55 PM
 *Subject: *[Puppet Users] Multiple Puppet agents on one node?

 Hello,

 can I run two different Puppet agents on one node listening to two
 different Masters?

 Thank you for your help.


 Best regards

 Michael

 --
 You received this message because you are subscribed to the Google
 Groups "Puppet Users" group.
 To unsubscribe from this group and stop receiving emails from it, send
 an email to puppet-users...@**googlegroups.**com.
 To post to this group, send email to puppet...@googlegroups.com.

 Visit this group at http://groups.google.com/**group**
 /puppet-users?hl=en 
 .
 For more options, visit 
 https://groups.google.com/**grou**ps/opt_out
 .



>>>  --
>>> You received this message because you are subscribed to the Google
>>> Groups "Puppet Users" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to puppet-users...@**googlegroups.com.
>>> To post to this group, send email to puppet...@googlegroups.com.
>>> Visit this group at 
>>> http://groups.google.com/**group/puppet-users?hl=en
>>> .
>>> For more options, visit 
>>> https://groups.google.com/**groups/opt_out
>>> .
>>>
>>>
>>>
>>
>>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To post to this group, send email to puppet-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Multiple Puppet agents on one node?

[Peter Brown]

On 21 February 2013 06:34, Michael Hüttermann wrote:

> I'm just curious if this is possible, technically.
> Is it?


It is theoretically possible but like I said last time it isn't a good idea
at all.


>
> On Wednesday, February 20, 2013 6:33:06 PM UTC+1, Ygor wrote:
>
>> I will ask the obvious:
>>
>> Why do you want to do this ?
>>
>> “Sometimes I think the surest sign that intelligent life exists elsewhere
>> in the universe is that none of it has tried to contact us.”
>> Bill Waterson (Calvin & Hobbes)
>>
>> --
>> *From: *"Michael Hüttermann" 
>> *To: *puppet...@googlegroups.com
>>
>> *Sent: *Wednesday, February 20, 2013 12:22:55 PM
>> *Subject: *[Puppet Users] Multiple Puppet agents on one node?
>>
>> Hello,
>>
>> can I run two different Puppet agents on one node listening to two
>> different Masters?
>>
>> Thank you for your help.
>>
>>
>> Best regards
>>
>> Michael
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to puppet-users...@**googlegroups.com.
>> To post to this group, send email to puppet...@googlegroups.com.
>>
>> Visit this group at 
>> http://groups.google.com/**group/puppet-users?hl=en
>> .
>> For more options, visit 
>> https://groups.google.com/**groups/opt_out
>> .
>>
>>
>>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To post to this group, send email to puppet-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] autometically create nagios_hostgroup only when a member of a group comes up

[Peter Brown]

On 20 February 2013 21:39, Sans  wrote:

> Hi Pete, how you doing?
>
>
>
>> You will get duplication if you declare a nagioshost_group with the same
>> name on more than one node...
>> I think you may be missing the point of nagios_hostgroup. It is for
>> declaring a hostgroup in nagios not setting the nagios hostgroup for a node.
>>
>
> Yes, I know that I'll get duplication error for obvious reason and that's
> the whole reason for asking this Q. I know what the "hostgroup" is for
> (using Nagios for a while now) and I'm not trying to setting up hostgroup
> for a node. Perhaps I wasn't clear with my question.
>

Ok sorry for my confusion.


>> I am guessing you are trying to add a node to a hostgroup?
>> You will need to add a hostgroups parameter to your nagios_host
>> declaration and set the hostgroup for the node there.
>>
>
> No - I'm not trying to "add a  node to hostgroup" but I was trying to
> figure out a way to declare a "hostgroup" only after at least one  member
> of that particular comes online.  Suppose, I've three nodes - N1, N2, N3
> and two  hostgroups - HG1 and HG2. N1 (which is Nagios-server) is being in
> HG1 and N2 & N3 in HG2.
>

Yep I get you now.
You could possibly check if it's defined before re defining it.
If it wasn't an exported resource it might be easier but not sure how to
achieve that when realizing exported resources. Tags may help.

I just put my hostgroup definitons in a separate class and then set the
hostgroups on each host.
I do end up with empty ones that way though.


>
>
>> I am also reasonably sure you can have empty hostgroups in nagios...
>>
>
> Yes you can (overlooked that point, really) until a service
> (nagios_service type) is defined. I think, my actual question would be, how
> can I query if a host with certain name (property) is up and only include
> that service if the node count is at least one or more. I think I can
> export some sort of resource from a given host and collect it on the master
> (my Nagios server is co-located with Puppet master)? Any idea what might be
> the best possible way of doing that? cheers!!
>

You may have to resort to querying puppetdb if you use it or your config
store database (puppetdb is easier to query from what I have seen).
I haven't needed to do anything like that but I have seen mention of at
least one tool for doing puppetdb queries posted on the list.

Good luck!

Pete.

>
>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To post to this group, send email to puppet-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] autometically create nagios_hostgroup only when a member of a group comes up

[Peter Brown]

Hi,

You will get duplication if you declare a nagioshost_group with the same
name on more than one node...
I think you may be missing the point of nagios_hostgroup. It is for
declaring a hostgroup in nagios not setting the nagios hostgroup for a node.

I am guessing you are trying to add a node to a hostgroup?
You will need to add a hostgroups parameter to your nagios_host declaration
and set the hostgroup for the node there.

I am also reasonably sure you can have empty hostgroups in nagios...

if you want a kickstart there are a few monitoring modules on puppet forge.
(I wrote some that may help)


On 20 February 2013 11:27, Sans  wrote:

> Is there any way to create the Nagios hostgroup only when the first (or
> at least one) member of that hostgroup comes on line?
>
> I tried with Puppet Storeconfigs: The client node exports the
> nagios_hostgroup resource:
>
>> @@nagios_hostgroup { 'cloud-app':
>> alias => "Application Servers",}
>>
>>
>
> and the server node collects it:
>
>> Nagios_hostgroup <<| |>> { notify => Service['nagios'] }
>>
>>
>
> It works for the first node but get "duplicate definition" error as soon
> as the second node of that hostgroup comes online and try to export the
> very same resource.
>
> Specifying hostgroup in the Nagios server manifest (and exporting the
> nagios_host instead) initially solve this issue but the biggest problem
> with this approach is: in a multi hostgroup configuration, Nagios won't
> start until atleast one member from the each hostgroup comes on-line. This
> leaves us with a huge inconvenience. As all the hostgroups are created
> during the Nagios server configuration, Nagios refuses to start until the
> first member of the last hostgroup is configured. For us, it takes up to 30
> mins. Is there any workaround/fix for this issue? Any pointer would be
> greatly appreciated. Cheers!!
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To post to this group, send email to puppet-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Parameter issue

[Peter Brown]

Hi Gerdo,

You are on the right track using a define but the problem is one of scope.
The version parameter for your define will only get set once in your
php::params class because classes are almost singletons in puppet (as in
they can exist only once for a node no matter how many times you call them).
You will have to set the configure parameters inside your define which will
be ugly I know but there isn't any other way around it.
I haven't used them but inline templates may help alleviate the ugliness.
I would also recommend splitting your define out into a separate file so
it's easier to maintain.

Hope that helps.

Pete.



On 20 February 2013 09:04,  wrote:

> Hi,
>
> I'm working on a module and run into an issue. I would like to install
> multiple PHP versions from source. I know the preferred way is packages,
> but I don't want to maintain a custom APT repository. I have two files:
> install.pp which does the installation (download, extract, configure, make,
> make install) and params.pp which provides parameters.
>
> https://gist.github.com/gergoerdosi/4990967
> https://gist.github.com/gergoerdosi/4991012
>
> The first call to php::install::source { '5.3.21': } runs fine, however
> when it reaches php::install::source { '5.4.11': }, it downloads 5.3.21
> again instead 5.4.11. This is happening because the $url uses $version in
> params.pp, which doesn't get updated on the second call. This an expected
> behavior, but I don't know how else could I do it. What I want to do is to
> provide parameters for the different PHP versions (different URL, configure
> options etc). Any idea? My Puppet version is 2.7.19.
>
> Gergo Erdosi
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To post to this group, send email to puppet-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] How to manually create Puppet CA and client certificates using openssl?

[Peter Brown]

You might have better luck using something like FreeIPA and using it's ca
cert and setting up certs for each node and using those as the puppet certs.

This may help.
http://jcape.name/2012/01/16/using-the-freeipa-pki-with-puppet/

I had a go at setting it up but I am using FreeIPA 3 and the steps need
some changing for that so your mileage may vary.


On 20 February 2013 06:15,  wrote:

> Dear Felix,
>
> I think you're getting it wrong, let me clarify it a bit. The goal of this
> is to be able to write web interface for generating puppetmasters CA's and
> client certificates on demand. An example: install 3 puppetmasters with
> loadbalancer in front. Use web interface to generate CA and certificates
> for chosen clients (lets say, 10 machines). Deploy such generated CA's on
> puppetmasters, and relevant bits on puppet clients to authorize them
> against these puppetmasters. Whenever there's need for change, use that CA
> via web interface to add and delete client certificates, redeploy them on
> puppetmasters and so on. This, while doable via Subprocess functions
> (Python is the language of choice for me, but that doesnt really matters)
> and calls to relevant puppet system commands is extremely ugly and not
> flexible solution. I would love to do it via openssl library, but to do so,
> I'd need to have a workable way to build CA's and sign (and revoke) client
> certs via openssl command - so far I cant reach that goal. I hope this
> makes more sense now.
>
> Regards,
> S.
>
> On Tuesday, February 19, 2013 4:04:32 PM UTC, Felix.Frank wrote:
>
>> On 02/16/2013 12:20 PM, spankt...@gmail.com wrote:
>> > after creating CA and client cert and applying them to puppetmaster, it
>> > complains with:
>>
>> Wait, what? You create a new CA, even after agents have already been
>> certified, then create new agent certificates?
>>
>> If your CA changes, you will have to terminate all the (now deprecated)
>> agent certificates and sign new certificates for all agents.
>>
>> Basically, I would expect the outcome you are observing, and you should
>> just follow the instructions given in your log excerpt. Note that you
>> are *not* supposed to remove the CA from the master, only the copy of
>> the agent's certificate.
>>
>> HTH,
>> Felix
>>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To post to this group, send email to puppet-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Re: Checking GIT updates

[Peter Brown]

On 17 February 2013 01:34, Jason Edgecombe  wrote:

> On 02/14/2013 07:25 PM, Peter Brown wrote:
>
>> On 15 February 2013 10:04, joe  wrote:
>>
>>  Puppet isn't particularly good at code deployment. Ideally, you'd package
>>> your code, set a package resource to ensure => latest, then update your
>>> package repo with the new code. Then, all the resources that subscribe to
>>> that package (services, etc.) would be refreshed when the package gets
>>> updated in your repo.
>>>
>>
>> I disagree.
>> I use puppet for managing code deployments.
>> I tend to use svn or git to roll it out because our internal software is a
>> moving target and not well suited to packages and because it can be
>> deployed multiple times on a node.
>> Yes I realise I could use a package for that but I find it easier to use a
>> source code management system.
>> Updating is a simple process of updating one variable that specifies the
>> tag to update to.
>>
>>
>>
> Puppetforge has the vcsrepo module if you want to use the pull method:
> https://forge.puppetlabs.com/**puppetlabs/vcsrepo<https://forge.puppetlabs.com/puppetlabs/vcsrepo>
>
> I'm just not sure if "notify" works with it.



I was intending on having a look at vscrepo to see if i can get it to work
with my setups.
It looks pretty handy.


>
> Jason
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to 
> puppet-users+unsubscribe@**googlegroups.com
> .
> To post to this group, send email to puppet-users@googlegroups.com.
> Visit this group at 
> http://groups.google.com/**group/puppet-users?hl=en<http://groups.google.com/group/puppet-users?hl=en>
> .
> For more options, visit 
> https://groups.google.com/**groups/opt_out<https://groups.google.com/groups/opt_out>
> .
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Puppet diff and preview of changes to node's catalog

[Peter Brown]

Hi Elad,

There is an audit mode which may help you.
There is an explanation of how it works here.
https://puppetlabs.com/blog/all-about-auditing-with-puppet/




On 18 February 2013 16:45, Elad Shmitanka  wrote:

> While trying to build "safety mechanisms" for applying new configuration,
> the aim: be able to fore-tell what will be the changes on the nodes, just
> like you can see the changes in SVN, I want to see how they will affect the
> nodes.
> I will manage this by having 2 modules directories, 1 currently used by
> the puppet master and the second is the "new" one that will be applied,
> Same for configuration directory.
>
> Since I'm a fan of Bash, the idea would be to use command line tools.
> Create list of the nodes:
> puppet cert --list --all   Will give me list of all the nodes I want
> to examine
>
> Create a compiled catalog:
> puppet master --compile  --modulepath  --confdir
>  >  I will run it twice, one for each pair
> of directories, for each node
>
> then using this diff tool:
> https://github.com/ripienaar/**puppet-catalog-diff
> to show the diff between them
>
>
> Any thoughts? comments? things I may have overlooked?
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To post to this group, send email to puppet-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Automating nagios_service resource type

[Peter Brown]

On 15 February 2013 11:15, William Van Hevelingen  wrote:

> Is there a reason your not using exported nagios resources instead?
>

Are you asking me or the OP?
I use exported resources extensively in my monitoring modules.



>
> http://docs.puppetlabs.com/guides/exported_resources.html
>
> We're using it in production and it works quite well with puppetdb as the
> backend.
>
> William
>
>
>
> On Thu, Feb 14, 2013 at 4:56 PM, Peter Brown  wrote:
>
>> On 15 February 2013 10:49, Sans  wrote:
>>
>>> Thanks Pete, for the heads-up!
>>> I'm gonna give it a try now. Cheers!!
>>
>>
>> Awesome!
>> I do admit the docs are a bit sparse but I have tried to name everything
>> with sensible descriptive names.
>> If you get stuck, find a bug or would like a new feature give me a shout.
>> I use github for my code so you can also submit a bug there if you like
>> so I can keep track of it.
>>
>> I do use it in my infrastructure and it gets updated when I fix things.
>> I do also test the crap out of it before I push it to forge so that is
>> the best version to use.
>>
>> Good luck!.
>>
>> Pete.
>>
>>
>>>
>>>
>>>
>>>
>>> On Friday, February 15, 2013 12:17:49 AM UTC, Pete wrote:
>>>>
>>>> I found this a while ago to so I wrote a module to do it easily.
>>>> It's on the forge here. https://forge.**puppetlabs.com/rendhalver/**
>>>> monitoring <https://forge.puppetlabs.com/rendhalver/monitoring>
>>>> I also have an nrpe module which may help here
>>>> https://forge.puppetlabs.**com/rendhalver/nrpe<https://forge.puppetlabs.com/rendhalver/nrpe>
>>>>
>>>>  --
>>> You received this message because you are subscribed to the Google
>>> Groups "Puppet Users" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to puppet-users+unsubscr...@googlegroups.com.
>>> To post to this group, send email to puppet-users@googlegroups.com.
>>> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
>>> For more options, visit https://groups.google.com/groups/opt_out.
>>>
>>>
>>>
>>
>>  --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to puppet-users+unsubscr...@googlegroups.com.
>> To post to this group, send email to puppet-users@googlegroups.com.
>> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
>> For more options, visit https://groups.google.com/groups/opt_out.
>>
>>
>>
>
>
>
> --
> Thanks,
> William
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To post to this group, send email to puppet-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Automating nagios_service resource type

[Peter Brown]

On 15 February 2013 10:49, Sans  wrote:

> Thanks Pete, for the heads-up!
> I'm gonna give it a try now. Cheers!!


Awesome!
I do admit the docs are a bit sparse but I have tried to name everything
with sensible descriptive names.
If you get stuck, find a bug or would like a new feature give me a shout.
I use github for my code so you can also submit a bug there if you like so
I can keep track of it.

I do use it in my infrastructure and it gets updated when I fix things.
I do also test the crap out of it before I push it to forge so that is the
best version to use.

Good luck!.

Pete.


