Re: [Puppet Users] Puppet Data Project Beta

[Rob Nelson]

Lisa, it looks like the form isn't made public yet

On Wed, May 4, 2022 at 7:35 AM  wrote:

> [image: Google Forms]
> Having trouble viewing or submitting this form?
> Fill out in Google Forms
> 
>
> Hi All,
>
> We have been developing a beta product that allows for historical
> reporting and action against Puppet data. Many of our users have shared
> that they run into a number of challenges with regard to gathering data,
> visibility, and understanding infrastructure changes over time. This beta
> product is built with those use cases in mind.
>
> We’re looking for a select number of Puppet users to participate in an
> early preview and share feedback with our development team. This would
> involve installing the beta product and meeting with internal teams. If you
> are interested please fill out the following survey.
>
> Thank you!
> Puppet Data Project Beta
> 
> We have been developing a beta product that allows for historical
> reporting and action against Puppet data. Many of our users have shared
> that they run into a number of challenges with regard to gathering data,
> visibility, and understanding infrastructure changes over time. This beta
> product is built with those use cases in mind.
>
> We’re looking for a select number of Puppet users to participate in an
> early preview and share feedback with our development team. This would
> involve installing the beta product and meeting with internal teams. If you
> are interested please fill out the following survey.
>
>
>What type of user are you? *
>- PE Customer
>   - Open source user
>For which organization do you work? *
>In which timezone do you work? *
>- APAC
>   - EMEA
>   - AMER
>   - OTHER
>What version of PE are you using? *
>How many nodes are in your environment? *
>- 1-500
>   - 501-1,000
>   - 1,001-10,000
>   - 10,001+
>Are you interested in the On-prem or SaaS version? *
>- On-prem
>   - SaaS
>How much time are you willing to spend on providing feedback? *
>- 1-5 hours per week
>   - 1-5 hours per month
>Never submit passwords through Google Forms.
>
> Powered by
> [image: Google Forms]
>
> 
> This form was created inside of Puppet.
> Report Abuse
> 
> - Terms of Service  - Additional Terms
> 
> Create your own Google Form
> 
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/bbc77205de2e0449%40google.com
> 
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAC76iT_%3DEqFZvZHxxAvSQJhXJRjWD%2BXgPcnveOEFHVOO-25rBQ%40mail.gmail.com.

[Puppet Users] Re: Roles and profiles dissent

[Rob Nelson]

> Good points and a nice example.  In the case of my basic module I'm currently 
> using a separate create_resources line for each class parameter.  Is there a 
> way to iterate over all class parameters using each() so I can use a single 
> nested loop to create everything?

You can - add an extra tier to the hash with the first level being the resource 
name and then create a default hash with a key for each type you use - but I 
simply don’t think it scales, especially once you need to merge data from 
multiple layers of hiera. Even the deepest merge will, to my knowledge, end up 
replacing and not augmenting the hash values under each key. For example:

#default.yaml
---
Profile::base::all_resources:
  user:
rnelson0: {}
appuser: {}

#clientcert/somenode.yaml
---
Profile::base::all_resources:
  user:
localbackups: {}
  package:
tree: {}

A deep merge will merge in the the new key ‘package’, but *replace* the ‘user’ 
key, resulting in rnelson0 and appuser everywhere but only localbackups on node 
‘somenode’. Because of this, it’s not as flexible as you’d think. You can see 
more detail at https://puppet.com/docs/puppet/5.0/hiera_merging.html (can’t 
find the 6.x link but to the best of my knowledge, it works the same).



It also doesn’t scale because you’re writing YAML not code, as Luke suggested 
earlier. Testing is difficult, and troubleshooting is difficult, and ordering 
is even more difficult. If you want to, say, add a repo and make sure it’s 
managed prior to any packages, you’re gonna have to spell out the ordering in 
your YAML, whereas something like ‘Repo <| tag == “class” |> -> Package <| tag 
== “class” |>’ within a class can set that ordering only for the related 
resources much more easily.

The last thing I’d point out is that composition is a really good pattern, and 
a one-class-does-it-all is an anti-pattern to that. Doing just what you need in 
a series of single, small classes allows you to easily compose a desired state 
through a role that includes the relevant, and just the relevant, classes. 
Within each profile, you should be able to delineate much of the specifics, 
rather than dynamically determine them at runtime via a superclass.

Perhaps a question to ask is, how opinionated are your profiles, and how 
opinionated should they be? IMO, very, and that would probably lower the number 
of resources you need to dynamically define.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/a99ca4b4-6e81-4559-8f59-329d322993e4%40googlegroups.com.

Re: [Puppet Users] Re: Roles and profiles dissent

[Rob Nelson]

On Fri, Aug 2, 2019 at 9:03 PM Chris Southall  wrote:

>
>
> Lets say a module has 10 parameters and supplies defaults for most of
> them.  When writing a profile you have to choose how many of the class
> parameters can remain defaults, how many to override, and how many to
> expose as profile parameters.  It's sounds fine to limit the number of
> parameters at the profile, right up until you hit an edge case that doesn't
> work with the default values and the parameter you need to change now
> requires a profile update...
>

Are you using “include classname” or “class { classname: }” in your
manifests? It sounds like the latter, which means you’re likely to pass
down class parameters which must now be exposed as parameters in your class.

The former is far more flexible. Because of hiera’s automatic parameter
lookup, you could write this:

class profile::base::linux {
  include ntp
  include ssh::server
}

Pair it with this hiera data:

---
ntp::servers:
- ‘pool.example.com’
- ‘pool2.example.com’
ssh::servers::ciphers: “blowfish,aes-128,aes-256”

And now your profile needs to expose zero parameters, which means you don’t
need to write the code to accept AND pass the parameters or even really
know the modules; your ntp and security team can be the experts on that,
instead.

Similarly, a profile::mysql::server class wouldn’t need to pass any
parameters down, and your DBA can come up with the various key/value pairs
like mysql::root_password: “changeme” to use.

Your class parameters would then be restricted to things like feature flags
and site specific details (if $manage_some_feature {include some_feature}
or if ($datacenter == “onprem”) {mount {“/nfs}: … }), which are things
y’all would know lots about, and in turn let the subject matter experts
focus on the component modules that require their expertise.


As far as tests go, check out puppet-retrospec. It’s a gem that will create
(naive) rspec-puppet tests for existing code. It’s a good way to get
started and illustrate how it works with the least amount of pain.

> --
Rob Nelson

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAC76iT_9VqYYia107Ows8dMyW5-rTA3tvTaVUuXQHcx4Xj1j6Q%40mail.gmail.com.

[Puppet Users] Re: Roles and profiles dissent

[Rob Nelson]

I agree with everything Luke said, but would also like to point out 2 other 
techniques that are useful:

1) create_resources() is a bit of a kludge left over from puppet 3. Starting in 
puppet 4 (and 3’s future parser), iteration was added. Instead of 
create_resources($some_hash), you would say $some_hash.each |$title, $options| 
{} and create each resource inside the block. You can still use hiera to get 
the hash as an automatic parameter lookup on the class, but the creation of 
resources is a bit more explicit.

2) you also get the chance to define defaults, which means users don’t 
necessarily have to provide everything! Create a $defaults hash and assign it 
plus the defined overrides as (say for a user) user {$title: * => $defaults + 
$options}. This merges the options and defaults and applies the resulting hash 
as the parameters and values for the resource. You can keep your hiera tidier 
by creating sane defaults and only specifying the overrides in hiera. Have a 
new default? Modify the code once and all the resources in hiera benefit from 
it, unless they explicitly override it. 

A practical example of this might be creating local users on nodes without 
access to a central auth mechanism, maybe in staging. In your code you create 
some defaults:

  $defaults = {
ensure => present,
password_max_age => 90,
shell => ‘/bin/fish’,
  }

Your hiera might look like:

profile::linux::local_users:
  rnelson0:
password: ‘hash1’
groups:
- wheel
password_max_age: 180
  root:
password: “hash2”
password_max_age: 
  lbigum:
ensure: absent

In your code, you iterate over the class parameter local_users and combine your 
defaults with the specific options:

  $local_users.each |$title, $options| {
user { $title:
  * => defaults + $options,
}
  }

Now my user is created, root’s password is changed and set to basically never 
expire, and Luke’s account is deleted if it exists.

This is a good way to combine the power of hiera with the predictability of 
puppet DSL, maintain unit and acceptance tests, and make it easy for your less 
familiar puppet admins to manage resources without having to know every single 
attribute required or even available in order to use them without going too far 
down the road of recreating a particular well known CM system. It’s always a 
bit of a balancing act, but I find this is a comfortable boundary for me and 
one that my teammates understand.

There a lot more power to iteration that can be found in the puppet 
documentation and particularly this article by RI that I still reference 
frequently https://www.devco.net/archives/2015/12/16/iterating-in-puppet.php

Hope that helps.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/db93faba-3059-48f7-a09a-277463713336%40googlegroups.com.

Re: [Puppet Users] Puppet Module Best Practice (Roles/Profiles)

[Rob Nelson]

r base modules when new functionality is
>> needed; especially for quick one-off things.
>>
>> So he's basically started creating one class containing 'create_resource'
>> declarations for the standard Puppet resource types (file, user, group,
>> exec, etc.). Then he just adds all of the appropriate parameters in hashes
>> in Hiera. He's convinced this is the right way to do it since he hasn't yet
>> ran into a scenario where this doesn't work easily.
>>
>> I told him if it was the right way then all the smart people working with
>> and developing Puppet would have put it out as the best practice. However,
>> I can't seem to come up with a really great scenario that will convince
>> him. Can anyone share thoughts on scenarios where this patter will blow up
>> [hard]?
>>
>> Thanks!
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to puppet...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/puppet-users/c46b1e54-f3c1-4429-b270-68189e6937f0%40googlegroups.com
>> <https://groups.google.com/d/msgid/puppet-users/c46b1e54-f3c1-4429-b270-68189e6937f0%40googlegroups.com?utm_medium=email_source=footer>
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/8143b443-4a28-45b4-9931-d200e3e91223%40googlegroups.com
> <https://groups.google.com/d/msgid/puppet-users/8143b443-4a28-45b4-9931-d200e3e91223%40googlegroups.com?utm_medium=email_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>
-- 
Rob Nelson

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAC76iT8sW9MMN%3DvL0OsFv25DGcU%3DPypPBZ2v%3D7m5fUaG%2ByN4Bg%40mail.gmail.com.

Re: [Puppet Users] Re: Pastebin like service for sharing Profiles?

[Rob Nelson]

Hrm, I wonder how much this has to do with definitions of what a profile
module is. To me, a profile module includes a lot of component modules and
conditional logic and an occasional primitive (include apache, include a
logrotate config, conditionally manage all cron jobs or not). What you're
describing sounds a lot like component modules I incorporate into profiles
with an "include ssh" or "include wordpress" statement, possibly
accompanied by some hiera data (Firefox keeps a good list of ssh ciphers
depending on your OS, for example,
https://wiki.mozilla.org/Security/Server_Side_TLS). Sometimes I have let a
profile get too large, at which point I have split it into a component
module, and it's often tricky to find that line. Ultimately, for me, a
profile is implementation-specific; a component is technology- or
concept-specific and not implementation-specific.

Of course, the forge is a great place to share component modules when
possible (some of us aren't allowed to share stuff that starts internal,
unfortunately), but not profiles. While, as Martin noted, profiles tend to
be pretty specific to implementations and cannot be shared, there are
certainly good or common patterns that would be useful to share (like the
conditional management of cron jobs mentioned earlier), but short of
treating profiles like component modules, I haven't found a good place to
host them. That's an interesting possibility, to make at least some "base"
profiles into a component module. I do think it might be more helpful as a
reference project than as a module people include in their Puppetfile
(there are bound to be conflicts and disagreements with any opinionated
codebase that limits their usefulness), BUT that is still a worthwhile
endeavor for those interested.

Rob Nelson


On Mon, Jul 15, 2019 at 5:38 AM comport3  wrote:

> Thanks Martin, the PSIC repos are excellent - thanks!
>
> And Tim, the logic of having the p_ modules avoiding namespace collisions
> also makes perfect sense at scale.
>
> I was thinking more of a searchable, more goal oriented view of sharing
> Profiles that implement 1 or more technologies to form a "stack".
>
> Eg, 'Securing SSH', 'Achieving an A-Grade with NGiNX TLS on Qualys SSL
> test, with maximum compatibility', 'WordPress/Magento/Drupal battle tested
> hosting stacks', etc.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/71988a6c-d0f4-4f04-a768-b3f4caf49bce%40googlegroups.com
> <https://groups.google.com/d/msgid/puppet-users/71988a6c-d0f4-4f04-a768-b3f4caf49bce%40googlegroups.com?utm_medium=email_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAC76iT_90u%2BuCMbsetswR5apA%3DKFCi0UFQDK-jkO0iAiJa4K2g%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] class invocation conflicts

[Rob Nelson]

Most likely because that’s an easy way to show the parameters a class
supports. Some modules use hiera data to show that, though it is a bit more
complicated to explain and understand, especially for novices.

On Tue, May 21, 2019 at 9:42 AM Peter Berghold 
wrote:

> Using include instead of class makes sense to me and was my instinctive
> thought.
>
> Why on earth, then, do all the (or most) of the Puppet Forge modules use
> the
>
> class{'myclass':
> param1 => 'thing'
> }
>
> patterns in their examples.  I had begun to believe that was the preferred
> pattern.
>
> I will mend my ways.
>
> On Mon, May 20, 2019 at 3:33 PM Henrik Lindberg <
> henrik.lindb...@puppet.com> wrote:
>
>> On 2019-05-20 18:57, Peter Berghold wrote:
>> > So here I am I have a base profile for my Ubuntu (Debian family)
>> > machines that invokes the class
>> >
>> > class{'apt':
>> >  ... some paramters
>> > }
>> >
>> > I then invoke the class
>> >
>> > class{'postgresql': }
>> >
>> > and now Puppet is screaming that the class 'apt' cannot be invoked
>> > twice.   This seems to be a flaw in Puppet manifests to me.  How to fix?
>> >
>> >
>>
>> The best practice is to not use the resource like `class { name: ... }`
>> syntax to declare a class and instead use `include name` and letting all
>> parameter values come from hiera via automatic parameter lookup.
>>
>> That way, you can include the class as many times as you like - as the
>> parameters are the same every time. Unfortunately, the compiler cannot
>> do the same when classes are declared with parameters even if all places
>> this is done use the exact same values.
>>
>> While it is possible to have a single `class { name: ... }` declaration
>> with subsequent `include name` declarations, the opposite does not work.
>>
>> Hope this helps.
>> - henrik
>>
>> > --
>> >
>> > Peter L. Berghold salty.cowd...@gmail.com > salty.cowd...@gmail.com>
>> >
>> > http://devops.berghold.net
>> >
>> >
>> > --
>> > You received this message because you are subscribed to the Google
>> > Groups "Puppet Users" group.
>> > To unsubscribe from this group and stop receiving emails from it, send
>> > an email to puppet-users+unsubscr...@googlegroups.com
>> > <mailto:puppet-users+unsubscr...@googlegroups.com>.
>> > To view this discussion on the web visit
>> >
>> https://groups.google.com/d/msgid/puppet-users/CAArvnv2Ya1Vo1R%3D%2B3YW%3DMp%2BubL%2BZR_WFG1J4o_7OKe33tfm4vw%40mail.gmail.com
>> > <
>> https://groups.google.com/d/msgid/puppet-users/CAArvnv2Ya1Vo1R%3D%2B3YW%3DMp%2BubL%2BZR_WFG1J4o_7OKe33tfm4vw%40mail.gmail.com?utm_medium=email_source=footer
>> >.
>> > For more options, visit https://groups.google.com/d/optout.
>>
>>
>> --
>>
>> Visit my Blog "Puppet on the Edge"
>> http://puppet-on-the-edge.blogspot.se/
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to puppet-users+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/puppet-users/qbuve5%246tlm%241%40blaine.gmane.org
>> .
>> For more options, visit https://groups.google.com/d/optout.
>
>
>>
>
> --
>
> Peter L. Berghold   salty.cowd...@gmail.com
>
> http://devops.berghold.net
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/CAArvnv3dQ-t2W_0%2BNpq0qD9%2BkHAnsLXfwJtJQHxJURywdb7wZA%40mail.gmail.com
> <https://groups.google.com/d/msgid/puppet-users/CAArvnv3dQ-t2W_0%2BNpq0qD9%2BkHAnsLXfwJtJQHxJURywdb7wZA%40mail.gmail.com?utm_medium=email_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>
-- 
Rob Nelson

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAC76iT9NzEmv8cgMfo-_J3gf-HB-6odjnT1GxOyPyL85aVCVRw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] New Deferred type and agent data lookups in Puppet 6

[Rob Nelson]

This sounds great. My only concern is that I don’t see tests mentioned in the 
example. Will rspec-puppet be updated at the same time so that we can test 
deferred functions out of the gate? If so, I’d love to see what that looks 
like, in case we have any comments on that. Mocking some things like facts and 
functions is a little clunky at times. Hopefully deferred function mocking will 
be a little easier. Thanks. 

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/ce2c2e40-9e25-42a5-9030-dc91f83e60d2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] removing resource on windows?

[Rob Nelson]

Rubber Ducky as a Service :)


Rob Nelson
rnels...@gmail.com

On Mon, May 21, 2018 at 3:28 PM, Jason McMahan <jason.m.mcma...@gmail.com>
wrote:

> Imagine that, it was a pebcak error
>
> Sigh, i apologize for not seeing my mistake prior to posting.
>
> Thank you Rob
>
> On Monday, May 21, 2018 at 2:08:19 PM UTC-5, Rob Nelson wrote:
>>
>> Can you show the actual code you're using in your manifest? That example
>> is good for the CLI but is not valid puppet DSL.
>>
>>
>> Rob Nelson
>> rnel...@gmail.com
>>
>> On Mon, May 21, 2018 at 2:07 PM, Jason McMahan <jason.m...@gmail.com>
>> wrote:
>>
>>> Good day,
>>> I am a bit confused.
>>> I can go to the command line type
>>> puppet resource package 'VMware Tools' ensure=absent
>>>
>>> and puppet will remove the package happily.
>>>
>>> However i have the same exact code in my manifest and it complains at
>>> agent run that it requires source.
>>>
>>> Doesnt this seem a little absurd i can kill the package from command
>>> line without any source parameter but not the manifest?
>>>
>>> Help or suggestions would be appreciated.
>>>
>>> Thank you
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Puppet Users" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to puppet-users...@googlegroups.com.
>>> To view this discussion on the web visit https://groups.google.com/d/ms
>>> gid/puppet-users/f3983844-5df5-4cf8-9793-4fec7f857c9b%40googlegroups.com
>>> <https://groups.google.com/d/msgid/puppet-users/f3983844-5df5-4cf8-9793-4fec7f857c9b%40googlegroups.com?utm_medium=email_source=footer>
>>> .
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>
>> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/puppet-users/d960528e-82b1-4de9-bcab-9bf88c9ace52%40googlegroups.com
> <https://groups.google.com/d/msgid/puppet-users/d960528e-82b1-4de9-bcab-9bf88c9ace52%40googlegroups.com?utm_medium=email_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAC76iT9yaizjSSkF-ubSRaFdeEee4rYftyUkqmjCO2T-LY7d2Q%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] removing resource on windows?

[Rob Nelson]

Can you show the actual code you're using in your manifest? That example is
good for the CLI but is not valid puppet DSL.


Rob Nelson
rnels...@gmail.com

On Mon, May 21, 2018 at 2:07 PM, Jason McMahan <jason.m.mcma...@gmail.com>
wrote:

> Good day,
> I am a bit confused.
> I can go to the command line type
> puppet resource package 'VMware Tools' ensure=absent
>
> and puppet will remove the package happily.
>
> However i have the same exact code in my manifest and it complains at
> agent run that it requires source.
>
> Doesnt this seem a little absurd i can kill the package from command line
> without any source parameter but not the manifest?
>
> Help or suggestions would be appreciated.
>
> Thank you
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/puppet-users/f3983844-5df5-4cf8-9793-4fec7f857c9b%40googlegroups.com
> <https://groups.google.com/d/msgid/puppet-users/f3983844-5df5-4cf8-9793-4fec7f857c9b%40googlegroups.com?utm_medium=email_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAC76iT968D%2Bf%3D90Sd7b1DQNPKcHCGbcL6exgGNb14_E9SaOASA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: How to check if module in use.

[Rob Nelson]

I haven’t used it in a couple of years, but puppet-ghostbuster was designed
to poll puppetdb as you describe, compare it to the module list, and give
you a report of unused modules and classes.
https://github.com/camptocamp/puppet-ghostbuster?files=1

On Tue, Mar 13, 2018 at 4:22 AM Thomas Müller <tho...@chaschperli.ch> wrote:

>
>
> Am Sonntag, 25. Februar 2018 14:44:07 UTC+1 schrieb Albert Shih:
>>
>> Hi
>>
>> During time I've got lot of modules. Some are not use anymore. But how
>> can
>> I check if a module is use by other ?
>>
>> there is IMHO no easy way to do this.
>
> I've created a (ugly) scripts to query puppetdb to list all used resources
> of a environment. then another script to create a list of resources out of
> a file-list. then I can figure out if there are resources/classes/defined
> types that are not in use anymore.   it won't directly give you the unused
> modules some indications what is not used anywhere on clients.
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/8be5c635-13f2-4a06-ba63-f4cdc8c231b2%40googlegroups.com
> <https://groups.google.com/d/msgid/puppet-users/8be5c635-13f2-4a06-ba63-f4cdc8c231b2%40googlegroups.com?utm_medium=email_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>
-- 
Rob Nelson

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAC76iT9D4PfXqArVpynPGEgCSFi59%2B%3Dq%3DWn1c2J5nYs68NBT%3DA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Rspec-puppet: left match operand must result in a string

[Rob Nelson]

Can you share the contents of that file, or at least line 30 and a few
before and after it?

On Thu, Feb 1, 2018 at 6:36 PM Anthony Scudese <anth...@robottalk.tv> wrote:

> Hi all,
>
> I've grown incredibly frustrated. So I'm trying to write some unit tests
> for my puppet modules. I've got PDK installed and running. My first test
> runs, "without params", but my second test fails due to a compilation
> error. Not sure what the real difference is between the two:
>
> require 'spec_helper'
>
> describe 'nuke', type: :class do
>   let(:facts) do
> {
>   :userprofilepaths_array => ['C:\Users\foobar']
> }
>   end
>
>   context 'with no params' do
> it { should_not compile }
>   end
>
>   context 'with nuke product' do
> let(:params) do
>   {
> :products  => {
>   'Nuke 9'  => {
> 'version'  => '9.0V5',
> 'package_source' => '/abs/path/to/nuke_installer.exe'
>   }
> }
>   }
> end
>
> it { should compile }
>   end
> end
>
> The error is:
>
> failed: rspec: ./spec/classes/nuke_spec.rb:26: error during compilation:
>> Evaluation Error: Left match operand must result in a String value. Got an
>> Undef Value. at
>> /Users/anthony/repos/puppetdev/nuke/spec/fixtures/modules/nuke/manifests/init.pp:30:7
>> on node anthonymbpro.local
>>   nuke with nuke product should compile into a catalogue without
>> dependency cycles
>>   Failure/Error:
>>   end
>>
>>   it { should compile }
>> end
>>   end
>>
>
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/582c5017-ef74-4ca8-894b-01ad6dcf5d19%40googlegroups.com
> <https://groups.google.com/d/msgid/puppet-users/582c5017-ef74-4ca8-894b-01ad6dcf5d19%40googlegroups.com?utm_medium=email_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>
-- 
Rob Nelson

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAC76iT-UQZphEztcyVVKynzciq-KeCkLhEpKLet7FpRB2g8j_w%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] How to find version of an application on nodes

[Rob Nelson]

Every installation is different, of course, but I found the upgrade process
from 2016.4.3 to 2017.3.2 to be remarkably easy, even by the standards of
PE upgrades. The docs pre-flight checklist covered everything, it's worth
looking into. Just note that the package collection is not on by default
and you will need to enable it afterward.


Rob Nelson
rnels...@gmail.com

On Mon, Jan 29, 2018 at 9:22 AM, Brandon Blackmoor <bblackm...@blackgate.net
> wrote:

> We are using Puppet Enterprise, and it looks like the Packages screen may
> be just what I need.
>
> Unfortunately, it does not appear to be available in Puppet 2016.4.0,
> which is what we are currently using. I will investigate upgrading our
> installation.
>
> Thank you.
>
>
> On Monday, January 29, 2018 at 5:29:52 AM UTC-5, Martin Alfke wrote:
>>
>> Hi Brandon,
>>
>> > On 25. Jan 2018, at 23:17, Brandon Blackmoor <bblac...@blackgate.net>
>> wrote:
>> >
>> > I apologize if this is a stupid question, but I am still a novice at
>> Puppet. I have been asked if it is possible to use Puppet to find out if an
>> application (apparmor, specifically) is installed on our various nodes
>> (Ubuntu servers, specifically). The nodes are all running puppet agent and
>> so on. We're currently running Puppet v2016.4.0.
>>
>> PE offers the package inventory (https://puppet.com/docs/pe/20
>> 17.3/inspecting_infrastructure/viewing_packages_in_use.html).
>> This only shows you installed rpm, dpkg, gem packages.
>>
>> hth,
>>
>> Martin
>>
>> >
>> > Feel free to point me to existing documentation. I did search first,
>> but my search results either seemed irrelevant or involved way more than
>> what I am actually asking for. I'm not looking to write a new module, for
>> example.
>> >
>> > Thank you for any help or guidance you can offer.
>> >
>> >
>> > --
>> > You received this message because you are subscribed to the Google
>> Groups "Puppet Users" group.
>> > To unsubscribe from this group and stop receiving emails from it, send
>> an email to puppet-users...@googlegroups.com.
>> > To view this discussion on the web visit https://groups.google.com/d/ms
>> gid/puppet-users/de967d90-53e8-4b7b-83bd-93592cc45a2d%40googlegroups.com.
>>
>> > For more options, visit https://groups.google.com/d/optout.
>>
>> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/puppet-users/911583f9-1fe9-471d-8027-5b03f61bf5f0%40googlegroups.com
> <https://groups.google.com/d/msgid/puppet-users/911583f9-1fe9-471d-8027-5b03f61bf5f0%40googlegroups.com?utm_medium=email_source=footer>
> .
>
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAC76iT-7NnT8uXGA1%2B%2BfR_fe4Y-hwS83xmHM5z7m5RG7S8Vcfw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: Performance issue with puppetserver

[Rob Nelson]

For packing files (or applications, or anything) as John suggested (#2), I
recommend FPM. It's really easy to create an rpm, deb, or whatever quickly
without having to learn the arcane options for each package builder. It's
not considered suitable for distribution-quality packages but I do not
think that is a problem here. https://github.com/jordansissel/fpm


Rob Nelson
rnels...@gmail.com

On Wed, Dec 13, 2017 at 11:57 AM, jcbollinger <john.bollin...@stjude.org>
wrote:

>
>
> On Tuesday, December 12, 2017 at 11:17:20 AM UTC-6, n.be...@gaijin.ru
> wrote:
>>
>>
>> We have a problem with very slow work puppetserver.
>>
>>
>> We have ~300 nodes, master runs on a server with 24 cores and 20 GB of
>> memory.
>>
>> Pappet agent log:
>> [...]
>> Time:
>> [...]
>>  File: 4466.81
>> Total: 4810.97
>>Config retrieval: 75.19
>>   Service: 8.01
>> Version:
>>Config: 1513029567
>>Puppet: 4.4.1
>>
>>
> Your log shows very long runtime (80+ minutes) for the Puppet *agent*.
> That's neither puppetserver nor the master.
>
> The vast majority of the agent runtime is consumed in syncing File
> resources.  That tells me that you are syncing an enormous volume of files,
> and possibly also a great number of them.  You will find numerous previous
> discussions of such problems in this group; here are the usual
> recommendations:
>
>1. Prefer to reserve File resources for smallish numbers of smallish
>files.  Config files are the sweet spot for this resource type.
>2. Prefer to package files and manage them via Package resources, as
>opposed to recursively syncing directories full of files, or otherwise
>syncing large numbers of related files.
>3. Avoid syncing temporary files.  If you use a File resource to
>manage a file, then it should be one that will remain on the system,
>because if you remove it (or modify it) then Puppet will just sync it again
>on the next run.  This can mean leaving a file in place that otherwise you
>would remove.
>4. If you must manage a large file via a File resource then consider
>specifying a different `checksum` attribute for it.  The default is md5,
>but 'md5lite' will be faster and still give an ok test for modification.
>Or you can even go with 'mtime', which is very fast, but is susceptible to
>both false positives and false negatives.
>
>
> Your log also shows a longish runtime (75 seconds) for catalog retrieval.
> The `stat()` calls in your strace suggest that you're using the 'eyaml'
> Hiera back end, and this does add overhead.  If you're storing all your
> Hiera data in the eyaml back end, then it may add a lot of overhead.  I
> suggest using eyaml only for those data that actually need to be kept in
> confidence, and among them, only those for which the general access
> controls provided by the master's system are insufficient.  Configure the
> standard back end too, and use it for the rest of your data.  There may be
> other issues, too, such as the system load from all those File transfers,
> but I see no details that point me to specific server-side problems.
>
>
> John
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/puppet-users/4f0e88f7-2f2a-4c86-9a22-e1e072879c95%40googlegroups.com
> <https://groups.google.com/d/msgid/puppet-users/4f0e88f7-2f2a-4c86-9a22-e1e072879c95%40googlegroups.com?utm_medium=email_source=footer>
> .
>
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAC76iT_XrMwZWLRrNCVmKrJ4rux8%3DTE1e4aAQed%3DL%3DVRJ6P8dw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] How install/upgrade puppet with puppet

[Rob Nelson]

Getting puppet installed is often very particular to your OS/distro and
implementation details. As a general rule, I make sure to install it during
my provisioning process.

