[Puppet Users] puppetdb.conf. / puppetserver problem

['Scott Hazelhurst' via Puppet Users]

Dear all

I've been running puppet 8 for a while successfully. Today when I tried to 
run it, something went wrong and when I restarted I found this

-- puppetdb restart -- seems to work fine
-- puppetserver restart -- fails 

journalctl doesn't provide any useful info but in the syslog there's a line 

Dec  5 13:32:45 puppet8 puppetserver[2934]: 
/etc/puppetlabs/puppetserver/conf.d/puppetdb.conf: 3: Document has trailing 
tokens after first object or array: 'server_urls'

This file /etc/puppetlabs/puppetserver/conf.d/puppetdb.conf contains

[main]
server_urls = https://.core.wits.ac.za:8081

This has been fine and has not (consciously) been changed. I've checked 
that there are no funny white space characters and I've tried having and 
end of line and not having an end of line and seems consistent 
with https://www.puppet.com/docs/puppetdb/8/puppetdb_connection.html

I was running puppet 8 on Ubuntu 20.04 -- there was in the logs a complaint 
about running postgresql 12. So I upgraded to 22.04 so I could easily 
upgrade Postgres and updated puppet. But the same problems occur. The 
versions I am running are puppetserver8.3.0-1jammy and puppetdb   
 8.2.0-1jammy 

I'd be very grateful for any help

Thanks

Scott


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/69ef38ca-1a7c-4d17-ae60-055aa426465cn%40googlegroups.com.

[Puppet Users] Re: Upcoming Forge IP Address Change

[Jesse Scott]

The previously announced DNS changes in this thread have now been made.

As a reminder, the old IP address will still be functional until at least 
November 9th, 2020, however you will have to update your clients to use 
`forgeapi-old.puppet.com` to access the Forge this way.

On Monday, October 12, 2020 at 3:58:00 PM UTC-7 Puppet Product Updates 
wrote:

> On Monday, October 26th, 2020 we will be updating the `forge.puppet.com` 
> and `forgeapi.puppet.com` DNS records (as well as the legacy `
> forge.puppetlabs.com` and `forgeapi.puppetlabs.com` records) to point to 
> a new IPv4 address. This change is being made as part of ongoing work to 
> improve the performance and reliability of the Forge website and API 
> service.
>
> The new IP address is `192.69.65.71`. This address is already functional 
> and you can configure Puppet to use it 
>  via the 
> temporary hostname `forgeapi-new.puppet.com`. We recommend only using 
> this hostname only for testing purposes, please keep your primary 
> configurations pointed to the default hostname.
>
> We realize that some users have to make firewall exceptions so that their 
> clients can access the Puppet Forge which is why we are pre-announcing this 
> change. To help facilitate a smooth transition, the Forge website and API 
> service will continue to be available on the old IP address until at least 
> Monday, November 9th, 2020. 
>
> Users that need to access Forge via the old IP may configure Puppet to 
> use the temporary hostname 
>  `
> forgeapi-old.puppet.com`. Note that this DNS record will be updated to 
> point to the new IP once the old IP is deactivated. Please be sure to make 
> any necessary updates to your firewall configurations before November 9th, 
> 2020.
>
> The Forge API will continue to be available via IPv6 
> 
>  (as 
> well as IPv4 but on a dynamic set of addresses) through the alternate 
> hostname `forgeapi-cdn.puppet.com` with no changes. 
>
> This is the first time in approximately 5 years that we have changed the 
> Forge IP address.
>
> If you have any questions or concerns, please email us at fo...@puppet.com. 
> Thank you.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/35da2c9a-687f-4356-ad3d-eedb875ad2e6n%40googlegroups.com.

[Puppet Users] PDK 1.18.0 now available

[Jesse Scott]

Hello!

The PDK development team is pleased to announce the latest release of the
Puppet Development Kit (PDK), version 1.18.0.

Highlights from the 1.18.0 release include:

- Added a new, control-repo specific validator for `environment.conf` files.
- Added `pdk set config` and `pdk remove config` subcommands.

You can review the full release notes at:
https://puppet.com/docs/pdk/1.x/release_notes_pdk.html#release-notes-pdk-x.18

To install or upgrade to this new version, use your platform's package
manager (see https://puppet.com/docs/pdk/1.x/pdk_install.html) or download
the packages directly for Windows, macOS, and Linux platforms at
https://puppet.com/download-puppet-development-kit.

Thanks!

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAJEWz_veycKFQUTHhXJuW567_ST5PhuLoQ4zOzwA3ZFU6c-dgA%40mail.gmail.com.

[Puppet Users] Re: PDK 1.16.0 now available

[Jesse Scott]

On macOS, there was a permissions issue in the PDK 1.16.0 packages
(released as PDK 1.16.0.1) which prevented most PDK commands from executing.

PDK 1.16.0.2, a new release that addresses the permissions issue, is now
available. This release contains no other changes.

We're sorry for the inconvenience of the broken release and we have added
additional package acceptance tests to catch this issue in the future.

On Thu, Feb 6, 2020 at 11:12 AM Puppet Product Updates <
puppet-product-upda...@puppet.com> wrote:

> Hello!
>
> The Puppet Developer Experience team is pleased to announce the latest
> release of the Puppet Development Kit (PDK), version 1.16.0.
>
> Highlights from the 1.16.0 release include:
>
>  - Added a new "use_litmus" setting for auto-generated Travis CI
> configurations to make it easier to adopt Puppet Litmus
>  in your module CI pipelines.
> - PDK will now correctly place new files based on the root of your module
> even if you invoke `pdk new` from within a subdirectory of your module.
> - To ensure that modules are compatible with all Puppet Masters regardless
> of their locale, `pdk module build` will now reject files that contain
> non-ASCII characters in their name.
>
> Reminder: As of PDK 1.14.1, use of the PDK with Ruby versions prior to
> 2.4.0 is now deprecated and a warning will be issued. PDK 1.16.0 is still
> fully functional back to Ruby 2.1.9 however we are projecting a PDK 2.0.0
> release in early 2020 which will eliminate support for Ruby < 2.4.0.
>
> You can review the full release notes at:
> https://puppet.com/docs/pdk/1.x/release_notes_pdk.html#release-notes-pdk-x.16
>
> To install or upgrade to this new version, use your platform's package
> manager (see https://puppet.com/docs/pdk/1.x/pdk_install.html) or
> download the packages directly for Windows, macOS, and Linux platforms at
> https://puppet.com/download-puppet-development-kit.
>
> Thanks!
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAJEWz_sKUVMZdeXhzz1g5dbM9NpfXU_%2BqsgB8gjROgS-3J5tcg%40mail.gmail.com.

[Puppet Users] Adding analytics to PDK

[Jesse Scott]

*TL;DR: We are adding anonymous usage reporting to PDK in the next release,
very similar to what is in Bolt. PDK will ask you on first use if you want
to opt-out. You can also opt-out later by editing a config file or setting
an environment variable.*

Hello everyone,

The PDK team would like to let you know that the next version of PDK will
include some basic usage reporting/analytics code to help us measure
overall adoption and better understand the ways users are interacting with
PDK.

All reporting is anonymous and we redact anything that could be considered
sensitive before it leaves your system.

Furthermore, to help everyone better understand the shape and scale of the
Puppet content developer community it is our intent to make aggregate usage
data available on a public dashboard in the future.

Below is a draft of the updated PDK documentation that describes what data
is collected and reported as well as how to opt out. One thing that the
draft documentation currently does not reflect is that you can also opt out
by setting the environment variable "PDK_DISABLE_ANALYTICS=true".

Please let us know if you have any questions or concerns.

Thanks!

-- The PDK Team


*PDK data collection*

PDK collects usage data to help us understand how it's being used and how
we can improve it. You can opt out of data collection at any time; see the
section below about opting out.

We collect these values for every analytics event:


   - A random non-identifying user ID. This ID is shared with Bolt
  analytics, if you've installed Bolt and enabled analytics.
  - PDK installation method (package or gem).
  - Version of PDK.
  - Operating system and version.

For every successful command line invocation of PDK, we collect:


   - The PDK command executed, such as "pdk new module" or "pdk validate".
  - Anonymised command options and arguments.
  - The version of Ruby used to execute the PDK command.
  - The output formats for the command.
  - PDK_* environment variables and their values, if set.
  - Whether a template repository, if used, is default or custom — we
  do not record the path to the template repo itself.
  - If the default template repo is used, we collect events for each
  file rendered, recording whether the file is unmanaged, deleted,
  customized, or default. For customized files, we do not record what
  changed, only that it was changed in the .sync.yml file.

Note: All arguments and non-Boolean option values, except --puppet-version
and --pe-version are redacted in our collected data.

Invalid commands are submitted as a distinct analytics events with the
arguments and option values redacted.

To see the data PDK collects, add --debug to a command.

We test the analytics calls strictly to ensure that no unexpected data is
accidentally passed in.

*Opting out of PDK data collection*

The first time you run PDK, it asks you if you want to opt out of data
collection. To opt out of data collection after that, edit the
analytics.yml file, setting the disabled key to true.

The location of this configuration file depends on your operating system
and configuration:


   - For most *nix systems, where the $XDG_CONFIG_HOME variable is set:
   ${XDG_CONFIG_HOME}/puppet/analytics.yml
   - For most macOS systems, where the $XDG_CONFIG_HOME variable is not
   set: ~/.config/puppet/analytics.yml
   - For Windows: %LOCALAPPDATA%/puppet/analytics.yml

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAJEWz_t9hCwei3a1%3DNVeO-vztQQfGHzsdyMZZzEA-DG0mAAP-g%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Puppet server stopped working

[Scott Hazelhurst]

Many thanks for the help -- I managed to get it going

The other problem I had for the record was that I set the server_url to 
localhost while the server's CA was in its real name and that caused all 
sorts of confusion.

Regards

Scott

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/1d966234-7146-4afd-9021-b524e7dc4aa9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Puppet server stopped working

[Scott Hazelhurst]

Were you able to resolve this issue? I am now getting the same problem

Thanks

Scott

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/23914a82-0812-4aa8-92cc-ae35dbd6b6be%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Announcement: Puppet Development Kit RFC process and pdk-planning repo

[Jesse Scott]

The Puppet Development Kit team is excited to introduce a new RFC-based
open-source planning and design process for the PDK project!

While many changes to the PDK, including bug fixes and documentation
improvements can be implemented and reviewed via the normal GitHub pull
request workflow, some changes are more substantial.

Today, we are committing to putting these more substantial features through
an “in the open” design process prior to implementation work starting. This
new design process is similar to the internal process that we had been
using, with the primary difference being that the whole PDK community will
be able to participate in the new process.

We welcome and encourage feedback from all members of the PDK community,
whether you just started using Puppet and PDK last week or have been
working with Puppet for years. A diversity of perspectives and experience
levels will help make PDK better for everyone.

You can learn more about our new RFC process as well as review recently
introduced proposals from the PDK team in the new “pdk-planning” Github
repository located at https://github.com/puppetlabs/pdk-planning.


Thanks!

-- The PDK Team

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAJEWz_uxYQsYuSuH4S%3DZPqPjsSAynxAeo5zn6zVwXD-jDXK7rw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Puppet agent and non-LTS Ubuntu releases policy change

[Scott Garman]

Hi all,

Some of you have probably noticed that our latest official puppet-agent 
release for Ubuntu was for version 16.10 "Yakkety", which is currently 
end of life and no longer supported. Due to the short lifecycle of 
non-LTS Ubuntu releases (9 months), and the backlog that the Puppet 
Platform OS team is working on, we've made the decision to no longer 
release official puppet-agent builds for non-LTS Ubuntu releases.


I will note however that so far it has been possible to use the LTS 
16.04 "Xenial" puppet-agent package on Ubuntu 17.04 and 17.10, they're 
just not officially supported. This is a workaround that may be useful 
to be aware of until the next LTS release of Ubuntu 18.04 "Bionic" comes 
out in April.


This policy change doesn't impact other platforms that are currently 
supported with a lifecycle of more than 12 months. For example, Fedora 
releases have a 13-month lifecycle, and we intend to keep releasing 
packages for them. Likewise for Debian releases, CentOS/RHEL, etc.


The Platform OS team at Puppet has an ever-growing list of platforms to 
support on an ongoing basis. We believe that focusing our efforts on 
existing platforms with at least a year-long lifecycle will result in 
the greatest return on effort we can offer to the community.


Scott Garman







--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/13140f25-1373-730e-a757-87af1d991ed7%40puppet.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] EOL Puppet Agent Platform Notice: Fedora 25

[Scott Garman]

Hi all,

This is a notice that Fedora 25 is reaching EOL on Dec 12 and this 
platform will no longer be included with future puppet-agent releases.


https://fedoramagazine.org/fedora-25-end-life/

Scott Garman

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/41ae3004-87dd-add1-831d-fd1de60e3774%40puppet.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] EOL Puppet Agent Platforms: Fedora 24 and Ubuntu 16.10

[Scott Garman]

Hi all,

This is a reminder that both Fedora 24 and Ubuntu 16.10 are past their 
EOL date and will no longer be included with puppet-agent releases.


Fedora 24 EOL: 2017-08-11 (one month after the release of Fedora 26)
https://fedoraproject.org/wiki/Releases/24/Schedule

Ubuntu 16.10 EOL: 2017-07-20
https://wiki.ubuntu.com/Releases

In other platform news: we have released Debian 9 (i386, amd64) with 
puppet-agent 1.10.6 and it will also be included with puppet-agent 5.1.0 
(to be released Real Soon Now). We are behind with getting Fedora 26 out 
and that work is in progress currently.


Scott Garman

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/e2ad3b3b-10e3-953d-35df-2a8469a0a3a6%40puppet.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] List all hosts

[Daniel Scott]

On Wednesday, 31 May 2017 14:36:33 UTC+1, R.I. Pienaar wrote:
>
>
>
> On Wed, May 31, 2017, at 15:33, Daniel Scott wrote: 
> > Hi, 
> > 
> > I'm looking for a way to list all hosts known by a puppetserver (in 
> > puppetdb). 
> > 
> > I've been using 'puppet cert list --all', however, this doesn't 
> > necessarily 
> > correspond to the list of hosts in puppetdb (for example, if I have to 
> > rebuild the puppet server, and lose all the certs, but I still have the 
> > database). 
> > 
> > Is there a 'puppet' command to list all known hosts? 
> > 
> > I know that it's possible by running a curl against the puppetdb server 
> > itself, but it would be much cleaner if I could just run a command on 
> the 
> > puppetserver. 
>
> Install the client tools: 
>
>https://docs.puppet.com/puppetdb/4.4/pdb_client_tools.html 
>
> Use PQL to query it: 
>
>https://docs.puppet.com/puppetdb/4.4/api/query/examples-pql.html 
>

Hmm, thanks.

That's basically a wrapper around a curl, right?

 

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/6d6d748b-3190-447b-abd3-8296335bfa67%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] List all hosts

[Daniel Scott]

Hi,

I'm looking for a way to list all hosts known by a puppetserver (in 
puppetdb).

I've been using 'puppet cert list --all', however, this doesn't necessarily 
correspond to the list of hosts in puppetdb (for example, if I have to 
rebuild the puppet server, and lose all the certs, but I still have the 
database).

Is there a 'puppet' command to list all known hosts?

I know that it's possible by running a curl against the puppetdb server 
itself, but it would be much cleaner if I could just run a command on the 
puppetserver.

Thanks,

Dan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/85db5579-ce6b-463d-a8d0-a2f6861048e4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Moment of duhh.... Trying to wrap my head around some condition statements.

[Scott Walker]

This is what I came up with.

# Turn on fsck.auto on Z640 for NVME drives.
class z640 {

if $::productname == 'HP Z640 Workstation' {

notice('This is a Z640 workstation')

file { '/etc/default/grub':
  ensure => present,
  path   => '/etc/default/grub',
  mode   => '0644',
  owner  => 'root',
  group  => 'root',
  notify => Exec['grub-update'],
  source => 'puppet:///modules/z640/grub'
  }

exec { 'forcefsck':
  command => '/bin/echo "-y" >/forcefsck',
  onlyif  => '/usr/bin/test ! -f /forcefsck'
}

exec { 'grub-update':
  refreshonly => true,
  command => '/sbin/grub2-mkconfig -o /boot/grub2/grub.cfg',
  }


  }

}


On Tuesday, 27 September 2016 13:58:59 UTC-4, John Gelnaw wrote:
>
>
> if ($productname =~ /Z640/)  {
>
>   file { ... }
>   exec { ... } 
>
> }
>
> 'productname' is a fact which usually represents your system model.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/5d658518-8833-41f9-8f36-5a1d0f9b685e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: Moment of duhh.... Trying to wrap my head around some condition statements.

[Scott Walker]

Very nice! Thanks!

On Monday, 26 September 2016 18:23:17 UTC-4, Scott Walker wrote:
>
> I'm relatively new to puppet (came from chef world).
>
> I'm trying to figure out a way to cleanly do the following...
>
> On machines which /usr/sbin/dmidecode | grep Z640 (this is how we are sure 
> the machine is Z640 and not some other type of machine) return true I want 
> to do the following:
>
> file { '/etc/default/grub':
> path=> '/etc/default/grub'
> ensure => present,
> mode=> '0644',
> owner=> 'root',
> group   => 'root',
> notify => Exec['grub-update'],
> source => 'puppet:///modules/z640/grub'
> }
>
> exec { 'grub-update':
>   refreshonly => true,
>   command => '/sbin/grub2-mkconfig -o /boot/grub2/grub.cfg',
> }
>
> Otherwise I don't want to do anything. (This is to help fix an NVME issue 
> I am having on 60+ workstation out of 700 in the studio.
>
> I just can't wrap my head around a clean way to achieve this goal.
>
> I know this is probably a really simple task I just need some direction
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/2a826a59-2f33-41fc-8c3e-7b7881947782%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Moment of duhh.... Trying to wrap my head around some condition statements.

[Scott Walker]

Ahh perfect there is.. Now onto the next battle.. figuring out how to use 
it lol.