>
>
>
>
> On Friday, February 15, 2013 12:17:49 AM UTC, Pete wrote:
>>
>> I found this a while ago to so I wrote a module to do it easily.
>> It's on the forge here. https://forge.**puppetlabs.com/rendhalver/**
>> monitoring 
>> I also have an nrpe module which may help here https://forge.puppetlabs.*
>> *com/rendhalver/nrpe 
>>
>>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To post to this group, send email to puppet-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Re: Checking GIT updates

[Peter Brown]

On 15 February 2013 10:04, joe  wrote:

> Puppet isn't particularly good at code deployment. Ideally, you'd package
> your code, set a package resource to ensure => latest, then update your
> package repo with the new code. Then, all the resources that subscribe to
> that package (services, etc.) would be refreshed when the package gets
> updated in your repo.


I disagree.
I use puppet for managing code deployments.
I tend to use svn or git to roll it out because our internal software is a
moving target and not well suited to packages and because it can be
deployed multiple times on a node.
Yes I realise I could use a package for that but I find it easier to use a
source code management system.
Updating is a simple process of updating one variable that specifies the
tag to update to.


>
> On Thursday, February 14, 2013 1:49:42 PM UTC-7, John Coggeshall wrote:
>>
>> Hello all,
>>
>> I'm using puppet to deploy my codebase from GIT. I have everything
>> working, but i currently don't have any way to check to make sure there is
>> actually something TO deploy before it goes through the entire process of
>> deploying the code. I want to create a conditional that only re-deploys the
>> code if the revision actually changed.
>>
>> So far, I can have it as part of the deploy process write the contents of
>> 'git rev-parse HEAD' to a file, this way I can do something like this from
>> BASH:
>>
>> [ `cat git-current-hash` != `git rev-parse HEAD` ]
>>
>> which will return true only if there is a new revision to pull. The
>> question is, how do I conditional include many different file {} and other
>> things only if that condition is true? If this was just an exec{} I could
>> use onlyif.
>>
>> John
>>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To post to this group, send email to puppet-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Automating nagios_service resource type

[Peter Brown]

I found this a while ago to so I wrote a module to do it easily.
It's on the forge here. https://forge.puppetlabs.com/rendhalver/monitoring
I also have an nrpe module which may help here
https://forge.puppetlabs.com/rendhalver/nrpe


On 15 February 2013 10:15, Sans  wrote:

> Hi there,
>
> I'm writing a manifests for some Nagios check, like this:
>
>
> nagios_service { 'check_http_test.salesforce.com':
>> use => 'generic-service',
>> check_command   => 'remote-nrpe-tcp-check!test.salesforce.com
>> !443',
>> service_description => 'CON: test.salesforce',
>> display_name=> 'Connection check: test.salesforce.com:443',
>> servicegroups   => 'cloud',
>> hostgroup_name  => 'cloud-app',
>> }
>>
>
>
> There are almost 30 of them and the the only difference between the checks
> are that hostname and port number. Is there anyway to automate this
> process, instead of specifying these 30 times statically? I was thinking
> putting those values in an array and loop through it to generate the
> resultant "nagios_service.cfg". How can I do that? Cheers!!
>
>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To post to this group, send email to puppet-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] multiple nodes

[Peter Brown]

On 15 February 2013 09:02, Michael Hüttermann wrote:

> Hello,
>
> in case you want to manage a node with multiple masters (that may manage
> different aspects of that system): is it possible to run multiple puppet
> agent daemons on one node (listening to different masters) or to configure
> one agent daemon to listen to multiple masters?
>

This seems like a really bad idea to me.
Why would you need to do this?

Dependency hell comes to mind. You couldn't make any kind of linkage
between the resources managed by each master without the possibility of
some kind of clash with those resources.

The only reason I can see is separation of data between different teams
managing different services on the node but that would be easy to achieve
on one master with some kind of enc or hiera.


>
> Thank you.
>
>
>
> Michael
>
>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To post to this group, send email to puppet-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] facter-dot-d: not reading /etc/facts.d on agent

[Peter Brown]

Hello Emily,

I am reasonably sure you put your yaml files in /etc/facter/facts.d



On 14 February 2013 06:19, Emily Marx  wrote:

> Hello,
>
> I am a new puppet user and I am trying to have my agent use facts defined
> in /etc/facts.d. I followed the instructions in the facter-dot-d readme and
> did the following:
> 1. Included stdlib in the node
> 2. agent -t --pluginsync (confirmed that facter-dot-d was run)
> 3. created a test.txt file with values (test=123) in /etc/facts.d
> 4. ran facter --puppet
>
> My fact was not displayed. When I did something similar on the master (put
> file in /etc/puppetlabs/facter/facts.d) it worked fine. Does anyone know
> how I can create and set these facts on the agent?
>
> Thanks,
>
> Emily
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To post to this group, send email to puppet-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] how to check whether a linux process is running?

[Peter Brown]

On 13 February 2013 19:41, Matthias Viehweger
wrote:

> Hi Oliver!
>
> On Tue, Feb 12, 2013 at 07:53:55PM -0800, oliver zhang wrote:
> > How do I do this in puppet:
> >
> > if process A is running, do nothing.
> >
> > else mount share and install package A
> >
> > I couldn't find any reference about this.
>
> I would first ensure that the process is running (assuming that it's a
> service). The service would require the package which would require the
> share to be mounted.
>

+1

I was just about to recommend doing it in a similar way.
It's not too tricky to make a service in linux if your application isn't
already one.

A rough outline would be:
>
>   service { 'A':
> ensure => running,
> require => Package['A'];
>   }
>
>   package { 'A':
>  ensure => installed,
>  require => Exec['mount share'];
>   }
>
>   exec { 'mount share':
> command => '...',
> if => command to check if not mounted;
>   }
>
> I may be wrong, of course, but this would be my first try to resolve
> this.
>

Nope not wrong at all.
I would probably recommend putting them in separate subclasses and then
using class chaining or require => Class[blah::service] etc
to make it easier to add new packages or services later but the theory is
the same.


> Cheers,
> Matthias
> --
> Serververwaltung und Softwareentwicklung
>
> https://www.heute-kaufen.de
> Prinzessinnenstraße 20 - 10969 Berlin
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Coordinated application deployments

[Peter Brown]

On 13 February 2013 13:24, Brian Lalor  wrote:

> On Feb 12, 2013, at 10:16 PM, Peter Brown  wrote:
>
> You could just disable the puppet daemon on the node after setting it up
> and manually running puppet with --noop so you know what has changed before
> you apply it.
>
>
> Ok, so that would keep it from checking in periodically but would still
> sync state with the master?  That could work…
>

Correct.
It would only sync when you ran puppet manually.

 --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To post to this group, send email to puppet-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Coordinated application deployments

[Peter Brown]

You could just disable the puppet daemon on the node after setting it up
and manually running puppet with --noop so you know what has changed before
you apply it.


On 13 February 2013 12:37, Brian Lalor  wrote:

> I'd like to use Puppet for the "last-mile" deployment of our applications,
> starting from a bare VM and ending up with a server that is running a
> specific version of an application.  We're using a Puppet master already,
> which I kind of feel is something of a problem: if I were just running
> "puppet apply" in standalone mode, I could be confident that a successful
> run resulted in the server being configured correctly.  When using a puppet
> master, changes could be applied anytime between now and the next agent
> check-in.  I don't like nondeterminism. :-)
>
> I don't want to reinvent the wheel.  How are other people solving this
> problem?  In general, how do you roll out changes to managed systems in a
> controlled, deterministic fashion?  Are there simpler solutions than
> MCollective?
>
> Thanks,
> Brian
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To post to this group, send email to puppet-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Re: apache 2.4 support in puppetlabs/apache

[Peter Brown]

Just letting people know I have made a start on this.
It seems the best way to achieve it is to write a custom fact or two and a
couple of functions.
Will setup a fork of the code soon and put my results in it.

I will post a link to my fork if anyone wants to help test once I have it
setup.


On 12 February 2013 10:14, Peter Brown  wrote:

> Hi everyone,
>
> I started testing out the puppetlabs/apache module from forge on a Fedora
> 18 server and noticed it doesn't have multiple version support for apache.
> Fedora 18 runs apache 2.4 and there are a few of modules that don't exist
> any more and a few config changes.
>
> I was pondering forking the module on github and adding attempting to add
> support for apache 2.4 but I thought I would check if anyone is working on
> this before I proceed.
>
> Good work on the module by the way.
>
> Pete.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Puppet & Nagios/NRPE with Plugins...

[Peter Brown]

Hi Gavin.

Those are in my monitoring module which uses nrpe::plugin define to add
resources to a node.
It's on forge and github now if you want to take a look...

I am trying to write more portable code that manages one service as opposed
to how I had it before which was one module managing nagios,nrpe,nsca and
assorted goodies.
I also need to write some docs...


On 12 February 2013 01:12, Gavin Williams  wrote:

> Pete
>
> Bit of a blast from the past, but this is next on my hit-list...
>
> Code looks like it fits quite well overall, however I'm struggling to see
> how you handle adding additional plugin scripts to the boxes... Can see
> plugin.pp adding the required nagios cfg additions, but it doesnt appear to
> be copying the actual plugin file(s)... Is that something you handle
> separately?
>
> Cheers
> Gavin
>
> On Thursday, 6 December 2012 02:32:33 UTC, Pete wrote:
>
>> Cool.
>>
>> Let me know how it goes.
>> I am making a start at splitting out my code for nagios into a module by
>> itself and setting up one for icinga as well.
>>
>> Will likely post to the list when it's ready for consumption.
>>
>>
>> Pete.
>>
>>
>>
>> On 5 December 2012 23:17, Gavin Williams  wrote:
>>
>>> Pete
>>>
>>> Cheers for that...
>>>
>>> Will have a read through the code and give it a spin :)
>>>
>>> Cheers
>>> Gavin
>>>
>>> On Wednesday, 5 December 2012 04:45:05 UTC, Pete wrote:
>>>
>>>> Hi again,
>>>>
>>>> It seems github is a better option as they have an issue tracker.
>>>>
>>>> https://github.com/rendhalver/puppet-nrpe<https://github.com/rendhalver/puppet-nrpe>
>>>>
>>>>
>>>>
>>>> On 5 December 2012 13:30, Peter Brown  wrote:
>>>>
>>>>> Hi Gav,
>>>>>
>>>>> I just put my nrpe module up on gitorious.
>>>>>
>>>>> https://gitorious.org/**rendhalv**er-puppet/nrpe<https://gitorious.org/rendhalver-puppet/nrpe>
>>>>>
>>>>> I had to pull out my nrpe::firewall class for now because it uses my
>>>>> firewall module which I will be releasing at some point as well.
>>>>> I tagged the stable release as v1.0 so if you are going to clone it
>>>>> check out that tag if you prefer.
>>>>> The docs are non-existent as yet but the code is pretty
>>>>> self explanatory.
>>>>>
>>>>> it sets up nrpe on a node and you use the nrpe::plugin define to add
>>>>> new services.
>>>>> I use nrpe::params to set my variables so you need something in your
>>>>> node like this to set those.
>>>>> You can of course use hiera if you prefer.
>>>>>
>>>>> include nrpe
>>>>> class {'nrpe::params':
>>>>>   nagios_extra_plugins => '/srv/scripts/nagios',
>>>>>   nagios_ips => '192.168.0.1',
>>>>> }
>>>>>
>>>>> You can also set the port, user and group nrpe runs as as well as a
>>>>> few other vars.
>>>>>
>>>>> the nrpe::plugin works something like this.
>>>>>
>>>>> class monitoring::service::disk ( $ensure = $nagios_ensure, $host_name
>>>>> = $nagios_host_name, $service_type = 'standard_service', $notifications =
>>>>> $nagios_notifications ) {
>>>>>
>>>>>   @@nagios_service { "${host_name}_disk":
>>>>> ensure  => $ensure,
>>>>> use   => $service_type,
>>>>> host_name   => $host_name,
>>>>> service_description   => 'DISK',
>>>>> servicegroups => $nagios_host_type ? { 'nonotify_server' =>
>>>>> 'system', default => 'system,important_email' },
>>>>> check_command => 'check_nrpe!check_disk',
>>>>> contact_groups  => $nagios_sms_alerts ? { false =>
>>>>> 'admins,linux_admins', true => 'admins,linux_admins,linux_**adm**in_sms'
>>>>> },
>>>>> notifications_enabled => $notifications ? { default => undef,
>>>>> false => 0 },
>>>>> register=> 1,
>>>>> notify  => Service[nagios],
>>>>> tag   

[Puppet Users] apache 2.4 support in puppetlabs/apache

[Peter Brown]

Hi everyone,

I started testing out the puppetlabs/apache module from forge on a Fedora
18 server and noticed it doesn't have multiple version support for apache.
Fedora 18 runs apache 2.4 and there are a few of modules that don't exist
any more and a few config changes.

I was pondering forking the module on github and adding attempting to add
support for apache 2.4 but I thought I would check if anyone is working on
this before I proceed.

Good work on the module by the way.

Pete.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] help with define

[Peter Brown]

Hi,

I am reasonably sure using a - in a variable name doesn't work or does
strange things.
I would suggest trying naming the ssh_authorized_key resource for the git
key to "${title}_git" like so

ssh_authorized_key { ${title}_git:
ensure  => 'present',
user=>  git,
type=> $keytype,
key => $sshkey,
}

I can't see a var for title-git anywhere else in your define but if you do
you will need to rename it without the -
Hope that helps.

Pete.


On 2 February 2013 10:22, Jamie  wrote:

> I would like some help trying to accomplish something.  I have a user
> define as shown in the first example.  Each user with an SSH key needs 2 of
> them though, one as a normal login key, and the other is the same key but
> is for the "git" user (all ssh git access done via this "git" user).  Is
> there a way to do this in the same define?  I'm thinking something along
> the lines of example 2, but the concatenation doesn't seem to work.
>
> Example 1
> 
> class user::shell_acct {
> define acct
> ($name,$uid,$password='!!',$groups='',$shell='/bin/bash',$sshkey='',$keytype='dsa')
> {
> user { $title:
> comment=> $name,
> ensure => 'present',
> uid=> $uid,
> gid=> $uid,
> managehome => 'true',
> home   => "/home/$title",
> shell  => $shell,
> membership => 'inclusive',
> groups => $groups,
> password   => $password,
> }
> group { $title:
> ensure => 'present',
> gid=> $uid,
> }
> if ( $sshkey != "" ) {
> # login key
> ssh_authorized_key { $title:
> ensure  => 'present',
> user=>  $title,
> type=> $keytype,
> key => $sshkey,
> }
> }
> }
> }
> 
>
> *Example 2*
> 
> if ( $sshkey != "" ) {
> # login key
> ssh_authorized_key { $title:
> ensure  => 'present',
> user=>  $title,
> type=> $keytype,
> key => $sshkey,
> }
> # git key
> ssh_authorized_key { $title-git:
> ensure  => 'present',
> user=>  git,
> type=> $keytype,
> key => $sshkey,
> }
> }
> 
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To post to this group, send email to puppet-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Re: Internal server error

[Peter Brown]

Probably because you deleted the log directory rails is trying to write to.
Try creating that again and see if that helps.