As for updates, I highly recommend the puppet_agent module,
https://forge.puppet.com/puppetlabs/puppet_agent, which allows you to
update some or all of your agents to new versions. It was designed to
assist with Puppet 3->4 migrations, which was fairly complicated, but it
also works for upgrading from 4->5 or within the same major version.


Rob Nelson
rnels...@gmail.com

On Wed, Dec 6, 2017 at 11:26 AM, Albert Shih <albert.s...@obspm.fr> wrote:

> Hi,
>
>
> I would like to know how you install and more important upgrade
> puppet-agent.
>
> I don't search how to bootstrap the installation of puppet, it's ok for me
> to make that manually.
>
> But with time I've got lot of host running old puppet agent version.
>
> So ... how do you manage to upgrade puppet agent on all you client ?
>
> Regards
> --
> Albert SHIH
> Heure local/Local time:
> Wed Dec 6 17:24:19 CET 2017
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/puppet-users/20171206162643.GI2603%40io.chezmoi.fr.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAC76iT8h2zYsNUZpSx-SJxXCJ%3D%3DmLu363eQsj6jQeMiUDNXHWQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] loadjson reads from the master

[Rob Nelson]

I'm confused, because I created this on my client only:

> /opt/puppetlabs/facter/facts.d/boo.json:
> { "boo": "boo222" }
>
> And added this to me module:
>notify { "boo is ${boo}": }
>
> And received:
> Notice: boo is boo222
>
> Doesn't that demonstrate that files in facts.d/boo.json are loaded read in 
> on the agent side? There is no "boo" variable defined anywhere on the 
> master side.
>

Facts are read on the agent side and, when used with `puppet agent`, 
submitted to the master. The master can also distribute facts from the 
master to the agents, and they are still processed before the agent's 
catalog is compiled. When you use `puppet apply`, the master of course 
cannot distribute it, but the facts are still parsed before the agent 
compilation, which is why `$boo` had a value. 

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/85ebb2d1-99aa-4c48-887b-ec501407a858%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] loadjson reads from the master

[Rob Nelson]

Facts are loaded, and distributed from the master, before the catalog
compilation step. See
https://docs.puppet.com/facter/3.3/custom_facts.html#external-facts. Rather
than distributing the json files as a File resource, you could add an
executable fact to a module and the fact could communicate with the CMDB to
gather the correct fact information.

However, I think what you really want is an External Node Classifier (
https://puppet.com/docs/puppet/5.3/nodes_external.html). Similar to a
function, it runs on the master, but unlike functions it happens before
catalog compilation, so the hash of key/values it returns can be used
during catalog compilation. That seems like the perfect fit for your use
case, except ENCs need to return yaml, not json.



Rob Nelson
rnels...@gmail.com

On Tue, Dec 5, 2017 at 5:13 AM, buoyant_puppy <fred.oris...@gmail.com>
wrote:

>
>
> On Friday, December 1, 2017 at 5:59:51 PM UTC+1, R.I. Pienaar wrote:
>>
>>
>> All functions like foo() run on the master during compile.  It's a multi
>> phase process, the only way a node can influence the compile time is
>> using facts.
>>
>> You could integrate your CMDB with puppet using a hiera data function
>> that could exist as a tier in your hierarchy
>>
>
> Thanks, that makes sense now. I'm looking into hiera, but I think I have
> another alternative as well. If I put my json files in the facter/facts.d
> directory (on the agent), it will be automatically loaded.
> The only somewhat minor downside is that facter runs first, so the data it
> fetches will only be available in the next puppet run.
>
> I'm not sure if that's better or worse than the hiera option as I didn't
> get hiera working yet.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/puppet-users/1bbf939a-75a8-49a7-9b11-8e073b945335%40googlegroups.com
> <https://groups.google.com/d/msgid/puppet-users/1bbf939a-75a8-49a7-9b11-8e073b945335%40googlegroups.com?utm_medium=email_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAC76iT9zbxyOtdSr0EZ4Tu7Fnbxtzje-pz64K7TtSe4UzdE5NQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Puppet agent on vmware ESXi

[Rob Nelson]

There is no agent that can run on ESXi. It may look like Linux, but it
isn’t, so there’s no native client.

There are some VMware modules on the forge that may be of interest. If you
want to manage the hosts, as opposed to some sort of cloud provisioned,
then you should probably look at Host Profiles, PowerCLI, PyVMOMI, and
other vSphere APIs. Hope that helps.

On Thu, Nov 9, 2017 at 5:07 AM Angel L. Mateo <ama...@um.es> wrote:

> Hello,
>
> I've been using puppet (OSE) for a long time. Now I would like to
> run
> puppet agent on my vmware ESXi servers. On this platform there is no
> puppet package and I haven't found the way to install it (although I
> have found puppet modules to configure them).
>
> Is there any documentation about installing agent on this platform?
>
> --
> Angel L. Mateo Martínez
> Sección de Telemática
> Área de Tecnologías de la Información
> y las Comunicaciones Aplicadas (ATICA)
> http://www.um.es/atica
> Tfo: 868889150
> Fax: 86337
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/00a3b837-a133-b122-02f3-edeb5a4dd4fb%40um.es
> .
> For more options, visit https://groups.google.com/d/optout.
>
-- 
Rob Nelson

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAC76iT-9rm47FgL8po2zH59gq1ikj7EVriCCOf19kJbt709REw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: Best way to change settings on an individual node

[Rob Nelson]

If the only difference is in the virtual hosts, then you should be able to
apply the same classes to each and use different data only. Hiera, included
with puppet, is a key/value pair lookup tool that can help here, so each
node would receive their vhost data and only their vhosts. I think you
should find plenty of hiera docs on puppet’s websites and others (I’m on my
phone or I’d grab a link or three) and we are glad to help you here or on
slack if you need more help with it.

On Thu, Nov 2, 2017 at 12:44 PM <jackandn...@gmail.com> wrote:

> Thanks Eric.  I've read that documentation and it always refers to
> multiple nodes.  It just feels like I'm doing it wrong.  If I have a small
> group of 4 web servers that all run different virtual hosts, the only way
> to use the node classification groups is to pin each node to it's own group
> and apply the classes to them.  I can do that, it just feels like there is
> a better way.
>
> On Thursday, November 2, 2017 at 11:54:07 AM UTC-4, Eric Sorenson wrote:
>
>> Hi Jack, for puppet enterprise there's a built-in workflow for assigning
>> classes to nodes - the phrase you're looking for is called "node
>> classification" in puppet-speak.  here's the relevant doc:
>> https://puppet.com/docs/pe/2017.3/managing_nodes/grouping_and_classifying_nodes.html
>>
>> hope this helps!
>>
> --eric0
>>
>
>>
>> On Thursday, November 2, 2017 at 5:37:29 AM UTC-7, jacka...@gmail.com
>> wrote:
>>>
>>> Hi,
>>> I'm a new puppet enterprise user (first post!) and I need to change
>>> some settings on an individual node.  The module is created and it works in
>>> my testing, but every method of applying the module to one machine feels
>>> like I'm doing it wrong. What is the best way to accomplish this?  Feel
>>> free to point me to some documentation, if I'm simply missing something.
>>>
>>> Thanks,
>>>
>>> Jack
>>>
>> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/2f5ccbd2-fccd-4fea-b8d2-c2f2cd93d03c%40googlegroups.com
> <https://groups.google.com/d/msgid/puppet-users/2f5ccbd2-fccd-4fea-b8d2-c2f2cd93d03c%40googlegroups.com?utm_medium=email_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>
-- 
Rob Nelson

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAC76iT-jtwD9gWTh5LtZvvZE%3DADJO5bFeVtQy_SSGfWibnYY6w%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: Is ensure_resource() evil?

[Rob Nelson]

It’s not wrong, but it’s order dependent. Assuming the two or more resource
definitions have some variance, you cannot guarantee the resource will be
realized as you intend. This you have to be very careful to not have
conflicting definitions that could flip flop over time or outright
conflict.

On Wed, Oct 18, 2017 at 7:38 PM Johan Fleury <jfle...@arcaik.net> wrote:

> Le 17/10/2017 à 08:59, jcbollinger a écrit :
> > Nothing has changed with `ensure_resource()`.  The problem is not its
> > implementation details, but rather the nature of the usage modes the
> > function is *designed* to support.  The whole idea of it is flawed.  We
> can
> > reprise that discussion if you like, but you already have this very
> thread
> > and others to which it links from which you can review some of the
> > discussions that we have had before.
> >
>
> What is the problem with ensure_resource?
>
> I use it every time I have to write something like:
>
> ```
> if !defined(Foo['bar']) {
>   foo { 'bar': }
> }
> ```
>
> Am I doing it wrong?
>
> --
> Johan Fleury
> PGP Key ID : 0x5D404386805E56E6
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/e7ecdc15-49bc-b6a6-ed64-795c71cca811%40arcaik.net
> .
> For more options, visit https://groups.google.com/d/optout.
>
-- 
Rob Nelson

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAC76iT9g7HZdb3Mn%3DjfvJeSLeeQxULMFKdqKs2nxsr7ei6vNYg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Is hiera broken in FOSS Puppet 3.7.2?

[Rob Nelson]

If it helps, I use Puppet 4 and RHEL6 all the time!


Rob Nelson
rnels...@gmail.com

On Tue, Sep 26, 2017 at 3:32 PM, Peter Berghold <salty.cowd...@gmail.com>
wrote:

> I was afraid that would be an answer I got... :-)
>
> There are plans to move to Puppet 4 where I know all this works but given
> I have to support all this on RHEL 6.x there may be some obstacles there.
> I would LOVE to wave a magic wand and make Puppet 3.x go away
>
> So.. 3.8 eh?  There's something to investigate
>
>
> On Tue, Sep 26, 2017 at 1:46 PM Rob Nelson <rnels...@gmail.com> wrote:
>
>> If I had to guess, it would be that the merge settings either don't exist
>> or are buggy in 3.7.2. 3.8 was EOL in December last year, if you have to
>> stick with 3 I'd suggest at least trying it with 3.8.
>>
>> On Tue, Sep 26, 2017 at 12:35 PM Peter Berghold <salty.cowd...@gmail.com>
>> wrote:
>>
>>> Seeing things like doing a hiera lookup inside a manifest such as
>>>
>>> $somevar = hiera('randomvalue','notfound')
>>>
>>> returning nils and other odd behavior.
>>>
>>> I have a hiera.yaml file that looks like:
>>>
>>> ---
>>> :backends:
>>>   - yaml
>>> :merge_behavior: deeper
>>> :deep_merge_options: {}
>>> :yaml:
>>>   :datadir: "/etc/puppet/environments/%{environment}/hieradata"
>>> :hierarchy:
>>>   - "function/${::facts.host_function}"
>>>   - "datacenter/%{::facts.sitename}"
>>>   - "nodes/%{fqdn}"
>>>   - "common_classes"
>>>   - "common"
>>>
>>> and yet I see both the nodes and common_classes being ignored.
>>>
>>> Of more concern to me is I'm trying to set values such as
>>>
>>> somemod::parms::value1:  somevalue
>>>
>>> and that's being ignored.
>>>
>>> Puppet.conf is configured correctly because it *is* finding a class list
>>> in common.yaml but nowhere else.
>>>
>>>
>>> Thoughts?
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Puppet Users" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to puppet-users+unsubscr...@googlegroups.com.
>>> To view this discussion on the web visit https://groups.google.com/d/
>>> msgid/puppet-users/CAArvnv2ssHekfEX9Asi4eEriQqJ0o
>>> hgbyg%3DGSvM%2B0L_eGU2RUw%40mail.gmail.com
>>> <https://groups.google.com/d/msgid/puppet-users/CAArvnv2ssHekfEX9Asi4eEriQqJ0ohgbyg%3DGSvM%2B0L_eGU2RUw%40mail.gmail.com?utm_medium=email_source=footer>
>>> .
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>> --
>> Rob Nelson
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to puppet-users+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit https://groups.google.com/d/
>> msgid/puppet-users/CAC76iT8LVV3HzOC-9eKDyHJKhJTdGjEY9j5jWYqafW8BY6
>> GYnQ%40mail.gmail.com
>> <https://groups.google.com/d/msgid/puppet-users/CAC76iT8LVV3HzOC-9eKDyHJKhJTdGjEY9j5jWYqafW8BY6GYnQ%40mail.gmail.com?utm_medium=email_source=footer>
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/puppet-users/CAArvnv1Mnqs1B_ZAUUFSb1xSifUu6X%
> 2Birj41C9j1UJa%2Bprg2QQ%40mail.gmail.com
> <https://groups.google.com/d/msgid/puppet-users/CAArvnv1Mnqs1B_ZAUUFSb1xSifUu6X%2Birj41C9j1UJa%2Bprg2QQ%40mail.gmail.com?utm_medium=email_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAC76iT-PHcgSVZgFOkBXwQ9OyUavE6wJgAcBWw8%3D-4RjLJg0CQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Is hiera broken in FOSS Puppet 3.7.2?

[Rob Nelson]

If I had to guess, it would be that the merge settings either don't exist
or are buggy in 3.7.2. 3.8 was EOL in December last year, if you have to
stick with 3 I'd suggest at least trying it with 3.8.

On Tue, Sep 26, 2017 at 12:35 PM Peter Berghold <salty.cowd...@gmail.com>
wrote:

> Seeing things like doing a hiera lookup inside a manifest such as
>
> $somevar = hiera('randomvalue','notfound')
>
> returning nils and other odd behavior.
>
> I have a hiera.yaml file that looks like:
>
> ---
> :backends:
>   - yaml
> :merge_behavior: deeper
> :deep_merge_options: {}
> :yaml:
>   :datadir: "/etc/puppet/environments/%{environment}/hieradata"
> :hierarchy:
>   - "function/${::facts.host_function}"
>   - "datacenter/%{::facts.sitename}"
>   - "nodes/%{fqdn}"
>   - "common_classes"
>   - "common"
>
> and yet I see both the nodes and common_classes being ignored.
>
> Of more concern to me is I'm trying to set values such as
>
> somemod::parms::value1:  somevalue
>
> and that's being ignored.
>
> Puppet.conf is configured correctly because it *is* finding a class list
> in common.yaml but nowhere else.
>
>
> Thoughts?
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/CAArvnv2ssHekfEX9Asi4eEriQqJ0ohgbyg%3DGSvM%2B0L_eGU2RUw%40mail.gmail.com
> <https://groups.google.com/d/msgid/puppet-users/CAArvnv2ssHekfEX9Asi4eEriQqJ0ohgbyg%3DGSvM%2B0L_eGU2RUw%40mail.gmail.com?utm_medium=email_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>
-- 
Rob Nelson

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAC76iT8LVV3HzOC-9eKDyHJKhJTdGjEY9j5jWYqafW8BY6GYnQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: puppet SSHD port based on hostname

[Rob Nelson]

If you're using saz/ssh, just add this to the 'options' parameter (hash) of
ssh::server. Anything that doesn't have a specific parameter can be
implemented there.

On Fri, Aug 25, 2017 at 11:07 PM John <sami.st...@gmail.com> wrote:

> So, I agree this is doable in Hiera.  However, I think for the SAZ SSH
> module, it would be better for me to include it in the sshd_config.erb.
>
> I've added the following to sshd_config.:
>
> <%- if ServerName == myhost -%>
> Port = 
> <%- end -%>
>
> Puppet run finishes with no errors, but /etc/ssh/sshd_config does not the
> port setting at all.
>
> I've tried different variations of the command above with no luck.
>
> Am I even in the ball park?  It seems this should doable in the
> sshd_config.erb.  Any advice would be greatly appreciated.
>
> On Tuesday, August 22, 2017 at 12:36:15 PM UTC-4, John wrote:
>>
>> I've pulled down the SAZ SSH module and implemented across my network.
>> It works great.
>>
>> However, I need to implement the following change:
>>
>> If hostname = host1 or host2 or host3
>>   then
>> port = 
>> fi
>>
>> I just want to change the default sshd port for a few hosts.
>>
>> How do I do that?
>>
>>
>>
>> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/d9316efe-3f09-4401-81ef-4022bbe85a7a%40googlegroups.com
> <https://groups.google.com/d/msgid/puppet-users/d9316efe-3f09-4401-81ef-4022bbe85a7a%40googlegroups.com?utm_medium=email_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>
-- 
Rob Nelson

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAC76iT_XWKj1AHfc88ZEaW1i7Gk99B%3DDKU7ha5sZSk%3Dz9w6jrw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] yumrepo still not working ?

[Rob Nelson]

The puppet log shows the resource name only. Did you check for the presence
of the file at all?

On Fri, Aug 25, 2017 at 9:20 AM Fabrice Bacchella <
fabrice.bacche...@orange.fr> wrote:

> I tried to create a yumrepo for elasticsearch, and like many years ago,
> puppet seems to be unable to create it in the requested files:
>
> yumrepo {'elasticsearch-5.x':
> name   =>  'elasticsearch-5.x',
> baseurl=> 'https://artifacts.elastic.co/packages/5.x/yum',
> mirrorlist => 'absent',
> gpgcheck   => true,
> gpgkey => 'https://artifacts.elastic.co/GPG-KEY-elasticsearch'
> ,
> descr  => 'Elasticsearch repository for 5.x packages',
> target => '/etc/yum.repos.d/elasticsearch.repo',
> }
>
> And puppet running:
> Notice: /Stage[pre]/Bigdatademo::Yum/Yumrepo[elasticsearch-5.x]/ensure:
> created
>
> What target then is good for ? see
> https://docs.puppet.com/puppet/latest/types/yumrepo.html
>
> target
>
> The filename to write the yum repository to.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/65CB405A-C426-4823-88BE-F71A8B3CB779%40orange.fr
> <https://groups.google.com/d/msgid/puppet-users/65CB405A-C426-4823-88BE-F71A8B3CB779%40orange.fr?utm_medium=email_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>
-- 
Rob Nelson

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAC76iT9sF2xO-NWAj09z15PjTRfTLswRmd60AOdEvekOLp1BUQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] puppet in the dmz?

[Rob Nelson]

Jason,

Security methodology for DMZs varies quite a bit for different companies.
In some, there are ZERO connections from DMZ to LAN, in others it's just
restricted to acceptable levels of risk. With Puppet, there's no full-blown
Push method I'm aware of that you can use (you could possibly combine some
sort of LAN->DMZ push of code and run `puppet apply` as a scheduled
task/cronjob, but getting code to nodes isn't part of Puppet).

I think the most reasonable compromises that maintain the `puppet agent`
workflow you likely use are either A) placing an additional master in the
DMZ and have the agents connect to it or B) have the agents connect to the
existing master in the LAN on port 8140/tcp. In scenario A, you could push
code to the master through Code Manager (PE) or use r10k to fetch it from
appropriate sources - this would be your one DMZ->LAN connection - and the
agent traffic never hits the LAN. In scenario B, all the agents do have to
contact the LAN, but they do it on a single port and using SSL, mitigating
your risk.

A (IMO) less secure scenario C that some companies entertain would be a
multi-homed node, in this case your DMZ master having a second connection
to the LAN so it doesn't go through the firewall, but I dislike that. It
maintains the letter of the rule of no sessions from the DMZ communicating
through the firewall to the LAN, but violates the spirit of the rule by
creating a bridge between the segments without the firewall policy to
minimize risk.

Most places I've been at would accept the risk of agents talking to the
master only (scenario B); a few would prefer an additional DMZ master and
accept the overhead (scenario A); only one would take scenario C and it's
no coincidence that I quit that company in a hurry :)

Hope that helps.


Rob Nelson
rnels...@gmail.com

On Wed, Aug 23, 2017 at 2:20 PM, Jason McMahan <jason.m.mcma...@gmail.com>
wrote:

> Good day,
> We are looking at managing our infrastructure in the dmz as we do our
> internal nodes with puppet.
> We are running multiple masters with foreman as our enc. R10k ensure the
> manifests on all masters are updated regularly.
>
> Does anyone have suggestion to integrate the dmz into our current layout
> as well as ensure security?
>
> We have mainly windows machines, with a handful of linux ones in the dmz.
>
> Thoughts have been, place a master in the dmz all agents talk to that
> master. But then what should we do? Have a connection to puppetdb internal?
> Create a copy of what we have internal in the dmz? That is the least
> favorable option.
>
> Any help of input is greatly appreciated.
>
> Thank you
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/puppet-users/3abd0b97-ed16-407c-98a1-4476be75358a%40googlegroups.com
> <https://groups.google.com/d/msgid/puppet-users/3abd0b97-ed16-407c-98a1-4476be75358a%40googlegroups.com?utm_medium=email_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAC76iT_JKeu%3DDMatJHFncxyDA07TXLgojEpFZN4NeL6AxktzFA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: Browse PuppetDB resources

[Rob Nelson]

There's also the module zack/exports that adds a puppet face to browse
exported resources without interacting with postgresql directly.
https://forge.puppet.com/zack/exports


Rob Nelson
rnels...@gmail.com

On Thu, Jul 27, 2017 at 5:53 AM, Jonathan Gazeley <
jonathan.gaze...@bristol.ac.uk> wrote:

> Thank you, this was perfect!
>
> Cheers,
> Jonathan
>
> On 26/07/17 17:08, Russell Mull wrote:
>
> Hi Jonathan,
>
> You can use the PuppetDB CLI to do queries directly. https://docs.puppet.
> com/puppetdb/5.0/pdb_client_tools.html
>
> - Russ
>
> On Wednesday, July 26, 2017 at 3:57:37 AM UTC-7, Jonathan Gazeley wrote:
>>
>> Hi folks,
>>
>> I'm trying to troubleshoot an issue about tagging and realising exported
>> resources. Is there a way I can browse/view exported resources in
>> PuppetDB to make sure the expected tags have been applied?
>>
>> Thanks,
>> Jonathan
>>
>> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/puppet-users/f58d0f3c-14ed-4214-878e-e967248736cc%40googlegroups.com
> <https://groups.google.com/d/msgid/puppet-users/f58d0f3c-14ed-4214-878e-e967248736cc%40googlegroups.com?utm_medium=email_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/puppet-users/3ed820eb-ccb4-554d-d805-92fcb81f7b09%40bristol.ac.uk
> <https://groups.google.com/d/msgid/puppet-users/3ed820eb-ccb4-554d-d805-92fcb81f7b09%40bristol.ac.uk?utm_medium=email_source=footer>
> .
>
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAC76iT8O7ngacL8yy7D%3DQP%2BskOEoVMTECcPF%2BGUqk%3DukJ7A-cQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] How to randomize the order of server names

[Rob Nelson]

I did just notice this line, which should remove the .shuffle so it's
consistent on every run:

   server_list = @_ldap_servers.shuffle



Rob Nelson
rnels...@gmail.com

On Mon, Jul 24, 2017 at 7:45 AM, Martijn <mart...@heemels.com> wrote:

> I think that's perfect for the OP's use case. And if you need multiple
> random numbers there's a useful second parameter to fqdn_rand(), the
> "seed", which can be any string or integer and allows you to get multiple
> different random numbers on the same host.
>
> So, you could use the server_list.size as the seed to get a different but
> number after you pop off an item from your server_list array.
> --
> Martijn
>
> Op zondag 23 juli 2017 16:51:17 UTC+2 schreef Rob Nelson:
>>
>> You could try fqdn_rand(). Fqdn_rand will generate a random number, but
>> the same random number for a given fqdn, so you would get the same value
>> every time rather than it changing. https://docs.puppet.
>> com/puppet/latest/function.html#fqdnrand
>>
>> On Sun, Jul 23, 2017 at 1:20 AM MK <mizuk...@gmail.com> wrote:
>>
>>> Does anyone have experiences randomizing the order of redundant server
>>> names  in the client configuration and won't change the order during next
>>> puppet agent runs?
>>>
>>> For example, I have a bunch of ldap slave servers put in an array:
>>>
>>> $_ldap_servers = ['ldap1' , 'ldap2', 'ldap3']
>>>
>>> I want to randomize the order in the client config (ex, nslcd.conf or
>>> sssd.conf ) so they don't always hit the same ldap server.
>>>
>>> ex:
>>> ldap_search_base = dc=example, dc=com
>>> ldap_uri = ldaps://ldap2 ldaps://ldap0 ldaps://ldap3
>>>
>>> What I did so far is that in the ERB template, I put the following code:
>>> 
>>> ldap_uri = <%
>>>server_list = @_ldap_servers.shuffle
>>>server_list.size.times do
>>>server = server_list[rand(server_list.size)] -%>ldaps://<%=
>>> server -%>/ <%
>>>  server_list.delete(server)
>>>end %>
>>> ```
>>> It was working well with Rack based puppetmaster 3.x, but after
>>> upgrading to puppetserver 2.7.x, it changes the order every time when agent
>>> runs.
>>>
>>> Does anyone have any suggestions?
>>> Thanks so much!
>>>
>>> MK
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Puppet Users" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to puppet-users...@googlegroups.com.
>>> To view this discussion on the web visit https://groups.google.com/d/ms
>>> gid/puppet-users/cfe4921b-d777-4b9e-8b6a-473f7c1904a5%40googlegroups.com
>>> <https://groups.google.com/d/msgid/puppet-users/cfe4921b-d777-4b9e-8b6a-473f7c1904a5%40googlegroups.com?utm_medium=email_source=footer>
>>> .
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>> --
>> Rob Nelson
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/puppet-users/63df98a6-ec85-4976-b300-0e3482857c99%40googlegroups.com
> <https://groups.google.com/d/msgid/puppet-users/63df98a6-ec85-4976-b300-0e3482857c99%40googlegroups.com?utm_medium=email_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAC76iT9gQUG1m%3DK6-V%3DnOCNoVtd_cyGG%3DMjbgeMjKF31J5P6rA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] How to randomize the order of server names

[Rob Nelson]

You could try fqdn_rand(). Fqdn_rand will generate a random number, but the
same random number for a given fqdn, so you would get the same value every
time rather than it changing.
https://docs.puppet.com/puppet/latest/function.html#fqdnrand

On Sun, Jul 23, 2017 at 1:20 AM MK <mizuki0...@gmail.com> wrote:

> Does anyone have experiences randomizing the order of redundant server
> names  in the client configuration and won't change the order during next
> puppet agent runs?
>
> For example, I have a bunch of ldap slave servers put in an array:
>
> $_ldap_servers = ['ldap1' , 'ldap2', 'ldap3']
>
> I want to randomize the order in the client config (ex, nslcd.conf or
> sssd.conf ) so they don't always hit the same ldap server.
>
> ex:
> ldap_search_base = dc=example, dc=com
> ldap_uri = ldaps://ldap2 ldaps://ldap0 ldaps://ldap3
>
> What I did so far is that in the ERB template, I put the following code:
> 
> ldap_uri = <%
>server_list = @_ldap_servers.shuffle
>server_list.size.times do
>server = server_list[rand(server_list.size)] -%>ldaps://<%= server
> -%>/ <%
>  server_list.delete(server)
>end %>
> ```
> It was working well with Rack based puppetmaster 3.x, but after upgrading
> to puppetserver 2.7.x, it changes the order every time when agent runs.
>
> Does anyone have any suggestions?
> Thanks so much!
>
> MK
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/cfe4921b-d777-4b9e-8b6a-473f7c1904a5%40googlegroups.com
> <https://groups.google.com/d/msgid/puppet-users/cfe4921b-d777-4b9e-8b6a-473f7c1904a5%40googlegroups.com?utm_medium=email_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>
-- 
Rob Nelson

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAC76iT9nXLw1N2YeNuwfQ%2BHT3YFJqGU-vuCOpT-jLKAtHLULkQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] stdlib module invalid

[Rob Nelson]

It is possible that zendserver may specifically request 4.3.2, rather then
>=4.3.2, which means 4.17.1 is an invalid version for dependencies. You can
check metadata.json in zendserver to see what specifically it says.

On Thu, Jul 20, 2017 at 9:11 PM Ugo Bellavance <u...@lubik.ca> wrote:

> Hi,
>
> I wonder why, on all my puppet servers, I always get an "invalid" message
> besides stdlib.
>
> # puppet module list
> Warning: Module 'puppetlabs-stdlib' (v4.17.1) fails to meet some
> dependencies:
>   'zend-zendserver' (v0.2.0) requires 'puppetlabs-stdlib' (v4.3.2)
> /etc/puppetlabs/code/environments/production/modules
> ├── puppetlabs-apt (v1.6.0)
> └── puppetlabs-stdlib (v4.17.1)  invalid
> /etc/puppetlabs/code/modules
> └── zend-zendserver (v0.2.0)
>
> Anyone has an idea why?
>
> Thanks,
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/b68d7e0b-a900-411d-8877-f5cc28d594a7%40googlegroups.com
> <https://groups.google.com/d/msgid/puppet-users/b68d7e0b-a900-411d-8877-f5cc28d594a7%40googlegroups.com?utm_medium=email_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>
-- 
Rob Nelson

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAC76iT_3tQzL9UCgA30wYMow1FwvR_53zdDdHse20jMWGybo8A%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Puppet works on 41 times out of 43. Help?

[Rob Nelson]

There might be a bug, but again, you're on an EOL version of puppet. It's
entirely possible that any issue you're observing has been fixed already.