On Monday, 26 September 2016 18:39:45 UTC-4, Nick Miller wrote:
>
> Hey Scott,
>
> You probably want to reference a Fact, whether custom or not. Check 
> `puppet facts find $(hostname)` to see what facts are available on your 
> systems. If you don't find on you like, you may have to write one following 
> this 
> guide <https://docs.puppet.com/facter/3.4/custom_facts.html>. It should 
> be fairly easy to make a dmidecode fact if there isn't one already. 
>
> Good luck,
> Nick
>
> On Mon, Sep 26, 2016 at 6:09 PM, Scott Walker <cri...@unspeakable.org 
> > wrote:
>
>> I'm relatively new to puppet (came from chef world).
>>
>> I'm trying to figure out a way to cleanly do the following...
>>
>> On machines which /usr/sbin/dmidecode | grep Z640 (this is how we are 
>> sure the machine is Z640 and not some other type of machine) return true I 
>> want to do the following:
>>
>> file { '/etc/default/grub':
>> path=> '/etc/default/grub'
>> ensure => present,
>> mode=> '0644',
>> owner=> 'root',
>> group   => 'root',
>> notify => Exec['grub-update'],
>> source => 'puppet:///modules/z640/grub'
>> }
>>
>> exec { 'grub-update':
>>   refreshonly => true,
>>   command => '/sbin/grub2-mkconfig -o /boot/grub2/grub.cfg',
>> }
>>
>> Otherwise I don't want to do anything. (This is to help fix an NVME issue 
>> I am having on 60+ workstation out of 700 in the studio.
>>
>> I just can't wrap my head around a clean way to achieve this goal.
>>
>> I know this is probably a really simple task I just need some 
>> direction
>>
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to puppet-users...@googlegroups.com .
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/puppet-users/024553d2-1872-4eab-9bd5-8280c92c07ec%40googlegroups.com
>>  
>> <https://groups.google.com/d/msgid/puppet-users/024553d2-1872-4eab-9bd5-8280c92c07ec%40googlegroups.com?utm_medium=email_source=footer>
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
>
> -- 
>
> [image: OnyxPoint-logo-symbol-primary.png]
>
> Nicholas Miller
> Consultant | Onyx Point, Inc.
>
> 7050 Hi Tech Drive, Suite 102
>
> Hanover, MD. 21076
> e: nick@onyxpoint.com 
> w: 443-655-3675
>
> [image: copmany.png][image: careers.png][image: product.png][image: 
> meetups.png][image: blog.png]
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/3c190210-fa30-48f2-8d18-4835c54cfe53%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Accessing puppet node facts in report processor

[Daniel Scott]

Hi,

Is there a way to access a puppet node's facts in a report processor?

We have nodes which are part of auto scaling groups in AWS, so there are, 
several nodes which are all the same 'type'. We expose this type as a fact 
on the nodes themselves, and I would like to use the type in a report 
processor to send events back to a central server. Is there a way to access 
a node's facts from the report processor?

Or is there a different/better way of obtaining additional node information 
in the report processor?

Thanks,

Dan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/b1a06591-cb24-4aa3-8952-ebc2bee621d3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Hiera 2.0 with Puppet 3.x

[Scott Briggs]

Does anyone have any experience with Hiera 2.0 with Puppet 3.x?  Is that 
even possible given the newer "all in one" architecture?

Cheers,
Scott

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/63e2178c-b784-41a9-ab03-da012f5d664f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: Proper (or elegant) way to handle doing some based on contents of a file.

[Scott Walker]

Thanks so much everyone. Makes much more sense now!!! :)

On Monday, 22 February 2016 18:12:24 UTC-5, Scott Walker wrote:
>
> I'm slowly getting up to speed on puppet (coming over from chef but 
> honestly haven't used either in probably 3 years so I'm relearning the 
> learning curve.).
>
> We are using puppet 3.7.1 on our hosts, what I am trying to do is this.
>
> I have a file /etc/install-class which when we kickstart a machine 
> depending on what you choose will result in this file having CLASS="some 
> string"
>
> I am trying to find the "proper" way to create a cron job based on this 
> file.
>
> IE: if /etc/install-class == CLASS=render then create a cron job otherwise 
> do nothing.
>
> I know I can hackily get around this with doing it in bash and a onlyif 
> exec statement. But running a shell, then running grep, is expensive 
> timewise (yes yes, only a few ms but when trying to get machines built ASAP 
> ms add up).
>
> I've done a lot of digging today but I can't seem to figure out an elegant 
> way to make this work without involving a few modules written by people 
> (I'm not adverse to using modules but I don't like using a module to do 
> something rather simple.. or at least what I consider something simple).
>
> Some thoughts? And thanks in advance for the help.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/8d113673-4556-4f69-9595-6f4d3307d509%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Proper (or elegant) way to handle doing some based on contents of a file.

[Scott Walker]

I'm slowly getting up to speed on puppet (coming over from chef but 
honestly haven't used either in probably 3 years so I'm relearning the 
learning curve.).

We are using puppet 3.7.1 on our hosts, what I am trying to do is this.

I have a file /etc/install-class which when we kickstart a machine 
depending on what you choose will result in this file having CLASS="some 
string"

I am trying to find the "proper" way to create a cron job based on this 
file.

IE: if /etc/install-class == CLASS=render then create a cron job otherwise 
do nothing.

I know I can hackily get around this with doing it in bash and a onlyif 
exec statement. But running a shell, then running grep, is expensive 
timewise (yes yes, only a few ms but when trying to get machines built ASAP 
ms add up).

I've done a lot of digging today but I can't seem to figure out an elegant 
way to make this work without involving a few modules written by people 
(I'm not adverse to using modules but I don't like using a module to do 
something rather simple.. or at least what I consider something simple).

Some thoughts? And thanks in advance for the help.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/c73e8467-e567-425c-a896-f56ff58ef33d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: Help needed - I'm very new to puppet

[Scott Walker]

Have you tried that tutorials, they are very well done and do take you step 
by step.

On Monday, 22 February 2016 10:23:16 UTC-5, Istvan Kassai wrote:
>
> Hi folks,
>
> In the last half year I tried to learn puppet (for about 4-5 times) but 
> haven't got so far.
> Yesterday I decided I won't give up. Gathered a lots of docs, howtos, 
> tutorials etc. 
> What I achieved:
> I installed two ubuntu 15.10s into my KVM environment. One for puppet 
> master and the other as an agent. As I can check it does something, because 
> there are yaml files in the /var/lib/puppet/yaml/nodes and 
> /var/lib/puppet/yaml/facts directories with some details about the agent 
> computer.
> Then I tried to modify the apache's config, and started to find out how it 
> will be saved to the master. I started to search for the internet and the 
> docs I collected before, and found there is a puppetlabs-apache module.
> This was the point where I started guessing. Because I haven't find any 
> references where have I install this module. This is a common problem with 
> the tutorials, those aren't refer that, what activities (I mean "commands 
> to run" or "configs") on what side (master or agent) should I do.
> So, I guessed and installed the puppetlabs-apache module on the agent 
> side, and tested what happens? But nothing. There are no anything apache 
> related thing in those yaml files.
> As I had to admit, this is more complicated to me to cope with this alone.
> So I'm here and looking for a kind person who is patient enough to help me.
> Could someone help me to understand (through a few examples like iptables, 
> apache, samba etc) how puppet works for basic tasks? How can I save config 
> of an agent, how can I check is that working in order, how can I restore 
> the saved config on a newly installed agent?
>
> Thanks a lot.
> Istvan
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/76c9bf32-e8dd-450a-9a54-67b9b4b48047%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: Fedora 19 retirement from yum.puppetlabs.com

[Scott Garman]

On 03/10/2015 01:59 PM, Scott Garman wrote:
 Hi all,
 
 Fedora 19 was EOL'ed on January 6, 2015. We are no longer building
 packages for it and plan to remove it from our yum repository on Monday,
 April 13.
 
 https://fedoraproject.org/wiki/End_of_life

This is just a follow-up that F19 has now been removed from our Yum
repository.

Scott

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/552D40BC.6050202%40puppetlabs.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: Best approach to creating wrapper classes

[Scott Jaffa]

John,

Thanks for the detailed reply.  While we aren't in agreement on some of the 
finer points, it is moot as you've made it quite clear that the listed 
approaches won't work at a technical level.
Stepping back, can you suggest a good method by which one could separate 
out cross organizational (in this case security hardening) parameters in a 
way that they could be shared across organizations?  
Assuming the answer, shared or not, for the security layer is hiera, I need 
to put more thought into the structure.

Thanks,

Scott

On Wednesday, April 8, 2015 at 10:10:24 AM UTC-4, jcbollinger wrote:



 On Tuesday, April 7, 2015 at 3:30:30 PM UTC-5, Scott Jaffa wrote: 


 On Friday, April 3, 2015 at 9:15:00 AM UTC-4, jcbollinger wrote:



 On Thursday, April 2, 2015 at 4:02:30 PM UTC-5, Scott Jaffa wrote:

 Hi,

 I'm working in an environment where certain parameters need to be 
 enforced per security requirements..  

 The ways we've identified to do this are:

 1)  Put the specific settings in the profile:
 Advantages:  Utilize stock roles and profiles pattern, plenty of 
 documentation and guides online.
 Disadvantage:  The settings are part of the profile and thus two groups 
 need to share ownership of the same module.  Reduces flexibility or speed 
 due to additional enforcement needed by shared ownership.

 2)  Modify the modules themselves.
 Advantages:  Configuration is part of the module.
 Disadvantages:  We are now maintaining all custom modules.  

 3)  Extend roles and profiles to add an additional layer between 
 existing profiles and the modules.
 The workflow would be:
 Role (business layer)  Profile (technology layer)  Security (security 
 layer)  Module.  
 Advantages:  Engineering configuration and security configuration are 
 seperated, with security configuration enforced.
 Disadvantages:  Need a way to present most options up to the profiles 
 layer for parameterization, while enforcing a few options.


 We'd prefer to go with option 3.  Does this make sense?



 I'm having trouble understanding how you propose to factor out security 
 considerations from the technology to which they apply.  Is this just about 
 ownership of data, or do there need to be *bona fide* security-specific 
 resources?  If the former, then what do you need that you cannot achieve 
 via a security-specific level in your Hiera hierarchy?  If the latter, then 
 how would making the security classes responsible for declaring 
 component-level classes (per option 3) achieve the separation of concerns 
 you claim as an advantage?

  


 If so, some tips on how to go about this would be appreciated.  Does it 
 make sense for the security module to inherit the base module in this 
 case? 
  It would look something like this (but actually work :) )
 class sec_profile::ssh inherits ::ssh {  
 $server_options = { 'Protocol' = '2', 'Ciphers' = 
 'aes128-ctr,aes192-ctr,aes256-ctr', 'PermitRootLogin' = 'no', 
 'ClientAliveInterval' = '900', 'PermitEmptyPasswords' = 'no', 
 'PasswordAuthentication' = 'no', 'Port' = [22], } }



 If you are contemplating class inheritance for the purpose of greater 
 freedom in applying resource property overrides, then maybe they would be 
 useful to you.  If you have an idea that they would do anything else for 
 you, then put it out of your mind -- class inheritance doesn't work that 
 way (whatever way that happens to be).  Note, however, that often you can 
 perform resource overrides without class inheritance, that often it is 
 better to modify the external data from which modules draw property values 
 than to override property values after the fact, and that class inheritance 
 creates a very tight coupling that is probably better avoided if it crosses 
 module boundaries.

 Yes, the goal is strictly to provide flexibility in parameters.  I think 
 this is a case where inheritance can make sense, but, particularly as an 
 end goal is the public release of these modules, I'd like to make sure they 
 are designed correctly, or at least today's definition of correctly.

  

 If not, can you suggest a good approach to present the base module 
 options to the profile?  We'd like to to allow parameterization / hiera 
 lookups at the profile layer, preferrably without having to reimplement 
 each option in the security layer.



 It would help if you presented a representative example of what you're 
 trying to configure, and explained the challenge you face with respect to 
 that.  What you've presented so far is too abstract for me to offer any 
 specific advice.


 John

 Certainly!

 The goal here is to build security hardening into the Puppet 
 configuration stack while still allowing flexibility for environment 
 configuration, as, for example, it is reasonable to turn off one or more 
 hardening settings.  Ideally, any module released would allow one to select 
 their hardening standard, whether CIS, STIG, or other.

 Conceptually this would extend the roles and profiles pattern

[Puppet Users] Re: Best approach to creating wrapper classes

[Scott Jaffa]

On Thursday, April 2, 2015 at 7:37:31 PM UTC-4, Christopher Wood wrote:

 You might be interested in this thread: 

 https://groups.google.com/forum/#!topic/puppet-users/nmVQQA6G-f8 

  
Thanks!
 

On Friday, April 3, 2015 at 9:15:00 AM UTC-4, jcbollinger wrote:



 On Thursday, April 2, 2015 at 4:02:30 PM UTC-5, Scott Jaffa wrote:

 Hi,

 I'm working in an environment where certain parameters need to be 
 enforced per security requirements..  

 The ways we've identified to do this are:

 1)  Put the specific settings in the profile:
 Advantages:  Utilize stock roles and profiles pattern, plenty of 
 documentation and guides online.
 Disadvantage:  The settings are part of the profile and thus two groups 
 need to share ownership of the same module.  Reduces flexibility or speed 
 due to additional enforcement needed by shared ownership.

 2)  Modify the modules themselves.
 Advantages:  Configuration is part of the module.
 Disadvantages:  We are now maintaining all custom modules.  

 3)  Extend roles and profiles to add an additional layer between existing 
 profiles and the modules.
 The workflow would be:
 Role (business layer)  Profile (technology layer)  Security (security 
 layer)  Module.  
 Advantages:  Engineering configuration and security configuration are 
 seperated, with security configuration enforced.
 Disadvantages:  Need a way to present most options up to the profiles 
 layer for parameterization, while enforcing a few options.


 We'd prefer to go with option 3.  Does this make sense?



 I'm having trouble understanding how you propose to factor out security 
 considerations from the technology to which they apply.  Is this just about 
 ownership of data, or do there need to be *bona fide* security-specific 
 resources?  If the former, then what do you need that you cannot achieve 
 via a security-specific level in your Hiera hierarchy?  If the latter, then 
 how would making the security classes responsible for declaring 
 component-level classes (per option 3) achieve the separation of concerns 
 you claim as an advantage?

  


 If so, some tips on how to go about this would be appreciated.  Does it 
 make sense for the security module to inherit the base module in this case? 
  It would look something like this (but actually work :) )
 class sec_profile::ssh inherits ::ssh {  
 $server_options = { 'Protocol' = '2', 'Ciphers' = 
 'aes128-ctr,aes192-ctr,aes256-ctr', 'PermitRootLogin' = 'no', 
 'ClientAliveInterval' = '900', 'PermitEmptyPasswords' = 'no', 
 'PasswordAuthentication' = 'no', 'Port' = [22], } }



 If you are contemplating class inheritance for the purpose of greater 
 freedom in applying resource property overrides, then maybe they would be 
 useful to you.  If you have an idea that they would do anything else for 
 you, then put it out of your mind -- class inheritance doesn't work that 
 way (whatever way that happens to be).  Note, however, that often you can 
 perform resource overrides without class inheritance, that often it is 
 better to modify the external data from which modules draw property values 
 than to override property values after the fact, and that class inheritance 
 creates a very tight coupling that is probably better avoided if it crosses 
 module boundaries.

 Yes, the goal is strictly to provide flexibility in parameters.  I think 
this is a case where inheritance can make sense, but, particularly as an 
end goal is the public release of these modules, I'd like to make sure they 
are designed correctly, or at least today's definition of correctly.

  

 If not, can you suggest a good approach to present the base module 
 options to the profile?  We'd like to to allow parameterization / hiera 
 lookups at the profile layer, preferrably without having to reimplement 
 each option in the security layer.



 It would help if you presented a representative example of what you're 
 trying to configure, and explained the challenge you face with respect to 
 that.  What you've presented so far is too abstract for me to offer any 
 specific advice.


 John

 Certainly!

The goal here is to build security hardening into the Puppet configuration 
stack while still allowing flexibility for environment configuration, as, 
for example, it is reasonable to turn off one or more hardening settings. 
 Ideally, any module released would allow one to select their hardening 
standard, whether CIS, STIG, or other.

Conceptually this would extend the roles and profiles pattern.  In 
particular, profiles exist to define technology stacks.  This likely will 
result in multiple profiles calling the same module.   The idea is to 
inject another layer above the modules, which have a 1:1 correlation with 
the modules.  This wrapper module would provide an expose the specific 
configuration options required for security hardening, while allowing the 
calling profile to pass through environment parameters, as is done today.
  
To continue with the SSH example (pardon

[Puppet Users] Best approach to creating wrapper classes

[Scott Jaffa]

Hi,

I'm working in an environment where certain parameters need to be enforced 
per security requirements..  

The ways we've identified to do this are:

1)  Put the specific settings in the profile:
Advantages:  Utilize stock roles and profiles pattern, plenty of 
documentation and guides online.
Disadvantage:  The settings are part of the profile and thus two groups 
need to share ownership of the same module.  Reduces flexibility or speed 
due to additional enforcement needed by shared ownership.

2)  Modify the modules themselves.
Advantages:  Configuration is part of the module.
Disadvantages:  We are now maintaining all custom modules.  

3)  Extend roles and profiles to add an additional layer between existing 
profiles and the modules.
The workflow would be:
Role (business layer)  Profile (technology layer)  Security (security 
layer)  Module.  
Advantages:  Engineering configuration and security configuration are 
seperated, with security configuration enforced.
Disadvantages:  Need a way to present most options up to the profiles layer 
for parameterization, while enforcing a few options.


We'd prefer to go with option 3.  Does this make sense?

If so, some tips on how to go about this would be appreciated.  Does it 
make sense for the security module to inherit the base module in this case? 
 It would look something like this (but actually work :) )
class sec_profile::ssh inherits ::ssh {  
$server_options = { 'Protocol' = '2', 'Ciphers' = 
'aes128-ctr,aes192-ctr,aes256-ctr', 'PermitRootLogin' = 'no', 
'ClientAliveInterval' = '900', 'PermitEmptyPasswords' = 'no', 
'PasswordAuthentication' = 'no', 'Port' = [22], } }

If not, can you suggest a good approach to present the base module options 
to the profile?  We'd like to to allow parameterization / hiera lookups at 
the profile layer, preferrably without having to reimplement each option in 
the security layer.

Thanks!

Scott

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/a0e99a07-261c-4327-8d0e-a8379f3f23e9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Fedora 19 retirement from yum.puppetlabs.com

[Scott Garman]

Hi all,

Fedora 19 was EOL'ed on January 6, 2015. We are no longer building
packages for it and plan to remove it from our yum repository on Monday,
April 13.

https://fedoraproject.org/wiki/End_of_life

Regards,

Scott Garman
Puppet Labs - Release Engineering

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/54FF5B43.4010601%40puppetlabs.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: module install fails

[Jesse Scott]

Hi André,

It looks like it isn't able to find the module's root directory after 
attempting to extract, do you have GNU tar (gtar) installed? I believe that 
is a requirement for the correct functioning of the Puppet module tool on 
Solaris.