On 24 January 2013 23:20, Mamta Garg  wrote:

> Hi
> Need help!
>
> Actually i have setup number of clients over linux CentOS master provided
> by puppet on web.
> But after number of days i found that no space left on server.So i have
> deleted all the file from /var/log folder.
>
> Now i am getting error seems in attched screnshot.Could you please tell me
> how i can overcome to this issue?
>
> Thanks,
> Mamta
> On Fri, Jan 4, 2013 at 8:41 AM, earthgecko  wrote:
>
>> Hi Mamta
>>
>> This is not really a puppet issue, you have no space left on the device.
>>
>> What puppet master files can you delete, well reports would be one, if
>> you have them enabled and if you wanted to.  They normally reside:
>>
>> /var/lib/puppet/reports//*.yaml
>>
>> However you may want the data in the future for dashboard or something,
>> so archiving them somewhere may be better.
>>
>> If you have run out of disk space then there are all the usual suspects
>> to consider and check that you do not have a lot unexepcted data in:
>>
>> /tmp/
>> /var/log/
>> /var/cache/
>>
>> However, if you find that you actually seem to have disk space e.g. df -h
>> does not report Use% 100% then check you have not run out of inodes
>>
>> df -i
>>
>> 100% use of inodes will also report No space left on the device.
>>
>> Which should really report Too many files on the device or No inodes left
>> on the device
>>
>> Or you need a bigger boat :)
>>
>>  --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msg/puppet-users/-/eyLHGeQ075QJ.
>> To post to this group, send email to puppet-users@googlegroups.com.
>> To unsubscribe from this group, send email to
>> puppet-users+unsubscr...@googlegroups.com.
>> For more options, visit this group at
>> http://groups.google.com/group/puppet-users?hl=en.
>>
>
>
>
> --
> Thanks and Regards,
> Mamta Garg
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Re: ParsedFile & Multi-line...

[Peter Brown]

On 10 January 2013 02:41, Gavin Williams  wrote:

> Anyone got any ideas???
>
> My next thought is to use something like puppet-concat with an ERB
> template... However not sure how effective that's going to be...
>

That would probably be pretty easy to setup.
I use concat and templates for a few of my modules, namely my firewall
module.
Each rule calls a define i setup to create the rule from a template.

I am on holidays till Wednesday next week and most of my code is at work.
I can send you some examples then.


> Cheers
> Gavin
>
> On Friday, 4 January 2013 16:33:17 UTC, Gavin Williams wrote:
>>
>> Afternoon all,
>>
>> I'm currently working on adding oranfstab support to Puppet-Oracle (
>> https://github.com/stschulte/**puppet-oracle).
>>
>>
>> However I'm struggling to get my head around how I can get Puppet
>> parsedfile to work with multi-line configurations...
>>
>> An example oranfstab configuration block is:
>> server: stgasm <=== NFS server Host name
>> path: 10.177.52.158 <--- First path to NFS server ie NFS server NIC
>> local: 10.177.52.151 <--- First client-side NIC
>> path: 10.177.52.159 <--- Second path to NFS server ie NFS server NIC (For
>> load balance purpose)
>> local: 10.177.52.151 <--- Second client-side NIC (For load balance
>> purpose)
>> export: /oraclenfs mount: /oradata1
>>
>> 'path' and 'local' are optional, but can be specified multiple times
>> aswell...
>> The final 'export' line is required, and can be provided multiple times
>> for multiple mount points..
>>
>> So as you can see, there's a fair amount of variability in the file
>> format...
>>
>> It's also then possible to have multiple 'server/path/local/export'
>> blocks, for example with different filers...
>>
>> Any ideas on where I could begin? Is parsedfile right for the job, or am
>> I better looking elsewhere?
>>
>> Thank you in advance for any responses.
>>
>> Regards
>> Gavin
>>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/xDI6ktYRcVsJ.
>
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Sanity Check Request: Environments in /etc/puppet/puppet.conf

[Peter Brown]

On 24 January 2013 06:20, Dan White  wrote:

> It just struck me that any environment blocks in /etc/puppet/puppet.conf
> have meaning ONLY on the puppet master.
>
> Is that accurate ?
>

Pretty much.
I am reasonably sure the only thing you can put in there is manifest and
module paths.
It basically tells the master where to look for those files for each
environment.


> “Sometimes I think the surest sign that intelligent life exists elsewhere
> in the universe is that none of it has tried to contact us.”
> Bill Waterson (Calvin & Hobbes)
>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] booleans in hiera

[Peter Brown]

Hi everyone,

I have a few boolean vars i use in a couple of modules I am updating to
work with hiera.
I noticed there is currently an issue with using booleans in hiera and
puppet doesn't set them properly when it imports them as variables.
I also noticed those bugs seem to have fixes and they also seem to have
been committed.
I am currently considering rewriting the modules that use booleans but I
would prefer to wait for the fixes.
Can anyone tell me when they will be released and which version will they
go into?

Thanks.

Pete.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] /etc/facter/facts.d/ Question

[Peter Brown]

I don't think that is possible.
>From what I can tell it seems to be completely static.

Though you could be tricky and manage the files in the directory with
puppet to give you some extra capabilities.


On 17 January 2013 02:57, Dan White  wrote:

> Is it possible to refer to another fact in one of these files ?
>
> “Sometimes I think the surest sign that intelligent life exists elsewhere
> in the universe is that none of it has tried to contact us.”
> Bill Waterson (Calvin & Hobbes)
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] New NRPE Puppet module

[Peter Brown]

Nice to find out who pdxcat is :) (I am using a couple of your modules)

I published my nrpe module to github a while back as well.
It looks like you have taken a vaguely similar approach.
Maybe some collaboration is in order...

My module is here if you want to take a look.
https://github.com/rendhalver/puppet-nrpe
I published it to the forge as well.


On 17 January 2013 03:58, William Van Hevelingen  wrote:

> Hello Puppet Users and Dev,
>
> I have just a pushed a puppet module for NRPE to github. Initially it
> supports the Debian, Redhat, and Solaris based operating systems.
>
> I plan on adding FreeBSD support in the near future.
>
> In the meantime I will be updating the documentation and getting it ready
> for a forge release.
>
> I would appreciate any feedback or pull requests to add additional
> functionality.
>
> https://github.com/pdxcat/puppet-module-nrpe
>
> My nick is blkperl in #puppet if you want to bounce ideas.
>
> --
> Thanks,
> William Van Hevelingen
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Using resource collectors with variables from the collected resource?

[Peter Brown]

Damn.
Sorry dude I am not sure what else else to suggest.
Your wrapper define may be the best way to go.
Unless you can configure the user adding functions to use different home
prefixes for a user based on group or something like that.
The only other idea I can think of is setting up a symlink from the
/home/$user directory to the other dir before you create the user.

On 16 January 2013 10:35, Richard Jacobsen  wrote:

> No, I tried that as well.  Still reports the class of the collector and
> not the $name of the virtual resource.
>
>
>
> On Tuesday, January 15, 2013 10:12:18 AM UTC-8, Richard Jacobsen wrote:
>>
>> Hi everyone.  An example is worth 1000 words, so here's one:
>>
>> In this example I would like the home directory to be overridden to
>> /testdir/me:
>>
>> @user { 'me':
>>   ensure => present,
>>   home => '/home/$title',
>>   tag => 'userclass1'
>> }
>>
>> User <| tag == 'userclass1' |> {
>>   home => "/testhome/$title"
>> }
>>
>> It actually gets overriden to /testhome/main, 'main' being the class the
>> collector is in, puppet apply tries to:
>> '/usr/sbin/useradd -d /testhome/main me'
>>
>> I can sort of solve this problem by:
>>
>> @fancyuser { 'me2':
>>   tag => 'userclass1',
>> }
>>
>> define fancyuser($homedir_prefix='/**home') {
>>   user { '$title':
>> home => "$homedir_prefix/$title", }
>> }
>> Fancyuser <| tag == 'userclass1' |> {
>>   homedir_prefix => "/testhome"
>> }
>>
>> This works as expected, as it doesn't rely on the '$title' of the
>> collected virtual resource.  I'd rather just use the virtual resource's
>> $title.  Is this possible, or am I asking too much from the resource
>> collector?
>>
>> Thanks!
>> Richard
>>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/7iVavMJx7f4J.
>
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Version 2.6 Future Updates?

[Peter Brown]

On 16 January 2013 05:15, llowder  wrote:

>
>
> On Tuesday, January 15, 2013 10:53:55 AM UTC-6, Michael Hrivnak wrote:
>>
>> I am trying to determine how much longer, if at all, version 2.6 of
>> Puppet Open Source will get security fixes. Any guidance?
>>
>> The only documentation I can find is this link, stating that 2.6 is
>> currently "a security-fixes only branch". http://projects.**
>> puppetlabs.com/projects/**puppet/wiki/Release_Notes
>>
>>
> I'm not positive, but I think it will end around the time 3.1 comes out,
> as the 2.7 line has also moved more or less into a security fix only state
> if I remember correctly.
>

3.1 is in RC so it "Shouldn't be too long now" for both cases.


>
>
>
>> I work on Pulp  and am implementing new
>> support for managing the installation of modules onto puppet masters.
>> Answering this question about security updates will help us decide how old
>> of a puppet version we will support.
>>
>> Thanks,
>> Michael
>>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/fYjQqlx-TOIJ.
>
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Using resource collectors with variables from the collected resource?

[Peter Brown]

On 16 January 2013 04:12, Richard Jacobsen  wrote:

> Hi everyone.  An example is worth 1000 words, so here's one:
>
> In this example I would like the home directory to be overridden to
> /testdir/me:
>
> @user { 'me':
>   ensure => present,
>   home => '/home/$title',
>   tag => 'userclass1'
> }
>
> User <| tag == 'userclass1' |> {
>   home => "/testhome/$title"
> }
>

I would try using $name instead of $title in those.


It actually gets overriden to /testhome/main, 'main' being the class the
> collector is in, puppet apply tries to:
> '/usr/sbin/useradd -d /testhome/main me'
>
> I can sort of solve this problem by:
>
> @fancyuser { 'me2':
>   tag => 'userclass1',
> }
>
> define fancyuser($homedir_prefix='/home') {
>   user { '$title':
> home => "$homedir_prefix/$title", }
> }
> Fancyuser <| tag == 'userclass1' |> {
>   homedir_prefix => "/testhome"
> }
>
> This works as expected, as it doesn't rely on the '$title' of the
> collected virtual resource.  I'd rather just use the virtual resource's
> $title.  Is this possible, or am I asking too much from the resource
> collector?
>
> Thanks!
> Richard
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/DMBOqb9eIw4J.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] puppet and cryptography

[Peter Brown]

Yes Puppet uses openssl for it's certificates.
If you use mod_passenger and apache you can specify which cyphers it uses
so that may help you if you need to restrict it to a particular set of
cyphers.


On 12 January 2013 02:23, GRANIER Bernard (MORPHO) <
bernard.gran...@morpho.com> wrote:

> Hi,
>
> For export control reasons, I am looking for an information.
>
> Puppet is using cryptography and certificates, is it with openssl only ?
>
> Cordialement,
>
> Bernard Granier
> CE Plateforme Système
> bernard.gran...@morpho.com
> 01 58 11 32 51
>
>
> #
> " This e-mail and any attached documents may contain confidential or
> proprietary information. If you are not the intended recipient, you are
> notified that any dissemination, copying of this e-mail and any attachments
> thereto or use of their contents by any means whatsoever is strictly
> prohibited. If you have received this e-mail in error, please advise the
> sender immediately and delete this e-mail and all attached documents from
> your computer system."
> #
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] ssh::auth and other ways of managing ssh keys

[Peter Brown]

On 12 January 2013 01:53, Jist Anidiot  wrote:

> With puppet 3.x I was wondering if the ssh::auth module (
> http://projects.puppetlabs.com/projects/puppet/wiki/Module_Ssh_Auth_Patterns)
> is still the preferred way of creating and distributing ssh keys.  The
> module hasn't been updated since 2010 and I've seen several other possible
> solutions.
>

Should I just use thes sh_authorized_key type?  What are people using now?


I tried the ssh::auth module when I first started using puppet but never
got it working and switched to using ssh_authorized_key and user and group
resources.
We had a small shop at the time and it was easier to make an entry for each
user.

I recently stopped using puppet to manage users and ssh keys but that's
another story...


>
>
>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/BmJHy-KOXC8J.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] How to increase performance of managed directories?

[Peter Brown]

I used to manage a few directories recursively and it was very slow and
cumbersome.
I just manage the directories themselves if i need to and the files
individually.
It makes it a bit more complex initially but you get fine grained control
over things and it's so much faster.

If you really need to manage a directory recursively and there is no other
way I recommend using your preferred version control system.
If you want to do that easily with puppet then puppetlabs/vcsrepo on the
forge looks like the nicest way of doing it.



On 10 January 2013 16:39, Denmat  wrote:

> Smaller directories? :)
>
> But seriously Puppet sucks at distributing large directories (you should
> see posts to the list going back years on this topic). If you look at the
> file type resource docs (
> http://docs.puppetlabs.com/references/stable/type.html#file)you can see
> you can change the checksum used, ignore files (unsure of speed
> improvements there), recurselimit to limit the depth of recursion and
> possibly the mtime attribute.
>
> Alternatively, if running *nix you could try rsync in an exec.
>
> Your mileage may vary,
>
> Den
>
> On 10/01/2013, at 12:01, Schofield  wrote:
>
> I have several directories that are installed and managed with puppet.  I
> am finding the majority of the time of the puppet run is spent validating
> the directory.  Are there any tricks to improve the performance of managed
> directories? Or a better way than simple file resource with  ensure =>
> directory and recurse => true?
>
>   file {'/xyz/directory' :
> ensure => directory,
> recurse => true,
> source => "puppet:///modules/mymod/directory",
>   }
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/TuE-ygecAngJ.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: inspect resources that are already added to a manifest

[Peter Brown]

On 8 January 2013 00:19, jcbollinger  wrote:

>
>
> On Sunday, January 6, 2013 9:23:17 PM UTC-6, Pete wrote:
>>
>>
>> I put my monitoring (and firewall rules incidentally) into each class on
>> a node and import into my monitoring server (nagios currently but intend on
>> switching to icinga soon) them based on tags.
>> I was using global vars but are currently rewriting my modules to use
>> heira to set the monitoring server and a few other settings.
>> This is working nicely for me.
>> I had a few different ideas along the way but my current iteration is
>> getting close to awesome.
>> It also gives me fine grained control over whether a node gets sms alerts
>> or escalation and such.
>>
>>
> Something along those lines would be my preferred way to do it if I were
> willing and able to modify the classes involved.  My inference from Luke's
> comments was that he wanted to avoid doings so, and perhaps that he was
> specifically looking for a solution that did not rely on the cooperation of
> the modules involved.  That would be an eminently reasonable objective
> where third-party modules are in the picture, but not an unreasonable one
> even where all modules were built in-house.
>

I wrote most of the modules in my setup myself and that makes it easier.

I am attempting to be tricky with my monitoring modules and make them
extensible so adding extra monitoring classes should be pretty simple.
I am also intending on releasing them when I am happy with them.


>
>
> John
>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/L5WxTz43T8sJ.
>
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] file copy, multiple ignore doesn't work

[Peter Brown]

More a random question than anything.
I am going to assume the .hg files are from mercurial.
Assuming this I am wondering why you aren't using something like
puppetlabs-vcsrepo on puppet forge to deploy the directory via mercurial.
It seems like a better idea in my brain.

Pete.