On Thu, Jun 22, 2017 at 11:56 AM Robert Inder <rob...@interactive.co.uk>
wrote:

> On 22 June 2017 at 14:42, jcbollinger <john.bollin...@stjude.org> wrote:
>
>>
>>
>> On Thursday, June 22, 2017 at 5:26:41 AM UTC-5, Robert Inder wrote:
>>
>> I don't understand why the behavior you describe occurs, but I also don't
>> understand why you are trying to set the owner of the link in the first
>> place, especially if the directory containing it belongs to root.
>>
>
> ​I was creating a number of files, mostly in the user's own directory,
> and I simply I used the same "pattern" for each of them...
>
>
>>
>>>If I change the manifest to not specify ownership of the link,
>>>  it creates a "swindon" link link owned by root.
>>>
>>
>> So why not go with that?
>>
>
> ​Now that, thanks to Rob Nelson's ​suggestion (for which many thanks, Rob),
> I realise that this will work, that is indeed the route I will go down.
>
> Though there does still seem to be a bug in there somewhere...
>
>
>
>> The link owner is relevant only to modifying or removing the link itself,
>> and since you're managing it via Puppet, I don't see what purpose it serves
>> to relax the permissions for that.  The link owner and permissions have no
>> relevance to *traversing* the link (see symlink(7)).
>>
>>
>> John
>>
>>
>
> --
> Robert Inder,0131 229 1052 / 07808 492
> 213
> Interactive Information Ltd,   3, Lauriston Gardens, Edinburgh EH3 9HH
> Registered in Scotland, Company no. SC 150689
>Interactions speak louder than
> words
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/CAKqjJm-vLb-%3D%2BGo4%2BbwNM13JOVipDf0nsoZnk3xmFsUbrs6q6Q%40mail.gmail.com
> <https://groups.google.com/d/msgid/puppet-users/CAKqjJm-vLb-%3D%2BGo4%2BbwNM13JOVipDf0nsoZnk3xmFsUbrs6q6Q%40mail.gmail.com?utm_medium=email_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>
-- 
Rob Nelson

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAC76iT8Vf-QGBb-L_wysnPiBSYsBGCrdZFqyN%3DydQD78gb%2BTpQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Puppet works on 41 times out of 43. Help?

[Rob Nelson]

Have you tried to create the link manually to see what happens?

Also you probably know but Puppet 3 is EOL. If the issue is with puppet
itself, rather than perms, it's going to require an upgrade to fix.
Unlikely, but wanted to make sure you're aware.

On Wed, Jun 21, 2017 at 1:13 PM Robert Inder <rob...@interactive.co.uk>
wrote:

> I'm hoping someone can help me diagnose a problem with
> Puppet version 3.8.7 running on CentOS 6.4.
>
> I have a couple of servers with a total of 43 web-accessed software
> systems, each with its own unix user.
>
> These installations are all created from scratch by Puppet, and then
> the appropriate version of the software is installed and configured
> by scripts running as the relevant user.
>
> I have just added a new feature, for running background jobs.
> The feature is enabled for an installation if there is a symlink
> from /etc/JobRequests to a JobRequests directory in that
> installation's home directory.
>
> These symlinks are managed by puppet via a "File" resource:
>
>   file { "${job_requests::service::dir}/${user}" :
>   ensure =>  $status ? {
> 'enabled' => link,
> default   => absent
>   },
>   owner => $user,
>   target => $queue_dir,
>   require => [ File[ $job_requests::service::dir ] ]
>   }
>
> For 41 of the 43 users/installations, this does what I expected,
> and creates links like these...
>
>lrwxrwxrwx 1 norfolk   root 35 May 19 16:03 norfolk ->
> /var/opt/installation-norfolk/JobRequests
>
> But for two of the thirty users on one of the servers, I get
> Error: Could not set 'link' on ensure:
> Permission denied - /var/opt/installation-swindon/JobRequests or
> /etc/JobRequests/swindon
> at 60:/etc/puppet/modules/job_requests/manifests/user_files.pp
>
> I've tried a couple of the existing links.
> Puppet puts them back.
>
> But won't create the links for these two installations.
>
> Note that the source directory for the link (/etc/JobRequests) is common.
> And the target directory for all installations is created by the same
> puppet manifests.
> And they all have the same permissions.
>
> "WTF?", as they say.
>
> Any suggestions how to start tracking this down?
>
> Robert.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/9aeb318b-a3be-492d-bc2e-ed7673b32c3e%40googlegroups.com
> <https://groups.google.com/d/msgid/puppet-users/9aeb318b-a3be-492d-bc2e-ed7673b32c3e%40googlegroups.com?utm_medium=email_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>
-- 
Rob Nelson

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAC76iT-7EyDWUk4yhNreoMq0gK70UF-m9YQk3ZApo9bDV0i7Sw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Location of config files in roles/profiles pattern

[Rob Nelson]

Jtc,

I keep my templates and files in the profile class itself, in paths like
files/phpMyAdmin/config.php and templates/randomapp/app.conf.erb. I have a
site_config module that has some files that aren't tied to profile
development, like certs. Other than that, I DO put config files in the 2
component modules that are private (everything else is from the forge).

I hope that gives you some ideas.

On Sat, Jun 17, 2017 at 2:41 PM J.T. Conklin <j...@acorntoolworks.com> wrote:

>
> Over the past year or so, we've completed a transition from locally
> developed puppet modules containing node-specific configuration, to
> using the roles/profiles pattern with parameterized modules with most
> config values coming from hiera.
>
> One exception to this are config files that are too specific, to
> complicated, or otherwise not suitable for conversion to templates.  At
> the moment, these are still in our puppet modules.  Not only does this
> bind node-specific configuration in with otherwise independent modules,
> now that all our other node-specific configuration is done with hiera,
> the config is split across two places -- which makes it hard to under-
> stand.
>
> I spent some time look for articles and blog posts that cover this, but
> all the examples I've seen show use cases where module configuration is
> completely taken from hiera. How do others handle this?  Store files in
> the profiles module itself?
>
> Thanks in advance,
>
> --jtc
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/87a856sbhk.fsf%40wopr.acorntoolworks.com
> .
> For more options, visit https://groups.google.com/d/optout.
>
-- 
Rob Nelson

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAC76iT_4bPFRnjAfokqUSFi0a3fZaGg%2Bdbsem9ia5N-bztkRfQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] same hiera data across multiple profiles

[Rob Nelson]

You may want to look at automatic parameter lookup, inheritance, and data
in modules.
https://www.devco.net/archives/2016/01/08/native-puppet-4-data-in-modules.php
has some good examples. Generally, a param class is obviated in a component
module, but in profiles where a value may be shared across many, you could
try something like this to be closer to your example 1:

class profile::sslparams (
  Hash $ssldata,
) {
  # Nothing actually in the class, we just want the params above ^^
}

class profile::http (
  Hash $ssldata = $profile::sslparams::ssldata,
) inherits profile::sslparams {
  # use $ssldata wherever you need it
}

You can then set profile::sslparams::ssldata as needed in the module's
hiera data.

Like Matthew Kennedy, though, I'm not certain this is really what you want
to do. Do both http and smtp always have the same values? Do they actually
require the data in the exact same format? Can you provide default values
for each, perhaps through data in modules, and override both
profile::http::ssldata and profile::smtp::ssldata as needed? Maybe it isn't
even needed if you are loading component modules like apache and postfix,
as you could just `include apache` and set `apache::somesslparam: value1`
and `postfix::differentsslparamname: value2` and not have to embed that in
your profile classes.



Rob Nelson
rnels...@gmail.com

On Wed, Jun 14, 2017 at 11:05 AM, Christopher Wood <
christopher_w...@pobox.com> wrote:

> I've been pondering this and I'm still tossing it back and forth in my
> head.
>
> Example 1:
>
> class profile::ssl {
>   $ssldata = lookup('profile::ssl::ssldata', Hash)
> }
>
> class profile::http {
>   include ::profile::ssl
>   $ssldata = $::profile::ssl::ssldata  # illustrating the example
> }
>
> class profile::smtp {
>   include ::profile::ssl
>   $ssldata = $::profile::ssl::ssldata  # illustrating the example
> }
>
> Example 2:
>
> class profile::http {
>   $ssldata = lookup('ssldata', Hash)
> }
>
> class profile::smtp {
>   $ssldata = lookup('ssldata', Hash)
> }
>
> Items:
>
> In example 1 Every profile would definitely own specified hiera keys with
> no orphans.
>
> In example 1 some profiles would end up as "params" profiles if they don't
> have any resources. This is likely fine if it's important that every hiera
> key is owned by a profile.
>
> Example 2 means potentially different merge strategies for different
> profiles which could lead to puzzlement.
>
> Example 2 means that if the lookup fails somebody has to go digging in
> hiera rather than it being obvious that somebody hasn't included
> profile::ssl.
>
> Example 1 means that some profiles end up tightly coupled. On the other
> hand anything that uses ssl is tightly coupled with anything that manages
> ssl anyway.
>
> On balance it seems like example 1 is more work up front for the same
> functional result and easier troubleshooting later, which sounds like a
> reasonable tradeoff. I think I will give it a go. (Presuming I'm even
> understanding your point correctly.)
>
>
>
> On Tue, Jun 13, 2017 at 08:50:51PM +, Matthew Kennedy wrote:
> >As a general rule you shouldn't have multiple profiles pulling the
> same
> >data from hiera.
> >
> >Treat profiles like lego blocks that you can compose as needed.
> >
> >In this case create a ssl_certs profile who's role is to pull in
> hieradata
> >via standard parameters. This profile has the responsibility to get
> the
> >certs on the box etc...
> >
> >Any profiles that need ssl_certs can `include profile::ssl_certs`.
> Note
> >that if these profiles need to get the parameters of the ssl_certs
> class
> >they can be accessed via $profile::ssl_certs::parameter_name.
> >
> >Hope that helps.
> >
> >On Mon, Jun 12, 2017, 9:57 AM Christopher Wood
> ><[1]christopher_w...@pobox.com> wrote:
> >
> >  How do you typically organize your data lookups when you want to
> use the
> >  same hiera data across multiple profiles, themselves possibly used
> >  across multiple roles?
> >
> >  A cut down example with fake names:
> >
> >  class role::mailserver {
> >include ::profile::http
> >include ::profile::smtp
> >  }
> >
> >  class role::webserver {
> >include ::profile::http
> >  }
> >
> >  class profile::http ($ssldata) {
> >class { 'apache':
> >  ssldata => $ssldata,
> >}
> >  }
> >
> >  class profile::smtp ($ssldata) {
> >class { 'postfix':
> >  ssldata => $ssldata

Re: [Puppet Users] mail notification when module is succesful the first time

[Rob Nelson]

One idea is that instead of puppet on an agent doing something, it might
make sense to have something watch puppetDB contents for the success of
applying the class/package/file resources in question. As long as they are
idempotent then it would only trigger once. I don't delve into puppetDB
directly much, so sorry for the vagueness in this suggestion.

I assume this is something assigned during provisioning or when a feature
flag is flipped. If so, you could also put the notification element there -
notify the end user if success, notify the provisioning team if failure.

Finally, if you do resort to an exec, you can set refreshonly to true and
notify it from the dependent resources. There's still no guarantee this
only happens once, for instance if someone modifies the package resource by
hand and puppet reverts it, but that's kind of outside puppet's scope
anyway. The exec itself would still only fire based on the business rules
you codify in your puppet code.

Lots of ways to tackle this one.

On Tue, Jun 6, 2017 at 9:04 AM Lars Van Steenbergen <l...@larsenbritt.be>
wrote:

> I'm in the situation where i need puppet to send a mail to a team when a
> certain puppet module is in place (package and config files) so another
> team can do its magic.
> What is the best way to send a mail containing hostname and ip to this
> team when the first run was successful?
> It may only be send once.
>
> I know i can solve this with an exec but someone once told me to try to
> avoid the use of exec.
> So is there a better solution for this?
>
> Kind regards
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/dab80c4f-3aa6-4605-8120-02385fe3bdde%40googlegroups.com
> <https://groups.google.com/d/msgid/puppet-users/dab80c4f-3aa6-4605-8120-02385fe3bdde%40googlegroups.com?utm_medium=email_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>
-- 
Rob Nelson

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAC76iT-BKDXgeeOtRVNimUO0Kztn6WrkfCYuTVdUe3APVmMNtA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] stop service after install

[Rob Nelson]

It might be worth pointing out that puppetlabs/apache is a component module
that helps address some of these common issues, and using it instead of
writing your own apache module is probably worth considering in this case.


Rob Nelson
rnels...@gmail.com

On Sun, May 14, 2017 at 3:07 PM, Ramin K <ramin-l...@badapple.net> wrote:

> I'd guess that installing new modules are restarting the service. You
> probably need something with better ordering.
>
> class apache {
>   contain ::apache::install
>   contain ::apache::config
>   contain ::apache::service
>   Class['::apache::install'] ->
>   Class['::apache::config'] ~>
>   Class['::apache::config']
> }
> class apache::install {
>   package { 'libapache2-mpm-itk':
> ensure => latest,
>   }
>   package { 'apache2':
> ensure => latest,
>   }
>   # etc etc
> }
> class apache::config {
>   file { '/etc/apache2/ports.conf':
> ensure  => file,
> content => "Listen 8080\n",
>   }
> }
> class apache::service {
>   service { 'apache':
> ensure => running
> enable => true,
>   }
> }
> class nginx {
>   package { 'nginx-light':
> ensure => latest,
>   }
> }
> class profile::webstack {
>   include ::apache
>   include ::nginx
>   Class['::apache'] -> Class['nginx']
> }
>
> On 5/13/17 2:45 AM, Anton Gorlov wrote:
>
>> Hi.
>>
>> I need stop service (apache) after it install from puppet.
>> platform is debian 9 and puppet version is 4.8.2
>>
>> I my class i wrote:
>>
>> 
>> class webpackages {
>>
>> exec { 'apachechk':
>> command => "/bin/systemctl stop apache2;",
>> onlyif => "/bin/grep -c 'Listen 80' /etc/apache2/ports.conf",
>> }
>>
>> package { 'libapache2-mpm-itk':
>> ensure => latest,
>>}
>>
>> package { 'apache2':
>> require => Exec['apachechk'],
>> ensure => latest,
>>}
>>
>> package { 'apache2-dev':
>> ensure => latest,
>>}
>> package { 'apache2-suexec-pristine':
>> ensure => latest,
>>}
>> package { 'apache2-utils':
>> ensure => latest,
>>}
>> package { 'apache2-bin':
>> ensure => latest,
>>}
>> package { 'apachetop':
>> ensure => latest,
>>}
>> package { 'libapache2-mod-rpaf':
>> ensure => latest,
>>}
>> package { 'nginx-light':
>> require => Exec['apachechk'],
>> ensure => latest,
>> }
>>
>> }
>> ===
>>
>> but apache not stopping and install nginx is fail because port is busy
>> by apache
>>
>> May 13 12:21:29 debian9-lab3 nginx[19538]: nginx: [emerg] listen() to
>> [::]:8…se)
>> May 13 12:21:29 debian9-lab3 nginx[19538]: nginx: [emerg] listen() to
>> 0.0.0.…se)
>> May 13 12:21:29 debian9-lab3 nginx[19538]: nginx: [emerg] listen() to
>> [::]:8…se)
>> May 13 12:21:30 debian9-lab3 nginx[19538]: nginx: [emerg] listen() to
>> 0.0.0.…se)
>> May 13 12:21:30 debian9-lab3 nginx[19538]: nginx: [emerg] listen() to
>> [::]:8…se)
>> May 13 12:21:30 debian9-lab3 nginx[19538]: nginx: [emerg] still could
>> not bind()
>>
>> What is wrong and what is right way to do it?
>>
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/ms
> gid/puppet-users/1da0051d-a3d1-6472-2ad6-3af335f7503a%40badapple.net.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAC76iT_nRnEQv5PFsoq0gpi6G-mMHVDB6d_Xzi%3DncUB7kNR2cQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Automation of OS install

[Rob Nelson]

You want to look at puppet razor for bare metal provisioning.

On Sat, May 6, 2017 at 9:31 PM <haksso...@gmail.com> wrote:

> Hi,
>
> I need to automate installation of 50 bare metal servers, the OS of choice
> is a non official linux distor. that is only available as an .iso image,
> these servers are cisco ucs c m240 series.
>
> Is there a way to do that ?
>
> What we are doing today is using the server management plane (CIMC) to
> launch a console session that is booting from the .iso image and we walk
> through the install steps and give a new password at the end, everything
> else is done later.
>
> Thanks
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/18ffbbb8-3549-4263-9bed-5c90a5877931%40googlegroups.com
> <https://groups.google.com/d/msgid/puppet-users/18ffbbb8-3549-4263-9bed-5c90a5877931%40googlegroups.com?utm_medium=email_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>
-- 
Rob Nelson

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAC76iT87FK3SWksPtsEgk5sxFKYCeWvw-LRYxuoEoXWCx69Q0g%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Upgrading to Puppet 4 - what about the modules

[Rob Nelson]

Generally speaking, modules created for Puppet 3 are likely to work in
puppet 4 without changes. Of course, that's not to say that all will, you
will have to test and make sure yourself since the module author has not.

However, if a module on the forge does not support puppet 3 by now, that
may be a warning sign that development has stalled or the module has been
migrated to another namespace. You should attempt to discover if either are
the case, so you can plan accordingly - there's no guarantee a module
designed for Puppet 3 that is incidentally compatible with Puppet 4 will
also be compatible with future versions of puppet 5, and a lack of bug
fixes may be problematic as well. Something to explore, anyway.

On Wed, May 3, 2017 at 9:44 PM Ugo Bellavance <u...@lubik.ca> wrote:

> Hi,
>
> I'm currently running a puppet 3 server that serves about 20 puppet 3
> clients.  I use a number of modules, and most of them are not compatible
> with puppet 4.  There is at least one module that is not compatible with
> puppet 4. Is puppet 4 backwards compatible somehow or do we need to have
> all our modules puppet 4-ready before upgrading?
>
> Thanks,
>
> Ugo
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/fc974974-b393-46d9-a5f2-4670ccd7d686%40googlegroups.com
> <https://groups.google.com/d/msgid/puppet-users/fc974974-b393-46d9-a5f2-4670ccd7d686%40googlegroups.com?utm_medium=email_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>
-- 
Rob Nelson

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAC76iT_SKf9kHiz1cPg%3D9s3XkXHBNBeGaqdk%3Di4rAhnVKVERkw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] if / case loop syntax help

[Rob Nelson]

I think some characters got gobbled during pasting or by Google Groups; it 
looks like the parameter block to your type is missing the start/finish. 
But that's syntax, I'm sure you've got it right or can fix any typos 
yourself.

The suggestion I have is about a common anti-pattern: Don't Repeat Yourself 
(DRY). You have two exec resource declarations, only of which is 
instantiated, with the same parameter list for both. The only difference is 
interpolation of the password, which is set inside the control flow. Moving 
the exec instantiation *after* the conditional blocks helps with 
maintenance in the long term, but also makes it easier for someone to read 
your code later (including future you!) and see that the end result is a 
single resource. That would look something like this:

define certificate-generator (
  user => root,
  group => root,
) {
  if ( $env != 'test' or $env != 'qa') {
case $::target_cert_type {
  'type1': {
$password = '123'
  }
  'type2': {
$password = '345'
  }
  default: {
fail("No password defined")
  }
}
  }
  else {
case $::target_cert_type {
  'type1': {
$password = '567'
  }
  'type2': {
$password = '789'
  }
  default: {
fail("No password defined ")
  }
}
  }

  # Single exec resource here with variable inputs determined above
  exec { "certificate-generator":
command => 'sh certgen.sh',
path=> '/bin/bash',
logoutput => true,
onlyif =>  "test ! -f ${cert_basedir}/${host}.jks"
source => "puppet:///modules/mymodule/certgen/certgen.sh $password"
  }
}

I still have a concern about your if statements, though. If `env` is 
`prod`, it obviously matches for if ( $env != 'test' or $env != 'qa'). But 
if `env` is `qa`, it STILL matches because $env != 'test'
is true and it never reaches the $env != 'qa' comparison. And if it's 
`test`, it still matches because after failing the first test, it passes 
the second test. The `else` condition is never reached that I can see. 
Changing that to an AND match, or using equality and swapping the if/else 
blocks, appears closer to the described desired state.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/dfcd053a-bf94-4572-b65d-280a31f26cf2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Puppet facter utf-8 error

[Rob Nelson]

Is there a chance the encoding on the file containing the custom fact
itself is not UTF8? It won't matter if the output is UTF-8 if Puppet can't
parse it to apply the code inside it. `file ` usually starts with
`ASCII` or `UTF-8 Unicode` if it's in the proper format.


Rob Nelson
rnels...@gmail.com

On Wed, May 3, 2017 at 7:37 AM, mobios <taner.ta...@gmx.de> wrote:

> Hello Puppet User,
>
>
> Infos:
> Puppet-client-version = 3.8.4
> facter= 2.4.4
>
> Puppetserver = 4.10.0
>
>
> I wrote a fact to discover all firewallrules on a windows machine.
> Factname is windows_firewallrules.rb and returnvalue is a nested hash.
>
>
> if i execute following command.
>
> facter -p windows_firewallrules
>
> I can see all firewallrules correctly. But if i execute
>
> puppet agent -tdv
>
>
> I get a  error and the puppetrun stops.
>
> Errormessage:
> invalid byte sequence in UTF-8
>
>
> I found out the issue is caused from my windows_firewallrules fact.
> I have already set the encoding fix to UTF-8.
>
>
> for example:
>
> name.encode!('UTF-8', :invalid => :replace)
> key.encode!('UTF-8', :invalid => :replace)
> value.encode!('UTF-8', :invalid => :replace)
>
> windows_firewallrules[name][key] = value
>
>
>
>
> Strangely if i iterate through my nested hash (windows_firewallrules)
> i cant see anythink wrong.
>
>
> for example:
> windows_firewallrules.each do |k1, v1|
>   if k1.encoding.to_s != 'UTF-8'
> puts k1.encoding
>   end
>
>   v1.each do |k2, v2|
>   if k2.encoding.to_s != 'UTF-8'
> puts k2.encoding
>   end
>
>   if v2.encoding.to_s != 'UTF-8'
> puts v2.encoding
>   end
>  end
> end
>
>
>
> Has anyone a idea ?
>
> Best regards
> mobios
>
>
>
>
>
>
>
>
>
>
>
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/puppet-users/6b8f9821-2d9e-4538-a3cc-4134b83daa10%40googlegroups.com
> <https://groups.google.com/d/msgid/puppet-users/6b8f9821-2d9e-4538-a3cc-4134b83daa10%40googlegroups.com?utm_medium=email_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAC76iT9mVz_BDDvKRnOb52wV_d_ZhGajuVJ8VT9FieSEZDG%2BZg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] if / case loop syntax help

[Rob Nelson]

What you've coded seems workable, aside from two issues. 1) the errant
semicolon at the end (while that may work to 'end' the resource defaults,
its bad style when you don't have defaults). 2) exec resource titles need
to be unique if the defined type is used twice; adding the $name value of
the defined type should provide uniqueness. This will not show up in your
example where the type is only used once, but best to plan for long haul.

However, we don't know what you are trying to accomplish. Your first
conditional should probably be an and, because otherwise the conditional
will always be true ($env will always not be one of those values). The case
selectors have no default, do you need one? Should you be using a global
variable vs passing the value to a type parameter? Probably the latter. If
you explain your goal, then we can offer specific suggestions on how to
make the code accomplish it.

On Mon, May 1, 2017 at 7:43 PM Samir Gahirwal <samir.gahir...@gmail.com>
wrote:

> Hi,
>
> I am very new to puppet and writing my first class :) Please pardon me for
> asking basic question
>
> I am trying to write module to run install script. Can someone help me
> with syntax or suggest better way to code following
>
> define install-package {
> if ( $env != 'test' or $env != 'qa') {
> case $::package_type {
> 'abc': {
> $variable = '123'
>   }
> 'xyz': {
> $variable = '345'
>   }
>exec {"run_my_script":
>   source => "puppet:///modules/mymodule/resources/myinstall
> script.sh",
>   command => 'sh myscript.sh $variable'
> }
>
>  }
> else {
> case $::package_type {
> 'abc': {
> $variable = '567'
>   }
> 'xyz': {
> $variable = '789'
>   }
>  }
>exec {"run_my_script":
>   source => "puppet:///modules/mymodule/resources/myinstall
> script.sh",
>   command => 'sh myscript.sh $variable'
> }
> }
>
> class mymodule::software {
> $package_type = unique([jdk,apache,tomcat])
> install-package { $package_type:; }
> }
>
> I am deriving env variable from host name.
>
> Let me know if you need additional details.
>
> Thanks!
> --SamirG
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/ecb68180-af56-4d36-a555-236a69efea50%40googlegroups.com
> <https://groups.google.com/d/msgid/puppet-users/ecb68180-af56-4d36-a555-236a69efea50%40googlegroups.com?utm_medium=email_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>
-- 
Rob Nelson

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAC76iT856cgrr%3DBNgpi3twGWYAyCAydO8bNHK5to9ToXoWrUNQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: How to dynamically change sudoers

[Rob Nelson]

On Wed, Apr 26, 2017 at 10:45 AM James Perry <jjperr...@gmail.com> wrote:

> Since all of our Puppet code is in a source code repo and requires a
> change control to push to PROD, I don;t want to have to manually create a
> per host entry, either via the* case* statement or a *node.yaml* file as
> that requires a full regression test and verification before it moves to
> PROD.
>
> Via Foreman I can add puppet classes for *userX *and *userQ* to a
> specific server. As long as *sudo::sudoers::userX *and *sudo::sudoers::userQ
> *are defined in the Puppet code, then no change to modify code or custom
> hiera yaml files is required. This takes the sudo setups from having to be
> done per node in code to a point and click for the team that handles the
> tickets for the host definitions in Foreman.
>

This is a complete aside to sudo, but I think your controls here do not
operate as you expect them to. Foreman, like hiera, is just separating your
data from your code, which is great. But changing data in either system can
have adverse effects in production. For example, I once changed the value
for an nfs exports list from an array to a string. That ... did not go
well! If only an integration test had been used to catch that, I could have
avoided a small outage and a remediation change.

Personally, I prefer hiera to foreman or the PE Console classifier because
it's integrated with version control of the control repo and into my test
setup. But the point is, we use the same controls on data as code because
they have similar potentials for impacts in production. You may want to
revisit your controls, even if it's just to acknowledge the risk.

> --
Rob Nelson

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAC76iT8QUSLY5aip_j1JG%3D%2BuzDDT6yoVM0oAxQWgDrXjBwt9ng%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] How to dynamically change sudoers

[Rob Nelson]

James,

Sure, I've whipped up a gist for this in the past at
https://gist.github.com/rnelson0/f40719c787639a94d81e23340c5d063b. By
setting a deep merge on the key profile::base::linux::sudo_confs, I can add
to its hash value wherever I want in my hierarchy and a new sudoers.d
configuration snippet is added to the target system. All nodes receive the
sysadmin snippet, anything with the `infrastructure` role receives both the
sysadmin and the infrastructure snippet. That is all you need to get
started with saz/sudo, but I'm sure there's other functionality if you need
it.


Rob Nelson
rnels...@gmail.com

On Fri, Apr 21, 2017 at 1:33 PM, James Perry <jjperr...@gmail.com> wrote:

> Thanks. I looked at saz/sudo, but at least they I did it, it didn't for my
> needs. We have a wide range of hosts that would have oracle, dba and tomcat
> sudo rules. On another it would only have dba rules.
>
> I didn't quite get how I would have it setup the sudo::conf blocks to do
> what I would need. For example one host would have classes that define a
> content block for dba sudo permissions. Another for oracle's permissions,
> etc. Based on the classes assigned to the node I would want to have it make
> the required files with the needed content.
>
> Besides the examples in the README.md for the saz/sudo module, could post
> some code that would do something similar to what I need using the saz/sudo
> module? It is highly likely I'm just not interpreting the doc correctly.
>
> Thanks!
>
>
> On Friday, April 21, 2017 at 12:19:43 PM UTC-4, Rob Nelson wrote:
>>
>> Check out saz/sudo (https://forge.puppet.com/saz/sudo). By default it
>> manages /etc/sudoers.d with `sudo::conf` instances and purges
>> /etc/sudoers.d of anything it didn't create, but if something else is
>> managing files in that directory you can set `sudo::purge: false` so they
>> can share nicely.
>>
>>
>> Rob Nelson
>> rnel...@gmail.com
>>
>>
>> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/puppet-users/a45ccc0a-eed8-41ea-b2d9-6789e64edc51%40googlegroups.com
> <https://groups.google.com/d/msgid/puppet-users/a45ccc0a-eed8-41ea-b2d9-6789e64edc51%40googlegroups.com?utm_medium=email_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAC76iT__BRv5K6bupusZ7DS5KGMZ0g-JpL_7xjqhb3zOxU7HpQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] How to dynamically change sudoers

[Rob Nelson]

Check out saz/sudo (https://forge.puppet.com/saz/sudo). By default it
manages /etc/sudoers.d with `sudo::conf` instances and purges
/etc/sudoers.d of anything it didn't create, but if something else is
managing files in that directory you can set `sudo::purge: false` so they
can share nicely.


Rob Nelson
rnels...@gmail.com

On Fri, Apr 21, 2017 at 12:10 PM, James Perry <jjperr...@gmail.com> wrote:

> I'm at an impasse.
>
> Due to changing requirements we have different local service accounts
> being added 'ad hoc' to various servers. Each needs their own set of
> sudoers lines.  When moving from Puppet 0.25 to Puppet 4 I had to kludge
> something together in a hurry. It works, but not well.
>
> I looked at defining classes for each set of lines that needed to be added
> and have it create a separate file for that class in /etc/sudoers.d/.  Due
> to SOX compliance we can't have any sudo permissions defined for accounts
> not on the server. So if i remove the class that creates
> /etc/sudoers.d/foo, the /etc/sudoers.d/foo file still remains. If I try to
> clean out all non-needed files, I either have to do:
>   1. Remove all files, but that causes Puppet to always recreate the files.
>   2. Create some way to remove a file based on knowing if the class is
> defined for this node, which forum posts show as problematic.
>
> I did see the Puppet-concat module, but haven't had the time to really dig
> into it to see if the would solve the problem. In this case it would be
> modifying / creating the main sudoers file, which is fine.
>
> Another option would be to use something like file_line to make sure a
> specific line(s) are in the sudoers file after the initial template creates
> our default /etc/sudoers file.
>
> Has anyone solved this type of issue?  I know there are ways to do it, but
> I really want to do it right and forget it. Wen we need a new sudo setup
> for a new account, we create the required class and the rest is "magic"
> based on the classes defined for that node.
>
> In the mean time I will be doing more deep Google dives and serious RTFM.
>
> Thanks!
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/puppet-users/db9fabde-a539-4e8a-97b7-b160387df942%40googlegroups.com
> <https://groups.google.com/d/msgid/puppet-users/db9fabde-a539-4e8a-97b7-b160387df942%40googlegroups.com?utm_medium=email_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAC76iT-feTK%2BGLtLL6yDP8fn16V97qg8DYyz-W%3DQ%3DPY-oxE5Tw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] hiera hierarchy by network

[Rob Nelson]

Try the structured facts. $facts['networking']['network'] is probably
somewhat indeterministic, but if your interface names are predictable, then
$facts['networking']['interfaces']['ens192']['network'] (or 'eth0' or
whatever) could conceivably be the value you need.