-Jesse

On Tuesday, November 11, 2014 12:20:49 AM UTC-8, André Meyer wrote:

 Here is the more detailed output:

 puppet module install puppetlabs-git --debug --trace
 Notice: Preparing to install into /etc/puppet/modules ...
 Notice: Downloading from https://forge.puppetlabs.com ...
 Notice: Installing -- do not interrupt ...
 Debug: Executing 'tar xzf 
 /var/lib/puppet/puppet-module/cache/https_forge_puppetlabs_com-ed3a0e51b3c1d8d395ffb1d12c849e3f50d35a10/puppetlabs-git-0.2.0.tar.gz
  
 --no-same-owner -C 
 /var/lib/puppet/puppet-module/cache/tmp-unpacker-f24ee4d5a20c43ed764abf87213b440e73a55b25'
 Debug: Executing 'find 
 /var/lib/puppet/puppet-module/cache/tmp-unpacker-f24ee4d5a20c43ed764abf87213b440e73a55b25
  
 -type d -exec chmod 755 {} +'
 Debug: Executing 'find 
 /var/lib/puppet/puppet-module/cache/tmp-unpacker-f24ee4d5a20c43ed764abf87213b440e73a55b25
  
 -type f -exec chmod a-wst {} +'
 Debug: Executing 'chown -R 40:40 
 /var/lib/puppet/puppet-module/cache/tmp-unpacker-f24ee4d5a20c43ed764abf87213b440e73a55b25'
 Error: can't convert nil into String
 /usr/ruby/1.9/lib/ruby/1.9.1/fileutils.rb:1527:in `path'
 /usr/ruby/1.9/lib/ruby/1.9.1/fileutils.rb:1527:in `fu_each_src_dest0'
 /usr/ruby/1.9/lib/ruby/1.9.1/fileutils.rb:1513:in `fu_each_src_dest'
 /usr/ruby/1.9/lib/ruby/1.9.1/fileutils.rb:508:in `mv'
 /usr/ruby/1.9/lib/ruby/vendor_ruby/1.9.1/puppet/module_tool/applications/unpacker.rb:48:in
  
 `extract_module_to_install_dir'
 /usr/ruby/1.9/lib/ruby/vendor_ruby/1.9.1/puppet/module_tool/applications/unpacker.rb:18:in
  
 `run'
 /usr/ruby/1.9/lib/ruby/vendor_ruby/1.9.1/puppet/module_tool/applications/installer.rb:60:in
  
 `block (2 levels) in run'
 /usr/ruby/1.9/lib/ruby/vendor_ruby/1.9.1/puppet/module_tool/applications/installer.rb:59:in
  
 `each'
 /usr/ruby/1.9/lib/ruby/vendor_ruby/1.9.1/puppet/module_tool/applications/installer.rb:59:in
  
 `block in run'
 /usr/ruby/1.9/lib/ruby/vendor_ruby/1.9.1/puppet/module_tool/applications/installer.rb:58:in
  
 `each'
 /usr/ruby/1.9/lib/ruby/vendor_ruby/1.9.1/puppet/module_tool/applications/installer.rb:58:in
  
 `run'
 /usr/ruby/1.9/lib/ruby/vendor_ruby/1.9.1/puppet/face/module/install.rb:129:in 
 `block (3 levels) in top (required)'
 /usr/ruby/1.9/lib/ruby/vendor_ruby/1.9.1/puppet/interface/action.rb+eval[wrapper]:242:in
  
 `install'
 /usr/ruby/1.9/lib/ruby/vendor_ruby/1.9.1/puppet/application/face_base.rb:229:in
  
 `main'
 /usr/ruby/1.9/lib/ruby/vendor_ruby/1.9.1/puppet/application.rb:372:in 
 `run_command'
 /usr/ruby/1.9/lib/ruby/vendor_ruby/1.9.1/puppet/application.rb:364:in 
 `block (2 levels) in run'
 /usr/ruby/1.9/lib/ruby/vendor_ruby/1.9.1/puppet/application.rb:470:in 
 `plugin_hook'
 /usr/ruby/1.9/lib/ruby/vendor_ruby/1.9.1/puppet/application.rb:364:in 
 `block in run'
 /usr/ruby/1.9/lib/ruby/vendor_ruby/1.9.1/puppet/util.rb:468:in 
 `exit_on_fail'
 /usr/ruby/1.9/lib/ruby/vendor_ruby/1.9.1/puppet/application.rb:364:in `run'
 /usr/ruby/1.9/lib/ruby/vendor_ruby/1.9.1/puppet/util/command_line.rb:137:in 
 `run'
 /usr/ruby/1.9/lib/ruby/vendor_ruby/1.9.1/puppet/util/command_line.rb:91:in 
 `execute'
 /usr/sbin/puppet:4:in `main'
 Error: Try 'puppet help module install' for usage


-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/b97aaf95-5a5f-44bf-9fc7-aa8967b5c55b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: module install fails

[Jesse Scott]

Hi André,

Can you re-run the command with the --debug and --trace options? E.g. 
puppet module install puppetlabs-git --debug --trace

It's hard to know exactly what's going wrong without the detail those 
options will provide.


-Jesse

On Monday, November 10, 2014 1:26:35 AM UTC-8, André Meyer wrote:

 Hello,

 Whenever I try to install a module from the puppet forge it fails, for 
 every plugin. Here is an example with the git plugin:

 puppet module install puppetlabs-git
 Notice: Preparing to install into /etc/puppet/modules ...
 Notice: Downloading from https://forge.puppetlabs.com ...
 Notice: Installing -- do not interrupt ...
 Error: can't convert nil into String
 Error: Try 'puppet help module install' for usage

 My environment:
 Solaris 11 x86
 Puppet Version: 3.4.1 (from the Solaris repos)


-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/48fbabfb-95a4-40f4-9c22-88fbb49f804d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] How to manage a lab with puppet? (how does puppet scale?)

[Nic Scott]

I'm evaluating puppet to see if it can work in our environment and I have 
to admit the the learning cure with the puppet terms are giving me 
issues. I keep reading documentation into circles. I'm familiar with 
python, bash scripting, and use munki in my labs, but I'm stilling trying 
to understand manifest, modules, classes, etc.


What I have is a Master and a 1 node setup. They are talking and the Puppet 
Master is pushing configurations to the node. That's perfect. I handle this 
by having two manifest on the Master.  A puppet_client_1.pp and my site.pp. 
My site.pp looks like this:

import puppet_client_1

Next step ... manage two nodes. I have this working by creating a new .pp 
file called puppet_client_2.pp. I then updated my site.pp to include the 
second nodes manifest.

import puppet_client_1
import puppet_client_2


My question is ... is this the best practice to manage multiple nodes? What 
if I have a lab of 20 machines and I want the same configuration on all 20? 
Can I do a nested manifest somehow, or do I have to create a separate 
manifest for each node and then copy and paste my configuration into each 
manifest?

That seems like a lot of work to manage hundreds of nodes. I have to 
believe puppet scales better then that, but I've having a hard time finding 
examples.

Can anyone share an example of how they are managing multiple nodes?  
Perhaps point me to an online resource or documentation?

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/5f21984a-dc7e-45d2-880c-adb24400361f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: centos 7 boxes on vagrant cloud?

[Scott Schneider]

 I was wondering when there will be official centos 7 boxes from puppet 
 labs on https://vagrantcloud.com/puppetlabs?

 Also it would be nice to have a link on the puppet vagrant cloud homepage 
 to what repo these boxes are generated from like the chef project does to 
 https://github.com/opscode/bento.


Hi Chris,

You've caught us in the middle of re-working our automated Vagrant imaging 
pipeline.  I expect to have new builds published to Vagrant Cloud later 
this week or early next week.

We're also working on setting up a ticketing project for bug reporting and 
publicizing our Packer repository, as suggested.  Stay tuned!

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/88708797-d41e-458c-81b4-2c5f55d311cd%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: beaker vCloud

[Scott Schneider]

Hi Brett,

The vCloud settings seem a bit confusing to me. I've integrated only 
 briefly against the http API for vCloud, and these settings of datastore 
 resourcepool and folder seem to be vSphere specific. 


First of all, I'm obliged to point out that vCloud is a misnomer here -- 
it was a name chosen in beaker before VMware introduced their vCloud 
product. It interacts with VMware's vSphere API, but is in no way actually 
related to their vCloud product. We'll be renaming things shortly.

- resource pool path would be: VDC name (no further partitioning)
 - folder: /vcd001no/Org/VDC/vApp/VM (all include the UUIDs)

 
These refer to where cloned VMs will be provisioned.  More details in my 
response below.

By Target Template I assumed Catalog Template... or does this have some 
 convention around a bootable VM with a snapshot that it can restore that 
 puts the VM in a ready state for testing and provisioning?


This refers to the template you're be cloning from. This can be either a 
template in VMware terms, or simple a powered-down VM. We use 
powered-down VMs rather than templates (you can convert them back and 
forth) because templates don't support linked-cloning.

datastore: IDEV7129_VDC
 resourcepool: IDEV7129
 folder: vcd001no/IDEV7129/IDEV7129_VDC


These look wrong to me; the values should be something closer to your 
examples above, or the example shown at 
https://github.com/puppetlabs/beaker/wiki/Creating-A-Test-Environment#hypervisor-vcloud.
 
 In your vSphere views, datastore should correspond to the name of one of 
your datastores shown in Storage.  resourcepool should correspond to 
the Hosts and Clusters vSphere view, in the form of 
cluster/resourcepool.  Similarily, folder corresponds to VMs and 
Folders in vSphere, in the format of folder.  The template target uses 
the VMs and Folders view as well, in the form of folder/vmname.

Hopefully this helps point you in the right direction!

--scott

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/4f0eb0f4-441e-4fbe-b8a9-a730c7fdd2d8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: Forge doesn't work reliably for me

[Jesse Scott]

This appears to be a bug with how we report that you already have the 
latest available version for modules that only have a single release. I've 
opened a ticket in our bug tracker which you can follow here:

https://tickets.puppetlabs.com/browse/PUP-2882

If you have any additional information you would like to share related to 
this issue, you can do so on that ticket.


Thanks for the report!

-Jesse


On Tuesday, July 1, 2014 8:04:20 PM UTC-7, Michael Legleux wrote:

 I'm also seeing this on:
 https://forge.puppetlabs.com/rismoney/windowsnetwork

 On Monday, June 30, 2014 5:24:17 AM UTC-7, Jonathan Gazeley wrote:

 Recently I have been unable to upgrade some modules (or check for 
 upgrades) from Puppet Forge using the module tool. 

 All of my modules were originally installed from the Forge. This problem 
 only occurs with some modules but it always occurs. 

 [jg4461@puppet-prod ~]$ sudo puppet module upgrade ghoneycutt-sysklogd 
 Notice: Preparing to upgrade 'ghoneycutt-sysklogd' ... 
 Notice: Found 'ghoneycutt-sysklogd' (v1.0.0) in /etc/puppet/modules ... 
 Notice: Downloading from https://forgeapi.puppetlabs.com ... 
 Error: Could not upgrade 'ghoneycutt-sysklogd' (v1.0.0 - latest) 
No releases are available from https://forgeapi.puppetlabs.com 
  Does 'ghoneycutt-sysklogd' have at least one published release? 

 Besides ghoneycutt-sysklogd, other modules I am unable to update are 
 crayfishx-hiera_mysql and mkrakowitzer-stash. 

 I heard that this problem may be caused by an incorrect Modulefile but 
 these look OK to me. All three modules exist on the Forge and with the 
 same name, so I'm not sure what to check next. Any ideas? 

 Cheers, 
 Jonathan 



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/22637edb-6810-437e-a648-f2bc29d704ec%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Windows MSI Package With Multiple install_options

[Scott Vieth]

Hello all, 

I am looking to do an installation of Splunk Forwarder, which requires 
multiple install_options flags to be passed through. It's also required to 
be a quiet install using the /quiet flag, but I believe that is passed in 
automatically. The code I have crafted looks like this: 


package { 'splunkforwarder-6.0-182611-x64-release':
ensure = installed,
provider = 'windows',
source = 'C:\Installs\splunkforwarder-6.0-182611-x64-release.msi',
install_options = {'AGREETOLICENSE = 'YES'}, {'LOGIN_USERNAME' = 
'cs\splunk'}, {'LOGIN_PASSWORD' = '5plunkU53r!'}, {'RECEIVING_INDEXER' = 
'puppet.cs.mgmt:9997'}, {'WINEVENTLOG_SEC_ENABLE' = 1}, 
{'WINEVENTLOG_SYS_ENABLE' = 1},
}
}

There is a file process above this with copies the file locally, that is 
working ok. Just need to see where my syntax is wrong for having multiple 
install flags like we do above, I feel like this is off somewhere but I'm 
not sure where. 

Thanks!

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/0a3c9f4b-cdd4-4c55-8202-233f48f1c016%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Is anyone using Puppet for RHEL Patch management ?

[Pack, Scott]

I’ve found the best way is that instead of using Puppet to perform the updates 
you develop your own update system and use Puppet to manage it. At the risk of 
shameless self-promotion, and to save time typing here, I’ve already written 
this up at: http://serverfault.com/a/411060/3356

Scott 

On Dec 11, 2013, at 11:15 AM, Unix SA d.josh...@gmail.com wrote:

 Hello Guys,
 
 want to know if anyone is using puppet to apply patches to RedHat systems ? i 
 would like to understand architecture of it .. how do you guys use it to get 
 patches from RedHat, how do you test and deploy it on prod servers ?
 
 Regards,
 DJ
 
 -- 
 You received this message because you are subscribed to the Google Groups 
 Puppet Users group.
 To unsubscribe from this group and stop receiving emails from it, send an 
 email to puppet-users+unsubscr...@googlegroups.com.
 To view this discussion on the web visit 
 https://groups.google.com/d/msgid/puppet-users/CACDG_KdikGuHmOiUffJdzStbCRXf8k7uFm83o2tBhBpR8LLzqA%40mail.gmail.com.
 For more options, visit https://groups.google.com/groups/opt_out.



smime.p7s
Description: S/MIME cryptographic signature

[Puppet Users] Deploy config file for custom reports

[Daniel Scott]

Hi,

I've written a custom report which just makes an HTTP call to one of my 
servers so that I can log the event.

The report installs itself when the puppetmaster puppets itself. The report 
script is copied from $MODULE_NAME/lib/puppet/reports/callback.rb into the 
puppetmaster's /var/lib/puppet/lib/puppet/reports directory.

The problem is the config file. Is there a nice way for puppet to deploy 
this itself? We build puppetmasters automatically and it's annoying to have 
to copy the config file in each time. The puppetmaster has a heira file 
containing the necessary values, and I have a template and rule to put it 
in place:

file { callback_report_processor_config:
name = /etc/puppet/callback.yaml,
content = template(${module_name}/etc/puppet/callback.yaml.erb),
ensure = file,
owner = puppet,
group = puppet,
}

But this does not run early enough when the puppetmaster is puppeting 
itself. Is there a special location in the catalogue I can put the config 
file so that it is installed properly like the report script. I'm running 
puppet 2.7.

Thanks,

Dan

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Puppet Enterprise no longer catching Press Enter to Continue at end of Exec

[Scott Crowe]

I have been working on automating our deployment process which includes a 
call to an application that expects the user to press Enter when it is 
complete.  Under Puppet Enterprise 2.8.2 it works fine and automatically 
catches that the process is completed but with Puppet Enterprise 3.0.0 
installed as the agent it hangs and fails on timeout.
Anyone else experience this?  Is there a work around?  Should I enter a bug?
The agent in question is a Windows 2008 R2, I wasn’t able to find a bug 
with a quick search but wasn’t sure if that was just my newness to the 
system.
Thanks in advance

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] deleting nodes in puppet-dashboard makes it hang

[Pack, Scott]

On 5/8/13 10:43 AM, Klavs Klavsen kl...@enableit.dk wrote:


Hi,

I have 51 clients in puppet-dashboard ­ and when I tell it to delete a
node ­ it simply hangs forever. If I try to just open / on the
puppet-dashboard website ­ I get a proxy timeout (I have apache in front).

I end up having to kill webrick and start it again ­ with the node NOT
being deleted :(

I have commented on an issue here - which seems to be about the same:
http://projects.puppetlabs.com/issues/20147#change-90580

Anyone have had this problem, and perhaps found a solution? or did you go
in and fired off some sql to delete the node (and which sql) ?


I've been noticing this too. I use the web interface to delete a node and
a ruby process spikes up to 100% CPU for quite a long time. Eventually,
sometimes approaching 60 minutes, the job finishes and the node is
deleted. I've found a more reliable way to delete nodes is to use the the
rake job: rake RAILS_ENV=production node:del name=${FQDN_OF_NODE}. This
still takes freaking forever, but doesn't seem to time out.

It looks like a fix may be coming eventually based on this request:
https://github.com/puppetlabs/puppet-dashboard/pull/226

S.


smime.p7s
Description: S/MIME cryptographic signature

[Puppet Users] hiera_hash lookups for included classes?

[Scott Merrill]

When using include to include a class Hiera helpfully performs an 
autolookup on the parameters of the included class. Specially-named 
variable names are automatically pulled from the Hiera datastore(s) and 
passed into the included module. This is pretty awesome.

But it looks like included resources _only_ perform a hiera() lookup. If we 
have a hash defined in several levels of our Hiera data, and we want the 
hash to be collapsed into a single hash following hierarchy order, does 
Hiera offer a way to perform a hiera_hash() lookup for the autolookup?

The documentation discourages mixing defined-type module inclusion and 
include-type module inclusion. So if there's no hiera_hash() option for 
autolookups, we're required to use defined-type inclusion, yes?

Thanks.

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Seriously, am I the only one having trouble with the RHEL puppetlabs repos?

[Scott Anderson]

I had to not use the puppet repos to get it to work.. but this is on centos
5 and 6.

On Tue, Jan 29, 2013 at 12:13 PM, Greg Chavez greg.cha...@gmail.com wrote:


 This is the third time I've sent a message about this.  Does anybody know
 what's going on?  I'm going to file a bug if this isn't fixed soon.

 RHEL6:
 http://yum.puppetlabs.com/el/6/products/x86_64/repodata/primary.sqlite.bz2:
 [Errno -1] Metadata file does not match checksum
 Trying other mirror.
 Error: failure: repodata/primary.sqlite.bz2 from puppetlabs-products:
 [Errno 256] No more mirrors to try.

 RHEL5:
 http://yum.puppetlabs.com/el/5/products/x86_64/repodata/primary.sqlite.bz2:
 [Errno -1] Metadata file does not match checksum
 Trying other mirror.
 Error: failure: repodata/primary.sqlite.bz2 from puppetlabs-products:
 [Errno 256] No more mirrors to try.

 I can get around it by setting http_caching=none in yum.conf but that
 *really* sucks.

 If I'm being stupid and there's an obvious solution to my problem, I beg
 of you to tell me what it us and humiliate me in front of the entire Puppet
 users community.  I'd be so happy.

 --
 \*..+.-
 --Greg Chavez
 +//..;};

 --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To unsubscribe from this group and stop receiving emails from it, send an
 email to puppet-users+unsubscr...@googlegroups.com.
 To post to this group, send email to puppet-users@googlegroups.com.
 Visit this group at http://groups.google.com/group/puppet-users?hl=en.
 For more options, visit https://groups.google.com/groups/opt_out.






-- 
The most essential quality for leadership is not perfection,
but credibility.  People must be able to trust you, or
they won't follow you.
From The Purpose Driven Life by Rick Warren

Scott Anderson - web: http://www.torand.org - e-mail: s...@torand.org
GoogleTalk: s...@torand.org - AIM:andersons776- Twitter:sdanderson
Phone: 703-594-1284

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] testing puppet manifests

[Scott Anderson]

The information I can find is somewhat spotty.. but is there a good way to
test puppet manifests.

It seems that using 'puppet apply --noop' only really tests the syntax. I
am looking for more functional tests for things like templates before they
go into a prod environment. Right now the way I have been testing is to put
some test code on the puppetmaster and watch the logs very closely. this is
not ideal, any suggestions?