On 3 January 2013 07:17, iamauser  wrote:

> I am trying the following to recursively copy a dir while ignoring things
> like .hg and a few others.
>
> file {
>   "/etc/work-related-dir" :
>   source => "/path/to/masterfiles/work-related-dir",
>   recurse => 'inf',
>   owner => '0',
>   group => '0',
>   ignore => '{.hg,*.conf~}',
>   checksum => 'mtime',
>   backup => false;
> }
>
> Running a noop mode tries to copy everything including the one that
> matches ".hg, *.conf~". If I specify only a single parameter value for
> ignore, i.e. ".hg", then it doesn't try the copy of .hg directory and works
> as expected.
>
> Following an earlier post about this, I checked Ruby's globing options,and
> found that the pattern I am providing matches multiple files in the source
> area.
>
> Any help or suggestion would be appreciated.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/u2yIrhvtie0J.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: inspect resources that are already added to a manifest

[Peter Brown]

On 3 January 2013 20:08, Luke Bigum  wrote:

> On Wednesday, January 2, 2013 3:51:37 PM UTC, jcbollinger wrote:
>
>>
>>
>> On Saturday, December 22, 2012 12:20:10 PM UTC-6, Luke Bigum wrote:
>>>
>>> Hi all,
>>>
>>> Does anyone know of a way to inspect resources that are already parsed
>>> in a node's manifest during catalog compilation? This would certainly need
>>> some serious Ruby Fu.
>>>
>>
>>
>> This is a bad idea.  If your the Puppet circuits in your brain didn't
>> trip over "inspect", they certainly should have sounded the alarm over
>> "serious Ruby Fu".  You are fighting against the tool.
>>
>
>>
>>>
>>> As an example, imagine I have a number of arbitrary files defined by
>>> multiple classes and it is impossible to get an all encompassing list of
>>> these files:
>>>
>>> file { 'woof': }
>>> file { 'cows': }
>>> file { 'meow': }
>>> ...
>>> $all_files = inline_template(...)
>>>
>>> I would like to be able to gather those file names into a Puppet
>>> variable - this would be parse order dependent. It would be fantastic if it
>>> could handle exported resources that have just been collected as well.
>>>
>>
>>
>> And "parse-order dependent"?  Of course it is.  You need a
>> Puppet-bogometer.
>>
>> So what configuration objective are you actually trying to accomplish
>> here?  There is likely a more robust, less Rubyriffic way to accomplish it.
>>
>>
> Ohh don't worry, John, my bogometer was going off like crazy, the needle
> almost broke ;-)
>
> I'm taking shortcuts in my spare time with a tool that's probably 70%
> right for the job. It's for monitoring - I really like the idea of a Puppet
> module to describe or advertise how to monitor itself, it keeps them very
> self contained.
>
> Just a bit more on this - I generally see three categories of monitoring
> tools. Ones that are configured separately from your CRM and end up being a
> source of truth on their own are in my mind the worst. The next level up
> are ones either defined from or derived from your CRM. The best are
> auto-discovery, but they cost an absolute fortune. I'm trying to move my
> team from the first one to the second one with as little "new tools" as
> possible, which is where the "70% right for the job" comment comes from.
>
> I'm using exported resources to describe how modules are monitored. The
> problem is that exported resources are not the equivalent of raw
> information passing. So when I want to start doing trickier things like
> group and analyse what is collected, exported resources don't cut it
> because it's not what they are designed for.
>
> Specifically what I was trying to do was collect exported resources of the
> same type and group them on the monitoring server. There is no predefined
> list of service names anywhere (unless you parse the node definitions) so
> that's why I wanted to go from resource collection to Array of Strings. A
> colleague has managed to reduce my 300 lines to 50 though so the need for
> craziness is reduced somewhat. We still need to do the "Export a File"
> trick and run a script on the monitoring server to build the complex
> configuration that exported resources are not designed to handle.
>


You have made me curious.

I am going to make some wild assumptions and probably leap to some
incorrect conclusions.

Querying PupptDB seems like the wrong way to achieve this in my opinion.

I put my monitoring (and firewall rules incidentally) into each class on a
node and import into my monitoring server (nagios currently but intend on
switching to icinga soon) them based on tags.
I was using global vars but are currently rewriting my modules to use heira
to set the monitoring server and a few other settings.
This is working nicely for me.
I had a few different ideas along the way but my current iteration is
getting close to awesome.
It also gives me fine grained control over whether a node gets sms alerts
or escalation and such.

Is this the kind of thing you are attempting to achieve?

I can provide extra complexity to how it works if you need it.


> The next iteration of this work might be to scrap resource collection in
> favour of querying PuppetDB directly to figure out what to monitor, but
> that's a lot more work than I'm prepared to do at this stage. Maybe in a
> few months... ;-)
>
> -Luke
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/OLpl0Bx1q5kJ.
>
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-use

Re: [Puppet Users] Remote Network Device management...

[Peter Brown]

On 21 December 2012 02:40, Gavin Williams  wrote:

> Afternoon all
>
> We are starting to look at using Puppet Network device support in anger,
> and one of the potential issues that has been raised is around cross-site
> access...
>
> Currently, we have one Puppet master server, which is hosted in location
> C.
> This server is able to access and manage the appropriate network devices
> in location C.
>
> However there are other devices in locations A and B which we want to be
> able to manage through Puppet. However some potential concerns have been
> raised around allowing the puppet master server blanket access to locations
> A & B...
>
> Is it possible therefore to run the network devices in effectively a
> 'proxy' mode. That is, we create/nominate a suitable node in locations A
> and B which would be able to manage network devices in their respective
> locations, and these nodes then talk back to the Puppet master.
>
> Does this sound sensible?
>
> Any other considerations/ideas as to how the above can achieve?
>

I have no idea how you are achieving the network device configuration but a
setting up a VPN between the master and locations b and c seems like the
best way to do it.
That would give you centralised management and security as well.
I would suggest using some kind of ssl wrapped vpn like openvpn or ipsec or
something like that.

I did find this module on puppet forge for managing openvpn
https://forge.puppetlabs.com/luxflux/openvpn

Hope that helps.

Pete.


> Cheers in advance for any responses.
>
> Regards
> Gavin
>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/WQ3ut4DOK9sJ.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] passing parameters

[Peter Brown]

Have a look here.
I am assuming you are running puppet 3 but the syntax is the same in 2.6
and 2.7.
http://docs.puppetlabs.com/puppet/3/reference/lang_classes.html#using-resource-like-declarations




On 20 December 2012 07:45, Michael Hüttermann wrote:

> Hello,
>
> I use a parameterized class and declare it as a resource. How can I pass
> the parameters from outside any declaration or manifest, during runtime?
> For example, can I pass the parameters during a call of "puppet kick" ?
>
>
> Thank you.
>
>
> Best regards
> Michael
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] problems with puppetdb

[Peter Brown]

8 DEBUG [main] [bonecp.BoneCPDataSource] JDBC
>>> URL = 
>>> jdbc:postgresql://127.0.0.1:**5432/puppetdb<http://127.0.0.1:5432/puppetdb>,
>>> Username = puppet,
>>> partitions = 5, max (per partition) = 10, min (per partition) = 1,
>>> helper threads = 3, idle max age = 60 min, idle test period = 240 min
>>> 2012-07-20 13:08:50,348 INFO  [main] [cli.services] Starting broker
>>> 2012-07-20 13:08:54,677 DEBUG [main] [index.BTreeIndex] loading
>>> 2012-07-20 13:08:54,744 DEBUG [main] [index.BTreeIndex] loading
>>> 2012-07-20 13:08:54,748 DEBUG [main] [index.BTreeIndex] loading
>>> 2012-07-20 13:08:54,748 DEBUG [main] [index.BTreeIndex] loading
>>> 2012-07-20 13:08:54,748 DEBUG [main] [index.BTreeIndex] loading
>>> 2012-07-20 13:08:54,757 DEBUG [main] [index.BTreeIndex] loading
>>> 2012-07-20 13:08:55,652 INFO  [main] [journal.Journal] ignoring zero
>>> length, partially initialised journal data file: db-1.log number = 1 ,
>>> length = 0
>>> 2012-07-20 13:08:56,247 DEBUG [main] [index.BTreeIndex] loading
>>> 2012-07-20 13:08:56,247 DEBUG [main] [index.BTreeIndex] loading
>>> 2012-07-20 13:08:56,250 DEBUG [main] [index.BTreeIndex] loading
>>> 2012-07-20 13:08:56,310 INFO  [main] [cli.services] Starting 2 command
>>> processor threads
>>> 2012-07-20 13:08:56,315 INFO  [main] [cli.services] Starting query
>>> server
>>> 2012-07-20 13:08:56,316 INFO  [main] [cli.services] Starting database
>>> compactor (60 minute interval)
>>> 2012-07-20 13:08:56,351 INFO  [clojure-agent-send-off-pool-**3]
>>> [cli.services] Beginning database compaction
>>> 2012-07-20 13:08:56,372 DEBUG [clojure-agent-send-off-pool-**2]
>>> [component.Container] Container
>>> org.eclipse.jetty.server.**Server@3c716932 +
>>> SelectChannelConnector@**localhost:8080 as connector
>>> org.eclipse.jetty.ssl.password : 2012-07-20 13:08:56,415 INFO
>>> [clojure-agent-send-off-pool-**3] [cli.services] Finished database
>>> compaction
>>> 2012-07-20 13:08:56,480 DEBUG [clojure-agent-send-off-pool-**0]
>>> [listener.**DefaultMessageListenerContaine**r] Established shared JMS
>>> Connection
>>> 2012-07-20 13:08:56,480 DEBUG [clojure-agent-send-off-pool-**1]
>>> [listener.**DefaultMessageListenerContaine**r] Established shared JMS
>>> Connection
>>>
>>> from my limited knowledge it seems to me is is trying to open port
>>> 8080 but i can't see that port open at all.
>>>
>>> netstat -nap |grep java tells me this (yes this is the only java
>>> application running on the machine).
>>>
>>> root@korolev:~# netstat -nap|grep java
>>> tcp6   0  0 :::1099 :::*
>>> LISTEN  11083/java
>>> tcp6   0  0 :::34810:::*
>>> LISTEN  11083/java
>>> tcp6   0  0 127.0.0.1:51702 127.0.0.1:5432
>>> ESTABLISHED 11083/java
>>> tcp6   0  0 127.0.0.1:51700 127.0.0.1:5432
>>> ESTABLISHED 11083/java
>>> tcp6   0  0 127.0.0.1:51701 127.0.0.1:5432
>>> ESTABLISHED 11083/java
>>> tcp6   0  0 127.0.0.1:51703 127.0.0.1:5432
>>> ESTABLISHED 11083/java
>>> unix  2  [ ] STREAM CONNECTED 6211563  11083/java
>>>
>>> Hope that helps somewhat.
>>>
>>> let me know if you need me to try anything else.
>>>
>>> Pete.
>>>
>>> > This should allow you to see the output on the console as puppetdb is
>>> trying
>>> > to start up.  If you can copy and paste that output for us, it may be
>>> > helpful.
>>> >
>>> > Thanks!
>>> > Chris
>>> >
>>> >
>>> > On Monday, July 16, 2012 5:37:16 PM UTC-7, Pete wrote:
>>> >>
>>> >> On 17 July 2012 10:19, Deepak Giridharagopal 
>>> >> wrote:
>>> >> > On Mon, Jul 16, 2012 at 5:13 PM, Peter Brown 
>>> >> > wrote:
>>> >> >>
>>> >> >> On 17 July 2012 03:15, Chris Price  wrote:
>>> >> >> > Also, would you mind sharing a bit more info about your setup?
>>>  I
>>> >> >> > presume:
>>> >> >> >
>>> >> >> > * You are installing from the puppetlabs apt repos?
>>> >> >>
>>> >> >> yes
>>> >> >>
>>> >> >> > * Your upgrade wa

Re: [Puppet Users] Re: [Puppet-dev] New Q&A Site to Ask Puppet Questions

[Peter Brown]

On 18 December 2012 14:11, Dawn Foster  wrote:

> On Mon, Dec 17, 2012 at 7:43 PM, Peter Brown  wrote:
> > Any chance of using my existing puppet forge account to sign in to that
> > site?
>
> Unfortunately, not yet. I'm planning to get the user accounts integrated
> between
> Forge, Ask, bug tracker and other puppet stuff sometime next year along
> with
> better profiles for community members so that you can find each other's
> posts,
> modules and other stuff more easily.
>

Awesome.

Single sign on can be tricky to setup but fun in the long run. I would be
recommending using something like openauth or some kind of authentication
server like FreeIPA.
Or you could cheat and nail all the services to an external "provider" like
twitter, google oe FB which you are doing on the ask site so my guess is
you have thought of that already. :)
That's a big job. I would offer my help but I am sure you have a bunch of
people you can call on. :)

Good luck!


>
> Dawn
> >
> >
> > On 18 December 2012 09:17, Jeff McCune  wrote:
> >>
> >> On Mon, Dec 17, 2012 at 2:13 PM, Dawn Foster 
> wrote:
> >>>
> >>> Today, we are launching the beta version of a new question and answer
> >>> site where you can ask any Puppet questions or provide answers for
> >>> questions from other Puppet users and developers.
> >>
> >>
> >> I bet nobody has a question that can stump the entire community.  =)  I
> >> also can't avoid playing the karma point game, so please try and post
> your
> >> trickier questions.
> >>
> >> -Jeff
> >>
> >> --
> >> You received this message because you are subscribed to the Google
> Groups
> >> "Puppet Users" group.
> >> To post to this group, send email to puppet-users@googlegroups.com.
> >> To unsubscribe from this group, send email to
> >> puppet-users+unsubscr...@googlegroups.com.
> >> For more options, visit this group at
> >> http://groups.google.com/group/puppet-users?hl=en.
> >
> >
> > --
> > You received this message because you are subscribed to the Google Groups
> > "Puppet Developers" group.
> > To post to this group, send email to puppet-...@googlegroups.com.
> > To unsubscribe from this group, send email to
> > puppet-dev+unsubscr...@googlegroups.com.
> > For more options, visit this group at
> > http://groups.google.com/group/puppet-dev?hl=en.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: [Puppet-dev] New Q&A Site to Ask Puppet Questions

[Peter Brown]

Any chance of using my existing puppet forge account to sign in to that
site?


On 18 December 2012 09:17, Jeff McCune  wrote:

> On Mon, Dec 17, 2012 at 2:13 PM, Dawn Foster  wrote:
>
>> Today, we are launching the beta version of a new question and answer
>> site where you can ask any Puppet questions or provide answers for
>> questions from other Puppet users and developers.
>>
>
> I bet nobody has a question that can stump the entire community.  =)  I
> also can't avoid playing the karma point game, so please try and post your
> trickier questions.
>
> -Jeff
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] early clean exit from module?

[Peter Brown]

On 18 December 2012 10:21, Philip Brown  wrote:

>
>
> On Monday, December 17, 2012 3:18:26 PM UTC-8, Jakov Sosic wrote:
>>
>>
>>
>> Puppet is not procedural but declarative language, so you can only
>> declare states.
>
>
> Except that is not strictly true.
> There is an early-exit "fail" directive that can be used conditionally.
> So why not a conditional early exit from a module, that allows other
> modules to keep going?
> Perhaps it would help if I rephrased "exit" as some other more
> state-friendly language, but nothing is coming to mind at the moment.
>

The most important question is what are you trying to achieve?

>From what I can tell from your post you are putting the decision on whether
to include the resources in a module in the wrong place.
If the module shouldn't be included in a node don't include it in the node
declaration.
Deciding that in the module is the wrong place especially if you are
excluding the all the resources in a module for one (or even a few) cases.

You need to switch your thinking when writing puppet modules.
Trying to write procedural code in a declarative environment will cause all
kinds of headaches. (I know because It took me a bit to understand how it
worked)
Admittedly you can use mildly procedural constructs in your modules and
classes and such but it's not quite the same because the resources within
those constructs won't be "executed" in the order you write them either.
The "Order" puppet applies the resources to a node is dependent on the
relationships between the resources (require, before, subscribe and the
like).

I hope that sheds some light on your issue.
If you want to provide some more details on what you are trying to achieve
I am happy to help you work out the best way to realise it.

Pete.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] user resource, get password from command on master

[Peter Brown]

On 12 December 2012 11:58, Jakov Sosic  wrote:

> On 12/10/2012 04:47 PM, jcbollinger wrote:
>
>  There are good, industry-standard approaches to centralized password
>> management.  You should really choose among those instead of rolling
>> your own.  One of the best-regarded is LDAP, and you could also consider
>> NIS (just to name two).  The former is more secure, but the latter is
>> very easy to set up.
>>
>
> Judging that the current solution stores passwords in /etc/shadow, I
> assume that these passwords are for ssh only, and if that's the case the
> easiest and most secure way would be to enforce ssh key logins, and
> distribute keys instead of passwords. Public keys could be updated without
> granting access to puppet master.
>
> If that's not the case, then LDAP is a way to go.


I was managing my users with puppet but I decided it wasn't the best way to
do it. I recently setup a FreeIPA server to use for authentication and
authorization.
It can also be used to auth ssh logins with keys.
I need to write some modules to manage setting it up on a node with puppet
but it's looking like the best option for what I need.
It's seems to have similar functionality too Active Directory and can even
sync with it.



-- 
> Jakov Sosic
> www.srce.unizg.hr
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to puppet-users+unsubscribe@**
> googlegroups.com .
> For more options, visit this group at http://groups.google.com/**
> group/puppet-users?hl=en
> .
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: hiera default values for a variable

[Peter Brown]

I worked out my problem.
I spelt hierarchy wrong in my hiera.yaml file...