Having tried to fight with this before, however, I went with an external
fact. I don't need the network so much as I need the datacenter and I just
create the file `/etc/facter/facts.d/datacenter` in my templates or during
provisioning, so I never need to deal with some wacky new network that
isn't correlated to a datacenter until I touch some code again. Something
like that might be helpful even if you can get the structured fact right,
as the provisioning process is often a better spot to insert such values.


Rob Nelson
rnels...@gmail.com

On Thu, Apr 13, 2017 at 12:21 PM, Peter K <pe...@beetlebolt.com> wrote:

> This network lookup is simple and works well...but only on some clients
> because they have more than one network interface:
> hiera.yaml:
> ---
> :hierarchy:
>   - "%{::trusted.certname}"
>   - "%{::network}"
>   - common
>
> It fails on some machines because they have docker virtual interfaces and
> instead return a network name like 172.0.0.0 instead of the one I want:
> 10.1.1.0.
> It seems the lookup just picks the first interface listed in the
> ::networking array.
> Are there any other methods to do lookups based on the network? I want to
> match the same network that puppet is working on.
>
> My experience is I can't easily parse the hiera lookup for ::networking
> (asked here
> <https://groups.google.com/forum/#!searchin/puppet-users/hiera$20by$20network%7Csort:relevance/puppet-users/JXVV79GbuvA/z2lNPubRR-wJ>)
> but maybe I can with hiera5 with globs
> <https://docs.puppet.com/puppet/4.9/hiera_config_yaml_5.html>.
> Thx,
> -peter
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/puppet-users/0593fc69-c51e-4176-a4c8-c28840ac59a4%40googlegroups.com
> <https://groups.google.com/d/msgid/puppet-users/0593fc69-c51e-4176-a4c8-c28840ac59a4%40googlegroups.com?utm_medium=email_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAC76iT968ybMvaFgB3UZ_1BySv3YjOFvriXPzwYVUJwqtCiSyg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] How to set noop = true in manifest for custom function?

[Rob Nelson]

In your second example, you're missing a comma after true. Not sure if
that's bad copy pasta or accurate with the source.

On Sat, Apr 1, 2017 at 12:21 PM <staceytian4...@gmail.com> wrote:

> Hi,
>
> I am using open source puppet 3.7.3 master and client.
>
> I know how to set noop = true in an individual manifest. For example,
>
> file { "/tmp/testfile1" :
>ensure => present,
>noop => true
> }
>
> Now I am trying a custom function (
> http://ryanuber.com/11-06-2012/manage-sets-of-packages-in-puppet.html).
> This custom function is called "apply_package_list" and accepts tow
> arguments.
>
> I created a new manifest called "pkgcheck" and placed this
> apply_package_list.rb in its folder
> /etc/puppet/modules/pkgcheck/lib/puppet/parser/functions/
>
> Then I created /etc/puppet/modlues/pkgcheck/manifests/init.pp and
> checkpkg.pp.
>
> In checkpkg.pp:
>
> class pkgcheck::checkpkg inherits pkgcheck  {
> apply_package_list("/root/packagelist","nopurge")
>  }
>
> It works fine when I run "puppet agent -t" on my client machine. It will
> check what package is missing or with incorrect version, then try to update
> that package.
>
> Then I tried to use the noop option to disable the update of the package.
> I only want to be notified, but don't do anything.
>
> class pkgcheck::checkpkg inherits pkgcheck  {
>   noop => true
>   apply_package_list("/root/packagelist","nopurge")
>  }
>
> It doesn't work and returns error when I ran "puppet agent -t" on client
> machine:
>
> Error: Could not retrieve catalog from remote server: Error 400 on SERVER:
> Syntax error at '=>'; expected '}' at
> /etc/puppet/modules/pkgcheck/manifests/checkpkg.pp:6 on node testclient.
>
> I also tried with "$noop = true". This will not give syntax error, but it
> doesn't have any effect and puppet will still try to update the package.
>
> If I run this command on client machine, it works fine:
> puppet apply --noop -e 'apply_package_list("/root/packagelist", "nopurge")'
>
> Please advise how I can set noop = true for this custom function? This
> function has no return value.
>
> Thanks,
> Stacey
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/5b005c57-d25b-42ef-a88b-bc770dbbb7e2%40googlegroups.com
> <https://groups.google.com/d/msgid/puppet-users/5b005c57-d25b-42ef-a88b-bc770dbbb7e2%40googlegroups.com?utm_medium=email_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>
-- 
Rob Nelson

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAC76iT-_dc6FgpjhTRoeU%2BheHt4LfFdNRUSC8owD5YHVc%2BX7-A%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] facters or Custom Facts

[Rob Nelson]

Warron,

Hiera is a lot easier than it seems! If you join the puppet slack (
https://slack.puppet.com), I'm sure we could help you get it set up quickly
and properly. It will probably solve a dozen other problems you didn't even
know you had, too :)


Rob Nelson
rnels...@gmail.com

On Thu, Mar 30, 2017 at 11:01 AM, warron.french <warron.fre...@gmail.com>
wrote:

> Hi Rob, I am not quite (personally/professionally) ready for Hiera yet.  I
> also need to learn more about ERB templates; which I did a little research
> on about 2 hours ago.
>
> Honestly, what you provided above to me, because I am not ready/fully
> understanding yet, has no context for me to implement your idea.  Which, if
> I did, I would gracefully accept your input and get it done.  :-/
>
> Thanks for this suggestion.  I simply am not there yet.
>
> Sincerely, thank you.
>
> --
> Warron French
>
>
> On Thu, Mar 30, 2017 at 9:58 AM, Rob Nelson <rnels...@gmail.com> wrote:
>
>> You could create a parameter called `$manage_audispatch = false` and in
>> hiera, set `profile::whatever::manage_audispatch: true` in hiera for
>> qualified devices (probably osfamily of RedHat, os/release/major of 6).
>> Your code conditional is very simple (`if $manage_audispatch { .. }`),
>> abstract out the complexity with hiera.
>>
>>
>> Rob Nelson
>> rnels...@gmail.com
>>
>> On Thu, Mar 30, 2017 at 7:43 AM, warron.french <warron.fre...@gmail.com>
>> wrote:
>>
>>> I need to develop a conditional that will allow me to deploy audit.rules,
>>> auditd.conf, and *IF (and only if) the machine is a Server* audispatch
>>> configurations.
>>>
>>> The ausyscalls for RHEL6 are different from RHEL7, so I require the
>>> ability "deploy" audit.rules.el7 into the correct place, and
>>> audit.rules.el6 into the appropriate place for RHEL6 (they aren't the same
>>> place).
>>>
>>> I am working with Red Hat Enterprise Linux only; not any of the variants.
>>>
>>> So, I figured I would develop a CASE statement based on the following
>>> strings; hopefully derived from Puppet builtin facter facts:
>>>
>>> RHEL-6-Server
>>> RHEL-6-Client|RHEL-6-Desktop
>>> RHEL-7-Server
>>> RHEL-7-Client|RHEL-7-Desktop
>>>
>>> The problem is I cannot derive a string that looks like this in any
>>> order of the hyphenated parts, or without for that matter.
>>>
>>> I found 1 facter that has the parts I need, that might enable me to
>>> generate the string(s) I need; but I don't know how to tease out the values
>>> from the particular facter = *os*.
>>>
>>> The facter, *os*, offers something I can use (puppet-facter syntax not
>>> specifically used below):
>>>
>>>- os/release/major would give me a 6 or a 7;
>>>- os/distid
>>>
>>> Can someone help me generate these strings; even if looked like
>>> RHEL-Server-6, that would be something I could work with in my class.
>>>
>>> Oh!  Red Hat offers a file called */etc/system-release-cpe*; but they
>>> didn't bother to enforce consistency in either the values as formatted or
>>> the order in which certain data is arranged within the same variables.
>>>
>>>
>>> Thanks in advance,
>>>
>>> --
>>> Warron French
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Puppet Users" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to puppet-users+unsubscr...@googlegroups.com.
>>> To view this discussion on the web visit https://groups.google.com/d/ms
>>> gid/puppet-users/CAJdJdQ%3D-TEf_Dz0ec8vG8MwYpnr44SBCnVubhS%3
>>> DWBJ8N75TeqQ%40mail.gmail.com
>>> <https://groups.google.com/d/msgid/puppet-users/CAJdJdQ%3D-TEf_Dz0ec8vG8MwYpnr44SBCnVubhS%3DWBJ8N75TeqQ%40mail.gmail.com?utm_medium=email_source=footer>
>>> .
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to puppet-users+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit https://groups.google.com/d/ms
>> gid/puppet-users/CAC76iT_rQSaUfo5aiQgGnTJuset%2BxAR6POh%
>> 3DYg0SjCU3je3EEQ%40mail.gmail.com
>> 

Re: [Puppet Users] facters or Custom Facts

[Rob Nelson]

You could create a parameter called `$manage_audispatch = false` and in
hiera, set `profile::whatever::manage_audispatch: true` in hiera for
qualified devices (probably osfamily of RedHat, os/release/major of 6).
Your code conditional is very simple (`if $manage_audispatch { .. }`),
abstract out the complexity with hiera.


Rob Nelson
rnels...@gmail.com

On Thu, Mar 30, 2017 at 7:43 AM, warron.french <warron.fre...@gmail.com>
wrote:

> I need to develop a conditional that will allow me to deploy audit.rules,
> auditd.conf, and *IF (and only if) the machine is a Server* audispatch
> configurations.
>
> The ausyscalls for RHEL6 are different from RHEL7, so I require the
> ability "deploy" audit.rules.el7 into the correct place, and
> audit.rules.el6 into the appropriate place for RHEL6 (they aren't the same
> place).
>
> I am working with Red Hat Enterprise Linux only; not any of the variants.
>
> So, I figured I would develop a CASE statement based on the following
> strings; hopefully derived from Puppet builtin facter facts:
>
> RHEL-6-Server
> RHEL-6-Client|RHEL-6-Desktop
> RHEL-7-Server
> RHEL-7-Client|RHEL-7-Desktop
>
> The problem is I cannot derive a string that looks like this in any order
> of the hyphenated parts, or without for that matter.
>
> I found 1 facter that has the parts I need, that might enable me to
> generate the string(s) I need; but I don't know how to tease out the values
> from the particular facter = *os*.
>
> The facter, *os*, offers something I can use (puppet-facter syntax not
> specifically used below):
>
>- os/release/major would give me a 6 or a 7;
>- os/distid
>
> Can someone help me generate these strings; even if looked like
> RHEL-Server-6, that would be something I could work with in my class.
>
> Oh!  Red Hat offers a file called */etc/system-release-cpe*; but they
> didn't bother to enforce consistency in either the values as formatted or
> the order in which certain data is arranged within the same variables.
>
>
> Thanks in advance,
>
> --
> Warron French
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/puppet-users/CAJdJdQ%3D-TEf_Dz0ec8vG8MwYpnr44SBCnVubhS%
> 3DWBJ8N75TeqQ%40mail.gmail.com
> <https://groups.google.com/d/msgid/puppet-users/CAJdJdQ%3D-TEf_Dz0ec8vG8MwYpnr44SBCnVubhS%3DWBJ8N75TeqQ%40mail.gmail.com?utm_medium=email_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAC76iT_rQSaUfo5aiQgGnTJuset%2BxAR6POh%3DYg0SjCU3je3EEQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Puppet Agent starting too soon

[Rob Nelson]

I'm guessing those race conditions are related to not replacing it with
something else. Seems they're "magic" components to not requiring reliance
on network-online.target. Hooray :/


Rob Nelson
rnels...@gmail.com

On Wed, Mar 29, 2017 at 9:24 AM, Trevor Vaughan <tvaug...@onyxpoint.com>
wrote:

> I just ditched it.
>
> On Tue, Mar 28, 2017 at 9:23 AM, Rob Nelson <rnels...@gmail.com> wrote:
>
>> Did you replace it with systemd-networkd, or just ditch it? Regardless,
>> I've updated us to EL7.3 (CentOS though) and not observed this issue, so
>> I'm not sure it's that generic of a problem, there must be *something*
>> triggering it. Even a simple race condition should result in some successes
>> if Laverne has rebooted it a few dozen times.
>>
>>
>> Rob Nelson
>> rnels...@gmail.com
>>
>> On Tue, Mar 28, 2017 at 9:08 AM, Trevor Vaughan <tvaug...@onyxpoint.com>
>> wrote:
>>
>>> Disabling NetworkManager hasn't caused any issues for me so far. That
>>> said, EL7.3 might break that, so Fedora may already be broken.
>>>
>>> Trevor
>>>
>>> On Tue, Mar 28, 2017 at 9:00 AM, Rob Nelson <rnels...@gmail.com> wrote:
>>>
>>>> That wiki page says that all you should need to do is have
>>>> NetworkManager or systemd-networkd services enabled. Do you by any chance
>>>> have them both disabled on the affected node? I know many of us don't like
>>>> NetworkManager, but disabling it entirely can cause some problems. Just a
>>>> guess, as I haven't seen this issue on any of my nodes, including the
>>>> low-RAM ones.
>>>>
>>>>
>>>> Rob Nelson
>>>> rnels...@gmail.com
>>>>
>>>> On Mon, Mar 27, 2017 at 11:33 PM, Laverne Schrock <
>>>> lvernschr...@gmail.com> wrote:
>>>>
>>>>> I have a box on which puppet-agent does not start correctly on reboot.
>>>>> Well, to be more precise, the puppet-agent starts, but never contacts the
>>>>> server.
>>>>>
>>>>>
>>>>> $ sudo journalctl -b 0 -u puppet -f
>>>>>> -- Logs begin at Wed 2017-02-01 18:27:11 CST. --
>>>>>> Mar 06 12:42:03 localhost.localdomain systemd[1]: Started Puppet agent.
>>>>>> Mar 06 12:42:16 localhost.localdomain puppet-agent[927]: Could not 
>>>>>> request certificate: getaddrinfo: Temporary failure in name resolution
>>>>>> Mar 06 12:44:16 a.real.hostname.tld puppet-agent[927]: Could not request 
>>>>>> certificate: getaddrinfo: Temporary failure in name resolution
>>>>>> Mar 06 12:46:16 a.real.hostname.tld puppet-agent[927]: Could not request 
>>>>>> certificate: getaddrinfo: Temporary failure in name resolution
>>>>>> Mar 06 12:48:16 a.real.hostname.tld puppet-agent[927]: Could not request 
>>>>>> certificate: getaddrinfo: Temporary failure in name resolution
>>>>>>
>>>>>>
>>>>> Note how when the puppet-agent starts, the box doesn't yet know its
>>>>> hostname because the network stack is (apparently) not fully up. Running
>>>>> `systemctl restart puppet` resolves the issue until the next reboot.
>>>>>
>>>>> I was able to find a work-around. In the systemd unit file for puppet,
>>>>> I changed
>>>>>
>>>>> After=basic.target network.target
>>>>>>
>>>>> to
>>>>>
>>>>>>  After=basic.target network-online.target
>>>>>>
>>>>>
>>>>> See: https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/
>>>>>
>>>>> The box is a fresh install of Fedora 25 and is using the following
>>>>> packages:
>>>>>
>>>>>> puppet-agent-1.9.3-1.fedoraf25.x86_64
>>>>>> puppetlabs-release-pc1-1.1.0-5.fedoraf25.noarch
>>>>>>
>>>>>
>>>>> I have another box with the same setup (but a little more RAM) and the
>>>>> issue does not occur there.
>>>>>
>>>>> I have two thoughts on this.
>>>>> 1) This is a subtle timing issue which is why I see it on one box, but
>>>>> not the other.
>>>>> 2) puppet-agent is misbehaving and ought to  properly detect when the
>>>>> networking stack comes up.
>>>>> 3) If I want to resolve this, I should just use my workaround.
>&g

Re: [Puppet Users] Puppet Agent starting too soon

[Rob Nelson]

Did you replace it with systemd-networkd, or just ditch it? Regardless,
I've updated us to EL7.3 (CentOS though) and not observed this issue, so
I'm not sure it's that generic of a problem, there must be *something*
triggering it. Even a simple race condition should result in some successes
if Laverne has rebooted it a few dozen times.


Rob Nelson
rnels...@gmail.com

On Tue, Mar 28, 2017 at 9:08 AM, Trevor Vaughan <tvaug...@onyxpoint.com>
wrote:

> Disabling NetworkManager hasn't caused any issues for me so far. That
> said, EL7.3 might break that, so Fedora may already be broken.
>
> Trevor
>
> On Tue, Mar 28, 2017 at 9:00 AM, Rob Nelson <rnels...@gmail.com> wrote:
>
>> That wiki page says that all you should need to do is have NetworkManager
>> or systemd-networkd services enabled. Do you by any chance have them both
>> disabled on the affected node? I know many of us don't like NetworkManager,
>> but disabling it entirely can cause some problems. Just a guess, as I
>> haven't seen this issue on any of my nodes, including the low-RAM ones.
>>
>>
>> Rob Nelson
>> rnels...@gmail.com
>>
>> On Mon, Mar 27, 2017 at 11:33 PM, Laverne Schrock <lvernschr...@gmail.com
>> > wrote:
>>
>>> I have a box on which puppet-agent does not start correctly on reboot.
>>> Well, to be more precise, the puppet-agent starts, but never contacts the
>>> server.
>>>
>>>
>>> $ sudo journalctl -b 0 -u puppet -f
>>>> -- Logs begin at Wed 2017-02-01 18:27:11 CST. --
>>>> Mar 06 12:42:03 localhost.localdomain systemd[1]: Started Puppet agent.
>>>> Mar 06 12:42:16 localhost.localdomain puppet-agent[927]: Could not request 
>>>> certificate: getaddrinfo: Temporary failure in name resolution
>>>> Mar 06 12:44:16 a.real.hostname.tld puppet-agent[927]: Could not request 
>>>> certificate: getaddrinfo: Temporary failure in name resolution
>>>> Mar 06 12:46:16 a.real.hostname.tld puppet-agent[927]: Could not request 
>>>> certificate: getaddrinfo: Temporary failure in name resolution
>>>> Mar 06 12:48:16 a.real.hostname.tld puppet-agent[927]: Could not request 
>>>> certificate: getaddrinfo: Temporary failure in name resolution
>>>>
>>>>
>>> Note how when the puppet-agent starts, the box doesn't yet know its
>>> hostname because the network stack is (apparently) not fully up. Running
>>> `systemctl restart puppet` resolves the issue until the next reboot.
>>>
>>> I was able to find a work-around. In the systemd unit file for puppet, I
>>> changed
>>>
>>> After=basic.target network.target
>>>>
>>> to
>>>
>>>>  After=basic.target network-online.target
>>>>
>>>
>>> See: https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/
>>>
>>> The box is a fresh install of Fedora 25 and is using the following
>>> packages:
>>>
>>>> puppet-agent-1.9.3-1.fedoraf25.x86_64
>>>> puppetlabs-release-pc1-1.1.0-5.fedoraf25.noarch
>>>>
>>>
>>> I have another box with the same setup (but a little more RAM) and the
>>> issue does not occur there.
>>>
>>> I have two thoughts on this.
>>> 1) This is a subtle timing issue which is why I see it on one box, but
>>> not the other.
>>> 2) puppet-agent is misbehaving and ought to  properly detect when the
>>> networking stack comes up.
>>> 3) If I want to resolve this, I should just use my workaround.
>>>
>>> Does #3 seem like the best plan? I'd appreciate any insight into why the
>>> issue is occurring.
>>>
>>> Cheers,
>>> -Laverne Schrock
>>>
>>>
>>>
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Puppet Users" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to puppet-users+unsubscr...@googlegroups.com.
>>> To view this discussion on the web visit https://groups.google.com/d/ms
>>> gid/puppet-users/36ca1e68-fa09-4654-ba62-9c13c2561c76%40googlegroups.com
>>> <https://groups.google.com/d/msgid/puppet-users/36ca1e68-fa09-4654-ba62-9c13c2561c76%40googlegroups.com?utm_medium=email_source=footer>
>>> .
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" grou

Re: [Puppet Users] Puppet Agent starting too soon

[Rob Nelson]

That wiki page says that all you should need to do is have NetworkManager
or systemd-networkd services enabled. Do you by any chance have them both
disabled on the affected node? I know many of us don't like NetworkManager,
but disabling it entirely can cause some problems. Just a guess, as I
haven't seen this issue on any of my nodes, including the low-RAM ones.


Rob Nelson
rnels...@gmail.com

On Mon, Mar 27, 2017 at 11:33 PM, Laverne Schrock <lvernschr...@gmail.com>
wrote:

> I have a box on which puppet-agent does not start correctly on reboot.
> Well, to be more precise, the puppet-agent starts, but never contacts the
> server.
>
>
> $ sudo journalctl -b 0 -u puppet -f
>> -- Logs begin at Wed 2017-02-01 18:27:11 CST. --
>> Mar 06 12:42:03 localhost.localdomain systemd[1]: Started Puppet agent.
>> Mar 06 12:42:16 localhost.localdomain puppet-agent[927]: Could not request 
>> certificate: getaddrinfo: Temporary failure in name resolution
>> Mar 06 12:44:16 a.real.hostname.tld puppet-agent[927]: Could not request 
>> certificate: getaddrinfo: Temporary failure in name resolution
>> Mar 06 12:46:16 a.real.hostname.tld puppet-agent[927]: Could not request 
>> certificate: getaddrinfo: Temporary failure in name resolution
>> Mar 06 12:48:16 a.real.hostname.tld puppet-agent[927]: Could not request 
>> certificate: getaddrinfo: Temporary failure in name resolution
>>
>>
> Note how when the puppet-agent starts, the box doesn't yet know its
> hostname because the network stack is (apparently) not fully up. Running
> `systemctl restart puppet` resolves the issue until the next reboot.
>
> I was able to find a work-around. In the systemd unit file for puppet, I
> changed
>
> After=basic.target network.target
>>
> to
>
>>  After=basic.target network-online.target
>>
>
> See: https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/
>
> The box is a fresh install of Fedora 25 and is using the following
> packages:
>
>> puppet-agent-1.9.3-1.fedoraf25.x86_64
>> puppetlabs-release-pc1-1.1.0-5.fedoraf25.noarch
>>
>
> I have another box with the same setup (but a little more RAM) and the
> issue does not occur there.
>
> I have two thoughts on this.
> 1) This is a subtle timing issue which is why I see it on one box, but not
> the other.
> 2) puppet-agent is misbehaving and ought to  properly detect when the
> networking stack comes up.
> 3) If I want to resolve this, I should just use my workaround.
>
> Does #3 seem like the best plan? I'd appreciate any insight into why the
> issue is occurring.
>
> Cheers,
> -Laverne Schrock
>
>
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/puppet-users/36ca1e68-fa09-4654-ba62-9c13c2561c76%40googlegroups.com
> <https://groups.google.com/d/msgid/puppet-users/36ca1e68-fa09-4654-ba62-9c13c2561c76%40googlegroups.com?utm_medium=email_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAC76iT_vimf_MmN--mBLA2fnqSAxQUJ%3DBAzNRMOQOgM1F0TevA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Custom Facts using awk

[Rob Nelson]

That's probably one of the best ways to do this. But...

You CAN use double quotes around a string. You will need to escape
characters that will otherwise be interpolated like double quotes and
dollar signs. I'm going off memory but I think `"awk '{print \$1_\$2}'"`
should interpolate to `awk '{print $1_$2}'` properly. This is often tedious
and may require some trial and error to ensure both the double quotes and
the system call that uses it don't interpolate too much but it can work.

On Wed, Mar 22, 2017 at 7:07 PM Peter Bukowinski <pmb...@gmail.com> wrote:

> Hi Warron,
>
> I'd consider using an external, executable fact to avoid ruby altogether.
>
>
> https://docs.puppet.com/facter/3.6/custom_facts.html#executable-facts-unix
>
> Basically, you can write a bash script (or use any language you want),
> drop it into '//facts.d/' on your puppet server,
> and it will be synced to all your nodes (assuming you use pluginsync).
>
> The only requirement for executable fact scripts is that they must
> return key/value pairs in the format 'key=value'. Multiple keys/values
> get their own line. In your case, you could do something like this:
>
> -
> #!/bin/bash
>
> key="qty_monitors_total"
> value=$(your parsing command for /var/log/Xorg.0.log here)
>
> echo "${key}=${value}"
> -
>
> Save the file as an executable script in the above mentioned path and
> it should be available on the next puppet run.
>
> On Wed, Mar 22, 2017 at 3:24 PM, warron.french <warron.fre...@gmail.com>
> wrote:
> > Hello, I have finally learned how to write a Custom Fact; and duplicated
> the
> > syntax several times over inside the same .rb file.
> >
> > I am using syntax that looks like the following:
> >
> > Facter.add('qty_monitors_total') do
> >   setcode  do
> >  Facter::Util::Resolution.exec('/bin/grep " connected"
> > /var/log/Xorg.0.log | cut -d\) -f2,3,4 | grep GPU |sort -u | wc -l')
> >   end
> > end
> >
> > I don't know of any other way to do this yet; but that's not my concern
> yet.
> >
> > What I would like to know is how can I use an awk command within the
> > Facter::Util::Resolution.exec('.') line.
> >
> > I have a need to essentially reproduce the line above but drop   wc -l
> and
> > add awk '{ print $2"_"$3"_on_"$1$4 }'
> >
> > I need the awk command to pretty much look like this; the problem is awk
> > uses its own single quotes (') and it will break the ruby code.
> >
> > I am not a ruby developer; so if someone could either tell me:
> >
> > It's just not possible; or
> > do it this way
> >
> >
> > That would be greatly appreciated.  Thank you,
> >
> > --
> > Warron French
> >
> > --
> > You received this message because you are subscribed to the Google Groups
> > "Puppet Users" group.
> > To unsubscribe from this group and stop receiving emails from it, send an
> > email to puppet-users+unsubscr...@googlegroups.com.
> > To view this discussion on the web visit
> >
> https://groups.google.com/d/msgid/puppet-users/CAJdJdQmZXQAd%2Bo%2Bnp-NHqxGHnXubf%2Bac-dP5FPoy4QYMEVuBuA%40mail.gmail.com
> .
> > For more options, visit https://groups.google.com/d/optout.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/CAJA1CN9aFH4Eza-FoxzrfXDWiGCUHXE%2BGFt2Nu%3DjK2eDzV4upg%40mail.gmail.com
> .
> For more options, visit https://groups.google.com/d/optout.
>
-- 
Rob Nelson

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAC76iT8Sduj%2BL%3DR3hZfSqkqeUgp9eBsQLjuBWEMrW6L1xxpE0Q%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] hiera level explosion

[Rob Nelson]

If you're looking up hiera data based on the calling class, I'd question
whether that's useful to split out to hiera at all - every instance of the
class would get the same values, right? And would you really want ALL nodes
that `include jenkins` to get the same jenkins server? Even if they're in
DCs on opposite sides of the world supporting different groups?

It's more likely that you want to use some facts about the nodes -
datacenter, network, owning organization, etc. - to provide that data. Your
hierarchy should be modeled after that. Mine is:

:hierarchy:
  - "clientcert/%{clientcert}"
  - "puppet_role/%{puppet_role}"
  - "osfamily-release/%{osfamily}-%{operatingsystemmajrelease}"
  - "datacenter/%{datacenter}"
  - global

Clientcert lets individual nodes override settings groups normally inherit;
puppet_role is a custom fact reflecting a service like AppX, AppY, DHCP,
DNS, etc; the next tier is OS since we run a few versions that often
require different values; next is the datacenter, where routes and DNS and
such might differ; and finally global is things standardized across the
board (called 'common' in default installations). IMO, the only tier that
should reference a single filename would be global/common, anything else
doing so is really just replicating that tier higher up the stack and
adding complexity. I'm sure there's some valid use case for it, though.

There's some perf impact when you have more tiers, but hiera lookups don't
have a high enough cost for us to worry about it. There is a cost to
architecting and maintaining additional tiers and that's my main concern.
You can only keep so much in your head, so it's easy to lose track of where
things are configured and where they should be configured, and of course it
affects troubleshooting times as well.

I believe that answers some of your questions and obviates the need for
answers to others.