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] what is this trying to tell me?

[Scott Anderson]

I am setting up puppet on my boxes.. and one of my boxes gives me this
error when I run puppet agent --test

ratbert ~ $puppet agent --test
info: Caching catalog for ratbert.in.torand.org
info: Applying configuration version '1358784048'
*err: Could not prefetch package provider 'yum': The yum provider can only
be used as root*
notice: /File[ntp.conf]/content:

I cannot find any information on the web about this error..

-- 
The most essential quality for leadership is not perfection,
but credibility.  People must be able to trust you, or
they won't follow you.
From The Purpose Driven Life by Rick Warren

Scott Anderson - web: http://www.torand.org - e-mail: s...@torand.org
GoogleTalk: s...@torand.org - AIM:andersons776- Twitter:sdanderson
Phone: 703-594-1284

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] what is this trying to tell me?

[Scott Anderson]

Oh %$^* you are right.. why didn't I catch that..

On Mon, Jan 21, 2013 at 12:57 PM, R.I.Pienaar r...@devco.net wrote:



 - Original Message -
  From: Scott Anderson s...@torand.org
  To: puppet-users@googlegroups.com
  Sent: Monday, January 21, 2013 5:53:51 PM
  Subject: [Puppet Users] what is this trying to tell me?
 
  I am setting up puppet on my boxes.. and one of my boxes gives me this
  error when I run puppet agent --test
 
  ratbert ~ $puppet agent --test
  info: Caching catalog for ratbert.in.torand.org
  info: Applying configuration version '1358784048'
  *err: Could not prefetch package provider 'yum': The yum provider can
 only
  be used as root*
  notice: /File[ntp.conf]/content:
 
  I cannot find any information on the web about this error..

 you can only manage packages if you run puppet as root, you ran it as a
 user.

 --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at
 http://groups.google.com/group/puppet-users?hl=en.




-- 
The most essential quality for leadership is not perfection,
but credibility.  People must be able to trust you, or
they won't follow you.
From The Purpose Driven Life by Rick Warren

Scott Anderson - web: http://www.torand.org - e-mail: s...@torand.org
GoogleTalk: s...@torand.org - AIM:andersons776- Twitter:sdanderson
Phone: 703-594-1284

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Fileserver in standalone mode.

[Scott Smerchek]

I did stumble on that doc previously. And we do in fact have that working 
with our puppet master. However, that does not work with puppet standalone 
as far as I can tell.

On Sunday, November 25, 2012 8:27:16 PM UTC-6, Ryan Coleman wrote:



 On Wed, Nov 21, 2012 at 8:04 AM, Scott Smerchek 
 scott.s...@gmail.comjavascript:
  wrote:

 I'm having this same problem. Is there a solution?


 This doc is a bit buried and hard to find but check out serving from 
 custom mount points. That ought to solve your need. 
 http://docs.puppetlabs.com/guides/file_serving.html#serving-files-from-custom-mount-points
  

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/Wf4R8XTs4W8J.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Fileserver in standalone mode.

[Scott Smerchek]

I'm having this same problem. Is there a solution?

On Thursday, May 24, 2012 11:37:12 AM UTC-5, btimby wrote:

 I am using puppet in standalone mode (puppet apply) to test manifests that 
 I also use in a client/server configuration.

 I have everything working as far as files included in modules. I can 
 reference file source as puppet:///modules/modulename/path/to/file.

 However, some files are not part of a module, so for the client/server 
 portion, I just set up a share called files. However, references to these 
 files puppet://files/path/to/files don't work in standalone mode.

 I understand that standalone mode (puppet apply) command can find the 
 module files because you tell it the path to look in (--modulepath 
 argument). Why is there no argument for adding file shares 
 (--fileserver=files:/path/to/files)? Is there another way to achieve this?

 My workaround for now is to simply move the files to a module named files 
 and reference them as puppet:///modules/files/path/to/file, but it seems 
 like there might be a better solution.

 Thanks.


-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/vNR34Sd6QisJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet/Passenger :: Could not retrieve catalog from remote server:Error 403 on server

[Scott Cameron]

On Wednesday, 3 October 2012 22:45:11 UTC-4, Jo wrote:

 On Oct 1, 2012, at 5:00 PM, Lunixer wrote:

 I'll try strace instead of tcpdump, being that this is not a TCP 
 communication problem over the wire but rather a file or directory access 
 problem.


 Um, no. Puppet client talks to the server over the network, even on the 
 same host. You really should listen to advice we provide. 


So if the server responds with a 403 error over the network, what exactly 
do you think a tcpdump will show?  The exact same error message.

This is why you would use strace, to see what is happening inside the 
actual process.

Try not being so condescending, particularly when you're wrong. 

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/DP9BCccRLqEJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Escaping a /

[Callum Scott]

Hi All

On the face of it this seems like it should be fairly simple.

Im using a shorewall module details of which can be found, according to the 
README, here 
http://reductivelabs.com/trac/puppet/wiki/Recipes/AqueosShorewall

I'm trying to create a shorewall hosts file, my module looks like:

class firewall::host{   



  shorewall::host {${interface_public}:0.0.0.0/0:
zone = 'net', 
 
order = 100;   

  } 



}   

where $interface_admin in this case = bond0.2

From this I expect something like:

net bond0.2:0.0.0.0/0

Howerver I instead get

err: 
/Stage[main]/Firewall::Host/Shorewall::Host[bond0.2:0.0.0.0/0]/Shorewall::Entry[hosts-100-bond0.2:0.0.0.0/0]/Concat_fragment[managed_file_hosts+100-bond0.2:0.0.0.0/0.tmp]/content:
 
change from net bond0.2:0.0.0.0/0 tcpflags,blacklist,norfc1918
 to net bond0.2:0.0.0.0/0 tcpflags,blacklist,norfc1918
 failed: No such file or directory - 
/var/lib/puppet/concat/fragments/managed_file_hosts/100-bond0.2:0.0.0.0/0.tmp

I suspect that the /0 being used for the CIDR notation is confusing the 
concat module and it thinks that 
managed_file_hosts+100-bond0.2:0.0.0.0/0.tmp should be a directory when 
in fact it should not.

I attempted to escape the / with \ but got a similar error:

err: 
/Stage[main]/Firewall::Host/Shorewall::Host[bond0.2:0.0.0.0\/0]/Shorewall::Entry[hosts-100-bond0.2:0.0.0.0\/0]/Concat_fragment[managed_file_hosts+100-bond0.2:0.0.0.0\/0.tmp]/content:
 
change from net bond0.2:0.0.0.0\/0 tcpflags,blacklist,norfc1918
 to net bond0.2:0.0.0.0\/0 tcpflags,blacklist,norfc1918
 failed: No such file or directory - 
/var/lib/puppet/concat/fragments/managed_file_hosts/100-bond0.2:0.0.0.0\/0.tmp


I expect that I am missing something glaringly obvious but any pointers 
would be appreciated.

Regards
--
Callum

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/cOk1rasjED0J.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Announce: Beta release of integration with Google Compute Engine

[Scott Johnston]

Yesterday Puppet Labs made available a Beta release of its integration with
Google Compute Engine (GCE), Google's new Infrastructure-as-a-Service
cloud.  Compatible with both Puppet Enterprise and Puppet open source, the
release and documentation are freely downloadable from Puppet Forge:
http://forge.puppetlabs.com/puppetlabs/node_gce

We'll be holding a technical webinar to demo and field QA about the GCE
integration on Tuesday, July 10 at 11am PT:
http://puppetlabs.com/resources/webinars/

Links to GCE integration blog announcement and video overview below.  We
look forward to your feedback!

sj

Blog Announcement
http://puppetlabs.com/blog/puppet-labs-announces-support-for-google-compute-engine/

YouTube Video
http://youtu.be/E3qprfoDtOY

-- 
+1-415-269-2856 mobile
Puppet Enterprise - Discover, Configure,  Manage Your
Infrastructurehttp://puppetlabs.com/puppet/puppet-enterprise/?utm_campaign=pe2.0utm_medium=emailutm_source=sig

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Could not prepare for execution: The certificate retrieved from the master does not match the agent's private key.

[Scott Merrill]

On Thu, Jun 14, 2012 at 9:44 AM, jcbollinger john.bollin...@stjude.org wrote:
 On Tuesday, June 12, 2012 1:53:55 PM UTC-5, Scott Merrill wrote:
 Could not prepare for execution: The certificate retrieved from the
 master  does not match the agent's private key.
 Certificate fingerprint: CD:2C:44:54:40:B3:8A:A1:30:73:49:95:95:12:CD:54
 To fix this, remove the certificate from both the master and the agent
 and then start a puppet run, which will automatically regenerate a
 certficate.

 The agent should expect to retrieve a certificate that matches its own
 private key only as part of a certificate signing transaction.  The error
 therefore suggests that the agent does not recognize that it already has a
 certificate, so that it issues a new CSR to the master.  If the master
 already had a signed certificate for the client, however, then it would
 return that certificate instead of signing the new one (this prevents rogue
 nodes from hijacking existing nodes' configuration).  The existing
 certificate would not match the private key of the client's newly-generated
 CSR.

In a multi-master environment, does each Puppet Master need to have a
copy of each node's certificate?  It was my (perhaps faulty)
understanding that any cert signed by the CA (and not revoked, if
using a CRL) would be accepted by any master.

If I put the node's public certificate on the subordinate Master (in
/var/lib/puppet/ssl/certs/), `puppet agent --test --noop` pointing to
that subordinate master (via /etc/hosts) fails with the error message
as discussed here. The agent also receives the same error if it's
public key is in /var/lib/puppet/ssl/public_keys/ on the subordinate
master.

If I point that node to my top-level Master (via entry in /etc/hosts),
the `puppet agent --test --noop` invocation works without error.


 [...] There error isn't a Puppet client
 problem, because I get the same error when I run `openssl s_client
 -connect hostX.domain:8140 -status`.



 Surely openssl does not generate an identical message, because the one you
 reported earlier contains puppet-specific bits.  Do you mean that openssl's
 message matches some part in the middle?

Yes: the openssl output first shows the certificate info it has
gleaned from the remote, and then it will display the same mod_rails
error that I see from `puppet agent --test --noop -d`.

 You could try adding a -cert argument pointing specifically to the client
 certificate you installed.  If that made the handshake succeed then it would
 strongly suggest that your problem is related to how or where the client
 cert is installed.

I tried:
openssl s_client -connect hostX.domain:8140 -status -cert
/var/lib/puppet/ssl/certs/agent.pem -key
/var/lib/puppet/ssl/private_keys/agent.pem

and received the same output: SSL information followed by the mod_rails error:
Could not prepare for execution: The certificate retrieved from the
master does not match the agent's private key.
Certificate fingerprint:
CD:2C:44:54:40:B3:8A:A1:30:73:49:95:95:12:CD:54

 You could try adding a -debug argument.  You'll get a lot of low-level
 stuff you probably don't need, but you should also get enough information to
 trace the SSL protocol steps being performed.  That should show, I think,
 whether the client is indeed issuing a new CSR to the server.

I only see the mod_rails error when using `puppet agent --test -d`.

I do see that /var/lib/puppet/ssl/ is being autorequired by the Puppet run.

 You could check the logs on the subordinate and top-level masters.  One or
 both should have something to say about the transaction.

I've looked through all the logs, and see nothing of interest. I've
got the following in my /etc/httpd/conf.d/puppet.conf on the
subordinate master:
   ErrorLog /var/log/httpd/puppet_error.log
   LogLevel debug
   CustomLog /var/log/httpd/puppet_access.log combined
At the end of\ /var/log/httpd/puppet_error.log I see:
[Thu Jun 14 12:16:46 2012] [debug] ssl_engine_kernel.c(1884): OpenSSL:
Write: SSL negotiation finished successfully
I'm not an expert at SSL, but the debug output looks like a successful
SSL connection was established.


Because the top-level Puppet Master can successfully service the
node's request, I am led to believe that the SSL certificates are
installed and signed correctly on both the top-level Master and the
node.

Subordinate masters can function as clients of the top-level Master
successfully, so their certificates are installed and signed
correctly, at least for the agent context.

The problem seems to lie with the subordinate masters acting as Puppet Masters.

Thanks for the suggestions. Do please keep them coming!

Cheers,
Scott

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group

Re: [Puppet Users] Re: Could not prepare for execution: The certificate retrieved from the master does not match the agent's private key.

[Scott Merrill]

On Thu, Jun 14, 2012 at 12:50 PM, Nan Liu n...@puppetlabs.com wrote:
 On Thu, Jun 14, 2012 at 9:27 AM, Scott Merrill ski...@skippy.net wrote:
 If I point that node to my top-level Master (via entry in /etc/hosts),
 the `puppet agent --test --noop` invocation works without error.

 You want to make sure the subordinate master present the same CA pub
 key as the top-level master.

This sounds like it may be the piece I've been missing.

On the PuppetCA, I have the following in /etc/httpd/conf.d/puppet.conf:
SSLCertificateFile /var/lib/puppet/ssl/certs/top-level-master.domain.pem
SSLCertificateKeyFile
/var/lib/puppet/ssl/private_keys/top-level-master.domain.pem
SSLCertificateChainFile /var/lib/puppet/ssl/certs/ca.pem
SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem

On my subordinate masters, I have:
SSLCertificateFile /var/lib/puppet/ssl/certs/subordinate-master.pem
SSLCertificateKeyFile
/var/lib/puppet/ssl/private_keys/subordinate-master.pem
SSLCertificateChainFile /var/lib/puppet/ssl/certs/ca.pem
SSLCACertificateFile /var/lib/puppet/ssl/certs/ca.pem

On the subordinate masters, the ca.pem referenced in the
SSLCertificateChainFile and SSLCACertificateFile is the same as the
top-level master's SSLCertificateChainFile.

I copied ca_crt.pem from the top-level master to the subordinate
master, and updated the SSLCACertificateFile to point to it. The node
still fails with the same error message.

Perhaps I'm not fully understanding you. Do I need each subordinate
master to use the same public _and_ private key as the CA?

 Subordinate masters can function as clients of the top-level Master
 successfully, so their certificates are installed and signed
 correctly, at least for the agent context.

 You only verified they have a working client cert, not that it's
 presenting the correct CA pub key or server cert. An easy test is to
 connect the subordinate master to itself and see if that works.

 I would run the following tests:

 client:
 puppet agent -t --server sub-master --ca_server master

This is essentially the test I've been performing using /etc/hosts
entries to point to a specific subordinate master. Using an explicit
--server argument does not produce different results on the node: it
fails.

 sub-master:
 puppet agent -t --server sub-master  --ca_server master

I had not tried this test. Doing so fails in the same way that the client fails.

Thanks,
Scott

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Could not prepare for execution: The certificate retrieved from the master does not match the agent's private key.

[Scott Merrill]

On Thu, Jun 14, 2012 at 1:34 PM, Nan Liu n...@puppetlabs.com wrote:
 On Thu, Jun 14, 2012 at 10:12 AM, Scott Merrill ski...@skippy.net wrote:
 On Thu, Jun 14, 2012 at 12:50 PM, Nan Liu n...@puppetlabs.com wrote:
 On Thu, Jun 14, 2012 at 9:27 AM, Scott Merrill ski...@skippy.net wrote:
 If I point that node to my top-level Master (via entry in /etc/hosts),
 the `puppet agent --test --noop` invocation works without error.

 You want to make sure the subordinate master present the same CA pub
 key as the top-level master.

 This sounds like it may be the piece I've been missing.

 On the PuppetCA, I have the following in /etc/httpd/conf.d/puppet.conf:
    SSLCertificateFile /var/lib/puppet/ssl/certs/top-level-master.domain.pem
    SSLCertificateKeyFile
 /var/lib/puppet/ssl/private_keys/top-level-master.domain.pem
    SSLCertificateChainFile /var/lib/puppet/ssl/certs/ca.pem
    SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem

 Shouldn't the last line also be?
 /var/lib/puppet/ssl/certs/ca.pem

You're asking me?  I'm the one looking for help!  ;)


 sub-master:
 puppet agent -t --server sub-master  --ca_server master

 I had not tried this test. Doing so fails in the same way that the client 
 fails.

 Yeah, so it confirms so far they are only valid client certs.

 What's the result of the following command on sub-master and master?
 openssl x509 -text -noout -in /var/lib/puppet/ssl/certs/ca.pem

The output is the same on both the top-level and subordinate master:

Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha1WithRSAEncryption
Issuer: CN=Puppet CA: top-level-master.domain
Validity
Not Before: May 15 18:40:44 2012 GMT
Not After : May 15 18:40:44 2017 GMT
Subject: CN=Puppet CA: nlvmjt036.nwideweb.net
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
 -snip-
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:TRUE
Netscape Comment:
Puppet Ruby/OpenSSL Internal Certificate
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Subject Key Identifier:
F6:65:DC:F3:D7:A6:7F:C3:4C:BC:C3:72:A3:39:E3:4D:AA:F9:46:1D
 -snip-

 What's the output of the following on the submaster?
 openssl x509 -text -noout -in /var/lib/puppet/ssl/certs/subordinate-master.pem

Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9 (0x9)
Signature Algorithm: sha1WithRSAEncryption
Issuer: CN=Puppet CA: top-level-master.domain
Validity
Not Before: May 29 01:45:38 2012 GMT
Not After : May 29 01:45:38 2017 GMT
Subject: CN=subordinate-master-1.domain
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
-snip-
X509v3 extensions:
X509v3 Subject Alternative Name:
DNS:subordinate-master-1.domain, DNS:puppetmaster.domain
X509v3 Basic Constraints: critical
CA:FALSE
Netscape Comment:
Puppet Ruby/OpenSSL Internal Certificate
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Subject Key Identifier:
F6:65:DC:F3:D7:A6:7F:C3:4C:BC:C3:72:A3:39:E3:4D:AA:F9:46:1D
X509v3 Extended Key Usage: critical
TLS Web Server Authentication, TLS Web Client Authentication
 -snip-

Thanks,
Scott

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Could not prepare for execution: The certificate retrieved from the master does not match the agent's private key.

[Scott Merrill]

On Thu, Jun 14, 2012 at 1:58 PM, Gary Larizza g...@puppetlabs.com wrote:
 Please DO NOT take this as RTFM, but have you checked out the docs
 that we recommend for the process here --
 http://docs.puppetlabs.com/guides/scaling_multiple_masters.html  If
 you're using them and there are things going wrong, PLEASE let us know
 what steps have fallen through so we can get that cleared up ASAP!  If
 you've not seen the docs, you might want to check the process we
 suggested and see if there's something you did that differs.

I had looked at those instructions.

Variances between what's described there and what I did:

* Configure CA Delegation and Get a Certificate
- I did not delete the /var/lib/puppet/ssl directory on my subordinate
masters before starting.
- I configured my subordinate master's puppet.conf files with the line
dns_alt_names = . As such, I excluded this option from the first
`puppet agent` invocation for each subordinate master.
- when signing the subordinate master's certificates on the CA, I had
to supply the --allow-dns-alt-names argument to the `puppet cert`
command.