On 7 December 2012 13:00, Peter Brown  wrote:

> On 7 December 2012 12:11, Ryan Cunningham  > wrote:
>
>> I'm actually having this exact same problem. In my hiera.yaml file I had
>> a hierarchy including two facts and then some strings derived from facter
>> facts.
>>
>
> Nice to know I am not completely insane.
>
> When I run puppet agent --test the hiera vars in files named for the
>> node's $fqdn, etc. aren't found, but if I puppet apply specifying my
>> site.pp manifest the variables contained in yaml files like $fqdn.yaml are
>> found and applied properly. I've gone as far as testing this with masters
>> running 3.0 and 2.7 but haven't seen any difference. For the sake of
>> clarity, the agent is being run on the master.
>>
>> I've tried several permutations of specifying a hierarchy including
>> quoting "%{fqdn}",  using no quotes, using the syntax for a top-level
>> variable ${::fqdn}, etc. Each time running hiera from the CLI works as
>> expected but the master can't be coerced to behave as expected.
>>
>> A bit of pastebin
>> puppet apply (which works): http://pastebin.com/E5iBtt2t
>> puppet agent --test (doesn't work): http://pastebin.com/GsA81Eyx
>
>
> I didn't try using apply but it does look very similar to my problem.
>
> On Thursday, 6 December 2012 18:31:09 UTC-5, Pete wrote:
>>>
>>> On Dec 7, 2012 12:08 AM, "jcbollinger"  wrote:
>>> >
>>> >
>>> >
>>> > On Tuesday, December 4, 2012 8:10:00 PM UTC-6, Pete wrote:
>>> >>
>>> >>
>>> >> One last question.
>>> >> I use a node level variable to specify the location of a node.
>>> >> I use this for setting variables specific to that location like
>>> different puppet master ip and nagios ip for the office and such.
>>> >> I want to use that variable in hiera for the same purpose.
>>> >> I have this in my hiera.yaml file.
>>> >>
>>> >> ---
>>> >> :hierachy:
>>> >>   - %{::clientcert}
>>> >>   - %{::environment}
>>> >>   - %{location}
>>> >>   - virtual_%{::is_virtual}
>>> >>   - common
>>> >> :backends: yaml
>>> >> :yaml:
>>> >>   :datadir: /etc/puppet/hieradata
>>> >>
>>> >> it gets data from the common.yaml file but is seems to not get
>>> anything from any of the other files.
>>> >> it's definitely using the datadir because thats where the common.yaml
>>> file is as well as the rest of the data files.
>>> >> Am I missing something?
>>> >>
>>> >
>>> > You are missing that node variables are not globals, and in fact don't
>>> even have qualified names.  I strongly suspect that that is why Hiera is
>>> not seeing them.
>>>
>>> That explains a why location isn't seen.
>>>
>>> I discovered later that hiera didn't seem to be using the facts either...
>>>
>>> Do I need to  do something else to allow hiera to see facts?
>>> I am assuming if I can use facts I will work out how to set location as
>>> a fact and just use it that way.
>>>
>>> As an aside, are ENC variables global?
>>> I have been tempted to use my freeipa server as an ENC using ldap.
>>>
>>> I have also been tempted to have a go at writing an ldap backend for
>>> hiera but that's another story...
>>>
>>> >
>>> > There are several potential workarounds, among them:
>>> > set the needed variable(s) at top-level, based on some sort of
>>> conditional
>>>
>>> I was under the impression that node level variables were top level
>>> variables but I am guessing I am wrong. Time to find some docs I guess. :)
>>>
>>> > push all the contents of your node blocks into classes, so that the
>>> variables in question become class variables
>>>
>>> I am going to assume from that class variables are global because they
>>> have qualified names?
>>>
>>> > instead of creating a separate hierarchy level with a data file for
>>> each value of (say) $environment,use a hash of hashes in the level below,
>>> with the $environment values as the outer hash keys
>>> >
>>> > Cheers,
>>> >
>>> > John

Re: [Puppet Users] Re: hiera default values for a variable

[Peter Brown]

On 7 December 2012 12:11, Ryan Cunningham
wrote:

> I'm actually having this exact same problem. In my hiera.yaml file I had a
> hierarchy including two facts and then some strings derived from facter
> facts.
>

Nice to know I am not completely insane.

When I run puppet agent --test the hiera vars in files named for the node's
> $fqdn, etc. aren't found, but if I puppet apply specifying my site.pp
> manifest the variables contained in yaml files like $fqdn.yaml are found
> and applied properly. I've gone as far as testing this with masters running
> 3.0 and 2.7 but haven't seen any difference. For the sake of clarity, the
> agent is being run on the master.
>
> I've tried several permutations of specifying a hierarchy including
> quoting "%{fqdn}",  using no quotes, using the syntax for a top-level
> variable ${::fqdn}, etc. Each time running hiera from the CLI works as
> expected but the master can't be coerced to behave as expected.
>
> A bit of pastebin
> puppet apply (which works): http://pastebin.com/E5iBtt2t
> puppet agent --test (doesn't work): http://pastebin.com/GsA81Eyx


I didn't try using apply but it does look very similar to my problem.

On Thursday, 6 December 2012 18:31:09 UTC-5, Pete wrote:
>>
>> On Dec 7, 2012 12:08 AM, "jcbollinger"  wrote:
>> >
>> >
>> >
>> > On Tuesday, December 4, 2012 8:10:00 PM UTC-6, Pete wrote:
>> >>
>> >>
>> >> One last question.
>> >> I use a node level variable to specify the location of a node.
>> >> I use this for setting variables specific to that location like
>> different puppet master ip and nagios ip for the office and such.
>> >> I want to use that variable in hiera for the same purpose.
>> >> I have this in my hiera.yaml file.
>> >>
>> >> ---
>> >> :hierachy:
>> >>   - %{::clientcert}
>> >>   - %{::environment}
>> >>   - %{location}
>> >>   - virtual_%{::is_virtual}
>> >>   - common
>> >> :backends: yaml
>> >> :yaml:
>> >>   :datadir: /etc/puppet/hieradata
>> >>
>> >> it gets data from the common.yaml file but is seems to not get
>> anything from any of the other files.
>> >> it's definitely using the datadir because thats where the common.yaml
>> file is as well as the rest of the data files.
>> >> Am I missing something?
>> >>
>> >
>> > You are missing that node variables are not globals, and in fact don't
>> even have qualified names.  I strongly suspect that that is why Hiera is
>> not seeing them.
>>
>> That explains a why location isn't seen.
>>
>> I discovered later that hiera didn't seem to be using the facts either...
>>
>> Do I need to  do something else to allow hiera to see facts?
>> I am assuming if I can use facts I will work out how to set location as a
>> fact and just use it that way.
>>
>> As an aside, are ENC variables global?
>> I have been tempted to use my freeipa server as an ENC using ldap.
>>
>> I have also been tempted to have a go at writing an ldap backend for
>> hiera but that's another story...
>>
>> >
>> > There are several potential workarounds, among them:
>> > set the needed variable(s) at top-level, based on some sort of
>> conditional
>>
>> I was under the impression that node level variables were top level
>> variables but I am guessing I am wrong. Time to find some docs I guess. :)
>>
>> > push all the contents of your node blocks into classes, so that the
>> variables in question become class variables
>>
>> I am going to assume from that class variables are global because they
>> have qualified names?
>>
>> > instead of creating a separate hierarchy level with a data file for
>> each value of (say) $environment,use a hash of hashes in the level below,
>> with the $environment values as the outer hash keys
>> >
>> > Cheers,
>> >
>> > John
>> >
>> > --
>> > You received this message because you are subscribed to the Google
>> Groups "Puppet Users" group.
>> > To view this discussion on the web visit https://groups.google.com/d/**
>> msg/puppet-users/-/**1Ajo2OXHPC4J
>> .
>> >
>> > To post to this group, send email to puppet...@googlegroups.com.
>> > To unsubscribe from this group, send email to puppet-users...@**
>> googlegroups.com.
>>
>> > For more options, visit this group at http://groups.google.com/**
>> group/puppet-users?hl=en
>> .
>>
>>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/Gjgrw66TRWkJ.
>
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group,

Re: [Puppet Users] "Could not render to pson"

[Peter Brown]

Is it possible to install the .so from a package and install it on the node
via a custom repository?
Managing shared libraries via puppet is screaming "Dependency Hell" in my
brain.


On 7 December 2012 01:24, Tom Owens  wrote:

> I found this error in syslog:
>
> Dec  3 16:43:15 0x0x0tuna puppet-agent[16790]:
> (/Stage[main]/Tuna/File[/u/net/profile/common/zoom.so.32/hpsw.so]/content)
> change from {md5}9913d05900c2fd8cd14ef2efec728457 to
> {md5}fe7db3112ffcea0f80fbda99b7da408c failed: Could not back up
> /u/net/profile/common/zoom.so.32/hpsw.so: Could not render to pson:
> "\340\215\203"
>
> As far as I can tell, the agent on this client box is trying to push
> /u/net/profile/common/zoom.so.32/hpsw.so into the filebucket on the puppet
> master and failing.  Since that backup fails, it won't receive the new
> file, which is a problem.
>
> Does anybody have any ideas on how to fix this?  Or at least a better idea
> how to diagnose why it's failing?  I do not have this issue with text
> files.  hpsw.so is a shared library in Linux.
>
> Thanks,
>
> Tom
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/re0nCcocQLQJ.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Having puppetmaster checkout manifests from subversion

[Peter Brown]

Hi Thomas,

About the only way I can see that working is if you setup a cron job on the
puppet master that updates the svn and then do the remote puppet runs.

Git may be a better way to achieve this.

On 6 December 2012 21:19, Thomas Rasmussen wrote:

> Hi
>
> I'm looking into a setup where we'd like the puppetmaster to
> checkout/update all the manifests from subversion before it compiles the
> manifests served to puppet nodes. I have been looking through the
> documentation, and I can't seem to find a way of doing this.
>
> We'd like to be able to develop our manifests on our local computers and
> when committed to subversion, force a puppet agent run and this run would
> then use the newest manifests available. We are not using automated puppet
> agent runs, so the problem of a commit suddenly breaking code without
> noticing should not be a problem.
>
> The subversion server is not running on the same server as puppetmaster,
> so any interaction from subversion to puppet is not possible.
>
> Any ideas how this problem can be solved?
>
> We are running puppet 2.7.18 on our master server.
>
> Regards
> Thomas
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/eIWMOngAR90J.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: hiera default values for a variable

[Peter Brown]

On Dec 7, 2012 12:08 AM, "jcbollinger"  wrote:
>
>
>
> On Tuesday, December 4, 2012 8:10:00 PM UTC-6, Pete wrote:
>>
>>
>> One last question.
>> I use a node level variable to specify the location of a node.
>> I use this for setting variables specific to that location like
different puppet master ip and nagios ip for the office and such.
>> I want to use that variable in hiera for the same purpose.
>> I have this in my hiera.yaml file.
>>
>> ---
>> :hierachy:
>>   - %{::clientcert}
>>   - %{::environment}
>>   - %{location}
>>   - virtual_%{::is_virtual}
>>   - common
>> :backends: yaml
>> :yaml:
>>   :datadir: /etc/puppet/hieradata
>>
>> it gets data from the common.yaml file but is seems to not get anything
from any of the other files.
>> it's definitely using the datadir because thats where the common.yaml
file is as well as the rest of the data files.
>> Am I missing something?
>>
>
> You are missing that node variables are not globals, and in fact don't
even have qualified names.  I strongly suspect that that is why Hiera is
not seeing them.

That explains a why location isn't seen.

I discovered later that hiera didn't seem to be using the facts either...

Do I need to  do something else to allow hiera to see facts?
I am assuming if I can use facts I will work out how to set location as a
fact and just use it that way.

As an aside, are ENC variables global?
I have been tempted to use my freeipa server as an ENC using ldap.

I have also been tempted to have a go at writing an ldap backend for hiera
but that's another story...

>
> There are several potential workarounds, among them:
> set the needed variable(s) at top-level, based on some sort of conditional

I was under the impression that node level variables were top level
variables but I am guessing I am wrong. Time to find some docs I guess. :)

> push all the contents of your node blocks into classes, so that the
variables in question become class variables

I am going to assume from that class variables are global because they have
qualified names?

> instead of creating a separate hierarchy level with a data file for each
value of (say) $environment,use a hash of hashes in the level below, with
the $environment values as the outer hash keys
>
> Cheers,
>
> John
>
> --
> You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
> To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/1Ajo2OXHPC4J.
>
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: hiera default values for a variable

[Peter Brown]

On 6 December 2012 14:08, Chad Huneycutt  wrote:

> On Wed, Dec 5, 2012 at 9:29 PM, Peter Brown  wrote:
> > On 5 December 2012 21:10, Vaidas Jablonskis 
> wrote:
> >> On Wednesday, 5 December 2012 02:10:00 UTC, Pete wrote:
> >>> On 4 December 2012 21:17, Vaidas Jablonskis 
> wrote:
> >>>
> >>> One last question.
> >>> I use a node level variable to specify the location of a node.
> >>> I use this for setting variables specific to that location like
> different
> >>> puppet master ip and nagios ip for the office and such.
> >>> I want to use that variable in hiera for the same purpose.
> >>> I have this in my hiera.yaml file.
> >>>
> >>> ---
> >>> :hierachy:
> >>>   - %{::clientcert}
> >>>   - %{::environment}
> >>>   - %{location}
> >>>   - virtual_%{::is_virtual}
> >>>   - common
> >>> :backends: yaml
> >>> :yaml:
> >>>   :datadir: /etc/puppet/hieradata
> >>>
> >>> it gets data from the common.yaml file but is seems to not get anything
> >>> from any of the other files.
> >>> it's definitely using the datadir because thats where the common.yaml
> >>> file is as well as the rest of the data files.
> >>> Am I missing something?
> >>>
> >> When you specify variables in hiera.yaml configuration file, then they
> are
> >> facts, not actual Puppet variables. So in this case you have it wrong.
> >>
> >> Instead of %{::environment}, use %{environment}, because a fact is
> always
> >> going to be a top scope variable.
> >
> >
> > That doesn't seem to work either...
> > I tried putting in another entry called extra (no var just the name) and
> it
> > didn't get used either.
> > So it's like it's not using anything that isn't called common.yaml
> >
> > So my guess is it's not the variables it's something else.
> >
> > Anyone got any ideas?
> > Or some docs I can dredge through?
>
>
> hiera generates great traces if you enable it.  I *think* you enable
> debug on the master to turn it on, but there might be something else
> you have to do.  If all else fails, the code is actually pretty
> straight-forward...
>

Do you mean using the --debug flag on a puppet agent run?
I tried that and it didn't tell me anything useful.

I also switched to getting the vars with a hiera('class::variable') call
and all that told me was

Error: Could not retrieve catalog from remote server: Error 400 on SERVER:
Could not find data item nrpe::params::nagios_ips in any Hiera data file
and no default supplied at
/usr/local/puppet/environments/development/modules/nrpe/manifests/params.pp:10
on node test.example.com

It doesn't tell me which hiera data files it it searching either which
doesn't help at all.

If I move the variable into my common.yaml file it works perfectly.

I don't have the time to dredge through ruby code to find out whats going
on.
I still haven't learnt ruby so it would take me longer to work it out.



>
>
> --
> Chad M. Huneycutt
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet & Nagios/NRPE with Plugins...

[Peter Brown]

Cool.

Let me know how it goes.
I am making a start at splitting out my code for nagios into a module by
itself and setting up one for icinga as well.

Will likely post to the list when it's ready for consumption.


Pete.