Rob Nelson
rnels...@gmail.com

On Mon, Mar 20, 2017 at 11:03 AM, Darragh Bailey <daragh.bai...@gmail.com>
wrote:

> Hi,
>
>
> Looking at how our hiera levels are already exploding due to some
> preferences, I'm wondering how others describe use hiera.
>
> We have a preference to group related data within separate files, however
> some colleague concerns about using '%{module_name}' and '%{calling_class}'
> means that for each separate application related class within our main
> module we end up with a dedicated level in hiera.
>
> While our existing hierarchy doesn't quite look like the following, once
> we've migrated to using a eyaml backend (in addition to the current yaml
> backend) instead of a separate restricted access git repo I expect to see
> it look like the following:
>
> :hierarchy:
>   - "node/%{::domain}/%{::hostname}"
>   - "gerrit"
>   - "database"
>   - "jenkins"
>   - "server"
>   - "web"
>   - "%{calling_class}"
>   - "%{module_name}"
>   - defaults
>
> Tbh, I'd favour simply doing something like the following:
>
> :hierarchy:
>   - "node/%{::domain}/%{::hostname}"
>   - "%{calling_class}"
>   - "%{module_name}"
>   - defaults
>
> And have anything in 'gerrit', 'database', 'jenkins', 'server' & 'web'
> that needs to be accessible by other classes placed in 'defaults' and for
> anything specific to that class simply put in a name that is picked up by
> '%{calling_class}'.
>
> However there are concerns that it's difficult to remember that data is
> only visible to the associated class/module when made accessible under
> '%{calling_class}' and '%{module_name}', and I think '%{module_name}' goes
> away in hiera 5 or at least it's deprecated and support for it will be
> removed in hiera 6.
>
>
> What concerns me however is whether there is a performance impact of
> creating lots of levels to keep data nicely separately on a
> service/application basis in the name of keeping it easy to understand.
>
> Do others simply use a single file? Or do you favour use of
> '%{module_name}', '%{calling_class}', and/or '%{calling_class_path}'? If so
> what are your plans around hiera's future behaviour?
>
> Any clues on assessing the performance impact of either approach? I doubt
> it currently makes much difference, but I'm sure as we add more and more
> puppet code to manage additional services/applications and consequently
> many more levels this will have to start impacting at some point.
>
> Perhaps it makes more sense to have these in separate files and then a
> additional step to the deployment that combines the application specific
> files into a single yaml entry to be used by hiera. Giving us separation at
> the source/review level and simple single file at the point of usage to
> ens

Re: [Puppet Users] Trigger options minutes_interval and minutes_duration don't work in PE version 2016.1.1

[Rob Nelson]

 While PE 2016.1.1 runs Puppet 4.4, not 4.9 (
https://docs.puppet.com/pe/2016.2/overview_version_table.html#puppet-enterprise-2016x,
https://docs.puppet.com/puppet/4.4/type.html#scheduledtask), the trigger
options look to have been added in 4.1 so you should be covered. Are your
agents running the puppet-agent from 2016.1.1 as well, or is it possible
they are running 4.0?


Rob Nelson
rnels...@gmail.com

On Thu, Mar 9, 2017 at 11:49 PM, Karthik Durairajan <
karthik.duraira...@gmail.com> wrote:

> Hi Dan,
>
> No, looks like it strips all the formatting and underscores, weird! I
> definitely have underscore in my commands. Below is the screenshot
> (apologies for the confusion)
>
>
> On Friday, 10 March 2017 15:03:18 UTC+11, LinuxDan wrote:
>>
>> You are missing underscores:
>> Should be minutes_interval and minutes_duration
>>
>> On Mar 9, 2017, at 10:37 PM, Karthik Durairajan <karthik.d...@gmail.com>
>> wrote:
>>
>> Hi,
>>
>> We are trialing out Puppet Enterprise (V2016.1.1) and despite being
>> mentioned in the Puppet documentation (https://docs.puppet.com/puppe
>> t/4.9/ty... <https://docs.puppet.com/puppet/4.9/type.html#scheduledtask>),
>> it looks like the below scheduled_task trigger options don't work.
>>
>>
>>- minutes*interval*
>>- *minutes*duration
>>
>> Puppet agent run fails with the error as seen below. Any advice on this
>> would be great:
>>
>>
>>
>> *Error: Failed to apply catalog: Parameter trigger failed on
>> Scheduled_task[SQL B**ackup Monitor]: Unknown trigger option(s):
>> ['minutes_duration', 'minutes_interva*
>>
>> *l'] at
>> /etc/puppetlabs/code/environments/production/modules/sqlbackup_scheduler/*
>>
>> *manifests/init.pp:6*
>>
>> *Wrapped exception:*
>>
>> *Unknown trigger option(s): ['minutes_duration', 'minutes_interval']*
>>
>>
>> Thanks, Karthik
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to puppet-users...@googlegroups.com.
>> To view this discussion on the web visit https://groups.google.com/d/ms
>> gid/puppet-users/824aed0b-2382-452f-a43c-5f38cc03d929%40googlegroups.com
>> <https://groups.google.com/d/msgid/puppet-users/824aed0b-2382-452f-a43c-5f38cc03d929%40googlegroups.com?utm_medium=email_source=footer>
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/puppet-users/5594a92a-4e7a-4594-acde-dedaf58d9cb3%40googlegroups.com
> <https://groups.google.com/d/msgid/puppet-users/5594a92a-4e7a-4594-acde-dedaf58d9cb3%40googlegroups.com?utm_medium=email_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAC76iT9PqsaCffayDzHDdCS7aznZYN2UHYWo3Vcn-7eszMJfAw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Manage delivery and execution of RPMs not in YUM

[Rob Nelson]

We should note that yumrepo is a native type in puppet that you can use to
manage the remote repo information on nodes, and there's a (from memory)
palli/createrepo module to create and maintain the yum repo itself. It's
not that difficult to add createrepo to a role and set up a node as your
internal yum repo if you'd rather start there instead of spacewalk or
artifactory and the like.

On Thu, Mar 2, 2017 at 6:33 PM Rob Nelson <rnels...@gmail.com> wrote:

> For clarity, because I had to reread this twice to get the context:
> VERSION CONTROL repositories should never contain binary objects.
>
> Just want to differentiate that from yum repositories.
>
> On Thu, Mar 2, 2017 at 2:11 PM Andrew Grimberg <tyk...@bardicgrove.org>
> wrote:
>
> Repositories should _never_ contain binary objects. The only exception I
> ever allow my developers is graphical assets related to websites.
>
> On 03/02/2017 08:48 AM, warron.french wrote:
> > Garrett, thanks.
> >
> > So, to clarify for myself in terms of a BEST practice are you declaring
> > "don't deliver RPMs as part of the payload of the Puppet Module?"  *I
> > just got that part working.  :-/*  I don't mind correction, but I don't
> > want to go down the rabbit hole.
> >
> > Secondly, using an exec resource to implement the RPMs?
> >
> > Perhaps something like this...
> >
> > exec { 'install_cctk_rpms':
> >  creates => '/opt/dell/dcc/cctk',
> >  command => 'yum localinstall -y A.rpm B.rpm',
> >  returns => '0',
> > }
> >
> > I have never written an exec resource declaration before.  Can you tell
> > me if the exec syntax is correct, and that it is also what you meant for
> > having to commands; I can combine them into a single *yum localinstall
> > -y  *command correct?
> >
> > Thanks Garrett.
> >
> >
> > --
> > Warron French
> >
> >
> > On Thu, Mar 2, 2017 at 11:02 AM, Garrett Honeycutt
> > <g...@garretthoneycutt.com <mailto:g...@garretthoneycutt.com>> wrote:
> >
> > On 3/2/17 9:58 AM, warron.french wrote:
> > > Hello all,
> > > can someone please advise me on a proper set of syntax (a file to
> look
> > > at) for an example to follow to solve the following challenge:
> > >
> > >  1. I have 2 deliver 2 *.rpm files that are not in a YUM
> > repository, so
> > > I dropped them into the files directory of my module path.
> > >  2. I need to be able to execute each of them either together, or
> > > _A.rpm before B.rpm_
> > >  3. __Then execute a shell script that requires the 2 RPMs to be in
> > > place before that happens.
> > >
> > > I am starting to get into slightly more complicated modules,
> instead of
> > > simply delivering basic ASCII text files using  *content =>
> > > template('modulename/some.erb')*.
> > >
> > > I just need an example that is know to provide proper execution,
> proper
> > > syntax, and something I can learn from correctly.  I am still
> building
> > > the foundation of my understanding, so troubleshooting someone
> else's
> > > code isn't going to be too good for my development yet.
> > >
> > >
> > > Thank you in advance,
> > > --
> > > Warron French
> > >
> >
> > Hi Warron,
> >
> > What you want to accomplish is a bad idea and you should use a yum
> repo
> > and definitely not check in binary data with your modules. You could
> at
> > least store the rpm's somewhere and then download them from that
> > canonical source. Take a look at Artifactory which can help with
> where
> > to store things such as your random rpm's.
> >
> > Sometimes you have to automate what you have before you build
> something
> > better. Suggest writing an exec resource that can handle what you are
> > trying to do. The key here is to have two commands. One that checks
> to
> > see if you are already in the desired state and another to get you to
> > the desired state. Figure that out without Puppet and once you have
> > those commands, you can write a manifest.
> >
> > Best regards,
> > -g
> >
> > --
> > Garrett Honeycutt
> > @learnpuppet
> > Puppet Training with LearnPuppet.com
> > Mobile: +1.206.414.8658 <tel:%2B1.206.414.

Re: [Puppet Users] Manage delivery and execution of RPMs not in YUM

[Rob Nelson]

/msgid/puppet-users/4fc045bb-3e5f-f9d4-88a6-688ca3e3436b%40garretthoneycutt.com
> > <
> https://groups.google.com/d/msgid/puppet-users/4fc045bb-3e5f-f9d4-88a6-688ca3e3436b%40garretthoneycutt.com
> >.
> > For more options, visit https://groups.google.com/d/optout
> > <https://groups.google.com/d/optout>.
> >
> >
> > --
> > You received this message because you are subscribed to the Google
> > Groups "Puppet Users" group.
> > To unsubscribe from this group and stop receiving emails from it, send
> > an email to puppet-users+unsubscr...@googlegroups.com
> > <mailto:puppet-users+unsubscr...@googlegroups.com>.
> > To view this discussion on the web visit
> >
> https://groups.google.com/d/msgid/puppet-users/CAJdJdQkCQJ%2BXE2th_OLyu7%2BZyJDROfyht9UC906_JXRn%3D0Q7Dg%40mail.gmail.com
> > <
> https://groups.google.com/d/msgid/puppet-users/CAJdJdQkCQJ%2BXE2th_OLyu7%2BZyJDROfyht9UC906_JXRn%3D0Q7Dg%40mail.gmail.com?utm_medium=email_source=footer
> >.
> > For more options, visit https://groups.google.com/d/optout.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/4c9c1b1a-377a-8579-c7d3-a36e4488eebd%40bardicgrove.org
> .
> For more options, visit https://groups.google.com/d/optout.
>
-- 
Rob Nelson

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAC76iT8BocY%3DDBC2H4PPAApuF35Ab2wcaTYkv56FnHu48fH8Yw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] build version tag?

[Rob Nelson]

You can adjust the config_version value in puppet.conf (
https://docs.puppet.com/puppet/latest/configuration.html#configversion) to
spit out the git hash. See "Per-environment config_version" at
http://garylarizza.com/blog/2014/08/31/r10k-plus-directory-environments/
for some detail on it and an example of using the git hash instead of epoch
time.


Rob Nelson
rnels...@gmail.com

On Wed, Mar 1, 2017 at 11:45 AM, Jason McMahan <jason.m.mcma...@gmail.com>
wrote:

> I am sorry i do not quite catch your meaning Rob.
> Could you please explain?
>
> Thank you
>
> On Tuesday, February 28, 2017 at 9:26:01 PM UTC-6, Rob Nelson wrote:
>>
>> If you're using a control repo, you can change the catalog version number
>> from seconds since epoch to git commit hash, which should allow you to
>> reconstitute all the modules in use at that time if you pin all external
>> modules in your Puppetfile (included would already be part of that hash).
>> --
>> Rob Nelson
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/puppet-users/5232619f-fbfa-4047-84eb-3a80d5114088%40googlegroups.com
> <https://groups.google.com/d/msgid/puppet-users/5232619f-fbfa-4047-84eb-3a80d5114088%40googlegroups.com?utm_medium=email_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAC76iT_0Sj6TLrEaV-_jALuYZ4%2Bf_JSQy73XyKbdMaa1Ga_qpA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Puppet Master and Custom Facts

[Rob Nelson]

Yeah, a 'profile::base' that does nothing or just updates the motd if you
want a very simple manifest would do just fine.

On Wed, Mar 1, 2017 at 2:09 PM warron.french <warron.fre...@gmail.com>
wrote:

> Hi Rob, thanks.
>
> A single run?  Runs don't need to change anything, but they do need to
> complete and send the report?  How do I accomplish that?
>
> Are you saying an empty class would do?
>
> --
> Warron French
>
>
> On Tue, Feb 28, 2017 at 10:30 PM, Rob Nelson <rnels...@gmail.com> wrote:
>
> If you deploy the custom fact, the agent would need to perform a single
> run and then send the report to puppetdb. Afterward, it would be visible in
> the admin console (assuming you mean PE console here) in all the usual
> places, such as in the node details and filtering by fact valued.
>
> The runs don't need to change anything, but they do need to complete and
> send the report; if this doesn't happen every 14 days by default, it will
> get purged from puppetdb and of course no longer show up.
>
> On Tue, Feb 28, 2017 at 6:48 PM warron.french <warron.fre...@gmail.com>
> wrote:
>
> Can I write a custom fact and see its value returned in the Admin
> Console?  Or does it only allow for the execution of Puppet Code based on
> conditionals and criteria meeting expectations?
>
> If the answer is yes to the first question, can I simply write the Custom
> Fact, without necessarily making any changes to a Puppet Agent Node; so
> that I can assess certain details about my network that aren't *native
> Puppet Facts*?
>
> My employer is creating systems, and we are "stamping" them with a text
> file under /etc/ and we want to be able to grab the content of the file WE
> CREATE under /etc to determine if machine A, BZ are part of Baseline1
> or Baseline2; for example.
>
> Thanks in advance,
> --
> Warron French
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/CAJdJdQ%3DwmGU_uUs9cfpq0SwjCtahdxXDN-pW%3DXoKEyiJ-TSGow%40mail.gmail.com
> <https://groups.google.com/d/msgid/puppet-users/CAJdJdQ%3DwmGU_uUs9cfpq0SwjCtahdxXDN-pW%3DXoKEyiJ-TSGow%40mail.gmail.com?utm_medium=email_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>
> --
> Rob Nelson
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
>
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/CAC76iT-W534UgJezB4RN3DOn_-Tb_fMA7SNozqCrjAF4f8bUGA%40mail.gmail.com
> <https://groups.google.com/d/msgid/puppet-users/CAC76iT-W534UgJezB4RN3DOn_-Tb_fMA7SNozqCrjAF4f8bUGA%40mail.gmail.com?utm_medium=email_source=footer>
> .
>
>
> For more options, visit https://groups.google.com/d/optout.
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/CAJdJdQ%3DneD2UdG3ThgZkj2vwR6Yja-qavCRPVL4iqEcvX6oJpQ%40mail.gmail.com
> <https://groups.google.com/d/msgid/puppet-users/CAJdJdQ%3DneD2UdG3ThgZkj2vwR6Yja-qavCRPVL4iqEcvX6oJpQ%40mail.gmail.com?utm_medium=email_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>
-- 
Rob Nelson

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAC76iT_FjtVyet9HEfNK25OaQRsNjBRy46rJ0Csq45SFLy-76w%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Puppet Master and Custom Facts

[Rob Nelson]

If you deploy the custom fact, the agent would need to perform a single run
and then send the report to puppetdb. Afterward, it would be visible in the
admin console (assuming you mean PE console here) in all the usual places,
such as in the node details and filtering by fact valued.

The runs don't need to change anything, but they do need to complete and
send the report; if this doesn't happen every 14 days by default, it will
get purged from puppetdb and of course no longer show up.

On Tue, Feb 28, 2017 at 6:48 PM warron.french <warron.fre...@gmail.com>
wrote:

> Can I write a custom fact and see its value returned in the Admin
> Console?  Or does it only allow for the execution of Puppet Code based on
> conditionals and criteria meeting expectations?
>
> If the answer is yes to the first question, can I simply write the Custom
> Fact, without necessarily making any changes to a Puppet Agent Node; so
> that I can assess certain details about my network that aren't *native
> Puppet Facts*?
>
> My employer is creating systems, and we are "stamping" them with a text
> file under /etc/ and we want to be able to grab the content of the file WE
> CREATE under /etc to determine if machine A, BZ are part of Baseline1
> or Baseline2; for example.
>
> Thanks in advance,
> --
> Warron French
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/CAJdJdQ%3DwmGU_uUs9cfpq0SwjCtahdxXDN-pW%3DXoKEyiJ-TSGow%40mail.gmail.com
> <https://groups.google.com/d/msgid/puppet-users/CAJdJdQ%3DwmGU_uUs9cfpq0SwjCtahdxXDN-pW%3DXoKEyiJ-TSGow%40mail.gmail.com?utm_medium=email_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>
-- 
Rob Nelson

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAC76iT-W534UgJezB4RN3DOn_-Tb_fMA7SNozqCrjAF4f8bUGA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] build version tag?

[Rob Nelson]

If you're using a control repo, you can change the catalog version number
from seconds since epoch to git commit hash, which should allow you to
reconstitute all the modules in use at that time if you pin all external
modules in your Puppetfile (included would already be part of that hash).
-- 
Rob Nelson

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAC76iT8WTcNjsc3Gkiu437J5%2BgzkrczrGHhed4a%3DmzShk5L9Ug%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Puppet server is slow and needs tuning

[Rob Nelson]

Harish,

You are running puppet 3 open source and looking at directions for puppet 4
enterprise edition. While some of the PE information will surely apply to
the open source edition, you should update to puppet 4 as puppet 3 is End
of Support/Life. That upgrade alone should improve performance
significantly, at which time you can re-evaluate performance issues.

On Mon, Feb 20, 2017 at 8:26 AM Harish Kothuri <harishkoth...@gmail.com>
wrote:

> Hi All,
>
> Following is my puppet configuration details. Problem is that puppet
> server and agent runs are going very slow at times and restarting the
> server helps in production.
>
> Puppet 3.8.7 (open source)
> Facter 2.4.6
> CentOS 7
> Number of nodes: 500
> Number of cores: 16
> RAM: 32GB
>
> I'm going through this puppet website
> https://docs.puppet.com/pe/latest/config_monolithic.html#tuning-monolithic-installations-(reference)
> to fine tune my puppet.
>
> Can someone help me in understand location of the files exactly as i could
> not figure out *few (marked in Red)*. Please verify my changes and let me
> know if there's anything wrong.
>
> Section from Link: 16 cores, 32 GB of RAM (Monolithic)
>
> *Puppet Server:*
> *1. Increased JRuby instances in /etc/hiera.yaml file as below.*
>
> ---
> :backends:
>   - yaml
> :hierarchy:
>   - defaults
>   - "%{clientcert}"
>   - "%{environment}"
>   - global
>
> :yaml:
> # datadir is empty here, so hiera uses its defaults:
> # - /var/lib/hiera on *nix
> # - %CommonAppData%\PuppetLabs\hiera\var on Windows
> # When specifying a datadir, make sure the directory exists.
>   :datadir:
>   jruby-puppet: {
> max-active-instances: 10
> max-requests-per-instance: 0
>   }
>
> *1.1 Heap size on puppet server - Not sure where and how to change this.*
>
> *PuppetDB:*
> *2. PuppetDB command processing threads - **Where and how to change this?*
> *changed this in /etc/puppetdb/conf.d/config.ini*
>
>
> *2. 1 Changed heap size of puppetdb in /etc/sysconfig/puppetdb file as
> below*
>
>
> *JAVA_ARGS="-Xmx1g -XX:+HeapDumpOnOutOfMemoryError
> -XX:HeapDumpPath=/var/log/puppetdb/puppetdb-oom.hprof
> -Djava.security.egd=file:/dev/urandom"*
>
> *2.2 Broker Memory - Not sure where and how to change this.*
>
> *3. Node classifier-** Not sure where and how to change this.*
> *4. ActiveMQ - **Not sure where and how to change this.*
> *5. Orchestration services - **Not sure where and how to change this.*
> *6. PostgreSQL - **Not sure where and how to change this.*
>
> Thanks & Regards,
> Harish Kothuri
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/b0fb70eb-3224-4099-b53d-e1c370e2a0f9%40googlegroups.com
> <https://groups.google.com/d/msgid/puppet-users/b0fb70eb-3224-4099-b53d-e1c370e2a0f9%40googlegroups.com?utm_medium=email_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>
-- 
Rob Nelson

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAC76iT-BUk%2BzcPLoiJ_OxhPcFb_Ns4eWfYetuwiuH6jjhQDuGw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: ensure_resource should be the default behaviour

[Rob Nelson]

s/Fvl0aOe4RPE/kGFVbbIY3TYJ>
> of interest.  Felix Frank later implemented some of those ideas
> <https://github.com/ffrank/puppet-constraints>.
>
> I'm game to have this discussion again in the context of present-day
> Puppet and its ecosystem, but inasmuch as Puppet, Inc. has had multiple
> suggestions and ample opportunity to make the changes you seem to want, and
> has not made them, I think it's a lost cause.
>
>
> John
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/943c7176-af10-4436-bec3-949cbdd0e48e%40googlegroups.com
> <https://groups.google.com/d/msgid/puppet-users/943c7176-af10-4436-bec3-949cbdd0e48e%40googlegroups.com?utm_medium=email_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>
-- 
Rob Nelson

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAC76iT84RvW0OyTJdQUwPrd80_dW5JsmOXbF7xtRJv4Fc34CDg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] suppressing undefined variable warnings in PE2016.1

[Rob Nelson]

I believe that your hiera lookups won't be a problem. This is looking for
the usage of previously undefined variables more than the content of the
variables. If, however, it is truly undefined at that point due to some
ordering error, it seems like you'd want it to flag instead of be
nil/undef/etc.

On Wed, Feb 15, 2017 at 10:19 PM Ben Hines <bhi...@gmail.com> wrote:

> I would be really cool if warnings could be disabled (And re enabled) from
> code, like like pragmas in C++. That would let me keep the undefined
> variables warning where it's needed, but ignore for other areas. (like
> third party modules i may not care about)
>
> In my case, i am using hiera lookup paths that use variables that aren't
> defined until later. (because they come out of hiera itself)  The lookup
> call that gets them warns that they are undefined, until later when i pull
> them in. Perhaps that could be fixed on the lookup side, alternatively.
>
> -Ben
>
> On Friday, May 6, 2016 at 6:55:22 PM UTC-7, Henrik Lindberg wrote:
>
> On 06/05/16 21:00, Vince Skahan wrote:
> >
> > Is there a way to shut up the undefined variable warnings in PE2016.1 ?
> >
> This is https://tickets.puppetlabs.com/browse/PUP-1780
> Which was released in Puppet 4.4.0, and is thus in all PE2016.1 versions.
>
> The input to docs (in the ticket) says:
>
> "All references to non existing variables will now generate a warning.
> Earlier puppet only warned about non existing qualified variables with
> more than one namespace segment.
>
> It is possible to disable these warnings by adding 'undefined_variables'
> to the setting 'disabled_warnings'.
>
> Note that in most cases there is no file/line information available, and
> this was one reason why only some cases were reported earlier. We expect
> to correct this in the next major version as it requires API breaking
> changes."
>
> Thus - you can get rid of those warnings by disabling that particular
> warning.
>
> Hope that helps
>
> Best,
> - henrik
>
> > Here's a trivial example:
> >
> > # puppet apply -t --noop -e 'notice("this should print just a 'x' =>
> > x${foo}")'
> > Info: Loading facts
> > Info: Loading facts
> > Info: Loading facts
> > Info: Loading facts
> > Info: Loading facts
> > Info: Loading facts
> > Info: Loading facts
> > Info: Loading facts
> > Info: Loading facts
> > Info: Loading facts
> > Info: Loading facts
> > Info: Loading facts
> > Warning: Undefined variable 'foo';
> >(file & line not available)
> > Notice: Scope(Class[main]): this should print just a x => x
> > Notice: Compiled catalog for myhostname.com in environment production
> in
> > 0.04 seconds
> >
> > I see there is a --strict-variables where I can make compilation fail.
> > It seems that throwing the warning is the current default
> > I'm looking for a "yes I have a good reason so please just quit whining
> > about what I am doing" switch :-)
> >
> > Alternately, is there a way to check for the fact being not defined ?
> > I can not find any syntax that works in the 2016.1 parser.
> >
> > something along the lines of notionally the following:
> > if $whatever is defined print out 'whatever = $whatever'
> > if $whatever is not defined print out 'whatever is not defined' or null
> > or undef or whatever it evaluates to currently.
> >
> > I'm probably in interpreted language overload among perl/python/bash and
> > the Puppet DSL is just not grokking.
> >
> > --
> > You received this message because you are subscribed to the Google
> > Groups "Puppet Users" group.
> > To unsubscribe from this group and stop receiving emails from it, send
> > an email to puppet-users...@googlegroups.com
> > <mailto:puppet-users+unsubscr...@googlegroups.com>.
> > To view this discussion on the web visit
> >
> https://groups.google.com/d/msgid/puppet-users/dcfb928f-6e74-4974-9505-88d446c682f9%40googlegroups.com
> > <
> https://groups.google.com/d/msgid/puppet-users/dcfb928f-6e74-4974-9505-88d446c682f9%40googlegroups.com?utm_medium=email_source=footer>.
>
> > For more options, visit https://groups.google.com/d/optout.
>
>
> --
>
> Visit my Blog "Puppet on the Edge"
> http://puppet-on-the-edge.blogspot.se/
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web vis

Re: [Puppet Users] Re: No nodes reported in Dashboard 2.0.0

[Rob Nelson]

There's also puppetboard. See https://github.com/voxpupuli/puppetboard and
https://github.com/voxpupuli/puppet-puppetboard


Rob Nelson
rnels...@gmail.com

On Mon, Feb 13, 2017 at 2:03 PM, Dimitri Yioulos <dyiou...@gmail.com> wrote:

> Thanks, Michael.  Sorry it's fallen by the wayside.  I've now installed
> Foreman.  While, I liked Puppet-Dashboard's output more, Foreman will do
> just fine.
>
> On Friday, February 10, 2017 at 3:06:23 PM UTC-5, Dimitri Yioulos wrote:
>>
>> Hi, All.
>>
>> Previously, I had a Puppet server running version 3.x, and Puppet
>> Dashboard 1.2.  Worked a treat.  Now, I created a new Puppet server version
>> 4.  I got that all working fine.  I also installed Dashboard 2.0.0.  While
>> I can see the Dashboard, there are no nodes reported.  Has anyone else
>> installed Puppet Dashboard 2.0.0 to work with Puppet 4 that might give me
>> some help?
>>
>> Thanks.
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/puppet-users/6cc0886b-ee7c-4d0c-b6a0-62165ff7b01b%40googlegroups.com
> <https://groups.google.com/d/msgid/puppet-users/6cc0886b-ee7c-4d0c-b6a0-62165ff7b01b%40googlegroups.com?utm_medium=email_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAC76iT-yh8RM%3D%3DKPxNn20td_cQwC%2BC%3DWSvwnKi_q8ZkN9BvZwQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: User Management from LDAP / freeipa

[Rob Nelson]

Remember that `if User['x]` is not looking to see if the user x exists, but
whether or not you have a resource of type User with the title 'x'. In
other words, it checks to see if you declared `user{ 'x': ... }` somewhere
in your manifests. Puppet ONLY manages those things that you tell it to,
hence why you hit the else branch every time.


I will also second the idea that managing home directories with external
users is not necessarily the best way to proceed. Your IdM platform may
offer a way to do network profiles, or you can use NFS or similar to
provide them on machines. Those are likely better approaches to investigate
in the long term.


Rob Nelson
rnels...@gmail.com

On Tue, Feb 7, 2017 at 11:17 AM, Dan White <d_e_wh...@icloud.com> wrote:

> I am not trying to manage users.
> I am trying to INTELLIGENTLY push out things like dot-files, but Puppet
> cannot "see" IdM created users.
>
> "Sometimes I think the surest sign that intelligent life exists elsewhere
> in the universe is that none of it has tried to contact us."
>
> Bill Waterson (Calvin & Hobbes)
>
> On Feb 7, 2017, at 7:03 AM, bert hajee <bert.ha...@gmail.com> wrote:
>
> Dan,
>
> We recently developed a puppet custom type to manage users inside a LDAP
> directory. Here
> <https://www.enterprisemodules.com/docs/ldap_principal/description.html> you
> can find some documentation. It is a commercial module, but free in
> development and free in production up to 50 manageable entries. Maybe this
> can help you.
>
>
> Regards,
>
> Bert Hajee
>
> On Monday, 6 February 2017 15:33:46 UTC+1, LinuxDan wrote:
>>
>> I am trying to figure out if I can do any user management from Puppet for
>> users initially managed by Red Hat's Identity Manager (freeipa / ldap)
>>
>> Here is a code snippet I tried:
>>
>> # Class: wtf
>> #
>> class wtf {
>>   if defined( User["dewhite"] ) {
>> $foo = User["dewhite"]["home"]
>> notify { "->${foo}<-": }
>>   } else {
>> notify { "woof": }
>> user { 'dewhite':
>>   ensure => 'present',
>> }
>>   }
>> }
>>
>> The dewhite user is defined - and Puppet can "see" it :
>>
>> [root ~]# puppet resource user dewhite
>> user { 'dewhite':
>>   ensure => 'present',
>>   comment => 'Daniel White',
>>   gid => '68441',
>>   home => '/home/dewhite',
>>   shell => '/bin/bash',
>>   uid => '68441',
>> }
>>
>> but I always get the "else" half of the manifest.
>>
>> My goal is to add things like dot-files and such.
>> I want to either be able to detect the existance of an LDAP created user
>> or I would like to be able to manage the freeipa/LDAP users from Puppet.
>>
>> Any ideas ?
>>
>>
>> Dan White | d_e_...@icloud.com
>> 
>> “Sometimes I think the surest sign that intelligent life exists elsewhere in 
>> the universe is that none of it has tried to contact us.”  (Bill Waterson: 
>> Calvin & Hobbes)
>>
>>
>> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/puppet-users/4598a137-b64f-44de-8b2d-017071a5bab6%40googlegroups.com
> <https://groups.google.com/d/msgid/puppet-users/4598a137-b64f-44de-8b2d-017071a5bab6%40googlegroups.com?utm_medium=email_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/puppet-users/65A12138-E4F3-47DD-A069-3FFF34D20BCB%40icloud.com
> <https://groups.google.com/d/msgid/puppet-users/65A12138-E4F3-47DD-A069-3FFF34D20BCB%40icloud.com?utm_medium=email_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAC76iT8og2SfZZDLUZ95NezjLXy2cJSF%2Bi6TH_%3D6YBGhS2v3qg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Upgrade path for 2015.2.2

[Rob Nelson]

My advice would be to open a support ticket and ask for assistance on
verifying the Classifier settings will transfer in an upgrade, as well as
how to back them up. I did experience some issues with it, and in hindsight
it would be have been quicker to export the important settings, install a
new server, and import those settings; trying to recover what went wrong
did work but took forever (even though we don't specifically use it, the
default settings ARE important to have working). It's possible support got
a handle on our issue and it's not as big a deal now, though. Either way,
support can provide more specific guidance.