* Distribute the Agent Load
- I am using a hardware load balancer to spread the load across four
servers (two each in two different data centers).

I am using Passenger for my top-level and subordinate Puppet Masters.
The proper configuration of the /etc/httpd/conf.d/puppet.conf file for
subordinate master SSL configuration is not covered in the document
you linked.

Cheers,
Scott

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Could not prepare for execution: The certificate retrieved from the master does not match the agent's private key.

[Scott Merrill]

On Thu, Jun 14, 2012 at 3:13 PM, Nan Liu n...@puppetlabs.com wrote:
 So normally for self signed CA the issuer and subject is the same. In
 this case you are issuing the certs via:
 CN=Puppet CA: top-level-master.domain

 However you are asking the system to verify against a CA cert that
 presents the subject as:
 CN=Puppet CA: nlvmjt036.nwideweb.net

Well that's what I get for trying to sanitize the output before
posting to the list.  nlvmjt036 is the name of my top-level master.

 So you can you locate your CA cert with the subject?
 Subject: CN=Puppet CA: top-level-master.domain

On my top-level master:
# diff -s /var/lib/puppet/ssl/ca/ca_crt.pem /var/lib/puppet/ssl/certs/ca.pem
Files /var/lib/puppet/ssl/ca/ca_crt.pem and
/var/lib/puppet/ssl/certs/ca.pem are identical

As mentioned previously, the top-level master's
/var/lib/puppet/ssl/certs/ca.pem file is identical to the subordinate
master's /var/lib/puppet/ssl/certs/ca.pem file.

Thanks,
Scott

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Could not prepare for execution: The certificate retrieved from the master does not match the agent's private key.

[Scott Merrill]

On Thu, Jun 14, 2012 at 5:13 PM, Nan Liu n...@puppetlabs.com wrote:
 A few other thing you can try is to run the web brick server and run
 puppet master --debug --no-daemonize on the sub master and see if that
 give any more info. You can also try enabling CA on the sub-master and
 check what you get back from another test client and see what you
 receive the right CA file on initial connection and what CA cert signs
 that client's CSR. That's all I can think of.

Trying to run `puppet master --debug --no-daemonize` failed. The
process terminated with the same error:
Could not prepare for execution: The certificate retrieved from the
master  does not match the agent's private key.

I revoked the subordinate master's key, and then executed `puppet
agent --test -d` from that subordinate master. I noticed during the
output that it was creating the /var/lib/puppet/ssl/ca directory,
despite having ca = false in the puppet.conf file.

I looked a little closer at the
http://docs.puppetlabs.com/guides/scaling_multiple_masters.html
instructions, and say to my chagrin that the location of the ca =
false in my config file was _not_ in the stanza as directed there. I
updated my puppet.conf to strictly follow those instructions:

[main]
logdir = /var/log/puppet
rundir = /var/run/puppet
ssldir = $vardir/ssl
ca_server = top-level-master.domain
dns_alt_names = 'subordinate-master-1.domain,puppetmaster.domain'

[agent]
classfile = $vardir/classes.txt
localconfig = $vardir/localconfig
server = top-level-master.domain

[server]
# for Passenger
ssl_client_header = SSL_CLIENT_S_DN
ssl_client_verify_header = SSL_CLIENT_VERIFY

[master]
ca = false

On this subordinate master, I executed `sudo rm -rf
/var/lib/puppet/ssl`; and on the top-level master I executed `puppet
cert clean subordinate-master-1.domain`.

On the subordinate master, I then executed `puppet agent --test --noop`:
# puppet agent --test --noop
info: Creating a new SSL key for subordinate-master-1.domain
warning: peer certificate won't be verified in this SSL session
info: Caching certificate for ca
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
info: Creating a new SSL certificate request for subordinate-master-1.domain
info: Certificate Request fingerprint (md5):
2D:F2:2A:A5:BD:56:D4:41:5A:B3:22:AA:A5:97:3D:66
warning: peer certificate won't be verified in this SSL session
err: Could not request certificate: Error 400 on SERVER: CSR
'subordinate-master-1.domain' contains subject alternative names
(DNS:subordinate-master-1.domain, DNS:puppetmaster.domain), which are
disallowed. Use `puppet cert --allow-dns-alt-names sign
subordinate-master-1.domain` to sign this request.
Exiting; failed to retrieve certificate and waitforcert is disabled

On the top-level master, I executed `puppet cert --allow-dns-alt-names
sign subordinate-master-1.domain`. On the subordinate master I re-ran
`puppet agent --test --noop`. The certificate, private key, and CA
cert were all installed properly.

Now on the subordinate master I can run `puppet master --debug
--no-daemonize` without errors. I restarted Apache, and from this
subordinate master I ran `puppet agent --test --noop -d --server
subordinate-master-1.domain --ca_server top-level-master.domain`.  No
errors!

I've repeated this on one of the other subordinate masters I'd
previously -- and erroneously -- configured, and enjoyed the same
success there.

The client node with which I've been testing can now successfully
connect to the subordinate master without error.

Thank you very, very much for working through this with me.

Cheers,
Scott

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Could not prepare for execution: The certificate retrieved from the master does not match the agent's private key.

[Scott Merrill]

On Wed, Jun 13, 2012 at 7:26 AM, Felix Frank
felix.fr...@alumni.tu-berlin.de wrote:
 On 06/12/2012 08:53 PM, Scott Merrill wrote:
 I built a test client, and from the top-level Puppet Master I ran
 `puppet cert generate test.domain`.  I installed the generated files
 onto the test machine. However, this test client is unable to connect
 to any of the subordinate Masters. I get the following error:

 I'm shooting in the dark here, but have you tried copying the generated
 certificates to you subordinate masters as well? I.e., in /var/lib/ssl/ca...

Thanks for the suggestion. I hadn't tried that before. I just did, but
it didn't change the error message.

I should have pointed out that each subordinate master has ca =
false in puppet.conf, to ensure that none of the subordinate masters
try to do any CA stuff.  All CA activities should only be performed on
the top-level master.

Any other suggestions are greatly appreciated.

Thanks,
Scott

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Could not prepare for execution: The certificate retrieved from the master does not match the agent's private key.

[Scott Merrill]

I'm trying to set up a multi-tier Puppet Master configuration. A
top-level Puppet Master serves subordinate Puppet Masters, which in
turn serve the nodes. The top-level Master is also the Certificate
Authority for the entire infrastructure.

I'm using RHEL 6.1, Puppet 2.7.14, and mod_passenger.

I built the top-level Master without problems. I then built four
subordinate Masters. In the puppet.conf for each subordinate Master, I
added:
dns_alt_names = 'hostX.domain,puppetmaster,puppetmaster.domain'
(where hostX.domain is the FQDN of the server on which I was working)

First execution of `puppet agent --test` on each subordinate Master told me:

err: Could not request certificate: Error 400 on SERVER: CSR
'host.domain' contains subject alternative names
(DNS:puppetmaster.domain,
 DNS:hostX.domain), which are disallowed. Use `puppet cert
--allow-dns-alt-names sign hostX.domain` to sign this request.
Exiting; failed to retrieve certificate and waitforcert is disabled

On the top-level Master I executed the command as instructed.  Next
execution of `puppet agent --test` from the subordinate Master
retrieved the signed certificate. Each subordinate Master can connect
to the top-level Master without error.

On each subordinate Master I next setup mod_passenger, so that these
hosts could server my Puppet clients.

I built a test client, and from the top-level Puppet Master I ran
`puppet cert generate test.domain`.  I installed the generated files
onto the test machine. However, this test client is unable to connect
to any of the subordinate Masters. I get the following error:

Could not prepare for execution: The certificate retrieved from the
master  does not match the agent's private key.
Certificate fingerprint: CD:2C:44:54:40:B3:8A:A1:30:73:49:95:95:12:CD:54
To fix this, remove the certificate from both the master and the agent
and then start a puppet run, which will automatically regenerate a
certficate.
On the master:
  puppet cert clean hostX.domain
On the agent:
  rm -f /var/lib/puppet/ssl/certs/hostX.domain
  puppet agent -t

All four of my subordinate Puppet Masters yield the same error message
when the test node connects. What's more, all four of them display the
same certificate fingerprint. There error isn't a Puppet client
problem, because I get the same error when I run `openssl s_client
-connect hostX.domain:8140 -status`.

Each subordinate Master is using an /etc/httpd/conf.d/puppet.conf file
that looks like this:
Listen 8140
VirtualHost *:8140
ErrorLog /var/log/httpd/puppet_error.log
LogLevel warn
CustomLog /var/log/httpd/puppet_access.log combined
SSLEngine on
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
SSLCertificateFile /var/lib/puppet/ssl/certs/hostX.domain.pem
SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/hostX.domain.pem
SSLCertificateChainFile /var/lib/puppet/ssl/certs/ca.pem
SSLCACertificateFile /var/lib/puppet/ssl/certs/ca.pem
# CRL checking should be enabled
# disable next line if Apache complains about CRL
#SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem
# optional to allow CSR request, required if certificates
distributed to client during provisioning.
SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions +StdEnvVars

# The following client headers record authentication information
for down stream workers.
RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e

RackAutoDetect On
DocumentRoot /etc/puppet/rack/puppetmaster/public/
Directory /etc/puppet/rack/puppetmaster/
   Options None
   AllowOverride None
   Order allow,deny
   allow from all
/Directory
/VirtualHost
Again, hostX.domain is the FQDN of each individual server.

I'm quite sure the solution is something simple, and I'm just not
seeing it. I'd appreciate a nudge in the right direction.

Thanks,
Scott

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] puppet-dashboard missing CSS/JS references in Apache

[Scott Merrill]

On Tue, Jun 12, 2012 at 4:02 PM, Michael Altfield
michael.altfield.data...@gmail.com wrote:
 I finally got puppet-dashboard installed and working under Apache
 (v2.2.15) on my CentOS 6 Puppet Master. It looks fine when running under
 WEBrick, but when I run it under apache, it looks terrible (read: the HTML
 source is different for some reason, leaving out some javascript  css
 reference links from the head/ stanza).

Check the ownership and permissions on
/usr/share/puppet-dashboard/public/javascript/all.js and
/usr/share/puppet-dashboard/public/stylesheets/all.css

See also this bug report:
   https://projects.puppetlabs.com/issues/9676

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Java dependency error in puppet installation

[Scott]

Jeeva kissan475 at gmail.com writes:

 
 Hi,
 
  I was trying to instal puppet-enterprise-2.5.1-el-5-x86_64 in centos6
 machine. But got below error.
 
 ## Installing packages from files...
 error: Failed dependencies:
 java = 1.5.0 is needed by pe-
 tanukiwrapper-3.5.9-5.pe.el5.x86_64
 
 
==
 
 !! ERROR: Could not install packages from files; see messages above
 for cause.
 
 1. Then I checked my java version which is  what is required.
 java -version
 java version 1.6.0_29
 Java(TM) SE Runtime Environment (build 1.6.0_29-b11)
 Java HotSpot(TM) 64-Bit Server VM (build 20.4-b02, mixed mode)
 
 2. I'm trying to install puppet master, console and puppet agent in
 same machine as i want to test it before I move it to prod.
 
 Kindly help..
 

I am having the same issue and it seems that the puppet installer does
not look for a valid Sun/Oracle java installation. How do you get around
that problem aside from installing another java product. I have
installed the rpms from Oracle for the current java. The rpms are listed
in the rpm database as jdk-VERSION-fcs or jre-VERSION-fcs. So if the
puppet installer is looking for java in the rpm database they will not
find it.

This is for a production box and the client wants oracle java not a
knock off, no matter how good they are.

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Dealing with multiple gid changes

[vagn scott]

On 06/08/2012 09:06 AM, jcbollinger wrote:


On Jun 7, 8:29 am, Jistan Idiotjistanid...@gmail.com  wrote:
   

So I discovered yesterday that if puppet changes the gid of a group it
doesn't go through the file system and update them with the new correct gid
(at least this was the case on RHEL5 and client puppet v2.6.16 and
puppetmaster 2.7.12).  Now I thought that it might be possible to have
puppet execute something like find  /home/ -groupold_gid  | xargs chgrp
groupname.  However it isn't quite that simple.  First it needs to be run
after the change, so I had to put it in a new stage that runs after main.
After that everything was all good.

I have some issues with this solution.  First the find takes forever to
run.  I'm not sure there's any way around this.

Second, it required some manual intervention and foreknowledge of the
problem.  What if I don't know someone had manually created a group with
the wrong gid?   I was thinking maybe creating a custom function that could
be called whenever there's a refresh on a group and use the old and new
gids to run the command.  Hopefully someone can show me how to do this as I
haven't figured it out (and not sure it is a good way to do this).

Finally, I don't think this is going to work for the next thing I want to
tackle.  I have a group of websevers that I'm going to start managing with
puppet.  The uids and gids are not consistent across them.  I'm going to
want puppet to fix that since there are way too many to do manually.

For example:

groupname  old_gid new_gid
groupA 15721863
groupB 18611572
groupC 18631861

I'm thinking that would just be a horrible nightmare with what I did
before.  In this example all the old 1572 items would be 1863 when the fix
for groupC is run. Is there some way to fix this problem?

Thanks in advance.
 
I've had to do this.  a good approach is to write a script that writes a 
script.
Then you can adjust and re-run the generated script if the results are 
not what you like.

You can even undo the changes if you plan ahead a little.

set up a little sandbox, and work in that.  It takes a little thought 
and testing, but is not hard

if you know how to write subroutines in shell or some other language.

--vagn


--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Thoughts on job listings?

[Scott Merrill]

On Wed, May 30, 2012 at 4:49 PM, Michael Stahnke stah...@puppetlabs.com wrote:
 How do folks feel about getting Puppet job listings on this list?
 I've rejected a few that we quite spammy, but when the subject matter
 really is a system admin with puppet experience, the decision becomes
 a bit different.

 I'm looking for general feelings.  A simple +1 or -1 would be great.

-1 on this list. I don't know if there's enough job-related traffic to
justify a job-specific Puppet list, but that'd be where I'd think such
traffic should go.

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Is it possible to set up multi-level puppet nodes?

[Scott Merrill]

I'm setting up this kind of configuration now. Yes, it can be done.

Use a DNS alias (or hardware load balancer) for your second level
Puppet Masters.

I'm also using a DNS CNAME for my top-level Puppet Master, so that I
can (later) consider some fault tolerance here. My top-level Master is
my global Certificate Authority, so I'm using puppetca as the cname.
My second level masters have ca = false in their config.

All third level clients (my nodes) are clients of my second-level
masters, and specify a config parameter of ca_server = puppetca.

On May 26, 2012, at 6:59 PM, LI hli...@gmail.com wrote:

 Hi,

 I am new in puppet, and I just wonder whether it is possible to create
 multiple levels of puppet masters. Can puppet work this way?

 First-level(master):root-master
 Second-level(masters):   master1, master2
 Third-level nodes(as agents): agent1, agent2, agent3, agent4

 All master nodes in the second-level are agents of root-master, and
 each of third-level nodes is an agent of an second-level master node.

 Thanks very much.

 --
 You received this message because you are subscribed to the Google Groups 
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to 
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at 
 http://groups.google.com/group/puppet-users?hl=en.


-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Announce: Razor technical webinar - Tue May 29 11am PT

[Scott Johnston]

We'll be holding a technical webinar for the recently announced Razor
provisioning tool next Tue May 29 11am PT.  Nan Liu from Puppet Labs and
Nick Weaver from EMC, the Razor technical leads, will be there to discuss
its capabilities and field your questions.

You can sign-up to get the webinar login details here:
http://puppetlabs.com/resources/webinars/

Two blog posts from Nan and Nick about Razor here:
http://puppetlabs.com/blog/puppet-razor-module/http://www.google.com/url?sa=Dq=http://puppetlabs.com/blog/puppet-razor-module/usg=AFQjCNEt2oALzsTqVwHLomj9LOjt5FVXcQ
http://nickapedia.com/2012/05/21/lex-parsimoniae-cloud-provisioning-with-a-razor/


Thanks,

sj

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Passenger on redhat 6

[Scott Merrill]

I've found it pretty easy to rebuild the SRPMs provided by the
stealthmonkey repository. You'll need a couple of devel packages from
EPEL to complete the build.

If you want the binary RPMs I built, let me know. I don't know if I
qualify as a trusted source for you. :) I can also share the
documentation I've prepared for my teammates for rebuilding Puppet and
associated SRPMs.

Cheers,
Scott

On May 24, 2012, at 3:58 AM, David Schmitt da...@dasz.at wrote:

 Hi,


 does anyone have a mod_passenger for RHEL6 from a trusted source, where I
 *don't* have to compile on the server? I'm trying to upgrade the
 puppetmaster/dashboard here and the docs on the wiki
 (http://projects.puppetlabs.com/projects/1/wiki/Using_Passenger) are not
 helpful either.


 Best Regards, David

 --
 You received this message because you are subscribed to the Google Groups 
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to 
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at 
 http://groups.google.com/group/puppet-users?hl=en.


-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] distributing updates to multiple puppet masters (Subversion)

[Scott Merrill]

For folks with multiple Puppet Masters, how are you pushing out
manifest and module updates to them?

We intend to use Subversion for our version control. Obviously one
option would be to have each Puppet Master perform a checkout of the
svn repo. We could schedule periodic updates via cron. Or we could use
a post-commit hook to rsync the updates out from the repo to each
Puppet Master.

What are you doing? What works well, and what headaches have you experienced?

Thanks,
Scott

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet and FreeBSD

[Jamie Scott]

Have you had any luck with puppeting mysql51-server or mysql55-server ?  
Everything I've read suggests the $operatingsystem won't work for name on 
packages and the application tries to keep installing as posted here: 
https://groups.google.com/forum/?fromgroups#!topic/puppet-users/Yc1Et5dSAHM

Couldn't see a solution there

The agent is running 2.7.6

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/VqSkWxfsvokJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Puppet and FreeBSD

[Jamie Scott]

Hello all,

Wondering if any of you could help me. 

We've been using puppet on our CentOS servers for a while now with no 
problems at all, very much out of the box but we do have some MySQL 
servers running FreeBSD (for the slightly better memory utilisation). I've 
taken up the challenge to get these FreeBSD servers talking to our puppet 
master but I'm having no ends of trouble with trying to get the manifests 
working. Forgetting the operating system variables and just going for a 
straight install of a package such as mytop this is what I have tried in 
our manifest:

This didn't seem to work at all:

 package { 'mytop': ensure = installed }


 Gave me this message on the server: *puppet-agent[3232]: 
(/Stage[main]/Node[###]/Package[mytop]/ensure) change from absent 
to present failed: mytop: not in required origin format: 
.*/port_category/port_name*


So instead I tried listing the full port name even with the provider: 

package { '.*/databases/mytop': 
 ensure = installed,
 provider = freebsd,
 }

 
Now it is giving me this message: *puppet-agent[3232]: (/Stage[main]//Node[*
*###**]/Package[.*/databases/mytop]/ensure) change from absent to 
present failed: Could not fetch ports INDEX: 500 Illegal PORT range 
rejected.* 

Even with specifiying a source: 
ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-9.0-release/  I don't 
seem to be getting very far!