On 5 December 2012 23:17, Gavin Williams  wrote:

> Pete
>
> Cheers for that...
>
> Will have a read through the code and give it a spin :)
>
> Cheers
> Gavin
>
> On Wednesday, 5 December 2012 04:45:05 UTC, Pete wrote:
>
>> Hi again,
>>
>> It seems github is a better option as they have an issue tracker.
>>
>> https://github.com/rendhalver/**puppet-nrpe<https://github.com/rendhalver/puppet-nrpe>
>>
>>
>>
>> On 5 December 2012 13:30, Peter Brown  wrote:
>>
>>> Hi Gav,
>>>
>>> I just put my nrpe module up on gitorious.
>>>
>>> https://gitorious.org/**rendhalver-puppet/nrpe<https://gitorious.org/rendhalver-puppet/nrpe>
>>>
>>> I had to pull out my nrpe::firewall class for now because it uses my
>>> firewall module which I will be releasing at some point as well.
>>> I tagged the stable release as v1.0 so if you are going to clone it
>>> check out that tag if you prefer.
>>> The docs are non-existent as yet but the code is pretty self explanatory.
>>>
>>> it sets up nrpe on a node and you use the nrpe::plugin define to add new
>>> services.
>>> I use nrpe::params to set my variables so you need something in your
>>> node like this to set those.
>>> You can of course use hiera if you prefer.
>>>
>>> include nrpe
>>> class {'nrpe::params':
>>>   nagios_extra_plugins => '/srv/scripts/nagios',
>>>   nagios_ips => '192.168.0.1',
>>> }
>>>
>>> You can also set the port, user and group nrpe runs as as well as a few
>>> other vars.
>>>
>>> the nrpe::plugin works something like this.
>>>
>>> class monitoring::service::disk ( $ensure = $nagios_ensure, $host_name =
>>> $nagios_host_name, $service_type = 'standard_service', $notifications =
>>> $nagios_notifications ) {
>>>
>>>   @@nagios_service { "${host_name}_disk":
>>> ensure  => $ensure,
>>> use   => $service_type,
>>> host_name   => $host_name,
>>> service_description   => 'DISK',
>>> servicegroups => $nagios_host_type ? { 'nonotify_server' =>
>>> 'system', default => 'system,important_email' },
>>> check_command => 'check_nrpe!check_disk',
>>> contact_groups  => $nagios_sms_alerts ? { false =>
>>> 'admins,linux_admins', true => 'admins,linux_admins,linux_**admin_sms'
>>> },
>>> notifications_enabled => $notifications ? { default => undef, false
>>> => 0 },
>>> register=> 1,
>>> notify  => Service[nagios],
>>> tag   => "nagios_${monitoring_server}",
>>>   }
>>>   nrpe::plugin { 'disk':
>>> ensure  => $ensure,
>>> plugin  => 'main',
>>> sudo => true, # you will need an sudo rule for that.
>>> check_command => 'check_disk -w 20% -c 10% --all',
>>> notify  => Class['nrpe::service'],
>>>   }
>>> }
>>>
>>> That is how I use that define in my monitoring class which will get
>>> released as well once I split out the nagios code into it's own module.
>>>
>>> if you find any bugs please let me know and I shall fix them as soon as
>>> I can.
>>>
>>> I will be putting it on puppet forge as well once I work out how that
>>> works.
>>>
>>> Hope that helps.
>>>
>>> If anyone else is keen to try it out let me know how it goes.
>>>
>>> Pete.
>>>
>>> On 5 December 2012 09:26, Peter Brown  wrote:
>>>
>>>> On 4 December 2012 17:05, fatmcgav  wrote:
>>>>
>>>>> Pete
>>>>>
>>>>> Sounds good to me... N be easier than me re-inventing the wheel...
>>>>>
>>>>> Would be happy to guinea pig... :)
>>>>>
>>>>
>>>>
>>>> Awesome.
>>>> I have an account on gitorious which I am going to use to put my code
>>>> on.
>>>> Gimme a bit to get my 

Re: [Puppet Users] Re: hiera default values for a variable

[Peter Brown]

On 5 December 2012 21:10, Vaidas Jablonskis  wrote:

>
>
> On Wednesday, 5 December 2012 02:10:00 UTC, Pete wrote:
>
>> On 4 December 2012 21:17, Vaidas Jablonskis  wrote:
>>
>>> Yes, it is that simple.
>>
>>
>> I gave it a go just after I sent my email and it works like a charm.
>>
>>
>> The other way of doing (some people prefer this way actually) is to put
>>> your variables inside the actual class (not as parameters of the class),
>>> for example:
>>>
>>> class foo {
>>>   $my_parameter   = hiera('foo::my_parameter', 'default_value')
>>>   $another_parameter = hiera('foo::another_parameter'**, 'some default
>>> value')
>>>
>>>   <...>
>>> }
>>>
>>
>> I was doing it that way but I wasn't aware I could set a default in the
>> hiera call.
>> That's a pretty handy trick.
>>
>> As you can see I didn't use any class parameters, I just put my variable
>>> inside the class and used hiera() funciton to fetch the values from hiera
>>> data. There are couple of things to understand here:
>>>
>>> 1. syntax of hiera() is: hiera('parameter_to_look_for',
>>> 'default_value_if_not_found')
>>> 2. the "parameter_to_look_for" can be anything you like, but the best
>>> practice is to keep it consistent, so for example you have a class 'foo'
>>> and a variable 'myvar' inside the class, then you should have it as
>>> 'foo::myvar' in hiera data files.
>>>
>>
>> Ah very cool.
>> That works just as well as the other way.
>> I am leaning towards puppet parameter vars in my name::params class
>> because it makes it a bit more portable and will work for those not using
>> hiera yet.
>>
>> Hope this helps.
>>>
>>
>> Indeed it does.
>> Thanks for the explanation.
>> (I would have looked up the docs but they don't seem to exist yet)
>>
>> Now I have a nice portable way of setting variables and can rewrite all
>> my classes to actually be portable and will me so  much happier releasing
>> them.
>>
>> One last question.
>> I use a node level variable to specify the location of a node.
>> I use this for setting variables specific to that location like different
>> puppet master ip and nagios ip for the office and such.
>> I want to use that variable in hiera for the same purpose.
>> I have this in my hiera.yaml file.
>>
>> ---
>> :hierachy:
>>   - %{::clientcert}
>>   - %{::environment}
>>   - %{location}
>>   - virtual_%{::is_virtual}
>>   - common
>> :backends: yaml
>> :yaml:
>>   :datadir: /etc/puppet/hieradata
>>
>> it gets data from the common.yaml file but is seems to not get anything
>> from any of the other files.
>> it's definitely using the datadir because thats where the common.yaml
>> file is as well as the rest of the data files.
>> Am I missing something?
>>
>> When you specify variables in hiera.yaml configuration file, then they
> are facts, not actual Puppet variables. So in this case you have it wrong.
>
> Instead of %{::environment}, use %{environment}, because a fact is always
> going to be a top scope variable.
>

That doesn't seem to work either...
I tried putting in another entry called extra (no var just the name) and it
didn't get used either.
So it's like it's not using anything that isn't called common.yaml

So my guess is it's not the variables it's something else.

Anyone got any ideas?
Or some docs I can dredge through?



>
>> Pete.
>>
>>
>>> --
>>>   Vaidas
>>>
>>> On Tuesday, 4 December 2012 00:00:21 UTC, Pete wrote:

 On 3 December 2012 22:38, Vaidas Jablonskis  wrote:

> Hi Pete,
>
> It depends on what version of puppet you use. If you use 3.x, then it
> has hiera built-in. So it's very simple to write classes which are
> compatible with v2.7 or v3.x versions.
>

 I am testing on 3.

 I normally write something like this:
>
> class foo(
>   $parameter = undef,
> ) {...}
>

 Ah nice.
 That's pretty logical.
 I didn't think of doing that.

 What that means is that puppet will automatically call
> hiera('foo::parameter') and tries to find a value for $parameter in the
> hierarchy if it cannot find it, then the value of $parameter will be equal
> to undef.
>

 Ah I wasn't aware I could define vars like that in Hiera.
 Is it as simple putting this in one of my data files?

 foo::parameter: value


 Pete



>
> On Monday, 3 December 2012 03:42:08 UTC, Pete wrote:
>>
>> Hi everyone,
>>
>> I currently have a giant file with default variables I use in a lot
>> of my modules and I override those at the node level if I need to.
>> I thought I would give porting that data into a hiera setup.
>>
>> I worked out how to specify my data sources and started to make a go
>> at moving some of my variables in the default data file.
>>
>> I thought heira would be smart and set a variable to undef if it
>> couldn't find it but that doesn't seem to be the case. (unless I missed
>> something in the rather spa

Re: [Puppet Users] Puppet & Nagios/NRPE with Plugins...

[Peter Brown]

Hi again,

It seems github is a better option as they have an issue tracker.

https://github.com/rendhalver/puppet-nrpe



On 5 December 2012 13:30, Peter Brown  wrote:

> Hi Gav,
>
> I just put my nrpe module up on gitorious.
>
> https://gitorious.org/rendhalver-puppet/nrpe
>
> I had to pull out my nrpe::firewall class for now because it uses my
> firewall module which I will be releasing at some point as well.
> I tagged the stable release as v1.0 so if you are going to clone it check
> out that tag if you prefer.
> The docs are non-existent as yet but the code is pretty self explanatory.
>
> it sets up nrpe on a node and you use the nrpe::plugin define to add new
> services.
> I use nrpe::params to set my variables so you need something in your node
> like this to set those.
> You can of course use hiera if you prefer.
>
> include nrpe
> class {'nrpe::params':
>   nagios_extra_plugins => '/srv/scripts/nagios',
>   nagios_ips => '192.168.0.1',
> }
>
> You can also set the port, user and group nrpe runs as as well as a few
> other vars.
>
> the nrpe::plugin works something like this.
>
> class monitoring::service::disk ( $ensure = $nagios_ensure, $host_name =
> $nagios_host_name, $service_type = 'standard_service', $notifications =
> $nagios_notifications ) {
>
>   @@nagios_service { "${host_name}_disk":
> ensure  => $ensure,
> use   => $service_type,
> host_name   => $host_name,
> service_description   => 'DISK',
> servicegroups => $nagios_host_type ? { 'nonotify_server' =>
> 'system', default => 'system,important_email' },
> check_command => 'check_nrpe!check_disk',
> contact_groups  => $nagios_sms_alerts ? { false =>
> 'admins,linux_admins', true => 'admins,linux_admins,linux_admin_sms' },
> notifications_enabled => $notifications ? { default => undef, false =>
> 0 },
> register=> 1,
> notify  => Service[nagios],
> tag   => "nagios_${monitoring_server}",
>   }
>   nrpe::plugin { 'disk':
> ensure  => $ensure,
> plugin  => 'main',
> sudo => true, # you will need an sudo rule for that.
> check_command => 'check_disk -w 20% -c 10% --all',
> notify  => Class['nrpe::service'],
>   }
> }
>
> That is how I use that define in my monitoring class which will get
> released as well once I split out the nagios code into it's own module.
>
> if you find any bugs please let me know and I shall fix them as soon as I
> can.
>
> I will be putting it on puppet forge as well once I work out how that
> works.
>
> Hope that helps.
>
> If anyone else is keen to try it out let me know how it goes.
>
> Pete.
>
> On 5 December 2012 09:26, Peter Brown  wrote:
>
>> On 4 December 2012 17:05, fatmcgav  wrote:
>>
>>> Pete
>>>
>>> Sounds good to me... N be easier than me re-inventing the wheel...
>>>
>>> Would be happy to guinea pig... :)
>>>
>>
>>
>> Awesome.
>> I have an account on gitorious which I am going to use to put my code on.
>> Gimme a bit to get my module cleaned up and make sure it works by itself.
>> Will let you know when it's up there.
>>
>> Pete.
>>
>>
>>
>>>
>>> Cheers
>>> Gav
>>>
>>>
>>>
>>> On 3 December 2012 23:56, Peter Brown  wrote:
>>>
>>>> Hi Gavin,
>>>>
>>>> I have a module i wrote that seems like it will do what you need.
>>>> I also have a nagios module that uses it to setup nrpe services on each
>>>> node and exports nagios checks to be imported into a nagios instance.
>>>>
>>>> I basically setup nrpe on each node to use a config directory and have
>>>> a define that uses templates to generate each nrpe service that need to be
>>>> setup.
>>>> My nagios module needs some rewriting before I will be happy releasing
>>>> it.
>>>> The nrpe module is pretty much good to go though.
>>>> It can also use sudo, also managed by another module I have (Yeah I
>>>> have a lot olf modules and most of them talk to other modules I wrote)
>>>>
>>>> I am going start putting my stuff on github and puppet forge as soon as
>>>> I have them ready.
>>>>
>>>> Are you interested in being a guinea pig?
>&g

Re: [Puppet Users] Puppet & Nagios/NRPE with Plugins...

[Peter Brown]

Hi Gav,

I just put my nrpe module up on gitorious.

https://gitorious.org/rendhalver-puppet/nrpe

I had to pull out my nrpe::firewall class for now because it uses my
firewall module which I will be releasing at some point as well.
I tagged the stable release as v1.0 so if you are going to clone it check
out that tag if you prefer.
The docs are non-existent as yet but the code is pretty self explanatory.

it sets up nrpe on a node and you use the nrpe::plugin define to add new
services.
I use nrpe::params to set my variables so you need something in your node
like this to set those.
You can of course use hiera if you prefer.

include nrpe
class {'nrpe::params':
  nagios_extra_plugins => '/srv/scripts/nagios',
  nagios_ips => '192.168.0.1',
}

You can also set the port, user and group nrpe runs as as well as a few
other vars.

the nrpe::plugin works something like this.

class monitoring::service::disk ( $ensure = $nagios_ensure, $host_name =
$nagios_host_name, $service_type = 'standard_service', $notifications =
$nagios_notifications ) {

  @@nagios_service { "${host_name}_disk":
ensure  => $ensure,
use   => $service_type,
host_name   => $host_name,
service_description   => 'DISK',
servicegroups => $nagios_host_type ? { 'nonotify_server' =>
'system', default => 'system,important_email' },
check_command => 'check_nrpe!check_disk',
contact_groups  => $nagios_sms_alerts ? { false =>
'admins,linux_admins', true => 'admins,linux_admins,linux_admin_sms' },
notifications_enabled => $notifications ? { default => undef, false =>
0 },
register=> 1,
notify  => Service[nagios],
tag   => "nagios_${monitoring_server}",
  }
  nrpe::plugin { 'disk':
ensure  => $ensure,
plugin  => 'main',
sudo => true, # you will need an sudo rule for that.
check_command => 'check_disk -w 20% -c 10% --all',
notify  => Class['nrpe::service'],
  }
}

That is how I use that define in my monitoring class which will get
released as well once I split out the nagios code into it's own module.

if you find any bugs please let me know and I shall fix them as soon as I
can.

I will be putting it on puppet forge as well once I work out how that works.

Hope that helps.

If anyone else is keen to try it out let me know how it goes.

Pete.

On 5 December 2012 09:26, Peter Brown  wrote:

> On 4 December 2012 17:05, fatmcgav  wrote:
>
>> Pete
>>
>> Sounds good to me... N be easier than me re-inventing the wheel...
>>
>> Would be happy to guinea pig... :)
>>
>
>
> Awesome.
> I have an account on gitorious which I am going to use to put my code on.
> Gimme a bit to get my module cleaned up and make sure it works by itself.
> Will let you know when it's up there.
>
> Pete.
>
>
>
>>
>> Cheers
>> Gav
>>
>>
>>
>> On 3 December 2012 23:56, Peter Brown  wrote:
>>
>>> Hi Gavin,
>>>
>>> I have a module i wrote that seems like it will do what you need.
>>> I also have a nagios module that uses it to setup nrpe services on each
>>> node and exports nagios checks to be imported into a nagios instance.
>>>
>>> I basically setup nrpe on each node to use a config directory and have a
>>> define that uses templates to generate each nrpe service that need to be
>>> setup.
>>> My nagios module needs some rewriting before I will be happy releasing
>>> it.
>>> The nrpe module is pretty much good to go though.
>>> It can also use sudo, also managed by another module I have (Yeah I have
>>> a lot olf modules and most of them talk to other modules I wrote)
>>>
>>> I am going start putting my stuff on github and puppet forge as soon as
>>> I have them ready.
>>>
>>> Are you interested in being a guinea pig?
>>>
>>> :)
>>>
>>> Pete.
>>>
>>>
>>> On 3 December 2012 21:47, Gavin Williams  wrote:
>>>
>>>> Morning all
>>>>
>>>> I've had a quick google, but couldn't find anything useful for our
>>>> scenario...
>>>>
>>>> Basically, we use Nagios & NRPE in our environment, along with a
>>>> hand-full of in-house written plugins specific to our applications etc...
>>>> These scripts change on a fairly regular basis, so hand rolling a RPM
>>>> each time is too much work as far as i'm concerned...
>>>>
>&g

Re: [Puppet Users] Re: hiera default values for a variable

[Peter Brown]

On 4 December 2012 21:17, Vaidas Jablonskis  wrote:

> Yes, it is that simple.