Rob Nelson
rnels...@gmail.com

On Wed, Feb 1, 2017 at 9:33 PM, warron.french <warron.fre...@gmail.com>
wrote:

> Hey Rob!  Thanks for the reply.  Yes, I am running a monolithic
> installation.
>
> So, you believe I can just install 2015.3.3 over the existing, current,
> installation?  Then again install-in-place with the latest version of PE?
>
> Is there anything you can think of in the installation instructions I
> should be looking out for in particular?  Also, I don't know if I am using
> the classifier, I can't remember how to do determine this fact - any advice?
>
> Thank you.
>
> --
> Warron French
>
>
> On Tue, Jan 31, 2017 at 10:42 PM, Rob Nelson <rnels...@gmail.com> wrote:
>
>> Warren,
>>
>> It sounds like you have a single all in one master, which makes it pretty
>> simple. If not, then the answers below may oversimplify the process.
>>
>> To do this in place, I think you want to go to 2015.3.3 then the latest
>> version. There was essentially a break in the upgrader around that point so
>> you can't go straight to the latest, and I think 2015.3.3 had the least
>> caveats around it as an intermediate step. I used it as my step between 3.8
>> and 2016.4.1, the latest at the time of my upgrade, so I think you should
>> be fine. Certainly you should check the release notes for any edge cases
>> first, of course.
>>
>> There's nothing wrong with making a new VM, though. If you're using the
>> classifier, then you should read up on exporting and importing that
>> information. I don't use it so I don't have any experience to share, sorry.
>> Same thing for Console configs like authentication and such.
>>
>> On Tue, Jan 31, 2017 at 9:13 PM warron.french <warron.fre...@gmail.com>
>> wrote:
>>
>>> Does anyone know how I can upgrade from PE 2015.2.2?
>>>
>>> Do I need to give up, and build a separate new VM and install the latest
>>> PE version?
>>>
>>> Thank you.
>>> --
>>> Warron French
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Puppet Users" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to puppet-users+unsubscr...@googlegroups.com.
>>> To view this discussion on the web visit https://groups.google.com/d/ms
>>> gid/puppet-users/CAJdJdQkLSUMNYBu2LbW7CLu903YXKPh6ggao5yJH6e
>>> hOoaE83g%40mail.gmail.com
>>> <https://groups.google.com/d/msgid/puppet-users/CAJdJdQkLSUMNYBu2LbW7CLu903YXKPh6ggao5yJH6ehOoaE83g%40mail.gmail.com?utm_medium=email_source=footer>
>>> .
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>> --
>> Rob Nelson
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to puppet-users+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit https://groups.google.com/d/ms
>> gid/puppet-users/CAC76iT8vDj1a-_b025WQ_Zm-hyuwKCWWTWsQ_
>> RWeQZkg2tfQQA%40mail.gmail.com
>> <https://groups.google.com/d/msgid/puppet-users/CAC76iT8vDj1a-_b025WQ_Zm-hyuwKCWWTWsQ_RWeQZkg2tfQQA%40mail.gmail.com?utm_medium=email_source=footer>
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/puppet-users/CAJdJdQmTcnfGjmBS%3DJH6j8d7aGQK0Oc8xeGQoAgO0mNdn
> rNLLw%40mail.gmail.com
> <https://groups.google.com/d/msgid/puppet-users/CAJdJdQmTcnfGjmBS%3DJH6j8d7aGQK0Oc8xeGQoAgO0mNdnrNLLw%40mail.gmail.com?utm_medium=email_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAC76iT-aRsxt7HRGUdrbZAPW4--uDEML4YsDY-moCHserhEN2g%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Escape codes in collection types

[Rob Nelson]

It might be a good idea to add `puppet parser validate` and puppet-lint to
your pre commit hooks, they should help catch most similar issues.

On Wed, Feb 1, 2017 at 12:26 PM Joshua Schaeffer <jschaeffer0...@gmail.com>
wrote:

>
> That should be $color =
>
>
> Wow, I knew it was something simple. I swear I looked at that for 10
> minutes straight and couldn't find the syntax error. Thanks for pointing it
> out. I corrected the syntax error and it's all working correctly now.
>
> Thanks,
> Joshua
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/dd919198-940a-41b7-8028-003227488d73%40googlegroups.com
> <https://groups.google.com/d/msgid/puppet-users/dd919198-940a-41b7-8028-003227488d73%40googlegroups.com?utm_medium=email_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>
-- 
Rob Nelson

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAC76iT9x6A4gdfNO-3UAKz7xeq%3DPi7kJF3eDT38nU49fh2%3D7BQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Upgrade path for 2015.2.2

[Rob Nelson]

Warren,

It sounds like you have a single all in one master, which makes it pretty
simple. If not, then the answers below may oversimplify the process.

To do this in place, I think you want to go to 2015.3.3 then the latest
version. There was essentially a break in the upgrader around that point so
you can't go straight to the latest, and I think 2015.3.3 had the least
caveats around it as an intermediate step. I used it as my step between 3.8
and 2016.4.1, the latest at the time of my upgrade, so I think you should
be fine. Certainly you should check the release notes for any edge cases
first, of course.

There's nothing wrong with making a new VM, though. If you're using the
classifier, then you should read up on exporting and importing that
information. I don't use it so I don't have any experience to share, sorry.
Same thing for Console configs like authentication and such.

On Tue, Jan 31, 2017 at 9:13 PM warron.french <warron.fre...@gmail.com>
wrote:

> Does anyone know how I can upgrade from PE 2015.2.2?
>
> Do I need to give up, and build a separate new VM and install the latest
> PE version?
>
> Thank you.
> --
> Warron French
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/CAJdJdQkLSUMNYBu2LbW7CLu903YXKPh6ggao5yJH6ehOoaE83g%40mail.gmail.com
> <https://groups.google.com/d/msgid/puppet-users/CAJdJdQkLSUMNYBu2LbW7CLu903YXKPh6ggao5yJH6ehOoaE83g%40mail.gmail.com?utm_medium=email_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>
-- 
Rob Nelson

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAC76iT8vDj1a-_b025WQ_Zm-hyuwKCWWTWsQ_RWeQZkg2tfQQA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Bitbucket Server (Stash) + pe_code_manager_webhook

[Rob Nelson]

We use Post-Receive Webhook from the marketplace.

On Sat, Jan 28, 2017 at 4:36 AM Bing Shiao <bing.sh...@gmail.com> wrote:

> This question is related to Bitbucket Server (Stash).
>
> I have pe_code_manager_webhook working with Gitlab's webhook.
>
> Now I'm switching to Bitbucket Server 4.13.0, and trying to configure a
> similar webhook (post-receive-hook) in Bitbucket. It does not have webhook
> out-of-box, so I need to download a plugin from the market place.  I've
> tried several but failed to hit code manager endpoint.
>
> What plugin do you use in Bitbucket?
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/57996d45-80ff-4563-8327-08630377aae7%40googlegroups.com
> <https://groups.google.com/d/msgid/puppet-users/57996d45-80ff-4563-8327-08630377aae7%40googlegroups.com?utm_medium=email_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>
-- 
Rob Nelson

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAC76iT9LZwFZ6e0e6CmHq8098d%2BeZOqpntFzcA5aSOWQW-cdjg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: how do you name and group your data in hiera?

[Rob Nelson]

I apparently use a different sudo module than you do (saz/sudo), but have 
the same concerns. We have a general sudoers setup that gets applied to all 
nodes and additional config for certain roles. We manage this in the base 
profile class using iteration (note: I don't think I guard against 
`$sudo_confs` actually being undef, which may cause catalog compilation 
failures if it occurred):

class profile::base::linux (
  $sudo_confs = undef,
) {
  ... 
  # Sudo setup
  include ::sudo
  $sudo_confs.each |$group, $config| {
sudo::conf{ $group:
  * => $config,
}
  }
}

In hiera/global.yaml:

---
lookup_options:
  profile::base::linux::sudo_confs:
merge: deep
profile::base::linux::sudo_confs:
  sysadmin:
priority: 10
content: '%sysadminALL=(ALL)   ALL'

The `lookup_options` ensures that the content is found and merged across 
hiera tiers rather than overwriting at each level. Then we can do things 
like this in hiera/puppet_role/build.yaml, for a 'build' role:

---
profile::base::linux::sudo_confs:
  infrastructure:
priority: 15
content: '%infrastructureALL=(ALL)   ALL'

On almost every node, profile::base::linux::sudo_confs has a single key 
'sysadmin'. On nodes with the `puppet_role` fact set to `build`, there's a 
second key, `infrastructure`, and thus a second sudo configuration is 
applied on those nodes. You can also look at the `knockout_prefix` key for 
`lookup_options` if you decide you need to eliminate some keys on certain 
nodes.

On Friday, January 27, 2017 at 3:47:58 AM UTC-5, Robert wrote:
>
> Hi List,
>
> I'm on the verge of refactoring all our modules to the roles 
> workflow with r10k etc. and the stuff is taking shape - thanks for all the 
> help so far! - and the only thing I'm still not very convenient with is the 
> naming/grouping of data put into Hiera and using that data in the profiles. 
> Let me explain.
> Somehow I always wanted to do something like this:
>
> ---
> profile::tomcat::sudoers:
>   tomcatadmingroup:
> - systemctl start tomcat.service
> - systemctl stop tomcat.service
> profile::apache::sudoers
>   apacheadmingroup:
> - systemctl start httpd.service
> - systemctl stop httpd.service
>
> since if I classify a node with the Tomcat module, I'd like the tomcat 
> admins to be able to start and stop the service. I think this resource 
> belongs to the profile::tomcat. This way, I'd use: 
> profiles::tomcat {
> ...
>   class { "sudoers":
> sudoers => $::profiles::tomcat::sudoers
>   }
> }
>
> profiles::apache {
> ...
>   class { "sudoers":
> sudoers =>$::profiles::apache::sudoers
>   }
> }
>
> This is (imho) way nicer than trying to remember to extend all these 
> resources every time I need something new, like "Tomcat needs a port, a 
> user, a certificate so let's extend profile::firewall with the port, 
> profile::certs with the cert. Ah crap I forgot the java version in 
> profiles::java at the bottom of the yaml file!".
>
> But this solution obviously doesn't work if a node has both the tomcat and 
> apache modules because of the multiple resource-like class declarations of 
> the same class.
>
> Another example would be that if the tomcat module is assigned to a node, 
> then the tomcat-admins should be able to login via ssh. And the same goes 
> for other admin groups. Assuming this:
>
> profiles::tomcat::pamd: 
>   - 'tomcatadmins'
> profiles::oracle::pamd: 
>   - 'oracleadmins'
>
> the final variable used in the pamd class should be ["tomcatadmins", 
> "oracleadmins"] but I can't really get this array in the pamd profile with 
> hiera (or can I?).
>
> Maybe some merging would be possible but I can't simply look up 
> "profile::*::pamd" and merge the results.
> Afaik hiera_array is only possible with data on different Hiera levels.
> I could use subclasses like ::sudoers::tomcat, ::sudoers::apache... 
> ::pamd::oracle ::pamd::tomcat etc. but that'd be complex and time-consuming.
>
> How could I (meaningfully) use "include ::classname" everywhere without 
> doing something weird? 
> How do you group your data?
>
> Best
> Rp
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/8a068b3a-22aa-493f-8ec7-1c5396bfea95%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Puppetlabs apache module: setting the value for @expires_default in apache::mod::expires

[Rob Nelson]

In the `apache` class there is a `default_mods` parameter as well (param
https://github.com/puppetlabs/puppetlabs-apache#default_mods and code path
https://github.com/puppetlabs/puppetlabs-apache/blob/28e9d41b2028f13c81b43e47c79bd28899170ccb/manifests/init.pp#L334-L345),
it looks like you would want to set that to `false` or an array that does
not contain `expires`. That is just from a simple reading of the
description and the code, not from experience using it, though.


Rob Nelson
rnels...@gmail.com

On Wed, Jan 18, 2017 at 12:13 PM, Flannon Jackson <f...@nyu.edu> wrote:

> I'm running puppet 4.8 and I'm trying to configure the Puppetlabs-Apache
> module, which is v1.10.0.  According to the README apache::mod::expires has
> three parameters, one of which is expires_default.  (
> https://forge.puppet.com/puppetlabs/apache#class-apachemodexpires).  It
> also says that is uses expires.conf.erb to generate it's configuration and
> that expires_default is undef by default, and 
> puppetlabs-apache/templates/mod/expires.conf.erb
> has the following template,
>
> ExpiresActive <%= scope.function_bool2httpd([@expires_active]) %>
> <%- if ! @expires_default.nil? and ! @expires_default.empty? -%>
> ExpiresDefault "<%= @expires_default %>"
> <%- end -%>
> <%- if ! @expires_by_type.nil? and ! @expires_by_type.empty? -%>
> <%- [@expires_by_type].flatten.each do |line| -%>
> <%- line.map do |type, seconds| -%>
> ExpiresByType <%= type %> "<%= seconds -%>"
> <%- end -%>
> <%- end -%>
> <%- end -%>
>
> So I figured I could do this to set the value for ExpiresDefault in the
> apache config,
>
> class { 'apache::mod::expires' :
> expires_default => ['access', 'plus', '5184000', 'seconds',],
> }
>
> But when I run Puppet I get a duplicate declarations error,
>
> "Error: Evaluation Error: Error while evaluating a Resource Statement,
> Duplicate declaration: Apache::Mod[expires] is already declared in file
> /tmp/vagrant-puppet/environments/development/modules/thirdparty/apache/manifests/default_mods.pp:66;
> cannot redeclare at /tmp/vagrant-puppet/environments/development/
> modules/thirdparty/apache/manifests/mod/expires.pp:7 at
> /tmp/vagrant-puppet/environments/development/modules/thirdparty/apache/manifests/mod/expires.pp:7:3
> on node loris.local"
>
> So it looks like apache::mod::expires is defined in default_mods.pp and
> mod/expires.pp.  I'm not really sure what's going on, but I feel like I'm
> missing something very basic here.
>
> Any help would be appreciated,
>
> Thanks,
>
> -f
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/puppet-users/4a571f98-16dd-4e7c-af1d-da4e5ba89871%40googlegroups.com
> <https://groups.google.com/d/msgid/puppet-users/4a571f98-16dd-4e7c-af1d-da4e5ba89871%40googlegroups.com?utm_medium=email_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAC76iT-OaL20L_5%2BxL73JSCLQ9T%2BEco%3D%3Duvnwzi5LoztJGS7%3DQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: Puppet Community Roles and Profiles

[Rob Nelson]

Joe,

Roles and profiles don't change your hiera usage much. In your profile just
`include file_config` and in hiera keep the same keys you already have
working. Hiera will do the legwork of automatic parameter lookup no matter
how the class is included, so your results should be the same.

On Sat, Jan 14, 2017 at 10:18 PM Joe <09cic...@gmail.com> wrote:

> Hello again,
>
> So I read up and watched the wonderful presentations suggested here. I am
> certain this is the direction for our environment.
>
> I have a question regarding the functionality of the profiles in regards
> to file resources using the "source" option that replaces a file if it has
> changed.. When looking at the example on the official documentation on how
> to use profiles to set module data it shows this.
>
> # 
> /etc/puppetlabs/code/environments/production/site/profile/manifests/jenkins/master.pp
>
> class profile::jenkins::master (
>
>   String $jenkins_port = '9091',
>
>   String $java_dist= 'jdk',
>
>   String $java_version = 'latest',
>
> ) {
>
>
>
>   class { 'jenkins':
>
> configure_firewall => true,
>
> install_java   => false,
>
> port   => $jenkins_port,
>
> config_hash=> {
>
>   'HTTP_PORT'=> { 'value' => $jenkins_port },
>
>   'JENKINS_PORT' => { 'value' => $jenkins_port },
>
> },
>
> It is clear that the profile::jenkins::master class is declaring the
> jenkins class and setting the install_java param to false as well as
> setting the configure_firewall to true.
>
> In my case I have a module let's call it "file_config" where I am
> declaring 2 separate file resources where if they change, I will copy them
> from the modules files directory.
>
> Here is an example. Both of these file resources are in the same manifest,
> so init.pp of the file_config class.
>
>  class file_config (
> $firstfile  = undef,
> $secondfile = undef,
> ) {
>   file { '/etc/siteconf/file1':
> ensure   => file,
> mode => '0644',
> owner=> 'root',
> checksum => 'md5',
> source   => $firstfile,
>   }
>
>   file { '/etc/siteconf/file2':
> ensure   => file,
> mode => '0644',
> owner=> 'root',
> checksum => 'md5',
> source   => $secondfile,
>   }
> }
>  For both I store the values in Hiera and without profiles this works
> exactly how I need it to. However with profiles while I am trying to
> abstract this and I am having difficulty understanding how to configure the
> profile so that each file resource "source" value should be set. Since the
> values I am trying to set are both named "source" I am stuck.
>
> So for example.
> ##PROFILE
> class profiles::base::config1 {
>
>
>
>   $source1 = hiera('profiles::base::config1::file1') ## file1 
> '/etc/siteconf/file1':
>
>   $source2 = hiera('profiles::base::config1::file2') ## file2 
> '/etc/siteconf/file2':
>   ##both files are in 'puppet:///modules/file_config/' as file1 and file2, 
> they are set pulled into source1 and source2 above.
>
>
>
>## And now trying to set the values through the profile for file1 and
> file2...this is where i get lost since the values I am trying to set are
> both named "source"
>
>class file_config: {
>  source => $source1 ## this would be for file1 declared file resource
> in the file_config class/module
>  source => $source2 ## this would be for file2 declared file resource
> in the file_config class/module
>}
>
> I am trying to set the "source" value on both of these file resources
> which seems impossible..
> Is the way to do this to put the file resources in their own classes like
> file_config::file1 and file_config::file2 located in
> modules/file_config/manifests/file1.pp and file2.pp?
>
> I hope this is clear and I am 99.9% sure I am approaching this
> incorrectly.
>
> Thanks
>
>
> On Thursday, January 12, 2017 at 11:23:33 AM UTC-7, Joe wrote:
>
> Thank you guys very much, will read up on this.
>
>
>
> On Wednesday, January 11, 2017 at 3:52:52 PM UTC-7, Joe wrote:
>
> Hello All,
>
> Does Puppet Community support Roles and Profiles? The Puppet Community
> does section does not appear to have documentation on them, just looking
> for confirmation.
>
> Thanks
>
>
>
>
>
>
>
>
>
> --
>
>
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
>
>
> To 

Re: [Puppet Users] Re: writing custom fact -> return value not as expected

[Rob Nelson]

There's also `last reboot -1`, add your favorite timestamp format with -T :)


Rob Nelson
rnels...@gmail.com

On Fri, Jan 13, 2017 at 6:27 AM, Thomas Müller <tho...@chaschperli.ch>
wrote:

>
>
> Am Dienstag, 10. Januar 2017 17:44:23 UTC+1 schrieb Denny:
>>
>> Hi there,
>>
>> probably a pretty easy to answer question.
>>
>> I want to try out adding custom facts. My first custom fact should be
>> "lastrebootdate"
>>
>> My code looks like this:
>>
>> Facter.add(:lastrebootdate) do
>>   setcode do
>> Facter::Util::Resolution.exec("/usr/bin/who -b |awk '{print $3}'")
>>   end
>> end
>>
>> Running the command on the system returns "2017-01-30"
>>
>>
>>
> just a random thought: instead of calling who you could take the already
> existing uptime fact and just calculate the date with ruby time/date
> functions.
>
> - Thomas
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/puppet-users/41898ce0-c5e3-472f-98f9-eb4fbae47aa8%40googlegroups.com
> <https://groups.google.com/d/msgid/puppet-users/41898ce0-c5e3-472f-98f9-eb4fbae47aa8%40googlegroups.com?utm_medium=email_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAC76iT9-egYN4OeKg9qk%3DrwxMhRPgON-UMxyPRKvZJPvt%3DikVg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Puppet Language Style Guide update

[Rob Nelson]

Jean, thank you for the hard work taking point on this much needed
revision! Looking forward to making good use of this with puppet-lint.


Rob Nelson
rnels...@gmail.com

On Thu, Jan 12, 2017 at 1:50 PM, Jean Bond <j...@puppet.com> wrote:

> Hello!
>
> We've been hard at work on a Puppet 4 update to the Puppet Language Style
> Guide, and today we are pleased to publish the updated style guide. The
> guide has also been moved within the Puppet docs site to reside in
> versioned Puppet docs: https://docs.puppet.com/
> puppet/latest/style_guide.html . As the guide is now with versioned
> Puppet docs, it is no longer versioned in and of itself. Instead, the goal
> is to update and improve the guide on a more continual basis.
>
> As all style guides are (or should be), this style guide is a living
> document. In addition, Puppet 4 style is still evolving and not all
> outstanding questions have been answered. In short, this style guide is
> probably imperfect! If you want to make suggestions or raise issues for
> discussion, we would love to hear from you. To send us style guide
> feedback, please either:
> * respond to this email
> * file a ticket under the epic DOCUMENT-637 (https://tickets.puppetlabs.
> com/browse/DOCUMENT-637)
>
> If you see a simple or error typo in text or in code, feel free to either
> file a ticket or issue a pull request to the latest version of the style
> guide (https://github.com/puppetlabs/puppet-docs/tree/master/source).
>
> My deepest thanks to the community for all of the contributions to this
> revision; your help was invaluable. I look forward to working with the
> community on improving and refining this guide.
>
> Best,
>
> Jean
> --
> *Jean Bond*
> Technical Writer
> Puppet
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/puppet-users/CADpKKKFJ%3DYsvFUV5GemNdCbjMqk1fpfJ%
> 3D9V2V1v0Y5kHiOY9Nw%40mail.gmail.com
> <https://groups.google.com/d/msgid/puppet-users/CADpKKKFJ%3DYsvFUV5GemNdCbjMqk1fpfJ%3D9V2V1v0Y5kHiOY9Nw%40mail.gmail.com?utm_medium=email_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAC76iT8BRP4zOh8wRgCBKZY-k4AhBaeXcc-ymCV5OTZ2zbLkZw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: writing custom fact -> return value not as expected

[Rob Nelson]

Thanks for the correction. Definitely way off base on that, my apologies
for the erroneous claims!


Rob Nelson
rnels...@gmail.com

On Tue, Jan 10, 2017 at 4:46 PM, Stefan Schulte <stschu...@posteo.de> wrote:

> Hey Rob,
>
> variable interpolation in strings in ruby is actually done with
> #{some_var}, so the following snippet
>
> #!/usr/bin/ruby
>
> "Hello World".match(/Hello (.*)/)
>
> puts $1
> puts "$1"
> puts "#{$1}
>
> actually returns
>
> World
> $1
> World
>
> As you can see "$1" does not interpolate to an earlier match.
>
> On 10.01.2017 21:14, Rob Nelson wrote:
> > At a guess, dollar signs inside double quotes interpolate, so it's
> > extremely possible that somewhere earlier in the ruby run, $3 matched
> > "Jan" somewhere and that was reused in your awk command. In the latter
> > usage there's probably no $6 (that's a lot of matches!) or it amazingly
> > has the value '$6'. I would definitely be more careful about escaping
> > any dollars inside of double quoted strings that are passed to exec(),
> > system(), or similar functions, as escaping that can be a nightmare when
> > the stars align during your design but not weeks later during your usage.
> >
> > On Tuesday, January 10, 2017 at 12:24:45 PM UTC-5, Denny wrote:
> >
> > Tried out another customfact "lastyumupdate" which looks like:
> >
> > |
> > Facter.add(:lastyumupdate) do
> >   setcode do
> > Facter::Util::Resolution.exec("yum history |grep -E '^.*(Update|
> > U).*$' |head -n 1 |awk '{print $6}'")
> >   end
> > end
> > |
> >
> > This one returns on command line "2017-01-10" AND sets the fact
> correct
> >
> > |
> > $ puppet facts |grep last
> > "lastrebootdate": "Jan",
> > "lastyumupdate": "2017-01-10",
> > |
> >
> >
> > Any help is appreciated :)
> >
> >
> > Denny
> >
> > Am Dienstag, 10. Januar 2017 17:47:36 UTC+1 schrieb Denny:
> >
> > PS: I'm running facter 3.5.0 with puppet 4.8.1 on CentOS 7
> >
> >
> > Am Dienstag, 10. Januar 2017 17:44:23 UTC+1 schrieb Denny:
> >
> > Hi there,
> >
> > probably a pretty easy to answer question.
> >
> > I want to try out adding custom facts. My first custom fact
> > should be "lastrebootdate"
> >
> > My code looks like this:
> >
> > |
> > Facter.add(:lastrebootdate) do
> >   setcode do
> > Facter::Util::Resolution.exec("/usr/bin/who -b |awk
> > '{print $3}'")
> >   end
> > end
> > |
> >
> > Running the command on the system returns "2017-01-30"
> >
> > Deploying my fact on a puppet node and running the puppet
> > agent returns "Jan".
> >
> > |
> > $ puppet facts |grep lastrebootdate
> > "lastrebootdate": "Jan",
> > |
> >
> > What did I miss?
> >
> > Thank you,
> >
> > Denny
> >
> > --
> > You received this message because you are subscribed to the Google
> > Groups "Puppet Users" group.
> > To unsubscribe from this group and stop receiving emails from it, send
> > an email to puppet-users+unsubscr...@googlegroups.com
> > <mailto:puppet-users+unsubscr...@googlegroups.com>.
> > To view this discussion on the web visit
> > https://groups.google.com/d/msgid/puppet-users/1fe52550-
> e656-415a-9197-a692d397c8bc%40googlegroups.com
> > <https://groups.google.com/d/msgid/puppet-users/1fe52550-
> e656-415a-9197-a692d397c8bc%40googlegroups.com?utm_medium=
> email_source=footer>.
> > For more options, visit https://groups.google.com/d/optout.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/puppet-users/ccb700cd-6bf1-14dc-84cf-9b75d7181eca%40posteo.de.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAC76iT8Q1H%2Bzi%2B1mW5ss7EoDn21Nu8QJWOB%2BhGkkyKmuA0%3DJpQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: writing custom fact -> return value not as expected

[Rob Nelson]

At a guess, dollar signs inside double quotes interpolate, so it's 
extremely possible that somewhere earlier in the ruby run, $3 matched "Jan" 
somewhere and that was reused in your awk command. In the latter usage 
there's probably no $6 (that's a lot of matches!) or it amazingly has the 
value '$6'. I would definitely be more careful about escaping any dollars 
inside of double quoted strings that are passed to exec(), system(), or 
similar functions, as escaping that can be a nightmare when the stars align 
during your design but not weeks later during your usage.

On Tuesday, January 10, 2017 at 12:24:45 PM UTC-5, Denny wrote:
>
> Tried out another customfact "lastyumupdate" which looks like:
>
> Facter.add(:lastyumupdate) do
>   setcode do
> Facter::Util::Resolution.exec("yum history |grep -E '^.*(Update| 
> U).*$' |head -n 1 |awk '{print $6}'")
>   end
> end
>
> This one returns on command line "2017-01-10" AND sets the fact correct
>
> $ puppet facts |grep last
> "lastrebootdate": "Jan",
> "lastyumupdate": "2017-01-10",
>
>
> Any help is appreciated :)
>
>
> Denny
>
> Am Dienstag, 10. Januar 2017 17:47:36 UTC+1 schrieb Denny:
>>
>> PS: I'm running facter 3.5.0 with puppet 4.8.1 on CentOS 7
>>
>>
>> Am Dienstag, 10. Januar 2017 17:44:23 UTC+1 schrieb Denny:
>>>
>>> Hi there,
>>>
>>> probably a pretty easy to answer question.
>>>
>>> I want to try out adding custom facts. My first custom fact should be 
>>> "lastrebootdate"
>>>
>>> My code looks like this:
>>>
>>> Facter.add(:lastrebootdate) do
>>>   setcode do
>>> Facter::Util::Resolution.exec("/usr/bin/who -b |awk '{print $3}'")
>>>   end
>>> end
>>>
>>> Running the command on the system returns "2017-01-30"
>>>
>>> Deploying my fact on a puppet node and running the puppet agent returns 
>>> "Jan".
>>>
>>> $ puppet facts |grep lastrebootdate
>>> "lastrebootdate": "Jan",
>>>
>>> What did I miss?
>>>
>>> Thank you,
>>>
>>> Denny
>>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/1fe52550-e656-415a-9197-a692d397c8bc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Could not find resource, but it's there.

[Rob Nelson]

The auto-require would succeed, but the additional require could still fail 
to find the resource, which fails catalog compilation entirely.

On Tuesday, January 10, 2017 at 12:47:09 AM UTC-5, Thomas Müller wrote:
>
> Wouldnt it work anyways (if manifest order or not) because the file 
> typeauto-reqires its parents?
>
> https://docs.puppet.com/puppet/latest/types/file.html#file-description
>
> -Thomas
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/f8583646-3d48-47ec-b515-79075f57bc32%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Hiera behaviour in PE 2016.5

[Rob Nelson]

On Tue, Jan 10, 2017 at 5:17 AM, Jonathan Gazeley <
jonathan.gaze...@bristol.ac.uk> wrote:

> $staticifs = lookup({"name" => "::network::if::static", "value_type" =>
> "hash", "default_value" => "default"})


The failure implies that it cannot find a value for `network::if::static`
but your request is for `::network::if::static`. It may be trying to
normalize it and failing in an unexpectedly fatal manner; I'd try without
the `::` prepend (even if that's not the actual fix, it's the right format
for the request). It could also be confused between "hash" and 'Hash' which
is the actual type name. Finally, your default value is a String rather
than a Hash, not sure if it would explicitly complain about that when
falling back to the default or just decide it failed and give you that 'did
not find a value' result.