Here is a print out of the debug log:

debug: Puppet::Type::Package::ProviderFreebsd: Executing 
 '/usr/sbin/pkg_info -aoQ'
 debug: Package: .*/databases/mytop: origin = {:port_name=mytop, 
 :port_category=databases}
 debug: Package: .*/databases/mytop: source = #URI::FTP:0x29869038 
 URL:ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-9.0-release/
 debug: Fetching INDEX: #URI::FTP:0x298684e4 
 URL:ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-9.0-release/INDEX.bz2
 err: 
 /Stage[main]//Node[boomer.sov.m-w.co.uk]/Package[.*/databases/mytop]/ensure: 
 change from absent to present failed: Could not fetch ports INDEX: 500 
 Illegal PORT range rejected.


Some odd behaviour I've noticed as well, when packages are already 
installed it doesn't seem to register as them being there.

Looking for information about puppet on FreeBSD is like trying to find a 
needle in a haystack. I hope someone can help, any input would be 
appreciated!

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/Bzhfr9UMSNEJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet and FreeBSD

[Jamie Scott]

dkw, that worked!

Now I only need to use: package { 'mytop': ensure = installed } 

I can't tell you how happy I am!

Thank you!!!
Jamie



On Monday, 23 April 2012 14:54:03 UTC+1, dkw wrote:

 Howdy:

 On Mon, Apr 23, 2012 at 06:29:38AM -0700, Jamie Scott wrote:
  Hello all,
  
  Wondering if any of you could help me. 
  
  We've been using puppet on our CentOS servers for a while now with no 
  problems at all, very much out of the box but we do have some MySQL 
  servers running FreeBSD (for the slightly better memory utilisation). 
 I've 
  taken up the challenge to get these FreeBSD servers talking to our 
 puppet 
  master but I'm having no ends of trouble with trying to get the 
 manifests 
  working. Forgetting the operating system variables and just going for a 
  straight install of a package such as mytop this is what I have tried in 
  our manifest:
  
  This didn't seem to work at all:
  
   package { 'mytop': ensure = installed }
  
  
   Gave me this message on the server: *puppet-agent[3232]: 
  (/Stage[main]/Node[###]/Package[mytop]/ensure) change from 
 absent 
  to present failed: mytop: not in required origin format: 
  .*/port_category/port_name*
  

 To get rid of this error you have to build the puppet from ports
 on the freebsd client host and uncheck the PACKAGE_ORIGIN option.
 I don't pretend to understand why.

 cd /usr/ports/sysutils/puppet ; make install

 # cat /var/db/ports/puppet/options 
 # This file is auto-generated by 'make config'.
 # No user-servicable parts inside!
 # Options for puppet-2.7.12
 _OPTIONS_READ=puppet-2.7.12
 WITHOUT_MONGREL=true
 WITHOUT_PACKAGE_ORIGIN=true
 WITHOUT_PACKAGE_ROOT=true

 The below package stanza looks correct.

 -dkw

  
  So instead I tried listing the full port name even with the provider: 
  
  package { '.*/databases/mytop': 
   ensure = installed,
   provider = freebsd,
   }
  
   
  Now it is giving me this message: *puppet-agent[3232]: 
 (/Stage[main]//Node[*
  *###**]/Package[.*/databases/mytop]/ensure) change from absent 
 to 
  present failed: Could not fetch ports INDEX: 500 Illegal PORT range 
  rejected.* 
  
  Even with specifiying a source: 
  ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-9.0-release/  I 
 don't 
  seem to be getting very far!
  
  Here is a print out of the debug log:
  
  debug: Puppet::Type::Package::ProviderFreebsd: Executing 
   '/usr/sbin/pkg_info -aoQ'
   debug: Package: .*/databases/mytop: origin = {:port_name=mytop, 
   :port_category=databases}
   debug: Package: .*/databases/mytop: source = #URI::FTP:0x29869038 
   URL:ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-9.0-release/
 
   debug: Fetching INDEX: #URI::FTP:0x298684e4 
   URL:
 ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-9.0-release/INDEX.bz2
 
   err: 
   /Stage[main]//Node[boomer.sov.m-w.co.uk]/Package[.*/databases/mytop]/ensure:


   change from absent to present failed: Could not fetch ports INDEX: 500 
   Illegal PORT range rejected.
  
  
  Some odd behaviour I've noticed as well, when packages are already 
  installed it doesn't seem to register as them being there.
  
  Looking for information about puppet on FreeBSD is like trying to find a 
  needle in a haystack. I hope someone can help, any input would be 
  appreciated!
  
  -- 
  You received this message because you are subscribed to the Google 
 Groups Puppet Users group.
  To view this discussion on the web visit 
 https://groups.google.com/d/msg/puppet-users/-/Bzhfr9UMSNEJ.
  To post to this group, send email to puppet-users@googlegroups.com.
  To unsubscribe from this group, send email to 
 puppet-users+unsubscr...@googlegroups.com.
  For more options, visit this group at 
 http://groups.google.com/group/puppet-users?hl=en.
  



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/IXZpcVO-beAJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet and FreeBSD

[Jamie Scott]

How have you been handling the differences between centos/rhel and
fbsd?  If statements?  I am going the other way where I have manifests
written mostly for fbsd and now will add rhel/debian specific stuff.
A lot of it is hack and slash with modules for the net, we've been adding 
in the operatingsystem variable for path and package names where needed.
I've come into a company that uses puppet and I only started using it 4 
weeks ago, hoping to make a lot of improvements as time goes on.

We've used augeas a lot for our my.cnf files and it's proved very useful!

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/13nRwlHHzWYJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet Beginners: New list suggestion?

[Scott Merrill]

On Tue, Apr 3, 2012 at 12:30 AM, Michael Stahnke stah...@puppetlabs.com wrote:
 Breaking the users list into two lists has its pros and cons.

 Pros:
 * Less code fragments in emails
 * Advanced users not bogged down with new user questions

 Cons:
 * Fragmentation of the user-base
 * Who will monitor/answer questions on a new user list?
 * New people may not learn from more experienced people, because the
 more experienced users may not subscribe to the new-users list

I'm -1 on separating the list. While there's a lot of discussion that
isn't relevant or interesting to me on the list, there's been a
non-trivial number of posts that have directly addressed issues I was
researching, or have helped me work through stumbling blocks. Some of
it is simple serendipity, but I'd have lost out on those things if I
was only subscribed to the -newbie list.

 We also hope that IRC is helpful and remains helpful.  I don't often
 see RTFM comments coming out in #puppet.  When I do, it's quite often
 because their exact question was already answered, with citations, and
 the user still didn't read it.  Also in this thread somebody mentioned
 helping those willing to help themselves.  That's a fair statement,
 but we really want to make this an accepting community to make
 everybody better at their workloads with Puppet.

For what it's worth, my experiences in the IRC channel have been
nothing but positive. Yes, my questions have been sometimes answered
with a simple link to existing documentation, but in most cases thus
far those links have been exactly what I needed. And it's worth
pointing out that the links were not provided with aggression or
derision, but a matter-of-fact here's what you need.


Because there are multiple ways to use Puppet to resolve the problems
of configuration management, there seems to me to be a gulf between
what's documented and what people are using in production. Stated
another way, there's a gap between the how and the why.

Cheers,
Scott

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet Beginners: New list suggestion?

[Scott Merrill]

On Mon, Apr 2, 2012 at 8:56 AM, Chad Huneycutt chad.huneyc...@gmail.com wrote:
   * Opening the floodgates to the easy questions makes it very
 obvious what needs to go in the FAQ :-)

As a slight aside, I think that a list of frequently asked questions
is a statement that the documentation is incomplete. If those
questions are so frequently asked, why isn't the documentation updated
to account for them in the first place?

See also Rich Bowen's Write a better FM book:
   http://betterfm.org/

Cheers,
Scott

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] multi-line key/value pairs in Puppet Dashboard?

[Scott Merrill]

Thanks, Jeff and Luke, for the replies!

After reviewing Luke's suggestion and thinking things through a little
more, I think this is the right way to go for us. I hadn't really
considered the long-term ramifications of putting configuration
declarations in both Puppet manifests and in Dashboard. Much better to
keep all configurations in manifests under version control, and use
Dashboard to associate configurations to nodes.

Cheers,
Scott

On Tue, Mar 20, 2012 at 4:37 AM, Luke Bigum luke.bi...@lmax.com wrote:
 I can't help with your Dashboard problems, but can suggest an alternative to
 file fragments that you might find easier to work with. I would use a
 Defined Type wrapped around Augeas where the $namevar of the Defined Type is
 the name of the systctl.conf key. This way if you tried to turn ipv6 on and
 off at the same time you'd get a Puppet resource conflict.

 Something like this:

 define syssctl_line($value) {
  $sysconfig_file = /etc/sysctl.conf
  augeas { set ${name} in ${sysconfig_file}:
    context = /files${sysconfig_file},
    incl    = $sysconfig_file,
    lens    = shellvars.lns,
    changes = [ set ${name} ${value}]
  }
 }

 And used like this:

 class foo {
  sysctl_line { net.ipv4.ip_forward: value = 0 }
  sysctl_line { kernel.sysrq: value = 0 }
  #And this would cause an error on a node...
  sysctl_line { net.ipv4.ip_forward: value = 1 }

 }

 On 19/03/12 19:12, Scott Merrill wrote:

 We'd like to control, among other files, /etc/sysctl.conf with Puppet.
 We have a baseline for this file on all our servers, but frequently
 some of our applications require additional tweaks. These tweaks are
 generally more than a single line.

 I know that we could create a class in our module repository with the
 necessary additions, then define that class inside Dashboard and apply
 it to hosts as needed. That seems a little inflexible, as we'd need to
 create a class for each app, and define inside that class the changes
 that we need.

 I'd prefer a more extensible solution that abstracts this a bit. A
 sysctl-additions class, for example, that relies upon a
 Dashboard-defined variable that contains the additions to place into
 the file. But how can I (easily?) add multiple lines to the Dashboard
 variable? Or do I have to create multiple key/value pairs for each
 line I wish to add?

 When using Puppet Dashboard, how does one easily add multiple lines to
 a Puppet-controlled file? Or should we not be using Dashboard for
 that?



 --
 Luke Bigum

 Information Systems
 Ph: +44 (0) 20 3192 2520
 luke.bi...@lmax.com | http://www.lmax.com
 LMAX, Yellow Building, 1A Nicholas Road, London W11 4AN


 The information in this e-mail and any attachment is confidential and is
 intended only for the named recipient(s). The e-mail may not be disclosed or
 used by any person other than the addressee, nor may it be copied in any
 way. If you are not a named recipient please notify the sender immediately
 and delete any copies of this message. Any unauthorized copying, disclosure
 or distribution of the material in this e-mail is strictly forbidden. Any
 view or opinions presented are solely those of the author and do not
 necessarily represent those of the company.


 --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at
 http://groups.google.com/group/puppet-users?hl=en.


-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] high-level module organization

[Scott Merrill]

How are folks organizing their Puppet modules?

For things that fit the trifecta
(http://projects.puppetlabs.com/projects/puppet/wiki/Core_Types_Cheat_Sheet/)
it makes sense (to me) to make them top-level citizens in my
/etc/puppet/modules directory. This constitute things like Postfix,
ntp, snmp, and the like.

Moving past these, though, I'm curious how people are organizing
modules for essentially standalone files, i.e. those that don't
directly associate to a daemon. Things like /etc/sysctl.conf,
/etc/inittab, shell and profile controls, and the like. This also
includes miscellaneous services to start or stop when there's no
attendant config file to require; as well as packages to ensure are
installed or absent.

What unexpected headaches -- if any -- resulted from your organizational choice?

Thanks!
Scott

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] multi-line key/value pairs in Puppet Dashboard?

[Scott Merrill]

We'd like to control, among other files, /etc/sysctl.conf with Puppet.
We have a baseline for this file on all our servers, but frequently
some of our applications require additional tweaks. These tweaks are
generally more than a single line.

I know that we could create a class in our module repository with the
necessary additions, then define that class inside Dashboard and apply
it to hosts as needed. That seems a little inflexible, as we'd need to
create a class for each app, and define inside that class the changes
that we need.

I'd prefer a more extensible solution that abstracts this a bit. A
sysctl-additions class, for example, that relies upon a
Dashboard-defined variable that contains the additions to place into
the file. But how can I (easily?) add multiple lines to the Dashboard
variable? Or do I have to create multiple key/value pairs for each
line I wish to add?

When using Puppet Dashboard, how does one easily add multiple lines to
a Puppet-controlled file? Or should we not be using Dashboard for
that?

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Different versions for server and agents

[vagn scott]

On 03/12/2012 10:16 AM, Peter Bukowinski wrote:


Your master's version should always be equal to or greater than the 
latest client version you're using. You can count on a newer master 
working with older clients, but don't count on newer clients working 
with older masters.




So, no problems with 0.24.5 agent and 2.7.x master?
What about with 2.8 master and beyond?

How far will you let the versions skew? Where is the limit?

--
vagn

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet Master server migration and problem? 2.6 to 2.7

[vagn scott]

On 03/12/2012 08:22 PM, MF wrote:

Hello,

I am setting up a new master server and migrating my configuration
from my current master server.  I am also upgrading from 2.6 to 2.7.
I have the new server built and integrated with Apache, Passenger, and
Dashboard just like on my current server.  I moved over all my modules
in /etc/puppet/modules as well as my site and node manifests in /etc/
puppet/manifests.  I did not move over the entire /var/lib/puppet/ssl
dir.  At this point I am just testing with two nodes.  The two clients
connect fine and have their certs verified and can connect to puppet
and be seen in dashboard.  But when I try to add one of my existing
module/class to the nodes the configuration is never updated.

The puppet agent runs fine and says finished catalog run but the
configuration is not modified.  I see no errors on either the server
or the client and the certs seem to be just fine.

Anyone have any suggestions?

Thanks in advance for your help.

   

Maybe you need to do this:

touch /etc/puppet/manifests/site.pp


--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Puppet Master VMs

[Scott Merrill]

Is anyone running their Puppet Master server(s) as virtual guests? If
so, how big are those VMs in terms of memory and virtual CPUs, and how
many Puppet clients are they serving?

Thanks!
Scott

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet symlink

[vagn scott]

Can you make your symlinks look like this?

libsomething.so ---  libsomething.so.0
libsomething.so.0 --- libsomething.so.0.vv.rr

the base links can change all they want, in that case.

--vagn


On 12/30/2011 11:32 AM, Len Rugen wrote:
We have a case where we've been requested to create an extra symlink.  
The system provides libsomething.so.0.vv.rr and a symlink of 
libsomething.so.0.  We need create a symlink libsomething.so (without 
the .0).  I'm afraid maintenance may change the base file and break 
the puppeted symlink.


Can we do something like subscribe to the RPM provided 
libsomething.so.0 link, then fire an script to find it's new target 
and recreate our symlink?


Thanks
--
You received this message because you are subscribed to the Google 
Groups Puppet Users group.

To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.


--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Puppet Labs Newsletter - December 2011

[Scott Johnston]

*   PUPPET LABS MONTHLY NEWSLETTER - DECEMBER 2011
*


Getting Started With Puppet

** Puppet Enterprise 2.0 is here! Download  manage 10 nodes free:
   http://bit.ly/ueeUxZ
** Yes, Puppet Does Windows. Expand your server automation beyond
Linux:
   http://bit.ly/t20J95
** Implement Configuration Management Using Puppet. Tribily presents 8
reasons why:
   http://bit.ly/ryumOw
** Forge Module of the Month - MySQL:
   http://bit.ly/sNlOcf


 Puppet Master Power-Ups

** Inside Puppet: About Determinism - Why Puppet deployments are
predictable and reliable:
   http://bit.ly/vOnfGW
** Test Your Puppet Modules. Writing unit tests today saves time
tomorrow:
   http://bit.ly/ruqTwN
** OpenStack: Puppetization of a Service using Nova. Ryan Lane shows
you how.
   http://bit.ly/sc7ZRv
** Paramaterized Classes vs. Definitions. Learn how to use them
effectively:
   http://bit.ly/s4kkLu


Graphic of the Month

** Check-out this video of Puppet Enterprise 2.0's GUI, and learn more
about Live Management:
   http://bit.ly/skdiYe


DevOps In Action

** VIDEO: You should be Iron Man, not a Robot. Luke Kanies' LISA 2011
talk:
   http://bit.ly/ugIvBI
** Git Workflow and Puppet Environments. Bring order to the chaos of
Dev, Test, and Prod:
   http://bit.ly/sci0gc
** DevOps Resource Center. Articles, blogs, videos, data, and more:
   http://bit.ly/sci0gc
** DevOps Consulting - Get a jumpstart on your DevOps environment:
   http://bit.ly/vZrm0t


 Puppet In The News

** VMware, Google, and Cisco Invest In Puppet Labs:
 - WSJ: http://on.wsj.com/smzofv
 - TechCrunch: http://tcrn.ch/s58Nud
 - WIRED: http://bit.ly/tBSJFj
 - ZDNet: http://bit.ly/vZIynX
 - The Register: http://bit.ly/rQJE1w
** DZone: Puppet unit testing like a pro. Patrick Debois shares how
Atlassian does it.
   http://bit.ly/um3s0A
** Linux.com: This year belonged to Puppet - One of the 10 most
important open source projects of 2011.
   http://bit.ly/u5UsBu


In Case You Missed It

** Puppet, Private Clouds, and Building Solutions. Ken's talk at the
recent London Puppet User Meet Up.
   http://bit.ly/sUJBbS
** Back to the Beginning: LISA 2011 Re-cap. 25 years and still going
strong.
   http://bit.ly/udUOID
** Telly Me What Comes Next - Select the next release's code name.
   http://bit.ly/uOvsPD


 Upcoming Events

** Webinar: Intro to PE 2.0 available on-demand: http://bit.ly/v2UXmx
** SCALE 10X - Jan 20 - Jan 22: http://bit.ly/uzXw7x
** PuppetCamp - Atlanta - Feb 3: http://bit.ly/tslRUG
** FOSDEM DevRoom - Feb 4 - Feb 5: http://bit.ly/tnohKO


Upcoming Trainings

** Beijing - Mon, Jan 9 - Wed, Jan 11: http://bit.ly/utuZlc
** San Jose - Mon, Jan 16 - Wed, Jan 18: http://bit.ly/sbR2eI
** London - Tue, Jan 24 - Thu, Jan 26: http://bit.ly/rClBju
** Atlanta - Tue, Jan 31 - Thu, Feb 2: http://bit.ly/sfsFV9


New Open Source

** F5 Devices by Puppet Labs: http://bit.ly/rVlfFI
** Ruby Version Manager by Andreas Loupasakis: http://bit.ly/tF4Daz


New Jobs

** Pro Serve (London): http://bit.ly/v7cgZQ
** Pro Serve (OR, NY): http://bit.ly/rvwB80
** Tech Training Manager: http://bit.ly/tc6S9t
** More Jobs: http://bit.ly/vfc9OC


Connect With Us

** Puppet Enterprise users list: pe-us...@puppetlabs.com
** Puppet users list: http://bit.ly/soRZrR
** Puppet dev list: http://bit.ly/uYhbZ5


Contact Details

411 NW Park, Suite 500
Portland, OR 97209
+1 877.575.9775
http://bit.ly/vkvR0r

© 2011 Puppet Labs. All logos and names are the copyrights of the
respective owners.