I gave it a go just after I sent my email and it works like a charm.


The other way of doing (some people prefer this way actually) is to put
> your variables inside the actual class (not as parameters of the class),
> for example:
>
> class foo {
>   $my_parameter   = hiera('foo::my_parameter', 'default_value')
>   $another_parameter = hiera('foo::another_parameter', 'some default
> value')
>
>   <...>
> }
>

I was doing it that way but I wasn't aware I could set a default in the
hiera call.
That's a pretty handy trick.

As you can see I didn't use any class parameters, I just put my variable
> inside the class and used hiera() funciton to fetch the values from hiera
> data. There are couple of things to understand here:
>
> 1. syntax of hiera() is: hiera('parameter_to_look_for',
> 'default_value_if_not_found')
> 2. the "parameter_to_look_for" can be anything you like, but the best
> practice is to keep it consistent, so for example you have a class 'foo'
> and a variable 'myvar' inside the class, then you should have it as
> 'foo::myvar' in hiera data files.
>

Ah very cool.
That works just as well as the other way.
I am leaning towards puppet parameter vars in my name::params class because
it makes it a bit more portable and will work for those not using hiera yet.

Hope this helps.
>

Indeed it does.
Thanks for the explanation.
(I would have looked up the docs but they don't seem to exist yet)

Now I have a nice portable way of setting variables and can rewrite all my
classes to actually be portable and will me so  much happier releasing them.

One last question.
I use a node level variable to specify the location of a node.
I use this for setting variables specific to that location like different
puppet master ip and nagios ip for the office and such.
I want to use that variable in hiera for the same purpose.
I have this in my hiera.yaml file.

---
:hierachy:
  - %{::clientcert}
  - %{::environment}
  - %{location}
  - virtual_%{::is_virtual}
  - common
:backends: yaml
:yaml:
  :datadir: /etc/puppet/hieradata

it gets data from the common.yaml file but is seems to not get anything
from any of the other files.
it's definitely using the datadir because thats where the common.yaml file
is as well as the rest of the data files.
Am I missing something?


Pete.


> --
>   Vaidas
>
> On Tuesday, 4 December 2012 00:00:21 UTC, Pete wrote:
>>
>> On 3 December 2012 22:38, Vaidas Jablonskis  wrote:
>>
>>> Hi Pete,
>>>
>>> It depends on what version of puppet you use. If you use 3.x, then it
>>> has hiera built-in. So it's very simple to write classes which are
>>> compatible with v2.7 or v3.x versions.
>>>
>>
>> I am testing on 3.
>>
>> I normally write something like this:
>>>
>>> class foo(
>>>   $parameter = undef,
>>> ) {...}
>>>
>>
>> Ah nice.
>> That's pretty logical.
>> I didn't think of doing that.
>>
>> What that means is that puppet will automatically call
>>> hiera('foo::parameter') and tries to find a value for $parameter in the
>>> hierarchy if it cannot find it, then the value of $parameter will be equal
>>> to undef.
>>>
>>
>> Ah I wasn't aware I could define vars like that in Hiera.
>> Is it as simple putting this in one of my data files?
>>
>> foo::parameter: value
>>
>>
>> Pete
>>
>>
>>
>>>
>>> On Monday, 3 December 2012 03:42:08 UTC, Pete wrote:

 Hi everyone,

 I currently have a giant file with default variables I use in a lot of
 my modules and I override those at the node level if I need to.
 I thought I would give porting that data into a hiera setup.

 I worked out how to specify my data sources and started to make a go at
 moving some of my variables in the default data file.

 I thought heira would be smart and set a variable to undef if it
 couldn't find it but that doesn't seem to be the case. (unless I missed
 something in the rather sparse documentation)
 Is there a way of telling it to do this?

 I was also trying to work out how I automagically get my parametized
 classed to pull in vars from hiera. (The docs on that don't tell me much
 either.)
 Can anyone tall me how that works? Or do I have to use the hiera
 functions which isn't automagical in my book.

 My current variables are set with a default value in my main file and
 then I override those at the node level if I need to (so kind of the same
 way hiera does it anyway)

 So given all of that I can't see any reason to switch to using heira
 because my current setup works as-is (my variable file is getting pretty
 huge anyway but that isn't going to change with heira if it won't set a var
 to undef).

 What are the benefits or using an external source for variables instead
 of sticking them in my node definitions (which seems like it would be
 faster because it doesn't have to use an external source)?

Re: [Puppet Users] Puppet & Nagios/NRPE with Plugins...

[Peter Brown]

On 4 December 2012 17:05, fatmcgav  wrote:

> Pete
>
> Sounds good to me... N be easier than me re-inventing the wheel...
>
> Would be happy to guinea pig... :)
>


Awesome.
I have an account on gitorious which I am going to use to put my code on.
Gimme a bit to get my module cleaned up and make sure it works by itself.
Will let you know when it's up there.

Pete.



>
> Cheers
> Gav
>
>
>
> On 3 December 2012 23:56, Peter Brown  wrote:
>
>> Hi Gavin,
>>
>> I have a module i wrote that seems like it will do what you need.
>> I also have a nagios module that uses it to setup nrpe services on each
>> node and exports nagios checks to be imported into a nagios instance.
>>
>> I basically setup nrpe on each node to use a config directory and have a
>> define that uses templates to generate each nrpe service that need to be
>> setup.
>> My nagios module needs some rewriting before I will be happy releasing it.
>> The nrpe module is pretty much good to go though.
>> It can also use sudo, also managed by another module I have (Yeah I have
>> a lot olf modules and most of them talk to other modules I wrote)
>>
>> I am going start putting my stuff on github and puppet forge as soon as I
>> have them ready.
>>
>> Are you interested in being a guinea pig?
>>
>> :)
>>
>> Pete.
>>
>>
>> On 3 December 2012 21:47, Gavin Williams  wrote:
>>
>>> Morning all
>>>
>>> I've had a quick google, but couldn't find anything useful for our
>>> scenario...
>>>
>>> Basically, we use Nagios & NRPE in our environment, along with a
>>> hand-full of in-house written plugins specific to our applications etc...
>>> These scripts change on a fairly regular basis, so hand rolling a RPM
>>> each time is too much work as far as i'm concerned...
>>>
>>> So I can easily get NRPE installed on a node using Puppet... However
>>> what I'm struggling with is getting all the plugins synced over aswell...
>>>
>>> One suggestion I read was to use a file resource, however I've also read
>>> about severe performance issues when working with tens of files...
>>> I dont really want to have to create some kind of NFS file share to
>>> distribute the files...
>>>
>>> So, any other ideas?
>>>
>>> Cheers
>>> Gavin
>>>
>>> P.S. Env consists of a single 3.0 Puppet Master, currently with about a
>>> dozen nodes connected, but this will rapidly increase once we start full
>>> roll-out...
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Puppet Users" group.
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msg/puppet-users/-/NgMZ8MKfN1oJ.
>>>
>>> To post to this group, send email to puppet-users@googlegroups.com.
>>> To unsubscribe from this group, send email to
>>> puppet-users+unsubscr...@googlegroups.com.
>>> For more options, visit this group at
>>> http://groups.google.com/group/puppet-users?hl=en.
>>>
>>
>>  --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To post to this group, send email to puppet-users@googlegroups.com.
>> To unsubscribe from this group, send email to
>> puppet-users+unsubscr...@googlegroups.com.
>> For more options, visit this group at
>> http://groups.google.com/group/puppet-users?hl=en.
>>
>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] It is possible to transfer files from nodes to master?

[Peter Brown]

Hi again.

It's probably a better idea to use a dedicated backup tool to do this.
Puppet wasn't designed as a backup tool. It can likely be setup to manage
the backup software and such.
I personally do backups with amanda which I manage with puppet using a
module I found and some extra classes to generate some exported resources
to configure the actual backups on the amanda server.
I use another tool to do mysql backups it's called xtrabackup and it only
does MySQL databases.
I then use rsync (Also managed with puppet) to copy those backups to a
backup server.

Pete.


On 4 December 2012 14:36, Gary Larizza  wrote:

> Cristy,
>
> Puppet doesn't have a built-in way to grab data from the client-side and
> save it on the Master.  There IS the Filebucket (
> http://docs.puppetlabs.com/references/latest/type.html#filebucket
> http://docs.puppetlabs.com/man/filebucket.html) but that's not something
> I would feel comfortable doing (it's better for backing up a file before
> Puppet replaces the file).
>
> Having said that, you could have exec resources for each task (creating a
> database dump, sending the task to a remote server) that would model this,
> but you would have to specify what each task means (i.e. HOW it gets the
> data dump and HOW it sends it back to the Master).
>
> Does that make sense?
>
> --
> Gary Larizza
> Sent with Sparrow 
>
> On Monday, December 3, 2012 at 11:33 AM, cristy wrote:
>
>
>
>Hi,
>
> I'm newbie to puppet, and I was wondering if it is possible to get
> files from nodes to master, not only in uniderictional way like master to
> agent nodes.
> To be more specific, I need to create dumps of client's database and
> get it back to the server.
>
>Thank you!
>
>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/mLCjSepBKoIJ.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] It is possible to transfer files from nodes to master?

[Peter Brown]

On 4 December 2012 05:33, cristy  wrote:

>
>
>Hi,
>
> I'm newbie to puppet, and I was wondering if it is possible to get
> files from nodes to master, not only in uniderictional way like master to
> agent nodes.
> To be more specific, I need to create dumps of client's database and
> get it back to the server.
>

Kind of.
Maybe.
It's theoretically possibly using exported resources but you would need to
dynamically create them using some kind of exec.
I can imagine how it would work but it would be pretty complex and probably
not the best way to "cut your teeth" as it were.


Pete.




>
>Thank you!
>
>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/mLCjSepBKoIJ.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: hiera default values for a variable

[Peter Brown]

On 3 December 2012 22:38, Vaidas Jablonskis  wrote:

> Hi Pete,
>
> It depends on what version of puppet you use. If you use 3.x, then it has
> hiera built-in. So it's very simple to write classes which are compatible
> with v2.7 or v3.x versions.
>

I am testing on 3.

I normally write something like this:
>
> class foo(
>   $parameter = undef,
> ) {...}
>

Ah nice.
That's pretty logical.
I didn't think of doing that.

What that means is that puppet will automatically call
> hiera('foo::parameter') and tries to find a value for $parameter in the
> hierarchy if it cannot find it, then the value of $parameter will be equal
> to undef.
>

Ah I wasn't aware I could define vars like that in Hiera.
Is it as simple putting this in one of my data files?

foo::parameter: value


Pete



>
> On Monday, 3 December 2012 03:42:08 UTC, Pete wrote:
>>
>> Hi everyone,
>>
>> I currently have a giant file with default variables I use in a lot of my
>> modules and I override those at the node level if I need to.
>> I thought I would give porting that data into a hiera setup.
>>
>> I worked out how to specify my data sources and started to make a go at
>> moving some of my variables in the default data file.
>>
>> I thought heira would be smart and set a variable to undef if it couldn't
>> find it but that doesn't seem to be the case. (unless I missed something in
>> the rather sparse documentation)
>> Is there a way of telling it to do this?
>>
>> I was also trying to work out how I automagically get my parametized
>> classed to pull in vars from hiera. (The docs on that don't tell me much
>> either.)
>> Can anyone tall me how that works? Or do I have to use the hiera
>> functions which isn't automagical in my book.
>>
>> My current variables are set with a default value in my main file and
>> then I override those at the node level if I need to (so kind of the same
>> way hiera does it anyway)
>>
>> So given all of that I can't see any reason to switch to using heira
>> because my current setup works as-is (my variable file is getting pretty
>> huge anyway but that isn't going to change with heira if it won't set a var
>> to undef).
>>
>> What are the benefits or using an external source for variables instead
>> of sticking them in my node definitions (which seems like it would be
>> faster because it doesn't have to use an external source)?
>>
>> Thanks in advance.
>> Pete.
>>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/PreiZnQjKIcJ.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet & Nagios/NRPE with Plugins...

[Peter Brown]

Hi Gavin,

I have a module i wrote that seems like it will do what you need.
I also have a nagios module that uses it to setup nrpe services on each
node and exports nagios checks to be imported into a nagios instance.

I basically setup nrpe on each node to use a config directory and have a
define that uses templates to generate each nrpe service that need to be
setup.
My nagios module needs some rewriting before I will be happy releasing it.
The nrpe module is pretty much good to go though.
It can also use sudo, also managed by another module I have (Yeah I have a
lot olf modules and most of them talk to other modules I wrote)

I am going start putting my stuff on github and puppet forge as soon as I
have them ready.

Are you interested in being a guinea pig?

:)

Pete.


On 3 December 2012 21:47, Gavin Williams  wrote:

> Morning all
>
> I've had a quick google, but couldn't find anything useful for our
> scenario...
>
> Basically, we use Nagios & NRPE in our environment, along with a hand-full
> of in-house written plugins specific to our applications etc...
> These scripts change on a fairly regular basis, so hand rolling a RPM each
> time is too much work as far as i'm concerned...
>
> So I can easily get NRPE installed on a node using Puppet... However what
> I'm struggling with is getting all the plugins synced over aswell...
>
> One suggestion I read was to use a file resource, however I've also read
> about severe performance issues when working with tens of files...
> I dont really want to have to create some kind of NFS file share to
> distribute the files...
>
> So, any other ideas?
>
> Cheers
> Gavin
>
> P.S. Env consists of a single 3.0 Puppet Master, currently with about a
> dozen nodes connected, but this will rapidly increase once we start full
> roll-out...
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/NgMZ8MKfN1oJ.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] hiera default values for a variable

[Peter Brown]

Hi everyone,

I currently have a giant file with default variables I use in a lot of my
modules and I override those at the node level if I need to.
I thought I would give porting that data into a hiera setup.

I worked out how to specify my data sources and started to make a go at
moving some of my variables in the default data file.

I thought heira would be smart and set a variable to undef if it couldn't
find it but that doesn't seem to be the case. (unless I missed something in
the rather sparse documentation)
Is there a way of telling it to do this?

I was also trying to work out how I automagically get my parametized
classed to pull in vars from hiera. (The docs on that don't tell me much
either.)
Can anyone tall me how that works? Or do I have to use the hiera functions
which isn't automagical in my book.

My current variables are set with a default value in my main file and then
I override those at the node level if I need to (so kind of the same way
hiera does it anyway)

So given all of that I can't see any reason to switch to using heira
because my current setup works as-is (my variable file is getting pretty
huge anyway but that isn't going to change with heira if it won't set a var
to undef).

What are the benefits or using an external source for variables instead of
sticking them in my node definitions (which seems like it would be faster
because it doesn't have to use an external source)?

Thanks in advance.
Pete.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet IPA client setup

[Peter Brown]

Hi Johnathan.

I have just started using FreeIPA but I haven't gotten around to setting it
up with Puppet yet.
If you would like some help with testing or extra functionality let me know.
I have CentOS and Fedora servers.
I did find the docs on how to set it up manually so I was going to use
those as a base. (Shall send the link when I get to work)

Pete.