You could also try rewriting your query as `lookup('network::if::static',
Hash, unique, {default => true})` (or whatever you want your default hash
to look like) to clarify that the hash format isn't causing any issues or
confusion.

Since you are without a functioning puppetserver, you may want to get on
irc or slack for some realtime assistance.

Rob Nelson
rnels...@gmail.com

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAC76iT9%2BNHZeOVNdWMQHm7RS7MZtLiX1Z3%2BZJx4D9c%2BF-EGxzQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Over-engineering rant

[Rob Nelson]

I would argue that it's when you break steps 1-3 down into implementation
details that it becomes confusing for many. If you've done it before, it's
trivial; if it's your first time, it can be hairy.


Rob Nelson
rnels...@gmail.com

On Tue, Jan 10, 2017 at 9:16 AM, Trevor Vaughan <tvaug...@onyxpoint.com>
wrote:

> Actually, from an automation point of view, this is pretty trivial.
>
> Step 1) Create new CA (preserving old CA trust) X number of days prior to
> expiration
> Step 2) Pass out both CA trust roots to all systems
> Step 3) Start a re-signing party using the fact that you already have a
> bi-directional trust in place
> Step 4) Let the old CA certificate gracefully expire and remove it
> whenever you like (nothing will trust it anyway)
>
> That's pretty much it.
>
> For traditional *NIX applications using a CAPath approach, this is trivial.
>
> As long as you have a valid CA in your CAPath, you can roll over
> certificates with ease.
>
> Trevor
>
> On Mon, Jan 9, 2017 at 9:04 PM, Rob Nelson <rnels...@gmail.com> wrote:
>
>> I think certificate handling is a valid critique of puppet's security
>> implementation. Running a public key infrastructure of any sort is
>> difficult. Things like expired CAs and a lack of intermediate signing CAs
>> does expose puppet administrators who are lacking those fairly rare skill
>> sets to some difficult potential issues. I don't want to run a CA, mostly
>> because I've had to run one before. Many people would also like to extend
>> the expiration to more than 5 years, but don't find out about this issue
>> until 4.5 years in. Whoops :)
>>
>> It's just that the fix isn't agents automatically accepting new CAs. In
>> the example given of bringing a new CA online, the issue isn't that the
>> client would be missing a copy of the original CA signatures, but that
>> there's no way to verify the new CA is related to the old CA. This
>> constitutes a pretty high security risk with a decent probability for
>> exploitation - and not just by external parties, it would be easy to DoS
>> your agents during a failed migration or by testing with vagrant or
>> additional VMs by forgetting to change DNS/IPs or a dozen other simple
>> things to miss. Any improvement here probably ends up being relatively
>> complex to ensure risks remain low.
>>
>> It would be much more reasonable to have an extremely long lived CA and
>> some intermediate CAs. This is supported by puppet, but only I believe with
>> an external CA setup (https://docs.puppet.com/puppe
>> t/latest/config_ssl_external_ca.html) - again, not something most of us
>> should probably be doing. I don't know that there's a great way to handle
>> this for the masses, unless Puppet wants to become a CA and sign
>> intermediates for us ;)
>>
>> On Mon, Jan 9, 2017 at 7:18 PM John Gelnaw <jgel...@gmail.com> wrote:
>>
>>> since the agent has, in theory, a valid copy of the original CA which it
>>> can use to validate the connection.
>>>
>> --
>> Rob Nelson
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to puppet-users+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit https://groups.google.com/d/ms
>> gid/puppet-users/CAC76iT_2XN3vaZKrpzsrXOzkT%2B4_3P82ZZWkipig
>> m8%3D%3DXew9ZA%40mail.gmail.com
>> <https://groups.google.com/d/msgid/puppet-users/CAC76iT_2XN3vaZKrpzsrXOzkT%2B4_3P82ZZWkipigm8%3D%3DXew9ZA%40mail.gmail.com?utm_medium=email_source=footer>
>> .
>>
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
>
> --
> Trevor Vaughan
> Vice President, Onyx Point, Inc
> (410) 541-6699 x788 <(410)%20541-6699>
>
> -- This account not approved for unencrypted proprietary information --
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/puppet-users/CANs%2BFoVhHTsauG_gA_fODFXWYAoj9McHuvLk5ikOC%
> 3DoReFd35Q%40mail.gmail.com
> <https://groups.google.com/d/msgid/puppet-users/CANs%2BFoVhHTsauG_gA_fODFXWYAoj9McHuvLk5ikOC%3DoReFd35Q%40mail.gmail.com?utm_medium=email_source=footer>
> .
>
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAC76iT-EdpmHgARsA4HQ6YTgCug9MF%3DMng-K2VO6X6rZwowe1w%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Over-engineering rant

[Rob Nelson]

I think certificate handling is a valid critique of puppet's security
implementation. Running a public key infrastructure of any sort is
difficult. Things like expired CAs and a lack of intermediate signing CAs
does expose puppet administrators who are lacking those fairly rare skill
sets to some difficult potential issues. I don't want to run a CA, mostly
because I've had to run one before. Many people would also like to extend
the expiration to more than 5 years, but don't find out about this issue
until 4.5 years in. Whoops :)

It's just that the fix isn't agents automatically accepting new CAs. In the
example given of bringing a new CA online, the issue isn't that the client
would be missing a copy of the original CA signatures, but that there's no
way to verify the new CA is related to the old CA. This constitutes a
pretty high security risk with a decent probability for exploitation - and
not just by external parties, it would be easy to DoS your agents during a
failed migration or by testing with vagrant or additional VMs by forgetting
to change DNS/IPs or a dozen other simple things to miss. Any improvement
here probably ends up being relatively complex to ensure risks remain low.

It would be much more reasonable to have an extremely long lived CA and
some intermediate CAs. This is supported by puppet, but only I believe with
an external CA setup (
https://docs.puppet.com/puppet/latest/config_ssl_external_ca.html) - again,
not something most of us should probably be doing. I don't know that
there's a great way to handle this for the masses, unless Puppet wants to
become a CA and sign intermediates for us ;)

On Mon, Jan 9, 2017 at 7:18 PM John Gelnaw <jgel...@gmail.com> wrote:

> since the agent has, in theory, a valid copy of the original CA which it
> can use to validate the connection.
>
-- 
Rob Nelson

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAC76iT_2XN3vaZKrpzsrXOzkT%2B4_3P82ZZWkipigm8%3D%3DXew9ZA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] 2016.4.2 puppet enterprise

[Rob Nelson]

Live Management was deprecated back in PE3.8 and I don't believe it has
returned. PE3 support expired on 1/1/2017. I would hope it's not on the
test because of that, even if it's still in some study guides.


Rob Nelson
rnels...@gmail.com

On Mon, Jan 9, 2017 at 10:34 AM, Ryan Vande <vandelin...@gmail.com> wrote:

> I have installed puppet enterprise 2016.4.2 and am using the free ten
> nodes license.
>
> I am studying for the ppt-204 and have seen questions related to live
> management.
>
> I have searched high / low / left / right , where do live management go?
>
> All examples shown for live management show that is available through the
> console, I don't see it !
>
> Is this depreciated? is 2016.4.2 not an actual enterprise version? or is
> it a knocked down version where all features are not available unless it is
> paid for?
>
>
> Thank you
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/puppet-users/4fb636ea-ba25-485a-b1fd-3e9edf5a73c5%40googlegroups.com
> <https://groups.google.com/d/msgid/puppet-users/4fb636ea-ba25-485a-b1fd-3e9edf5a73c5%40googlegroups.com?utm_medium=email_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAC76iT8BowwSeD6j1z%2BVqQQrxP%3DW_dyumrxS4RXw8g5DGrmD0Q%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Over-engineering rant

[Rob Nelson]

There are a lot of very valid issues and concerns you bring up here. I do
want to start by saying, however, that puppet 4 is more than 6 months old -
about 20 months to be precise - and most of the significant language
changes were introduced somewhat earlier in the future parser in puppet 3.
These changes should be easier to take in for sure, but that is at least 3x
more to catch up on. I hope that doesn't sound like a harsh response, but I
think it's more accepted that after 1.5-2 years, most moving projects will
require significant re-learning.

Re: ntp module. Puppet supports a ton of operating systems and most of us
only run a handful. The module is more complex than any one person usually
needs, but it also addresses everyone's needs. From a user perspective,
though, it's pretty simple to just `include ntp` unless you want something
nonstandard. I think most modules are written this way, certainly the best
ones are. Data in modules is an approach to try and reduce the complexity
of the code and retain the support for a wide array of operating systems.
As a fellow module author, I am struggling somewhat with this myself. There
are some good articles about this but I would love to see even more
explanations and examples of how to convert from puppet 3 style to data in
modules, everyone learns differently.

On Travis CI, are you seeing failures related to puppet or dependencies? If
it's ruby, I have many feels that I can't share publicly. But the summary
is, it's a crapshoot what dependency will break today. I've started setting
up Travis Cron Jobs for this, so nightly builds occur before my once a
month PR that goes red. My best suggestion is to take a look at Vox
Pupuli's modulesync configs, or the dynamically generated .travis.yml in a
repo, to keep apprised of what Gemfile settings work. Links:

https://rnelson0.com/2016/12/15/scheduling-regular-travis-ci-builds-with-cron-jobs/
https://github.com/voxpupuli/modulesync_config/blob/d4e999bf434dd220614b80c108f7221eb5f3c1db/config_defaults.yml#L18-L56
https://github.com/voxpupuli/puppet-archive/blob/master/Gemfile

For remote agent runs, I think that is a very interesting idea. While it
has some security implications (agent->master port 8140 vs compile->agent
port 22) and fact collection would not work as-is, it could be very
useful.I wonder if the `puppet device` face could be either adjusted for
that or a base for experimentation?

I tend to agree on difficulties with mcollective as orchestration, but I
haven't found an orchestration tool that has been simple. Ansible has its
issues, too. I just don't think use of another tool is horrible, though.
The combination of modules like puppet_agent to upgrade puppet or other
components on agents and PQL to query puppet and application orchestration
to direct action on PQL results looks to be an appealing combination of
puppet-only tools. I've only gotten to play with the modules portion and
hope to play with PQL and AO soon to see how realistic that assessment is.

If your Travis issues are with puppet itself, can you share some details?
On Sat, Jan 7, 2017 at 9:00 PM Jakov Sosic  wrote:

> Hi guys,
>
>
> this is maybe a topic better suited for -dev list, but, well, here goes.
> T time.
>
>
> I've been using puppet heavily for 3-4 years, up until version 4, now
>
> I'm mostly maintaining my own open source modules.
>
>
>
> What stumped me lately is the amount of changes that are happening.
>
>
>
>
>
> Every week/two-weeks I do some code changes, and since I tried adding
>
> some of the spec tests through TravisCI, I've encountered errors about
>
> `validate_string` being obsoleted.
>
>
>
> Then, looking deeper into the rabbit hole. I've encountered this:
>
>
>
> https://github.com/puppetlabs/puppetlabs-ntp/blob/master/manifests/init.pp
>
>
>
> And I was shocked... :D WTF just happened? :D
>
>
>
>
>
>
>
> It's becoming overwhelming to follow all these changes even for a puppet
>
> veteran, what about newcomers?
>
>
>
> I've been using ansible for a year due to requirements in my new
>
> position, and I've been gaining understanding why is puppet seemingly
>
> losing ground vs other CM tools. It's like the puppet has become a
>
> purpose of it's own, and not a tool to solve actual problems...
>
>
>
> Don't get me wrong, I did survive migration from sysv to SMF, sysv to
>
> systemd, mmap to wiredtiger, and gazilion other changes, and I'm not
>
> some old grumpy guy :) But... coming back to a tool after 6 months of
>
> absence and finding that I have difficulties reading and understanding
>
> code? Doesn't really make sense...
>
>
>
> And, on the other hand - all this complexity to manage a NTP?
>
>
>
>
>
> And again - there are features that are really lacking - for example:
>
>
>
> 1) Remote agent runs, meaning:
>
> - local puppet compiling manifest
>
> - ssh-ing into a box, scp-ing all the needed shit
>
> - applying catalog over there
>
>
>
> This would eliminate a need for 

Re: [Puppet Users] making manifest puppet 4 aware

[Rob Nelson]

With puppet4 showing up in vendor repos, is it safe to assume those
versions will not have an aio_agent_version fact?


Rob Nelson
rnels...@gmail.com

On Thu, Jan 5, 2017 at 1:37 PM, Gabriel Schuyler <g...@puppet.com> wrote:

> Hey Vince, the $::aio_agent_version fact only exists on Puppet 4.  So,
> I've used its existence in the past to determine whether to use a Puppet 3
> or 4 code block.  Just wrap your Puppet 4 code block in a conditional that
> checks for the existence of the fact.
>
> HTH,
> Gabe
>
> On Thursday, January 5, 2017 at 9:10:52 AM UTC-8, Vince Skahan wrote:
>>
>> On Thursday, January 5, 2017 at 3:49:54 AM UTC-8, Martin Alfke wrote:
>>
>>> You can use the fact puppetversion in you rmanifests.
>>>
>>> if versioncmp(‘3’, $::puppetversion) < 0 {
>>>   # puppet 4
>>> } else {
>>>   # puppet 3
>>> }
>>>
>>>
>> There is no such fact on a PE 2016.4.2 client or server:
>>
>> aio_agent_version => 1.7.1
>> augeas => {
>>   version => "1.4.0"
>> }
>> facterversion => 3.4.1
>>
>>
>> There is different stuff on a PE 3.7.2 server and client:
>>
>> augeasversion => 1.2.0
>> facterversion => 2.2.0
>> puppetversion => 3.7.2 (Puppet Enterprise 3.7.0)
>>
>>
>> Only thing I can think of is looking for puppetversion, and if it's there
>> strip off everthing and see if it starts with a '3', but heaven knows what
>> crazy versioning semantics PuppetLabs will throw at us looking forward, so
>> I don't know if that'll be a stable way to do it or not
>>
>>
>> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/puppet-users/a18ed67e-9fb7-4f45-a768-5e70470a2c41%40googlegroups.com
> <https://groups.google.com/d/msgid/puppet-users/a18ed67e-9fb7-4f45-a768-5e70470a2c41%40googlegroups.com?utm_medium=email_source=footer>
> .
>
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAC76iT9fMN8nrLi3UPEKgTTAHjg%3DqNptot6W7-v5MWLoOJ%2BoRg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] making manifest puppet 4 aware

[Rob Nelson]

I see that fact populated across the board on my PE nodes

[image: Inline image 1]

Running PE 2016.4.2 on the master but in the process of upgrading all the
nodes now.


Rob Nelson
rnels...@gmail.com

On Thu, Jan 5, 2017 at 12:10 PM, Vince Skahan <vinceska...@gmail.com> wrote:

> On Thursday, January 5, 2017 at 3:49:54 AM UTC-8, Martin Alfke wrote:
>
>> You can use the fact puppetversion in you rmanifests.
>>
>> if versioncmp(‘3’, $::puppetversion) < 0 {
>>   # puppet 4
>> } else {
>>   # puppet 3
>> }
>>
>>
> There is no such fact on a PE 2016.4.2 client or server:
>
> aio_agent_version => 1.7.1
> augeas => {
>   version => "1.4.0"
> }
> facterversion => 3.4.1
>
>
> There is different stuff on a PE 3.7.2 server and client:
>
> augeasversion => 1.2.0
> facterversion => 2.2.0
> puppetversion => 3.7.2 (Puppet Enterprise 3.7.0)
>
>
> Only thing I can think of is looking for puppetversion, and if it's there
> strip off everthing and see if it starts with a '3', but heaven knows what
> crazy versioning semantics PuppetLabs will throw at us looking forward, so
> I don't know if that'll be a stable way to do it or not
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/puppet-users/40b50b46-a526-47f8-98e7-134005824ee1%40googlegroups.com
> <https://groups.google.com/d/msgid/puppet-users/40b50b46-a526-47f8-98e7-134005824ee1%40googlegroups.com?utm_medium=email_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAC76iT921FVkrPboQ9XhSL%2BaDof2oYF94Z%2B4_XVC6HwpKjOqwg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Issue using NFS directories as environments in Puppet 4

[Rob Nelson]

Does this happen if you use a symlink to a local file system location? dev
-> /tmp/dev for example?

On Tue, Jan 3, 2017 at 4:32 AM PK <p.karni...@gmail.com> wrote:

> Hi All,
>
> I seem to be running into an issue when I try to use
>
> environments in my test Puppet 4 setup. I am in the process of migrating
>
> from Puppet 3 to Puppet 4.
>
> puppetserver version: 2.7.2
> puppet agent: 4.8.1
> Server is running CentOS Linux release 7.3.1611
>
> If
>
> I create local directories
>
> /etc/puppetlabs/code/environments/{dev,production} and populate it with
>
> all my Puppet related files, everything works fine. However, if I copy
>
> the same files over to a NFS share mounted at a different location and
>
> then create a symlink from /etc/puppetlabs/code/environments/dev to that
>
> new location, puppet agent doesn't like it and errors out.
>
> [root] pwd
> /etc/puppetlabs/code/environments
> [root]# ll
> lrwxrwxrwx 1 root root 23 Jan  2 14:21 dev -> /ln/systems/puppet4/dev
>
> Errors on the client while running puppet agent -t:
> Error:
>
> Could not retrieve catalog from remote server: Find
>
> /puppet/v3/catalog/
> hostname.com?environment=dev_format=pson=%257B%2522name%...
>
> resulted in 404 with the message: {"message":"Not Found: Could not find
>
> environment 'dev'","issue_kind":"RUNTIME_ERROR"}
>
> Puppetserver errors:
> 2017-01-02 14:26:12,505 INFO  [qtp1908253991-68] [puppetserver] Puppet Not
> Found: Could not find environment 'dev'
>
> This same setup (symlink to a NFS share) works perfectly fine with our
> current Puppet 3.7.5
>
> I also tried mounting the NFS share directly at
> /etc/puppetlabs/code/environments, but that doesn't work either.
>
> Has someone seen this before? Am I missing something?
>
> Thanks!
> PK
>
>
>
>
>
>
>
>
> --
>
>
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
>
>
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
>
>
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/01451c04-cbb4-418a-a138-8a0b4ffa581b%40googlegroups.com
> <https://groups.google.com/d/msgid/puppet-users/01451c04-cbb4-418a-a138-8a0b4ffa581b%40googlegroups.com?utm_medium=email_source=footer>
> .
>
>
> For more options, visit https://groups.google.com/d/optout.
>
>
> --
Rob Nelson

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAC76iT_fQ3zZ99CeySZ%2B_pfQHGSxDO%2BfcbkPBcTQ3U_Q%3Dvwarw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: Array Iteration for Community Edition of Puppet(3.8)

[Rob Nelson]

Yes, puppetserver 1 was included with later versions of puppet Enterprise
3.x; puppetserver 2 is included with open source and enterprise editions of
puppet 4. I think puppetserver 2.7.2 would align with Puppet 4.7.2 but
you'd want to double check that for the exact minor version.

On Mon, Jan 2, 2017 at 2:52 PM Joe <09cic...@gmail.com> wrote:

> Yes I am also an RPM man and only chose this route because I thought the
> correct path was puppet with passenger, but reading the docs now I see that
> puppet-passenger is not the path going forward and puppetserver is the way
> now. I installed puppetserver 2.7.2-1puppetlabs1. Is this "puppet 4"?
>
> I am a few days into puppet and so I am a bit confused.
>
>
> Thanks again
>
> On Saturday, December 31, 2016 at 10:05:49 PM UTC-7, Joe wrote:
>
> Hi All
>
> Puppet v3.8.7 community on Ubuntu 14 LTS
>
> I have been attempting to write a class to use the "file_line" type
> reference from the stdlib library to add multiple lines to a file if these
> lines are not present.
> I was attempting to do this with iteration using the each function and
> tried with static and Hiera arrays. After a few hours of failure I came
> across the docs for Puppet Enterprise that say this iteration capability
> was introduced in Puppet 4.
>
> It looks like this, testdefs is an array in Hiera defined in the nodes
> yaml config
>
>  each($testdefs) |$hline| {
>file_line { 'Append a line to /etc/testfile':
>   ensure => present,
>   line  => "$hline",
>path=> '/etc/testfile',
> }
> }
>
> To be clear I am trying to..
> iterate through a Hiera array
> pass each array member to the file_line type
> append this member to a file if it does not exist.
>
> Is there a way to do this with Puppet 3.x or should I just make a static
> class with multiple file_line types?
>
> Thanks
>
>
>
>
>
>
>
>
>
>
> --
>
>
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
>
>
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
>
>
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/ed595ac4-36f0-46e3-8b9c-dd2e0043168f%40googlegroups.com
> <https://groups.google.com/d/msgid/puppet-users/ed595ac4-36f0-46e3-8b9c-dd2e0043168f%40googlegroups.com?utm_medium=email_source=footer>
> .
>
>
> For more options, visit https://groups.google.com/d/optout.
>
>
> --
Rob Nelson

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAC76iT9kVKB7YkjzWA6RY3SNR1c%2B2X_cgK_0EFE-%3DMai-eXbMQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: Array Iteration for Community Edition of Puppet(3.8)

[Rob Nelson]

That looks like it.
https://docs.puppet.com/puppet/4.8/install_linux.html#for-apt-based-systems
Specifically handles installation for apt; I'm a die hard rpm fan so I
can't help beyond that link, sorry.

On Mon, Jan 2, 2017 at 1:25 PM Joe <09cic...@gmail.com> wrote:

> Thanks for the heads up Rob. I am using this repository from puppetlabs.
> puppetlabs-release-pc1-trusty.deb
>
> In this repository the latest is 3.8.7. You mentioned puppet releases
> puppet-agent and puppetserver version 4 in PC1. Even when I manually look
> in the repo there is no trace of puppetmaster 4 or puppet-agent 4. I
> manually browsed the main and PC1 package lists and I don't see the
> puppetmaster 4 or puppet-agent 4, probably I am missing something. Do you
> know where I can find the packages?
>
> On docs.puppet.com I find the links for upgrading from 3 to 4, is this
> the recommended material for upgrading?
>
>
>- *Upgrade: From Puppet 3.x*
>
>- Get upgrade-ready
>   <https://docs.puppet.com/puppet/4.8/upgrade_major_pre.html>
>   - Upgrade Puppet Server and PuppetDB
>   <https://docs.puppet.com/puppet/4.8/upgrade_major_server.html>
>   - Upgrade 3.x agents
>   <https://docs.puppet.com/puppet/4.8/upgrade_major_agent.html>
>   - Updating 3.x manifests for Puppet 4.x
>   <https://docs.puppet.com/puppet/4.8/lang_updating_manifests.html>
>   - Post-upgrade clean-up
>   <https://docs.puppet.com/puppet/4.8/upgrade_major_post.html>
>
>
>
> Thanks again
>
>
> On Saturday, December 31, 2016 at 10:05:49 PM UTC-7, Joe wrote:
>
> Hi All
>
> Puppet v3.8.7 community on Ubuntu 14 LTS
>
> I have been attempting to write a class to use the "file_line" type
> reference from the stdlib library to add multiple lines to a file if these
> lines are not present.
> I was attempting to do this with iteration using the each function and
> tried with static and Hiera arrays. After a few hours of failure I came
> across the docs for Puppet Enterprise that say this iteration capability
> was introduced in Puppet 4.
>
> It looks like this, testdefs is an array in Hiera defined in the nodes
> yaml config
>
>  each($testdefs) |$hline| {
>file_line { 'Append a line to /etc/testfile':
>   ensure => present,
>   line  => "$hline",
>path=> '/etc/testfile',
> }
> }
>
> To be clear I am trying to..
> iterate through a Hiera array
> pass each array member to the file_line type
> append this member to a file if it does not exist.
>
> Is there a way to do this with Puppet 3.x or should I just make a static
> class with multiple file_line types?
>
> Thanks
>
>
>
>
>
>
>
>
>
>
> --
>
>
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
>
>
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
>
>
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/362627c8-55eb-45e3-9410-696dd0283f96%40googlegroups.com
> <https://groups.google.com/d/msgid/puppet-users/362627c8-55eb-45e3-9410-696dd0283f96%40googlegroups.com?utm_medium=email_source=footer>
> .
>
>
> For more options, visit https://groups.google.com/d/optout.
>
>
> --
Rob Nelson

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAC76iT9xRywwiq8R8bXyeGUZnuNnbKvn_YxtfJuu48bA3-Jkqw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: Array Iteration for Community Edition of Puppet(3.8)

[Rob Nelson]

Be aware that all vendor support for Puppet 3 ended at the end of 2016, and
Puppet provides their own packages (puppet-agent and puppetserver in PC1
replace the older puppet/puppetmaster combo) so you don't have to wait on
Debian. While you should plan your upgrade with care, the lack of any
support should be a motivating factor to start planning immediately instead
of waiting on a third party who isn't negatively affected by waiting, like
you are.

On Sun, Jan 1, 2017 at 4:07 PM Joe <09cic...@gmail.com> wrote:

> Thanks R.I.
>
> So iteration works with 3.8x with future parser. I am going to avoid 4
> until Debian builds it into their repositories.
>
> So iteration works but not with file_line..
>
> Here is the code.
>
> hiera array
> mod1::testdefs:
>   - 'hello'
>   - 'there'
>   - 'friends'
> ##mod1  init.pp
>
> each($testdefs) |$hline| {
>file_line { 'Append a line to /etc/testfile':
>   ensure => present,
>   line  => $hline,
>path=> '/etc/testfile',
> }
> }
>
>
> ##error is this
> Error: Could not retrieve catalog from remote server: Error 400 on SERVER:
> Evaluation Error: Error while evaluating a Resource Statement, Duplicate
> declaration: File_line[Append a line to /etc/testfile] is already declared
> in file /etc/puppet/environments/test/modules/mod1/manifests/init.pp:48;
> cannot redeclare at
> /etc/puppet/environments/test/modules/mod1/manifests/init.pp:48
>
> I tried putting the loop in the file_line type but that throws another
> error since it is not acceptable to file_line.
>
> Is there any way around this that you guys are aware of?
>
> Thanks
>
>
> On Saturday, December 31, 2016 at 10:05:49 PM UTC-7, Joe wrote:
>
> Hi All
>
> Puppet v3.8.7 community on Ubuntu 14 LTS
>
> I have been attempting to write a class to use the "file_line" type
> reference from the stdlib library to add multiple lines to a file if these
> lines are not present.
> I was attempting to do this with iteration using the each function and
> tried with static and Hiera arrays. After a few hours of failure I came
> across the docs for Puppet Enterprise that say this iteration capability
> was introduced in Puppet 4.
>
> It looks like this, testdefs is an array in Hiera defined in the nodes
> yaml config
>
>  each($testdefs) |$hline| {
>file_line { 'Append a line to /etc/testfile':
>   ensure => present,
>   line  => "$hline",
>path=> '/etc/testfile',
> }
> }
>
> To be clear I am trying to..
> iterate through a Hiera array
> pass each array member to the file_line type
> append this member to a file if it does not exist.
>
> Is there a way to do this with Puppet 3.x or should I just make a static
> class with multiple file_line types?
>
> Thanks
>
>
>
>
>
>
>
>
>
>
> --
>
>
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
>
>
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
>
>
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/4912ca68-64e4-48d7-906e-923b70aabaa3%40googlegroups.com
> <https://groups.google.com/d/msgid/puppet-users/4912ca68-64e4-48d7-906e-923b70aabaa3%40googlegroups.com?utm_medium=email_source=footer>
> .
>
>
> For more options, visit https://groups.google.com/d/optout.
>
>
> --
Rob Nelson

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAC76iT9wa6R9Bo03tt52zbjaFH1L9-BC2iTyYZOvo%3D-byqAE7Q%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: Puppet3 | hiera | role -> Problem role/mysql.yaml not used -> example from rnelson0.com with mysql

[Rob Nelson]

It looks like a great start to me. Glad the howto helped!

On Wed, Dec 28, 2016 at 8:52 AM Denny Fuchs <denny.schi...@gmail.com> wrote:

> Hi Rob,
>
> I got it working :-) I don't know at this time, if the layout is quite OK,
> but for the moment 
>
> hieradata/node/mon.example.com.yaml
> hieradata/role/mon.yaml
> hieradata/global.yaml
>
>
>
> thanks a lot for the great help :-)
>
> I used also the role/profile howto from you :-)
>
> cu denn
>
>
>
>
>
>
>
>
> --
>
>
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
>
>
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
>
>
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/06466f47-ef76-40d9-b61c-a99e3ac01f3e%40googlegroups.com
> <https://groups.google.com/d/msgid/puppet-users/06466f47-ef76-40d9-b61c-a99e3ac01f3e%40googlegroups.com?utm_medium=email_source=footer>
> .
>
>
> For more options, visit https://groups.google.com/d/optout.
>
>
> --
Rob Nelson

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAC76iT_4Pp1ZRbBE7vu8Lfm6epJ%3D%3DC6rwW_-%3DyP0A5YJWGTDbA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: Puppet3 | hiera | role -> Problem role/mysql.yaml not used -> example from rnelson0.com with mysql

[Rob Nelson]

Adding the fact to a module is a recommended method, which is what you are
doing. That file will get synced to a client first, then facts are
collected, then the catalog is generated using those facts, so this ensures
the correct order of operations.

The only thing you may want to tweak is what module the fact is in. I put
most of mine in my profile module since that's part of my controlrepo, but
you could make a personal_facts module if you wanted to consolidate
multiple custom facts in one place. I wouldn't prematurely optimize this,
it's easy to change later.