-- 
You received this message because you are subscribed to the Google 

Re: [Puppet Users] Can Puppet be configured to one-time deployment for modules?

[Scott Merrill]

On Tue, Dec 20, 2011 at 11:49 AM, Swampcritter mawors...@gmail.com wrote:
 We are developing in-house RHEL VM provisioning (similar to Satellite/
 Spacewalk) along with a customized kickstart template, but also
 including Puppet to handle the actual configuration of the
 environment. One thing we need to see is does Puppet have a variable
 that will deploy one module only once and not check against it just in
 case the configuration file it has created has been altered or not and
 try to revert back.

I'm looking at a similar use for Puppet. We want to use Puppet to both
provision and manage hosts. The provisioning process will set up a
bunch of files according to our security / policy requirements, but
not all of these files need to be controlled by Puppet for the life of
the server.

To put it another way, the number of classes used to manage servers
will be a subset of the classes used to provision those servers.

 The last part is the deciding factor -- as this part of the
 requirements are quite possibly going to change via the developers
 that are actually using the environment for testing and tweaking the
 RHEL OS memory and TCP communication needs (/etc/sysctl.conf) or the
 Apache /etc/httpd/httpd.conf code. We don't want Puppet to revert back
 the code variables as these are being modified by hand and not using
 SVN or any other type of code version control at this time.

 Anyone know if module exclusion is possible for a deploy once, don't
 touch again scenario?

I'm contemplating options for this. One is to use environments. In my
scenario, I think I'd have two defined environments (provisioning and
production), but configure both environments to use the same
modulepath. This will allow us to reuse classes between provisioning
and production. The provisioning environment would have a site.pp with
a default node that simply includes all the necessary classes for
provisioning a virgin server.

Part of the Kickstart %post would be to install and invoke Puppet
against the provisioning environment.

We could do this with separate Puppet Masters, but that feels like
more overhead for little added benefit in our scenario.

Cheers,
Scott

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet node network configuration

[Scott Merrill]

On Nov 14, 2011, at 4:01 AM, John Kennedy skeb...@gmail.com wrote:



On Mon, Nov 14, 2011 at 08:52, Will S. G. w...@arw.in wrote:


 What I would like to do is to set up a list of MAC addresses, along
 with the IP addresses a head of time, and then have puppet rewrite the
 networking configuration of the host based on MAC address after it has
 successfully signed the certificate and communicated with the client
 host.

 Possible? If so, any guidance, examples or tips on how to achieve
 this? Perhaps, more importantly, would this be the right approach?

 While this can be done, I think using DHCP would be better here. DHCP can
be configured to serve static IP addresses based on the MAC address. You
can then use puppet to maintain DHCP configuration.


I'm eyeing a similar configuration. In our network, we don't control the
network, only the Linux servers, so configuring DHCP isn't really an
option.

I'd like to see how others are tackling this in similarly restricted
environments.

Cheers,
Scott

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [SPAM] Re: [Puppet Users] help with the firewall puppet forge module

[Scott Smith]

FWIW, I use this as `puppetlabs-firewall' and the resource name `firewall'.

On Tue, Oct 25, 2011 at 6:54 PM, Ken Barber k...@puppetlabs.com wrote:

 Did you run puppet agent -t on your master?

 Check your /var/lib/puppet/lib/puppet/util directory ... and let me
 know if there is a copy of firewall.rb in there before and after
 running puppet agent on your master.

 ken.

 On Wed, Oct 26, 2011 at 2:47 AM, David Alden d...@alden.name wrote:
  Hi,
 
  On Oct 25, 2011, at Oct 25, 9:42 PM, Ken Barber wrote:
  Try restarting your puppetmaster and trying again.
 
  Nope - same problem.  Thanks for the suggestion.
 
  ...dave
 
  --
  You received this message because you are subscribed to the Google Groups
 Puppet Users group.
  To post to this group, send email to puppet-users@googlegroups.com.
  To unsubscribe from this group, send email to
 puppet-users+unsubscr...@googlegroups.com.
  For more options, visit this group at
 http://groups.google.com/group/puppet-users?hl=en.
 
 

 --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at
 http://groups.google.com/group/puppet-users?hl=en.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Puppet 2.7 allows dash in variable names: bug or feature?

[Scott Smith]

Funny, I accidentally avoided problems caused by this change because I
always suffix variables when possible.

On Fri, Oct 21, 2011 at 10:49 PM, Jason Koppe
jason.robert.ko...@gmail.comwrote:

 We have interpolations like $name-tomcat all over our manifests.
 It's possible to adjust them all to ${name}-tomcat but it's not
 going to be fun :)

 On Oct 6, 1:19 am, Evgeny eokole...@gmail.com wrote:
  perhaps you should enclose the variables in quotes to something like
  this:
 
  http://${yumserver}/repos/vmware-${esxversion-rhel6-64};
 
  On Oct 5, 8:46 pm, Steve Snodgrass phe...@gmail.com wrote:
 
 
 
 
 
 
 
   While testingpuppet2.7, I found that one of my manifests broke
   because of the following quoted string:
 
   http://$yumserver/repos/vmware-$esxversion-rhel6-64;
 
   Everything in the resulting string after vmware- was blank.  After
   some experiments I found thatpuppet2.7allowsdashes invariable
  names, and was interpreting $esxversion-rhel6-64 as one big
  variable.  Of course adding curly braces fixes the problem, but that
   seems like a significant change.  Was it intended?
 
   Results of applying a simple test manifest:
 
   notice(Dashtest: $fqdn-is-my-hostname)
 
  Puppet2.6.11:
 
   notice: Scope(Class[main]): Dashtest: foobar.example.com-is-my-
   hostname
 
  Puppet2.7.5:
 
   notice: Scope(Class[main]): Dashtest:
 
   -Steve

 --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at
 http://groups.google.com/group/puppet-users?hl=en.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] 2.7.2 or higher repository for Ubuntu 10.04

[Scott Smith]

Use fpm.

On Thu, Oct 20, 2011 at 1:53 PM, Dan Sheffner dsheff...@gmail.com wrote:

 *ruby 1.9.2 not puppet 1.9.2


 On Thu, Oct 20, 2011 at 3:51 PM, Dan Sheffner dsheff...@gmail.com wrote:

 I'm compiling from source w/ rvm, and puppet 1.9.2, then installing puppet
 through gems.  I might be able to publish my python script that does this.


 On Thu, Oct 20, 2011 at 3:01 PM, Evan Stachowiak 
 evan.stachow...@gmail.com wrote:

 Is there a best practice or repository I can pull from to install
 =2.7.2 on ubuntu 10.04?
 I'm currently using backports and the latest available version is
 2.7.1, which is below the requirements for cloud provisioner.

 Or should I just go ahead and compile from source?

 --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at
 http://groups.google.com/group/puppet-users?hl=en.



  --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at
 http://groups.google.com/group/puppet-users?hl=en.


-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Restore Storconfig Data

[Scott Smith]

Run puppet.

On Thu, Oct 20, 2011 at 8:57 PM, dime cyborgian dimecybo...@gmail.comwrote:

 I Get the initial table structure. But the tables are not populated with
 the data such as hosts, resources... etc.




 On Thu, Oct 20, 2011 at 5:30 PM, Bernd Adamowicz 
 bernd.adamow...@esailors.de wrote:

 If you really dropped the database you have to recreate it before the
 first Puppet run:

 05mysql create database puppet;
 06  Query OK, 1 row affected (0.00 sec)
 07
 08  mysql grant all privileges on puppet.* to 
 puppet@localhostidentified by 'xxx';
 09  Query OK, 0 rows affected (0.00 sec)

 The initial table structure will then be done by Puppet.

 Bernd

  -Ursprüngliche Nachricht-
  Von: puppet-users@googlegroups.com [mailto:puppet-
  us...@googlegroups.com] Im Auftrag von sysborg
  Gesendet: Donnerstag, 20. Oktober 2011 13:19
  An: Puppet Users
  Betreff: [Puppet Users] Restore Storconfig Data
 
  Hi,
 
   I did a drop database puppet which is used for storing puppet
  storconfigs. Now I get the following error.
  ===
  err: Could not retrieve catalog: TypeError: unknown buffer_type:
  498322352: SELECT  `hosts`.* FROM `hosts`  WHERE `hosts`.`name` =
  'testdb' LIMIT 1
  ===
 
   Is there a way to repopulate the data.
 
  I tried reinstalling, removing /var/lib/puppet. None worked.
 
  --
  You received this message because you are subscribed to the Google
  Groups Puppet Users group.
  To post to this group, send email to puppet-users@googlegroups.com.
  To unsubscribe from this group, send email to puppet-
  users+unsubscr...@googlegroups.com.
  For more options, visit this group at
  http://groups.google.com/group/puppet-users?hl=en.

 --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at
 http://groups.google.com/group/puppet-users?hl=en.


  --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at
 http://groups.google.com/group/puppet-users?hl=en.


-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] How-To Question: Installing a service that does not come in an RPM ?

[Scott Smith]

Use fpm.

On Tue, Oct 18, 2011 at 1:21 PM, Dan White y...@comcast.net wrote:

 Are there any exapmples out there that show an intelligent way to do this ?

 My searches are not turning up anything useful

 “Sometimes I think the surest sign that intelligent life exists elsewhere
 in the universe is that none of it has tried to contact us.”
 Bill Waterson (Calvin  Hobbes)

 --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at
 http://groups.google.com/group/puppet-users?hl=en.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] /etc/init.d/mysql =fail mysqld=success

[Scott Smith]

1) not a puppet problem
2) run initdb
On Oct 10, 2011 7:47 PM, John Bower olympus.sta...@gmail.com wrote:

 Hello.

 This is my mysql-server.pp file, both master and client are runing
 ubuntu.


 

 class mysql-server {

  package { mysql-server: ensure = installed }
  package { mysql-client: ensure = installed }
  service { mysql:
enable = true,
ensure = running,
require = Package[mysql-server],
  }

  file { /etc/mysql/my.cnf:
owner = mysql, group = mysql,
source = puppet:///modules/mysql-server/my.cnf,
notify = Service[mysql],
require = Package[mysql-server],
  }


  exec { set-mysql-password:
unless = mysqladmin -uroot -psecret,
path = [/bin, /usr/bin],
command = mysqladmin -uroot password secret,
require = Service[mysql],
  }


  exec { set-nagios-password:
unless = mysqladmin -unagiostest -psecret,
path = [/bin, /usr/bin],
command = mysqladmin -unagiostest password secret,
require = Service[mysql],
  }


 }
 ---




 When I run /etc/init.d/mysql start sql doesnt run

 Code:

 root@cloneubuntu:/var/log/mysql# date
 Mon Oct 10 19:32:56 PDT 2011
 root@cloneubuntu:/var/log/mysql# /etc/init.d/mysql start
 Rather than invoking init scripts through /etc/init.d, use the
 service(8)
 utility, e.g. service mysql start

 Since the script you are attempting to invoke has been converted to an
 Upstart job, you may also use the start(8) utility, e.g. start mysql
 start: Job is already running: mysql
 root@cloneubuntu:/var/log/mysql# cat /var/log/mysql/error.log

 root@cloneubuntu:/var/log/mysql# ps ax | grep sql
  4797 pts/0S+ 0:00 grep --color=auto sql
 root@cloneubuntu:/var/log/mysql# cat /etc/mysql/my.cnf
 [client]
 port= 3306
 socket  = /var/run/mysqld/mysqld.sock


 [mysqld_safe]
 socket  = /var/run/mysqld/mysqld.sock
 nice= 0

 [mysqld]


 user= mysql
 socket  = /var/run/mysqld/mysqld.sock
 port= 3306
 basedir = /usr
 datadir = /var/lib/mysql
 tmpdir  = /tmp
 skip-external-locking
 bind-address= 0.0.0.0
 key_buffer  = 16M
 max_allowed_packet  = 16M
 thread_stack= 192K
 thread_cache_size   = 8
 myisam-recover = BACKUP
 query_cache_limit   = 1M
 query_cache_size= 16M

 log_error= /var/log/mysql/error.log

 expire_logs_days= 10
 max_binlog_size = 100M



 [mysqldump]
 quick
 quote-names
 max_allowed_packet  = 16M

 [mysql]

 [isamchk]
 key_buffer  = 16M

 !includedir /etc/mysql/conf.d/

 root@cloneubuntu:/var/log/mysql#

 However when i run mysqld alone, it works

 Code:

 root@cloneubuntu:/var/log/mysql# date
 Mon Oct 10 19:34:21 PDT 2011
 root@cloneubuntu:/var/log/mysql# mysqld 
 [1] 4815
 root@cloneubuntu:/var/log/mysql# cat /var/log/mysql/error.log

 111010 19:34:30 [Note] Plugin 'FEDERATED' is disabled.
 111010 19:34:30  InnoDB: Started; log sequence number 0 44233
 111010 19:34:30 [Note] Event Scheduler: Loaded 0 events
 111010 19:34:30 [Note] mysqld: ready for connections.
 Version: '5.1.41-3ubuntu12.10'  socket: '/var/run/mysqld/mysqld.sock'
 port: 3306  (Ubuntu)
 root@cloneubuntu:/var/log/mysql# ps ax | grep sql
  4815 pts/0Sl 0:00 mysqld
  4830 pts/0S+ 0:00 grep --color=auto sql
 root@cloneubuntu:/var/log/mysql# mysql -u root
 Welcome to the MySQL monitor.  Commands end with ; or \g.
 Your MySQL connection id is 1
 Server version: 5.1.41-3ubuntu12.10 (Ubuntu)

 Type 'help;' or '\h' for help. Type '\c' to clear the current input
 statement.

 mysql

 I cannot reinstall mysql, I have a feeling it's an issue with the
 init.d script or somethign along those lines.

 Please help :S


 --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at
 http://groups.google.com/group/puppet-users?hl=en.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Official puppetlabs position on cron vs puppet as a service?

[Scott Smith]

Most things are ok if you only have 10 servers
On Oct 8, 2011 1:22 PM, Chris Phillips ch...@untrepid.com wrote:

 My take on it is to run it from our nagios server. What better way to
 monitor the puppet runs than by executing that run as part of the check?
 retry intervals also help push changes out much quicker if they could take
 multiple runs etc.

 We also run a single daily cron job.

 Chris

 On 8 October 2011 19:32, Matthew Nicholson 
 matthew.a.nichol...@gmail.comwrote:

 We combine these. We run as a service, but have a daily cron, with random
 time spread among our hosts, to stop/start the service and clean up stale
 .pid files. This is more of a hold over from our early days more than
 anything, but it works, doesn't cause issues, and keeps the runs spread
 out.



 On Fri, Oct 7, 2011 at 9:27 PM, Larry Ludwig larry...@gmail.com wrote:

 Mostly stlll run as cron. Though for some instances we run as a daemon.

 --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To view this discussion on the web visit
 https://groups.google.com/d/msg/puppet-users/-/itTFPtfZLocJ.

 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at
 http://groups.google.com/group/puppet-users?hl=en.




 --
 Matthew Nicholson

 --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at
 http://groups.google.com/group/puppet-users?hl=en.


  --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at
 http://groups.google.com/group/puppet-users?hl=en.


-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: I can't seem to create mountpoint and change permissions after mounting in 2.7.3

[Scott Smith]

Not really

On Wed, Oct 5, 2011 at 8:54 PM, Chris McDermott csmcderm...@gmail.comwrote:

 I haven't used them yet, but isn't this what stages are meant to
 facilitate?

 http://docs.puppetlabs.com/references/stable/metaparameter.html#stage

 --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at
 http://groups.google.com/group/puppet-users?hl=en.


-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] AW: How best to monitor puppet?

[Scott Smith]

It doesn't matter if puppetmasterd or puppetd are running and working if
your clients are failing catalog runs.

Send reports, write a check that alerts on N hosts with failed reports over
X timeframe or something.

On Tue, Oct 4, 2011 at 8:09 PM, Tim Connors tim.w.conn...@gmail.com wrote:

 On Tue, 4 Oct 2011, Bernd Adamowicz wrote:

   -Ursprüngliche Nachricht-
   Von: puppet-users@googlegroups.com [mailto:puppet-
   us...@googlegroups.com] Im Auftrag von Marcus, Allan B
   Gesendet: Dienstag, 4. Oktober 2011 15:47
   An: puppet-users@googlegroups.com
   Betreff: [Puppet Users] How best to monitor puppet?
  
   We want to use Nagios to monitor out puppet server so we can be
   notified
   if it goes down. We are using Fusion Passenger and Apache on Red Hat.
  
   Any suggestion for what and how to monitor?
 
  We use the basic checks for any Unix machine along with special checks
 for running Puppet master and client process where appropriate. A service
 which uses NRPE and a check_procs call on the Puppet boxes like these two
 examples works fine for us:
 
  Command[check_puppetmaster]=/usr/lib64/nagios/plugins/check_procs -w 1:1
 -c 1:1 -C puppetmasterd
  Command[check_puppetclient]=/usr/lib64/nagios/plugins/check_procs -w 1:1
 -c 1:1 -C puppet
 
  Bernd
 

 What about checking the logfile on the master to make sure that everything
 is checking in?  Theoretically, the client daemons could be running and
 accepting port 8140, but the daemon could be locked up:

 http://cafuego.net/2011/09/24/keeping-eye-puppet-updated


 --
 Tim Connors

 --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at
 http://groups.google.com/group/puppet-users?hl=en.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] apply.pp module missing?

[Scott Smith]

you should see it via gem or your package manager, depending on how it was
installed.

On Sun, Oct 2, 2011 at 3:29 PM, olympus stance olympus.sta...@gmail.comwrote:

 Hello Dan,

 It seems that you are correct, I couldnt find any particular command to
 find out the version number, but looking at the changelog which is located
 in the /usr/share/puppet/... directory it looks like I am running 0.25.4

 I will be upgrading.

 Thanks



 On Sun, Oct 2, 2011 at 4:22 PM, Dan Bode d...@puppetlabs.com wrote:

 It looks like it is failing b/c you are running a version older than 2.6.x
 (probably 0.25.5)

 for 0.25.5, the executable is a little different, try running:

 $ puppet my_test_manifest.pp

 there are significant syntax changes between 0.25.5 and 2.6.x, I would not
 recommend starting with the older version.

 -Dan



 On Sun, Oct 2, 2011 at 12:26 PM, John Bower olympus.sta...@gmail.comwrote:

 Hello,

 I have succesfully installed puppet on ubunu, one master and one
 client.