On 22 November 2012 03:07, Johnathan Phan  wrote:

> Hi everyone,
>
> I have already started documented and building this privately.
>
> However I refuse to believe that there is not a module for setting up a
> FreeIPA client server on RHEL to authenticate against an existing IPA
> authentication server.
>
> Has anyone actually already done this? If not I will probable post a link
> to this email with the puppet module I have built.
>
> Regards
>
> John
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/QlJ6Kfm888EJ.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Struggling with "define"

[Peter Brown]

On Nov 15, 2012 9:20 PM, "Jonathan Gazeley" 
wrote:
>
> On 15/11/12 11:11, David Schmitt wrote:
>>
>> On 15.11.2012 10:44, Jonathan Gazeley wrote:
>>>
>>> On 14/11/12 20:44, Peter Brown wrote:
>>>>
>>>>
>>>>  From what the error is telling me it is trying to fine a define called
>>>> firewallrule but your define is actually called firewall...
>>>
>>>
>>> Sorry, my mistake. The file that contains the define is called
>>> firewall.pp, the define is called firewall and the way I am calling is
>>> called firewall. The error message I pasted was from an experiment
>>> renaming everything to firewallrule because I wondered if firewall was a
>>> reserved word.
>>>
>>> The issue stands - with no mention of firewallrule I still get the same
>>> problem.
>>
>>
>> Please answer the other questions from Peter's mail:
>>
>>
>>> Where are you including the define from?
>>> Is it in it's own file in a module? or it it in site.pp or somesuch
>>> global file?
>>> If it's in it's own module the file will need to be called the same as
>>> the define.
>>>
>>
>>
>> Especially if it is in a module, it will have to be called
>> modulename::firewall.
>>
>>
>> Or, if the module is called firewall, you might be able to put the
>> firewall define into the init.pp and have it loaded from there. This
>> works fine with classes, I've not tried that with defines yet.
>
>
> Thanks David. The module is called "firewall" and the class "firewall"
appears in init.pp. The define "firewall" simply appears within the class
"firewall".
>
> # init.pp
> class firewall {
>   define firewall($source, $port, $proto) {
>
> case $operatingsystem {
>   /Centos|Fedora|Scientific|Debian/: {
> iptables { $title:
>   proto => $proto,
>   dport => $port,
>   source => $source,
>   jump => "ACCEPT",
>   }
> }
>   /Ubuntu/: {
> ufw::allow { $title:
>   port => $port,
>   from => $source,
>   proto => $proto,
> }
>   }
> }
>   }
> }
>
> I'm a little bit confused on how classes, modules defines and filenames
fit together.

Yeah there is your problem.
Like david mentioned if the define is in a module you will need to call it
via firewall::firewall.

>
> Thanks,
> Jonathan
>
>
> --
> You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] file_line stdlib not processing

[Peter Brown]

I find it so useful i keep recomending it :)
Thanks for writing it!
 On Nov 15, 2012 9:21 PM, "Fiddyspence"  wrote:

> Hey Pete - glad you find it useful!
>
> On Wednesday, 14 November 2012 23:02:36 UTC, Pete wrote:
>>
>> I discovered an awesome module for managing sysctl on the forge. It not
>> only manages the sysctl file but setting them as well.
>>
>> Have a look here. -> 
>> https://forge.puppetlabs.**com/fiddyspence/sysctl
>>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/7mU50fCUEMQJ.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] file_line stdlib not processing

[Peter Brown]

I discovered an awesome module for managing sysctl on the forge. It not
only manages the sysctl file but setting them as well.

Have a look here. -> https://forge.puppetlabs.com/fiddyspence/sysctl


On Nov 15, 2012 7:16 AM, "Jerry Keen"  wrote:

> I created a new manifest on a fedora 17 box using
> puppet-2.7.18-1.fc17.noarch and puppet-server, the same versions.
>
>
>
> I installed stdlib to and created a manifest using about 60 lines such as
> below :
>
> file_line { "sysctl0": path =>'/etc/sysctl.conf', line => "#",}
> file_line { "sysctl1": path =>'/etc/sysctl.conf', line => "#added by
> puppet config--`date`", require => File_line['sysctl0'],}
> file_line { "sysctl2": path =>'/etc/sysctl.conf', line => "#", require =>
> File_line['sysctl1'],}
> file_line { "sysctl00": path =>'/etc/sysctl.conf', line => "# Controls IP
> packet forwarding", require => File_line['sysctl2'],}
> file_line { "sysctl01": path =>'/etc/sysctl.conf', line =>
> "net.ipv4.ip_forward = 0", require => File_line['sysctl00'],}
>
> the module list is :
>
> recated in the future, use String#encode instead.
> /etc/puppet/modules
> └── puppetlabs-stdlib (v3.1.1)
> /usr/share/puppet/modules (no modules installed)
> [root@mercury ~]#
>
> This manifest works fine on Fedora..
>
>
> When i attempted to run the manifest on  a redhat server running the
> following packages :
>
> pe-puppet-enterprise-release-2.5.3-0.pe.el6.noarch
> puppet-2.6.17-2.el6.noarch
> pe-puppet-dashboard-1.2.7-11.pe.el6.noarch
> pe-puppet-server-2.7.12-16.pe.el6.noarch
> pe-puppet-dashboard-baseline-2.0.4-1.pe.el6.noarch
> pe-rubygem-hiera-puppet-0.3.0-1.pe.el6.noarch
> pe-puppet-2.7.12-16.pe.el6.noarch
>
>
> here is the module list :
>
> /etc/puppetlabs/puppet/modules
> ├── DavidSchmitt-common (v1.0.0)
> ├── base (???)
> ├── hosts (???)
> ├── limits (???)
> ├── ntp (???)
> ├── puppetlabs-motd (v1.0.1)
> ├── sss (???)
> ├── sssd (???)
> ├── sudo (???)
> ├── sysctl (???)
> └── wfsudoers (???)
> /opt/puppet/share/puppet/modules
> ├── puppetlabs-pe_accounts (v1.0.4)
> ├── puppetlabs-pe_compliance (v0.0.7)
> ├── puppetlabs-pe_mcollective (v0.0.54)
> └── puppetlabs-stdlib (v3.1.1)
>
>
> So when I run that manifest on the Redhat installation it does not seem to
> process the file_line items from the manifest..
>
> Anyone have any suggestions?
>
> Thanks,
> Jerry
>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/d5nL-ByzTNYJ.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Puppet Meetup Australia (Melbourne, Sydney, Brisbane)

[Peter Brown]

On 10 November 2012 11:13, Matt Callanan  wrote:

> Brisbane meetup is confirmed for 5:30pm Thursday 22nd at 501 Ann Street,
> see here for details and RSVP:
> http://www.meetup.com/Devops-Brisbane/events/90727102/


Awesome.

Pete, happy to do a combined meetup with SAGE-AU.
>

Sounds like a plan.
I can't speak for the other cities but they may be interested as well.
I shall talk to the relevant people and get back to you.



>
> -Matt Callanan
>
>
>
> On Monday, November 5, 2012 8:58:42 AM UTC+10, Stephen Johnson wrote:
>
>> Hi
>> I currently in Australia, as im the instructor on the Puppet
>> Fundamentals * courses in Melbourne, Sydney and Brisbane and just wondered
>> if anyone fancied meeting up and talking about puppet, hiera, puppetdb,
>> devops etc etc.
>>
>> As i dont live here any feedback on locations would help, if not ill
>> randomly pick on closer to the time.
>>
>> Melbourne
>>
>> Thursday 8/11/2012 5.30pm (Location to be decided)
>>
>> Sydney
>>
>> Thursday 15/11/2012 5.30pm (Location to be decided)
>>
>> Brisbane
>>
>> Thursday 22/11/2012 5.30pm (Location to be decided)
>>
>>
>> *
>> http://puppetlabs.com/events/**melbourne-puppet-fundamentals-**
>> training-melbourne-november-**2012/
>> http://puppetlabs.com/events/**sydney-puppet-fundamentals-**
>> sydney-november2012/
>> http://puppetlabs.com/events/**puppet-fundamentals-training-**
>> brisbane-australia/
>>
>>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/LIG1CHrL41AJ.
>
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] I need a schedule for any time/every time.

[Peter Brown]

Not having seen any of your code I have no idea if this will work.
I am going to assume you are using some kind of decision based logic to
apply these schedules to your resources, if you set schedule to undef it
will basically unset it for that resource and so it will be active all the
time.
Hope that helps.

Pete.


On 9 November 2012 10:42, Jo Rhett  wrote:

> I'd like to set a resource to have the "normal" schedule, ie "every time
> we run".  The type has a default of a more restricted schedule.  Looking at
> the type reference, there isn't a built-in schedule for normal is there?
>
> Do I need to do something like this?  Please tell me that there's some
> better way to override a schedule applied as a default for the type.
>
> schedule Anytime {
>   period => hourly,
>   periodmatch => number,
>   repeat => 1000,
> }
>
> --
> Jo Rhett
> Net Consonance : net philanthropy to improve open source and internet
> projects.
>
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] how to trigger puppet run on agents remotely

[Peter Brown]

On 2 November 2012 00:00, Nishant Jain  wrote:

> @Pete, the puppet kick functionality is deprecated in puppet 3.0
>

Ahh yeah that's right. Sorry. I have a vague memory of noticing that in the
list of things that changed in 3.
I haven't switched to 3 yet as I haven't had the time to test my modules
with it.

On Wednesday, October 31, 2012 9:32:25 PM UTC-4, Pete wrote:
>>
>> On 1 November 2012 06:11, Andrei-Florian Staicu wrote:
>>
>>> On Wed, Oct 31, 2012 at 8:57 PM, Nishant Jain 
>>> wrote:
>>> > Hello Everybody,
>>> >   I am looking for a way to trigger puppet rum
>>> > remotely. so that i don't need to login into individual nodes and
>>> perform
>>> > the puppet agent --test from there.
>>> > Is there any alternative to puppet kick in puppet 3.0, since its being
>>> > deprecated in telly.
>>> > Also , can anybody tell how to configure foreman 1 to trigger puppet
>>> run
>>> > from the gui in puppet 3.0
>>> > I have puppet 3.0 installed on RHEL 6.
>>> >
>>>
>>> My 50c: since mcollective is still fuzzy for me, i ended up using pssh
>>> (with ssh keys, of course).
>>> Just pssh -h hostlist -i "puppet agent --test"
>>>
>>
>> It's actually even easier than that.
>> puppet kick is what you want.
>> It does require the agent to start with listen turned on and your
>> firewall setup to allow tcp port 8139.
>> You can even kick multiple nodes at once.
>>
>> puppet help kick gives you all the docs on it.
>>
>>
>>  --
>>> You received this message because you are subscribed to the Google
>>> Groups "Puppet Users" group.
>>> To post to this group, send email to puppet...@googlegroups.com.
>>> To unsubscribe from this group, send email to puppet-users...@**
>>> googlegroups.com.
>>>
>>> For more options, visit this group at http://groups.google.com/**
>>> group/puppet-users?hl=en
>>> .
>>>
>>>
>>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/rxY_p9yNJXQJ.
>
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] how to trigger puppet run on agents remotely

[Peter Brown]

On 1 November 2012 06:11, Andrei-Florian Staicu wrote:

> On Wed, Oct 31, 2012 at 8:57 PM, Nishant Jain 
> wrote:
> > Hello Everybody,
> >   I am looking for a way to trigger puppet rum
> > remotely. so that i don't need to login into individual nodes and perform
> > the puppet agent --test from there.
> > Is there any alternative to puppet kick in puppet 3.0, since its being
> > deprecated in telly.
> > Also , can anybody tell how to configure foreman 1 to trigger puppet run
> > from the gui in puppet 3.0
> > I have puppet 3.0 installed on RHEL 6.
> >
>
> My 50c: since mcollective is still fuzzy for me, i ended up using pssh
> (with ssh keys, of course).
> Just pssh -h hostlist -i "puppet agent --test"
>

It's actually even easier than that.
puppet kick is what you want.
It does require the agent to start with listen turned on and your firewall
setup to allow tcp port 8139.
You can even kick multiple nodes at once.

puppet help kick gives you all the docs on it.


--
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Node specific exported resources

[Peter Brown]

Hi Alex,

concat will help you build a file from pieces.
http://forge.puppetlabs.com/ripienaar/concat

I would use a template to build each stanza of config and use concat
to build that into a file.
I am not in front of my puppet config from work right now so I can't
send you a decent example but will try and remember to do that on
monday.

Hope that helps.

On 20 October 2012 00:03, Alex C  wrote:
> Greetings,
>
> I'm trying to wrap my head around a solution to a problem I'm facing with an
> exported resources configuration I have.  I'm using the following simple
> config to build a munin configuration:
>
> @@file { "/etc/munin/munin.conf.d/${::fqdn}.node":
>   content => "[All Hosts;${::fqdn}]
>   address ${ipaddress_eth0}
>   use_node_name yes\n\n",
>   tag => 'munin-node',
> }
>
> File <<| tag == 'munin-node' |>>
>
> I'd like to add the following configuration lines to specifically one of the
> nodes:
>
>   diskstats_latency.sda.avgrdwait.warning 0:5
>   diskstats_latency.sda.avgwrwait.warning 0:5
>
> Is there a way to cleanly append those configuration lines to the content of
> the exported resource on that node without redeclaring the entire contents
> of the file?  This is what I don't want to do, but would illustrate what I'm
> trying to accomplish:
>
> $content = $::fqdn ? {
>   'host1.example.tld' => "[All Hosts;${::fqdn}]
> address ${ipaddress_eth0}
> use_node_name yes
> diskstats_latency.sda.avgrdwait.warning 0:5
> diskstats_latency.sda.avgwrwait.warning 0:5\n\n",
>   default => "[All Hosts;${::fqdn}]
> address ${ipaddress_eth0}
> use_node_name yes\n\n",
> }
>
> @@file { "/etc/munin/munin.conf.d/${::fqdn}.node":
>   content => $content,
>   tag => 'munin-node',
> }
>
> The above could get very unwieldy with a lot of nodes with different
> configurations.  Is there a way to separate the $content assignment to a
> node file (manifests/nodes/host1.example.tld.pp)?
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/1SGkucfT5gYJ.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Nagios

[Peter Brown]

How are you setting up the nagios resources?

On 12 October 2012 04:59, TFML  wrote:
> I've got a Nagios setup with puppet to add nodes/contacts/command running at
> one datacenter, I'm trying to setup a second Nagios server using the same
> manifests, but I'm getting this error:
>
> info: Retrieving plugin
> info: Loading facts in snmpd
> info: Loading facts in snmpd
> err: Could not retrieve catalog from remote server: Error 400 on SERVER:
> Exported resource Nagios_timeperiod[24x7] cannot override local resource on
> node nagios2.theflux.net
> warning: Not using cache on failed catalog
> err: Could not retrieve catalog; skipping run
> Time:
>  Last run: 1349977873
>
> Can someone give me some direction on why this is happening?  Thanks!
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Automate adding new host to nagios server?

[Peter Brown]

On 12 October 2012 01:48, Bernd Adamowicz  wrote:
> See:
>
> * http://docs.puppetlabs.com/guides/exported_resources.html  or
> * http://www.bernd-adamowicz.de/12/puppet-stored-configurations-and-icinga/

That's how I do it as well.
It's extremely amazing once you get it setup right.

On a side note I am intending to put my nagios modules on github
soonish so if you are willing to wait that may be an option for you.


> Cheers,
> Bernd
>
> -Original Message-
> From: puppet-users@googlegroups.com [mailto:puppet-users@googlegroups.com] On 
> Behalf Of Brent Clark
> Sent: Donnerstag, 11. Oktober 2012 17:03
> To: puppet-users@googlegroups.com
> Subject: [Puppet Users] Automate adding new host to nagios server?
>
> Good day
>
> I was wondering if someone could help me.
>
> Say I have three servers. One puppet master, one webserver, and one nagios 
> server.
>
> Is there a way to automate the process of adding the web server to the nagios 
> server for monitoring via a puppet.
>
> If someone could assists, or suggest a better means, it would be appreciated.
>
> Kind Regards
> Brent Clark
>
> --
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to 
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at 
> http://groups.google.com/group/puppet-users?hl=en.
>
> --
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to 
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at 
> http://groups.google.com/group/puppet-users?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.