On Tue, Dec 27, 2016 at 10:34 AM Denny Fuchs <denny.schi...@gmail.com>
wrote:

> hi,
>
> thanks for the reply :-)
>
> I added a custom fact via modules/role/lib/facter/role.rb
>
> Facter.add(:role) do
>setcode do
>  host = Facter.value(:fqdn)
>  declared_role = Facter.value(host)
>  declared_role.nil? ? 'base' : declared_role
>end
> end
>
> I copied that piece of code and it works, if I change "base" to
> "mysql_server". In the end, I can execute on the mon.example.com "facter
> -p role" and I get "mysql_server" back. So far so good. I saw many examples
> how to set the fact, but mostly I dislike them (e.g. create file
> /etc/system_role ... hardcoded in the Facter.add  ). What I miss: how
> can I set the fact (role in my case) via hiera, or via node manifest ?
>
>
> cu denny
>
>
>
>
>
>
>
>
> --
>
>
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
>
>
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
>
>
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/2840db66-1c91-43c9-8e96-47f52b38f7e6%40googlegroups.com
> <https://groups.google.com/d/msgid/puppet-users/2840db66-1c91-43c9-8e96-47f52b38f7e6%40googlegroups.com?utm_medium=email_source=footer>
> .
>
>
> For more options, visit https://groups.google.com/d/optout.
>
>
> --
Rob Nelson

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAC76iT_XWnDqK4Hzx-F49tcjYMpjvcfGRwo%2BVKhsLM3f1xiF7w%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: Puppet3 | hiera | role -> Problem role/mysql.yaml not used -> example from rnelson0.com with mysql

[Rob Nelson]

I guess the next step is to try and run puppet master service in debug
mode. I haven't done that in forever and certainly not on v3. It looks like
https://docs.puppet.com/puppet/latest/services_master_webrick.html#run-puppet-master-on-the-command-line
may be helpful there. You can also check on the agent with `facter -p role`
to make sure it's receiving the role correctly through your custom fact.


Rob Nelson
rnels...@gmail.com

On Wed, Dec 21, 2016 at 2:21 PM, Denny Fuchs <denny.schi...@gmail.com>
wrote:

>
> hi,
>
> yep, restarting after every change.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/puppet-users/c1bc2d00-8c3e-411f-b8be-cf1136ddc320%40googlegroups.com
> <https://groups.google.com/d/msgid/puppet-users/c1bc2d00-8c3e-411f-b8be-cf1136ddc320%40googlegroups.com?utm_medium=email_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAC76iT-DmiADL%2B1FORxP0n9opc5s22tbqCMfdERa0Hxt3n8hzg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: Puppet3 | hiera | role -> Problem role/mysql.yaml not used -> example from rnelson0.com with mysql

[Rob Nelson]

Starting with the simplest of solutions, have you restarted the master
service after updating hiera.yaml? If not, it may be using an older
in-memory version of hiera.yaml.


Rob Nelson
rnels...@gmail.com

On Wed, Dec 21, 2016 at 1:16 PM, Denny Fuchs <denny.schi...@gmail.com>
wrote:

>
> hi Rob,
>
> I had to use a slightly different   command:
>
> hiera -c /etc/puppet/hiera.yaml mysql::server::backup::backupuser
> environment=test ::role=mysql_server --debug
>
> [...]
> DEBUG: 2016-12-21 19:14:39 +0100: Hiera JSON backend starting
> DEBUG: 2016-12-21 19:14:39 +0100: Looking up mysql::server::backup::
> backupuser in JSON backend
> DEBUG: 2016-12-21 19:14:39 +0100: Looking for data source role/
> mysql_server
> DEBUG: 2016-12-21 19:14:39 +0100: Cannot find datafile /etc/puppet/hiera/
> role/mysql_server.json, skipping
> DEBUG: 2016-12-21 19:14:39 +0100: Looking for data source common
> DEBUG: 2016-12-21 19:14:39 +0100: Cannot find datafile /etc/puppet/hiera/
> common.json, skipping
> DEBUG: 2016-12-21 19:14:39 +0100: Hiera YAML backend starting
> DEBUG: 2016-12-21 19:14:39 +0100: Looking up mysql::server::backup::
> backupuser in YAML backend
> DEBUG: 2016-12-21 19:14:39 +0100: Looking for data source role/
> mysql_server
> DEBUG: 2016-12-21 19:14:39 +0100: Found mysql::server::backup::backupuser
> in role/mysql_server
> dbbackup
>
>
> So, that seems to be working, so something else must be wrong in my config
> files.
>
> cu denny
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/puppet-users/68e1bc79-6709-47a3-a3e3-7a9cbd483a84%40googlegroups.com
> <https://groups.google.com/d/msgid/puppet-users/68e1bc79-6709-47a3-a3e3-7a9cbd483a84%40googlegroups.com?utm_medium=email_source=footer>
> .
>
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAC76iT-1v0vgZ1tyLnh9x8FTagT4M%2B-rFDSwNUn%3DfUdVw34usg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: Puppet3 | hiera | role -> Problem role/mysql.yaml not used -> example from rnelson0.com with mysql

[Rob Nelson]

Denny,

Have you tried using the hiera command line utility to see what it returns 
for that key? `hiera mysql::server::backup::backupuser 
::environment=production ::role=mysql --trace` should provide some clues as 
to how hiera is behaving and if it can find the right files. If that 
doesn't find anything, try `environment` and/or `role` (without the ::) as 
hiera does not normalize that, and sometimes it doesn't behave the way you 
would expect. You can also try looking up a key that is present in 
`common.yaml`, just to make sure you have the syntax right.

On Wednesday, December 21, 2016 at 11:37:38 AM UTC-5, Denny Fuchs wrote:
>
> hi,
>
> I try to understand the example from 
> https://rnelson0.com/2015/02/02/deploying-mysql-with-puppet-without-disabling-selinux/comment-page-1/
>  
> with MySQL.
>
> At this moment, most parts are working, except role/mysql.yaml . It seems, 
> that this file isn't noticed by hiera/puppet:
>
> :yaml:
>   :datadir: "/etc/puppet/environments/%{environment}/hieradata"
>
> :hierarchy:
>   - "node/%{::fqdn}"
>   - "role/%{::role}"
>   - "profile/%{::profile}"
>   - "operatingsystem/%{::operatingsystem}/%{::operatingsystemmajrelease}"
>   - "operatingsystem/%{::operatingsystem}"
>   - "osfamily/%{::osfamily}"
>   - "datacenter/%{::datacenter}"
>   - "virtual/%{::is_virtual}"
>   - common
>
>
> All other files are copied from the above example, except: 
> hiera/puppet_role/ -> hieradata/role/
>
> The problem is (puppet agent -t on the example host):
>
> Error: Could not retrieve catalog from remote server: Error 400 on SERVER: 
> Must pass backupuser to Class[Mysql::Server::Backup] at 
> /opt/puppet/environments/test/modules/profile/manifests/mysql/server.pp:12 
> on node mon.example.com
> Warning: Not using cache on failed catalog
> Error: Could not retrieve catalog; skipping run
>
> What is wrong, so that 
> /opt/puppet/environments/test/hieradata/role/mysql.yaml isn't working on 
> the Puppet master.
>
>- ./manifests/site.pp
>
> hiera_include('classes', '')
> node default {
>   $role = hiera('role')
>   include $role
> }
>
>- manifests/mon.example.com.pp
>
> node 'mon.example.com' {
>   include  role::mysql_server
> }
>
>
>- ...test/hieradata/node/mon.example.com.yaml
>
> # Mon
> ---
> classes: apt
> apt::mirror: http://debianmirror.example.bla/pub/linux/debian/debian/
> apt::source: true
>
> ---
> mysql::server::override_options :
>   'client':
> [...]
>
>
>
> Puppet Version is 3.8.7-1puppetlabs1 on Debian 7.11
>
>
> Any suggestions?
>
>
> cu denny
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/cba3bfe2-c136-48b1-8a03-80c37d00d27f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Exported resources in Puppet 4 without using PuppetDB?

[Rob Nelson]

Agreed: it's a service, you won't be playing with the Postgres nerd knobs
very much, if at all.

On Sun, Dec 18, 2016 at 2:46 PM Jo Rhett <jrh...@netconsonance.com> wrote:

> Consider listing PuppetDB as a single application, not as an app and
> database. Closed box, vendor integrated data management.
>
> On Fri, Dec 16, 2016 at 2:52 PM, Johnson Earls <darkfoxpr...@gmail.com>
> wrote:
>
> Hello all,
>
> I was just wondering - has anyone come across a plugin or something that
> would allow the use of exported resources in Puppet 4.x *without* using
> PuppetDB?  The company I work for has declared PostgreSQL taboo within the
> corporate network and so I cannot run PuppetDB, and the lack of exported
> resources is really starting to grate.  I'm hoping someone has seen
> something out there that can help solve this for me :)
>
> Thanks in advance,
> - Johnson
>
>
>
>
>
>
>
>
> --
>
>
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
>
>
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
>
>
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/95a0f132-7b41-4158-af41-8a9785646aa8%40googlegroups.com
> <https://groups.google.com/d/msgid/puppet-users/95a0f132-7b41-4158-af41-8a9785646aa8%40googlegroups.com?utm_medium=email_source=footer>
> .
>
>
> For more options, visit https://groups.google.com/d/optout.
>
>
>
>
>
>
>
>
>
>
>
> --
>
>
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
>
>
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
>
>
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/CABj%3DmDxLppsZPhcUSg_SAof%2BTxTPkZFi15SGcvLkmWNSAm9xRQ%40mail.gmail.com
> <https://groups.google.com/d/msgid/puppet-users/CABj%3DmDxLppsZPhcUSg_SAof%2BTxTPkZFi15SGcvLkmWNSAm9xRQ%40mail.gmail.com?utm_medium=email_source=footer>
> .
>
>
> For more options, visit https://groups.google.com/d/optout.
>
>
> --
Rob Nelson

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAC76iT_Lg7ts%2Bt3FN0B088ePmKLckuTLKLUMdYayD%2Be5_3XrAA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] A substring operation does not accept a String as a charachter index

[Rob Nelson]

I think it should be File[] (capital F) rather than file[] on line 6
On Fri, Dec 16, 2016 at 9:42 AM Andoreasu <api.os...@gmail.com> wrote:

> Hello together,
>
> we change from Puppet 3 to Puppet 4. In some of our Modules, we get Error
> message while the node is retrieving the catalog from the master server.
>
> It always said:
>
> Error: Could not retrieve catalog from remote server: Error 500 on SERVER:
> Serve
> r Error: Evaluation Error: Error while evaluating a Resource Statement,
> Evaluati
> on Error: A substring operation does not accept a String as a character
> index. E
> xpected an Integer at /etc/puppetlabs/code/environments/development/
> modules/inst
> all_oracle12cdriver/manifests/init.pp:6:19 on node testnode01.testdomain.
> de
> Warning: Not using cache on failed catalog
> Error: Could not retrieve catalog; skipping run
>
> Its hears a little bit likes this, but i dont see a solution...
> https://tickets.puppetlabs.com/browse/PUP-6480
>
> A module where this happens for example:
>
> class install_oracle12cdriver{
>
> package { 'oracle12cdriver':
> ensure => installed,
> provider => 'chocolatey',
> require => file['c:/Oracle', 'c:/Oracle/client.rsp'],
> source => 'http://choco01/chocorepo/chocolatey/',
> }
>
> file { 'c:/Oracle/client.rsp':
> source => 'puppet:///modules/install_oracle12cdriver/client.rsp',
> source_permissions => ignore,
> }
>
> file { 'c:/Oracle':
> ensure => 'directory',
> source_permissions => ignore,
> }
> }
>
>
> Does anyone know what i can do? Its totaly strange to me. In Puppet 3
> everything works fine.
>
> Thanks for any help
>
> best regards
>
>
>
>
>
>
>
>
>
> --
>
>
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
>
>
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
>
>
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/dddc2816-5f35-45cc-b61d-7fe0a033a090%40googlegroups.com
> <https://groups.google.com/d/msgid/puppet-users/dddc2816-5f35-45cc-b61d-7fe0a033a090%40googlegroups.com?utm_medium=email_source=footer>
> .
>
>
> For more options, visit https://groups.google.com/d/optout.
>
>
> --
Rob Nelson

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAC76iT9sffVSn8%2BAtQqhY3cLvTc1a0kP%2BA0bVo7%3DwxuWpuGx-w%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Urgent Help Required | Puppet run is dead slow

[Rob Nelson]

Harish,

I don't have any direct insight into your performance woes. But have you
investigated what changes were made in the past 7 days around the time your
issues began? I'm my experience, such issues are rarely spontaneous but a
result of a purposeful change somewhere in the system.

On Mon, Dec 12, 2016 at 11:34 AM Harish Kothuri <harishkoth...@gmail.com>
wrote:

> Hi,
>
> I have a puppet master v3.8.7 and having 300+ nodes running fine till last
> week.
>
> All the agents are running very slow since last week and sometimes it
> started complaining that puppet master is running on heavy load.
>
>
> Following is my master configuration details:
> Puppet : 3.8.7
> CentOS: 6.7 Final
> RAM : 32GB
>
> *processor   : 0*
> *vendor_id   : GenuineIntel*
> *cpu family  : 6*
> *model   : 44*
> *model name  : Intel(R) Xeon(R) CPU   X5690  @ 3.47GHz*
> *stepping: 2*
> *microcode   : 26*
> *cpu MHz : 3457.999*
> *cache size  : 12288 KB*
> *physical id : 0*
> *siblings: 2*
> *core id : 0*
> *cpu cores   : 2*
> *apicid  : 0*
> *initial apicid  : 0*
> *fpu : yes*
> *fpu_exception   : yes*
> *cpuid level : 11*
> *wp  : yes*
> *flags   : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge
> mca cmov pat pse36 clflush dts mmx fxsr sse sse2 ss ht syscall nx rdtscp lm
> constant_tsc arch_perfmon pebs bts xtopology tsc_reliable nonstop_tsc
> aperfmperf unfair_spinlock pni pclmulqdq ssse3 cx16 sse4_1 sse4_2 popcnt
> aes hypervisor lahf_lm ida arat epb dtherm*
> *bogomips: 6915.99*
> *clflush size: 64*
> *cache_alignment : 64*
> *address sizes   : 40 bits physical, 48 bits virtual*
> *power management:*
>
> *processor   : 1*
> *vendor_id   : GenuineIntel*
> *cpu family  : 6*
> *model   : 44*
> *model name  : Intel(R) Xeon(R) CPU   X5690  @ 3.47GHz*
> *stepping: 2*
> *microcode   : 26*
> *cpu MHz : 3457.999*
> *cache size  : 12288 KB*
> *physical id : 0*
> *siblings: 2*
> *core id : 1*
> *cpu cores   : 2*
> *apicid  : 1*
> *initial apicid  : 1*
> *fpu : yes*
> *fpu_exception   : yes*
> *cpuid level : 11*
> *wp  : yes*
> *flags   : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge
> mca cmov pat pse36 clflush dts mmx fxsr sse sse2 ss ht syscall nx rdtscp lm
> constant_tsc arch_perfmon pebs bts xtopology tsc_reliable nonstop_tsc
> aperfmperf unfair_spinlock pni pclmulqdq ssse3 cx16 sse4_1 sse4_2 popcnt
> aes hypervisor lahf_lm ida arat epb dtherm*
> *bogomips: 6915.99*
>
> *Error Details:*
>
> *Error 1:*
> Failed to generate additional resources using 'eval_generate': Error 503
> on SERVER: This website is under heavy loadWe're sorry, too
> many people are accessing this website at the same time. We're working on
> this problem. Please try again later.
>
> *Error 2:*
> Could not retrieve catalog from remote server: Error 400 on SERVER: Failed
> to submit 'replace facts' command for node.domain.com to PuppetDB at
> puppetmaster.domain.com:8081: Connection refused - connect(2)
>
> Also, attaching the puppet agent log with --debug enabled.
>
> Kindly help.
>
>
>
>
>
>
>
>
>
>
>
> --
>
>
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
>
>
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
>
>
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/bc165bf9-ab20-4a95-8785-1b804dcc2ce3%40googlegroups.com
> <https://groups.google.com/d/msgid/puppet-users/bc165bf9-ab20-4a95-8785-1b804dcc2ce3%40googlegroups.com?utm_medium=email_source=footer>
> .
>
>
> For more options, visit https://groups.google.com/d/optout.
>
>
> --
Rob Nelson

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAC76iT8GDFu2XcmbbdrbLAzx4gTaE9sbU224tVP5_TjG3XGR-w%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Problem with Puppet reinstalling Windows APPs

[Rob Nelson]

What I meant is that it was just 'Acrobat Reader' in v1-9, then it was
'Acrobat Reader X', then a series of other names before v15 became 'Acrobat
Reader DC'. It's a crapshoot every time they release a new version. This is
not fun when there isn't a chocolate package to use instead.

On Fri, Dec 9, 2016 at 10:07 AM Dirk Heinrichs <dirk.heinri...@recommind.com>
wrote:

>
>
> Am 09.12.2016 um 15:35 schrieb Rob Nelson:
>
>
>
>
>
>
>
> I think in this case it's an issue because Adobe puts
>
> version numbers in the product name - it's not Acrobat Reader
>
> anymore, it's Acrobat Reader DC or Acrobat Reader X, which leads
>
> to having to change two strings. Definitely not a fan of their
>
> versioning scheme.
>
>
>
>
>
>
> Nope. At least on my system, the name is "Adobe Acrobat Reader DC"
>
> and the version is "15.020.20042". However, you're right in that
>
> some packages add the version to the name, for example Git for
>
> Windows, where the name looks like "Git version 2.11.0". In that
>
> case, one can either do:
>
>
>
>
>
> class git ($version = undef) {
>
>
> package { "Git version ${version}":
>
>
> ...
>
>
> }
>
>
> }
>
>
>
>
>
> or use the chocolatey package provider from PuppetForge, like
>
>
>
>
>
> class git {
>
>
> package { 'git':
>
>
> provider => 'chocolatey',
>
>
> ensure => latest,
>
>
> ...
>
>
> }
>
>
> }
>
>
>
>
>
> Note that in the 2nd example, one could also add the $version
>
> paramater and use that instead of latest. Depends on your needs.
>
>
>
>
>
> Bye...
>
>
>
>
>
>
> Dirk
>
>
> --
>
>
> *Dirk Heinrichs* | Senior
>
> Systems Engineer, Delivery Pipeline
>
>
> [image:
> http://mimage.opentext.com/alt_content/binary/images/email-signature/recommind-ot.png]
> <http://www.opentext.com>
>
>
> *Tel*: +49 2226 159666 (Ansage) 1149
>
>
> *Email*: dirk.heinri...@recommind.com
>
>
> *Skype*: dirk.heinrichs.recommind
>
>
>
>
> Recommind GmbH, Von-Liebig-Straße 1, 53359 Rheinbach
>
>
> Vertretungsberechtigte Geschäftsführer John Marshall
>
> Doolittle, Gordon Davies, Roger Illing, Registergericht
>
> Amtsgericht Bonn, Registernummer HRB 10646
>
>
> This e-mail may contain confidential and/or privileged
>
> information. If you are not the intended recipient (or have
>
> received this e-mail in error) please notify the sender
>
> immediately and destroy this e-mail. Any unauthorized copying,
>
> disclosure or distribution of the material in this e-mail is
>
> strictly forbidden
>
>
> Diese E-Mail enthält vertrauliche und/oder rechtlich
>
> geschützte Informationen. Wenn Sie nicht der richtige Adressat
>
> sind oder diese E-Mail irrtümlich erhalten haben, informieren
>
> Sie bitte sofort den Absender und vernichten Sie diese Mail.
>
> Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser
>
> Mail sind nicht gestattet.
>
>
>
>
>
>
>
>
>
> www.recommind.com
>
>
>
>
>
>
>
>
>
>
>
>
>
> --
>
>
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
>
>
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
>
>
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/6abc1208-db6f-d484-c7b2-d487ec6a4094%40recommind.com
> <https://groups.google.com/d/msgid/puppet-users/6abc1208-db6f-d484-c7b2-d487ec6a4094%40recommind.com?utm_medium=email_source=footer>
> .
>
>
> For more options, visit https://groups.google.com/d/optout.
>
>
> --
Rob Nelson

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAC76iT-9AtBr2zfwew4%2Bz2x2Bjs-iDRT4-zkepC-oFN4Hv1dpQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Problem with Puppet reinstalling Windows APPs

[Rob Nelson]

I think in this case it's an issue because Adobe puts version numbers in
the product name - it's not Acrobat Reader anymore, it's Acrobat Reader DC
or Acrobat Reader X, which leads to having to change two strings.
Definitely not a fan of their versioning scheme.

On Fri, Dec 9, 2016 at 8:15 AM Dirk Heinrichs <dirk.heinri...@recommind.com>
wrote:

>
>
> Am 09.12.2016 um 14:05 schrieb
>
> ratatapa:
>
>
>
>
>
>
>
> Thanks, but that would seem to be an issue for updates
>
> then
>
>
>
>
>
>
> No, that would be the version, not the name. Just read the docs
> <https://docs.puppet.com/puppet/4.8/resources_package_windows.html#package-name-must-be-the-displayname>
> :
>
>
>
>
>
> "The title (or name) of the package must match the
>
> value of the package’s DisplayName property in the
>
> registry, which is also the value displayed in the “Add/Remove
>
> Programs” or “Programs and Features” control panel.
>
>
>
>
> If the provided name and the installed name don’t match, Puppet will
>
> believe the package is not installed and try to install it again."
>
>
>
>
>
> HTH...
>
>
>
>
>
> Dirk
>
>
> --
>
>
> *Dirk Heinrichs* | Senior
>
> Systems Engineer, Delivery Pipeline
>
>
> [image:
> http://mimage.opentext.com/alt_content/binary/images/email-signature/recommind-ot.png]
> <http://www.opentext.com>
>
>
> *Tel*: +49 2226 159666 (Ansage) 1149
>
>
> *Email*: dirk.heinri...@recommind.com
>
>
>
> *Skype*: dirk.heinrichs.recommind
>
>
>
>
> Recommind GmbH, Von-Liebig-Straße 1, 53359 Rheinbach
>
>
> Vertretungsberechtigte Geschäftsführer John Marshall
>
> Doolittle, Gordon Davies, Roger Illing, Registergericht
>
> Amtsgericht Bonn, Registernummer HRB 10646
>
>
> This e-mail may contain confidential and/or privileged
>
> information. If you are not the intended recipient (or have
>
> received this e-mail in error) please notify the sender
>
> immediately and destroy this e-mail. Any unauthorized copying,
>
> disclosure or distribution of the material in this e-mail is
>
> strictly forbidden
>
>
> Diese E-Mail enthält vertrauliche und/oder rechtlich
>
> geschützte Informationen. Wenn Sie nicht der richtige Adressat
>
> sind oder diese E-Mail irrtümlich erhalten haben, informieren
>
> Sie bitte sofort den Absender und vernichten Sie diese Mail.
>
> Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser
>
> Mail sind nicht gestattet.
>
>
>
>
>
>
>
>
>
> www.recommind.com
>
>
>
>
>
>
>
>
>
>
>
>
>
> --
>
>
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
>
>
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
>
>
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/eb55769f-a375-6b88-b38c-191423990ef4%40recommind.com
> <https://groups.google.com/d/msgid/puppet-users/eb55769f-a375-6b88-b38c-191423990ef4%40recommind.com?utm_medium=email_source=footer>
> .
>
>
> For more options, visit https://groups.google.com/d/optout.
>
>
> --
Rob Nelson

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAC76iT9ZKQGhxbsJbVsLsJ358Bt-8T7NNPGpP4YhD3bDcmFoZA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Error while spec testing -- missing collect?

[Rob Nelson]

You may want to look into https://github.com/mcanevet/rspec-puppet-facts as
this has bit me in the behind more than once until I made the switch. The
readme is a pretty good guide to get started, and I wrote a little bit on
doing OS/kernel specific tests with it at
https://rnelson0.com/2016/11/04/puppet-tech-debt-day-3-excluding-os-testing/,
important if you support say linux and windows. I need to write another
article that's a little more complete on the setup, but if you have
questions, ask away. Pretty sure mcanevet is around here, too.


Rob Nelson
rnels...@gmail.com

On Mon, Dec 5, 2016 at 1:16 PM, Peter Berghold <salty.cowd...@gmail.com>
wrote:

> Give the man a cigar.  As soon as I mocked up "ipaddress" it was happy.
> Don't know why I didn't see that
>
>
> On Mon, Dec 5, 2016 at 12:43 PM Rob Nelson <rnels...@gmail.com> wrote:
>
>> The error is in the function query_facts, or code that it calls. Puppet
>> is not great about reporting on a Ruby code failure called from the puppet
>> DSL.
>>
>> I couldn't tell you the actual cause but if you look wherever that
>> function is defined you may see a collect statement and that should guide
>> you. My guess is that some fact it relies on wasn't mocked (well) and is
>> returning nil, thus there is no .collect method on nil.
>>
>> On Mon, Dec 5, 2016 at 5:25 PM Peter Berghold <salty.cowd...@gmail.com>
>> wrote:
>>
>> The piece of Puppet code the spec testing is complaining about is here:
>>
>> --8< snip 8<
>> -
>>
>>   $servers = ntp_unpackservers(
>> query_facts("is_ntp_server=true and sitename =
>> ${sitename}",'ipaddress')
>>   )
>>
>> --8< snip 8<
>> -
>>
>> and the error I'm seeing is:
>>
>> --8< snip 8<
>> -
>>
>>  Puppet::Error:
>>undefined method `collect' for "ipaddress":String at /home/> account>/puppet-module-src/ntp/spec/fixtures/modules/ntp/manifests/client.pp:8
>> on node redacted
>>
>> --8< snip 8<
>> -
>>
>> so the question is what defines "collect?"
>>
>> The code sniglet is a query of PuppetDB that works well in our test and
>> production environments but I'm having issues trying to convince RSpec it's
>> working.
>>
>> Thoughts? Suggestions?
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to puppet-users+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit https://groups.google.com/d/
>> msgid/puppet-users/CAArvnv3ivnqNoQk2dFzuD3YYpy4p9
>> YBY_XpCZUgc2wTT4vNsWA%40mail.gmail.com
>> <https://groups.google.com/d/msgid/puppet-users/CAArvnv3ivnqNoQk2dFzuD3YYpy4p9YBY_XpCZUgc2wTT4vNsWA%40mail.gmail.com?utm_medium=email_source=footer>
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>> --
>> Rob Nelson
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to puppet-users+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit https://groups.google.com/d/
>> msgid/puppet-users/CAC76iT8F4vS4BTvP5XV%3DO93hY3aFT-fb3wEQ%
>> 3DyaJrO3K8BK-bw%40mail.gmail.com
>> <https://groups.google.com/d/msgid/puppet-users/CAC76iT8F4vS4BTvP5XV%3DO93hY3aFT-fb3wEQ%3DyaJrO3K8BK-bw%40mail.gmail.com?utm_medium=email_source=footer>
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/puppet-users/CAArvnv3WRpaQn8LK0dWDVZZETc8ax
> %3D1MZOq%2BfL-VKU6PteKwRA%40mail.gmail.com
> <https://groups.google.com/d/msgid/puppet-users/CAArvnv3WRpaQn8LK0dWDVZZETc8ax%3D1MZOq%2BfL-VKU6PteKwRA%40mail.gmail.com?utm_medium=email_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAC76iT8vNQqXswYoNuxWwzqOK%3DgbNeo%2Bt-qy9DBUWFhTaUUADQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Error while spec testing -- missing collect?

[Rob Nelson]

The error is in the function query_facts, or code that it calls. Puppet is
not great about reporting on a Ruby code failure called from the puppet DSL.

I couldn't tell you the actual cause but if you look wherever that function
is defined you may see a collect statement and that should guide you. My
guess is that some fact it relies on wasn't mocked (well) and is returning
nil, thus there is no .collect method on nil.

On Mon, Dec 5, 2016 at 5:25 PM Peter Berghold <salty.cowd...@gmail.com>
wrote:

> The piece of Puppet code the spec testing is complaining about is here:
>
> --8< snip
> 8<-
>
>   $servers = ntp_unpackservers(
> query_facts("is_ntp_server=true and sitename =
> ${sitename}",'ipaddress')
>   )
>
> --8< snip
> 8<-
>
> and the error I'm seeing is:
>
> --8< snip
> 8<-
>
>  Puppet::Error:
>undefined method `collect' for "ipaddress":String at /home/ account>/puppet-module-src/ntp/spec/fixtures/modules/ntp/manifests/client.pp:8
> on node redacted
>
> --8< snip
> 8<-
>
> so the question is what defines "collect?"
>
> The code sniglet is a query of PuppetDB that works well in our test and
> production environments but I'm having issues trying to convince RSpec it's
> working.
>
> Thoughts? Suggestions?
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/CAArvnv3ivnqNoQk2dFzuD3YYpy4p9YBY_XpCZUgc2wTT4vNsWA%40mail.gmail.com
> <https://groups.google.com/d/msgid/puppet-users/CAArvnv3ivnqNoQk2dFzuD3YYpy4p9YBY_XpCZUgc2wTT4vNsWA%40mail.gmail.com?utm_medium=email_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>
-- 
Rob Nelson

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAC76iT8F4vS4BTvP5XV%3DO93hY3aFT-fb3wEQ%3DyaJrO3K8BK-bw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Identifying BSOD (Blue Screen of Death) from Puppet

[Rob Nelson]

I would guess no, as a BSOD results in an OS crash and therefore puppet is
no longer running. If you have a dashboard (puppetboard, PE Console, etc.)
the node would eventually show as 'not reporting' but no specific cause
would be given.

On Fri, Dec 2, 2016 at 6:32 AM Harish Kothuri <harishkoth...@gmail.com>
wrote:

> Hi,
>
> I'm just wondering is there a way to identify BSOD from Puppet.  Any ideas
> here?
>
> Thanks,
> Harish
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/f2cc3ce3-0218-4046-8a9f-bce6c7fec476%40googlegroups.com
> <https://groups.google.com/d/msgid/puppet-users/f2cc3ce3-0218-4046-8a9f-bce6c7fec476%40googlegroups.com?utm_medium=email_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>
-- 
Rob Nelson

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAC76iT94NcZQWRzUXgyZGAp%3D8pbJ7qmbvOaPT6pgR04UPEZG%2Bg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.