 I am going through the documentation and I am having a hard time
 getting this example to work
 http://docs.puppetlabs.com/learning/manifests.html

 $ puppet apply my_test_manifest.pp

 I get this error

 root@puppet:/etc/puppet/manifests# pwd
 /etc/puppet/manifests
 root@puppet:/etc/puppet/manifests# puppet apply my_test_manifest.pp
 Could not parse for environment production: Could not find file /etc/
 puppet/manifests/apply.pp
 root@puppet:/etc/puppet/manifests# locate apply.pp
 root@puppet:/etc/puppet/manifests#


 I am supposed to generate apply.pp somehow or am I actually missing a
 module or something else i dont know about?

 Thanks

 PS.: So far I am impressed with puppet's abilities and look forward to
 implementing it :)



 --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at
 http://groups.google.com/group/puppet-users?hl=en.


  --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at
 http://groups.google.com/group/puppet-users?hl=en.


  --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at
 http://groups.google.com/group/puppet-users?hl=en.


-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: weekend maintennce schedule

[Scott Smith]

It has been, that's what cron does.

On Sat, Oct 1, 2011 at 6:51 AM, Kanishka Hettiarachchi kan_...@yahoo.comwrote:

 Thanks.
 I was hoping someone may have solved this issue. We intend to run
 reporting ($noop=true) every (say hour) and action/change only during
 weekend maintenance schedule.



 On Sep 30, 2:02 pm, Rob Braden r...@nullroutes.net wrote:
  Maybe run it from a cron (or at) job, or use something like
  mcollective to trigger your runs.
 
  On Sep 29, 9:47 pm, Kanishka Hettiarachchi kan_...@yahoo.com wrote:
 Hello,
 
   This may have been asked before (apologies), however, did not find a
   good way to implement a schedule for puppet runs for a speciifc day
   (say weekend maintennace window).
 
   Could anyone suggest a clever workaround for that ?
 
   Thanks
 
   Kanishka

 --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at
 http://groups.google.com/group/puppet-users?hl=en.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users]

[Scott Smith]

You should totally boycott the list
On Sep 29, 2011 7:15 AM, Nathan Clemons nat...@livemocha.com wrote:
 *sigh* And how did these spammers know I was so flat-chested?

 Seriously, can you guys enlighten us as to what's being done to prevent
spam
 coming in on the list? It's been pretty prevalent lately. I'm not sure if
 Google Groups just doesn't cut it or what, but I'm hoping you guys have
some
 plans in mind.

 --
 Nathan Clemons
 http://www.livemocha.com
 The worlds largest online language learning community



 On Thu, Sep 29, 2011 at 7:05 AM, Mark Ardiente mark_k...@yahoo.com
wrote:

 http://biggerbras.ca/store/site.php?html50

 --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at
 http://groups.google.com/group/puppet-users?hl=en.


 --
 You received this message because you are subscribed to the Google Groups
Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.


-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Hostname fact doesn't handle hostnames with periods

[Scott Smith]

Except that is the fqdn.
On Sep 29, 2011 7:05 PM, Doug Balmer doug.bal...@gmail.com wrote:

 but I don't think that RFC quoting alone is going to give us the right
 answer as to whether we should do it or not.


 100% agree.

 To add to my point, facter should be reporting facts. If the hostname,
 albeit possibly incorrectly, is set to foo.bar then it should report it
 so.

 --
 You received this message because you are subscribed to the Google Groups
Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.


-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Dashboard parameters to control VIPs?

[Scott Merrill]

This is what I had in mind for part of this, yes. Thanks!

Some more explanation of the situation and the goal:
Some of our RHEL servers get assigned a virtual IP address for
application-specific purposes. The first such vip is assigned to
device eth0:1, the second vip to eth0:2, etc. Currently, adding a vip
to a server requires us to ssh to the server, create the
/etc/sysconfig/network-scripts/ifcfg-eth0:X file, add an entry for the
vip to /etc/hosts, and manually bring up the defined interface.

My current goal is to allow an operator to provision a new vip through
Puppet Dashboard, using Dashboard's parameters to define a key=value
relationship between a vip and its IP address. So, the first vip
assigned to a server would get a parameter key of vip1 with a
parameter value of 1.1.1.1. At the next Puppet execution, the new
vip will get provisioned automagically. A second could be be defined
with vip2=2.2.2.2, etc.

Because we don't know in advance how many vips any server will have,
I'm struggling with how to enumerate through an arbitrary number of
parameters to discover all the ones named vip?, such that the end
state is that all of that server's vips are configured and enabled.

Thanks,
Scott

On Tue, Sep 27, 2011 at 10:28 PM, Sandor W.  Sklar ssk...@gmail.com wrote:
 Perhaps I'm not understanding what you are asking, but I've got this
 class network::interface:

 class network::interface( $device,
                          $bootproto = 'static',
                          $hwaddr,
                          $ipaddr,
                          $ipv6init = 'yes',
                          $mtu = '1500',
                          $netmask,
                          $onboot = 'yes' ) inherits network {

  # Create the device definition file
  file { /etc/sysconfig/network-scripts/ifcfg-$device:
    content = template('network/ifcfg.erb'),
  }

  # Ifdown and ifup the new interface upon changes
  exec { ifdown-ifup-$device:
    user        = 'root',
    path        = '/etc/sysconfig/network-scripts:/bin:/usr/bin:/
 sbin:/usr/sbin',
    command     = /sbin/ifdown $device ; /sbin/ifup $device,
    refreshonly = true,
    subscribe   = File[/etc/sysconfig/network-scripts/ifcfg-
 $device],
  }

 }

 ... and the template:


 # This file is created by puppet
 # DO NOT HAND-EDIT
 DEVICE=%= device %
 BOOTPROTO=%= bootproto %
 % if has_variable?(gateway) then -%
 GATEWAY=%= gateway %
 % end -%
 HWADDR=%= hwaddr %
 IPADDR=%= ipaddr %
 IPV6INIT=%= ipv6init %
 MTU=%= mtu %
 NETMASK=%= netmask %
 ONBOOT=%= onboot %

 Is this what you are looking for?

 --
 You received this message because you are subscribed to the Google Groups 
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to 
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at 
 http://groups.google.com/group/puppet-users?hl=en.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] [Dashboard] permission denied error when using apache

[Scott Smith]

Check the exception. It's trying to rm all.js
On Sep 27, 2011 3:02 AM, Tom De Vylder t...@penumbra.be wrote:
 Hi all,

 I'm running into javascript errors using Puppet Dashboard behind an
Apache2/Passenger setup.

 Permission denied -
/usr/share/puppet-dashboard/public/javascripts/all.js

 The permissions inside public/ are ok. The whole public folder is owned by
the Apache user.
 And I'm able to browse anything I put inside the javascripts folder.

 What's really strange about this is that it only happens with the
Apache2/Passenger setup.
 When I kill the apache daemon and start the puppet-dashboard init script
instead the Dashboard does show up in my browser.

 If anyone needs more information that what's provided below, please let me
know.

 Regards,
 TomDV



 Version numbers:

 Debian squeeze
 Apache 2.2.11 (debian repo)
 Passenger 2.2.11 (debian repo)
 Dashboard 1.2.1-1 (puppetlabs package)


 Apache config:

 Listen 3000
 VirtualHost *:3000
 ServerName dashboard
 ServerAlias dashboard.tld puppet.tld
 DocumentRoot /usr/share/puppet-dashboard/public/
 Directory /usr/share/puppet-dashboard/public/
 Options None
 AllowOverride AuthConfig
 Order allow,deny
 allow from all
 /Directory

 LogLevel warn
 ServerSignature On
 ErrorLog /var/log/apache2/dashboard_error.log
 CustomLog /var/log/apache2/dashboard_access.log combined

 # you may want to tune these settings
 PassengerHighPerformance on
 PassengerMaxPoolSize 12
 PassengerPoolIdleTime 1500
 # PassengerMaxRequests 1000
 PassengerStatThrottleRate 120
 RailsAutoDetect On
 /VirtualHost


 Full error message from apache log:

 *** Exception Errno::EACCES in PhusionPassenger::Railz::ApplicationSpawner
(Permission denied - /usr/share/puppet-dashboard/public/javascripts/all.js)
(process 25835):
 from /usr/lib/ruby/1.8/fileutils.rb:1299:in `unlink'
 from /usr/lib/ruby/1.8/fileutils.rb:1299:in `remove_file'
 from /usr/lib/ruby/1.8/fileutils.rb:1304:in `platform_support'
 from /usr/lib/ruby/1.8/fileutils.rb:1298:in `remove_file'
 from /usr/lib/ruby/1.8/fileutils.rb:772:in `remove_file'
 from /usr/lib/ruby/1.8/fileutils.rb:550:in `rm'
 from /usr/lib/ruby/1.8/fileutils.rb:549:in `each'
 from /usr/lib/ruby/1.8/fileutils.rb:549:in `rm'
 from
/usr/share/puppet-dashboard/config/initializers/clear_cached_assets.rb:5
 from
/usr/share/puppet-dashboard/config/initializers/clear_cached_assets.rb:2:in
`each'
 from
/usr/share/puppet-dashboard/config/initializers/clear_cached_assets.rb:2
 from
/usr/share/puppet-dashboard/vendor/rails/activesupport/lib/active_support/dependencies.rb:173:in
`load_without_new_constant_marking'
 from
/usr/share/puppet-dashboard/vendor/rails/activesupport/lib/active_support/dependencies.rb:173:in
`load'
 from
/usr/share/puppet-dashboard/vendor/rails/railties/lib/initializer.rb:622:in
`load_application_initializers'
 from
/usr/share/puppet-dashboard/vendor/rails/railties/lib/initializer.rb:621:in
`each'
 from
/usr/share/puppet-dashboard/vendor/rails/railties/lib/initializer.rb:621:in
`load_application_initializers'
 from
/usr/share/puppet-dashboard/vendor/rails/railties/lib/initializer.rb:176:in
`process'
 from
/usr/share/puppet-dashboard/vendor/rails/railties/lib/initializer.rb:113:in
`send'
 from
/usr/share/puppet-dashboard/vendor/rails/railties/lib/initializer.rb:113:in
`run'
 from /usr/share/puppet-dashboard/config/environment.rb:14
 from /usr/lib/ruby/1.8/rubygems/custom_require.rb:31:in
`gem_original_require'
 from /usr/lib/ruby/1.8/rubygems/custom_require.rb:31:in `require'
 from
/usr/lib/ruby/1.8/phusion_passenger/railz/application_spawner.rb:303:in
`preload_application'
 from
/usr/lib/ruby/1.8/phusion_passenger/railz/application_spawner.rb:252:in
`initialize_server'
 from /usr/lib/ruby/1.8/phusion_passenger/utils.rb:255:in
`report_app_init_status'
 from
/usr/lib/ruby/1.8/phusion_passenger/railz/application_spawner.rb:237:in
`initialize_server'
 from /usr/lib/ruby/1.8/phusion_passenger/abstract_server.rb:194:in
`start_synchronously'
 from /usr/lib/ruby/1.8/phusion_passenger/abstract_server.rb:163:in `start'
 from
/usr/lib/ruby/1.8/phusion_passenger/railz/application_spawner.rb:213:in
`start'
 from /usr/lib/ruby/1.8/phusion_passenger/spawn_manager.rb:262:in
`spawn_rails_application'
 from
/usr/lib/ruby/1.8/phusion_passenger/abstract_server_collection.rb:126:in
`lookup_or_add'
 from /usr/lib/ruby/1.8/phusion_passenger/spawn_manager.rb:256:in
`spawn_rails_application'
 from
/usr/lib/ruby/1.8/phusion_passenger/abstract_server_collection.rb:80:in
`synchronize'
 from
/usr/lib/ruby/1.8/phusion_passenger/abstract_server_collection.rb:79:in
`synchronize'
 from /usr/lib/ruby/1.8/phusion_passenger/spawn_manager.rb:255:in
`spawn_rails_application'
 from /usr/lib/ruby/1.8/phusion_passenger/spawn_manager.rb:154:in
`spawn_application'
 from /usr/lib/ruby/1.8/phusion_passenger/spawn_manager.rb:287:in
`handle_spawn_application'
 from /usr/lib/ruby/1.8/phusion_passenger/abstract_server.rb:352:in
`__send__'
 from 

Re: [Puppet Users] SU on client servers

[Scott Smith]

I just change everyone's uidgid to 0:0



















*trollface*

-scott

On Tue, Sep 27, 2011 at 11:31 AM, Richard Clark n...@fohnet.co.uk wrote:

 On 27 Sep 2011, at 18:55, Damien Bridges damien3...@gmail.com wrote:

  Hi All,
 
  How do you configure puppet nodes on the puppet master to allow SUing
  to root?  I want to be able to ssh as a regular user then SU to root
  on client puppet servers.  How do you configure the puppetmaster for
  this?

 Totally dependent on the client distro/OS. This is default behaviour
 on most linux distro's that don't disable root login (RHEL/SLES etc)
 is it not?


 --
 Richard Clark
 rich...@fohnet.co.uk

 --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at
 http://groups.google.com/group/puppet-users?hl=en.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Dashboard parameters to control VIPs?

[Scott Merrill]

Some of the Red Hat Enterprise Linux servers in our environment
sometimes get assigned virtual IP addresses (eth0:1, eth0:2, etc).

Puppet Dashboard's parameters seem like an ideal way to define and
provision virtual IPs on these servers. One could create a vip1
parameter on a node, and define a value of the IP address to use for
that vip. A manifest could then be written to create the necessary /
etc/sysconfig/network-scripts/ifcfg-eth0:vip# file, plugging in the
IP address appropriately and brining up the interface when it's done.
This could then be repeated for vip2 ... vipX.

How might this work for an arbitrary number of vips?

I don't want to create unnecessary placeholder parameters (vip2 = nil,
for example).

I'd rather not create a single vips parameter with a list of virtual
IPs either (vips = 1.1.1.1, 2.2.2.2, 3.3.3.3).

Thanks!
Scott

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Trying to get a basic connection going between master and agent

[Scott Smith]

Is your Puppet client's hostname puppet-slave?
On Sep 24, 2011 10:16 AM, mlove mikelove...@gmail.com wrote:
 Hi all,

 I am trying to get a simple example going with one master and one
 puppet. I am on Debian and used apt-get install puppetmaster for the
 master and apt-get install puppet for the puppet. I was able to get
 the cert signed and imported to the master from the puppet. Now I am
 just trying to get a basic example like putting a fil in the /tmp
 directory on the puppet. I put the following in nodes.pp in /etc/
 puppet/manifests/

 node basenode {
 }
 node 'puppet-slave' inherits basenode {
 file {'testfile':
 path = '/tmp/testfile',
 ensure = present,
 mode = 0640,
 content = I'm a test file.,
 }
 }

 I run puppet agent --onetime on the puppet but when I check /tmp the
 file testfile is not there. Any suggestions?

 --
 You received this message because you are subscribed to the Google Groups
Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.


-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Official puppetlabs position on cron vs puppet as a service?

[Scott Smith]

Ohad, was rand_fqdn not sufficient for you?
On Sep 25, 2011 1:03 PM, Ohad Levy ohadl...@gmail.com wrote:
 On Sun, Sep 25, 2011 at 10:33 PM, treydock treyd...@gmail.com wrote:


 On Sep 24, 9:42 pm, Aaron Grewell aaron.grew...@gmail.com wrote:
 We had frequent inexplicable daemon crashes on Solaris, but not on RHEL5
(at
 least not yet) .   Given known issues with memory leakage in older Ruby
 releases Cron seemed more likely to be reliable.   We stuck a random
wait in
 the Cron job to spread load on the master and so far it works well.
 On Sep 24, 2011 7:22 AM, treydock treyd...@gmail.com wrote:









  On Sep 23, 5:42 pm, Brian Gupta brian.gu...@brandorr.com wrote:
  Over the years many shops have come to start running puppet via cron
to
  address memory leaks in earlier versions of Ruby, but the official
 position
  was that puppet was meant to be run as a continually running service.

  I am wondering if the official position has changed. On one hand many
if
 not
  all of the early Ruby issues have been fixed, on the other, the
addition
 of
  mcollective into the mix as a lightweight agent for triggering adhoc
 puppet
  runs, and other tasks somewhat lowers the requirements for puppet to
be
 run
  as a service. (Or out of cron for that matter).

  I understand that in cases where old Ruby versions are for whatever
 reason
  mandated the answer may be different.

  Thanks,
  Brian

  --
  http://aws.amazon.com/solutions/solution-providers/brandorr/

  Could those memory leak problems cause the Puppet daemon to crash with
  no logs indicating why? I have about 20 systems all running CentOS 5
  and 6, with Puppet 2.6.9, and I now have to have Zabbix run a /etc/
  init.d/puppet start everytime the daemon crashes which is almost on a
  daily basis for every client. Would be interested to know of a known
  fix or if the only fix is the workaround of using Cron.

  Thanks
  - Trey

  --
  You received this message because you are subscribed to the Google
Groups

 Puppet Users group. To post to this group, send email to
puppet-users@googlegroups.com.
  To unsubscribe from this group, send email to

 puppet-users+unsubscr...@googlegroups.com. For more options, visit this
group at

 http://groups.google.com/group/puppet-users?hl=en.









 Could you share how you did the random wait?  I may have to switch to
 a cron job with how often my daemons are crashing and having to be
 restarted by Zabbix.

 I used the ip_to_cron function from
 http://projects.puppetlabs.com/projects/1/wiki/Cron_Patterns

 afterwards, I just do a sleep random 59, so its also random within the
minute.

 Ohad

 Thanks
  - Trey

 --
 You received this message because you are subscribed to the Google Groups
Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.



 --
 You received this message because you are subscribed to the Google Groups
Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.


-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Templating question:

[Scott Smith]

You must be new to Ruby.
On Sep 24, 2011 3:30 PM, Peter Berghold salty.cowd...@gmail.com wrote:
 Hmmm looks suspiciously Perl-ish. ;)

 On Sep 24, 2011 4:19 PM, Steve Snodgrass phe...@gmail.com wrote:

 Peter, I'm not sure about your specific question but there is a much
 easier way of doing what you are trying to do.

 %= hosts.join(',') %

 That will replace your entire example template. :)


 On Sep 24, 2:33 pm, Peter Berghold salty.cowd...@gmail.com wrote:
 I thought I read in some docu...
 --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at
 http://groups.google.com/group/puppet-users?hl=en.

 --
 You received this message because you are subscribed to the Google Groups
Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.


-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Root User

[Scott Smith]

You realize that you can set the RHS of the from address to an fqdn, right?

On Fri, Sep 23, 2011 at 6:00 PM, Peter Berghold salty.cowd...@gmail.comwrote:

 Hi folks,

 I thought I'd get clever tonight and add to my base class for node
 configuation the statement:

 user { root : comment = Root User on ${hostname} }

 My hope was that I would change the GECOS field for the root user so that
 emails from root on the machines would identify which root they came from.


 What happened was the next run of the puppet agent resulted in a complaint
 of a cyclical reference. How do I get this to work without the cyclical
 reference?

 None of the classes that were listed as being part of the cyclical
 reference directly had dependencies on root, I'd imagine though there were
 implied references.


 --
 Peter L. Berghold
 Owner, Shark River Technical Solutions LLC

 --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at
 http://groups.google.com/group/puppet-users?hl=en.


-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.