Re: [Puppet Users] Re: Clarification on mount type behaviour

[Stefan Schulte]

Hi

On 30.03.2017 14:57, jcbollinger wrote:


mounted.  But perhaps it doesn't have to be limited that way.  Expanding
its scope to cover the options with which the filesystem is actually
mounted seems like a reasonable feature request.  And if you don't want
to wait, then very likely you can roll your own by writing and using an
extension of the existing "parsed" provider that adds the behavior you want.


John


actually there is an ancient one

https://projects.puppetlabs.com/issues/6309

that finally ended in a forge module

https://forge.puppet.com/puppetlabs/mount_providers

The problem is that if you describe the desired value (e.g. options => 
"ro"), what is the current value? The value in /etc/fstab or in 
/proc/self/mounts?


The forge module solves this dilemma by introducing two separate types 
(that can be abstracted again to one define) but since the original 
intention was to merge this back into core and this never happened I am 
not sure of the general quality of this module. When it was first 
released (which is a while back now) it introduced issues that had been 
solved in the original mount provider and have been reintroduced in the 
module (e.g. https://projects.puppetlabs.com/issues/4914) so make sure 
the module is usable first.


- Stefan

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/a9c1f057-b005-4a03-e48e-8cf82bc8f7d3%40posteo.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: writing custom fact -> return value not as expected

[Stefan Schulte]

Hey Rob,

variable interpolation in strings in ruby is actually done with
#{some_var}, so the following snippet

#!/usr/bin/ruby

"Hello World".match(/Hello (.*)/)

puts $1
puts "$1"
puts "#{$1}

actually returns

World
$1
World

As you can see "$1" does not interpolate to an earlier match.

On 10.01.2017 21:14, Rob Nelson wrote:
> At a guess, dollar signs inside double quotes interpolate, so it's
> extremely possible that somewhere earlier in the ruby run, $3 matched
> "Jan" somewhere and that was reused in your awk command. In the latter
> usage there's probably no $6 (that's a lot of matches!) or it amazingly
> has the value '$6'. I would definitely be more careful about escaping
> any dollars inside of double quoted strings that are passed to exec(),
> system(), or similar functions, as escaping that can be a nightmare when
> the stars align during your design but not weeks later during your usage.
> 
> On Tuesday, January 10, 2017 at 12:24:45 PM UTC-5, Denny wrote:
> 
> Tried out another customfact "lastyumupdate" which looks like:
> 
> |
> Facter.add(:lastyumupdate) do
>   setcode do
> Facter::Util::Resolution.exec("yum history |grep -E '^.*(Update|
> U).*$' |head -n 1 |awk '{print $6}'")
>   end
> end
> |
> 
> This one returns on command line "2017-01-10" AND sets the fact correct
> 
> |
> $ puppet facts |grep last
> "lastrebootdate": "Jan",
> "lastyumupdate": "2017-01-10",
> |
> 
> 
> Any help is appreciated :)
> 
> 
> Denny
> 
> Am Dienstag, 10. Januar 2017 17:47:36 UTC+1 schrieb Denny:
> 
> PS: I'm running facter 3.5.0 with puppet 4.8.1 on CentOS 7
> 
> 
> Am Dienstag, 10. Januar 2017 17:44:23 UTC+1 schrieb Denny:
> 
> Hi there,
> 
> probably a pretty easy to answer question.
> 
> I want to try out adding custom facts. My first custom fact
> should be "lastrebootdate"
> 
> My code looks like this:
> 
> |
> Facter.add(:lastrebootdate) do
>   setcode do
> Facter::Util::Resolution.exec("/usr/bin/who -b |awk
> '{print $3}'")
>   end
> end
> |
> 
> Running the command on the system returns "2017-01-30"
> 
> Deploying my fact on a puppet node and running the puppet
> agent returns "Jan".
> 
> |
> $ puppet facts |grep lastrebootdate
> "lastrebootdate": "Jan",
> |
> 
> What did I miss?
> 
> Thank you,
> 
> Denny
> 
> -- 
> You received this message because you are subscribed to the Google
> Groups "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to puppet-users+unsubscr...@googlegroups.com
> .
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/1fe52550-e656-415a-9197-a692d397c8bc%40googlegroups.com
> .
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/ccb700cd-6bf1-14dc-84cf-9b75d7181eca%40posteo.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] writing custom fact -> return value not as expected

[Stefan Schulte]

Hi Denny,

IIRC facter will internally run commands with a C locale to get reliable
command output on different locale settings [1]

% LC_ALL=de_DE.utf8 /usr/bin/who -b |awk '{print $3}'
19:34
% LC_ALL=en_US.utf8 /usr/bin/who -b |awk '{print $3}'
2017-01-10
% LC_ALL=C /usr/bin/who -b |awk '{print $3}'
Jan

[1] https://github.com/puppetlabs/facter/pull/696

On 10.01.2017 17:44, Denny wrote:
> Hi there,
> 
> probably a pretty easy to answer question.
> 
> I want to try out adding custom facts. My first custom fact should be
> "lastrebootdate"
> 
> My code looks like this:
> 
> |
> Facter.add(:lastrebootdate) do
>   setcode do
> Facter::Util::Resolution.exec("/usr/bin/who -b |awk '{print $3}'")
>   end
> end
> |
> 
> Running the command on the system returns "2017-01-30"
> 
> Deploying my fact on a puppet node and running the puppet agent returns
> "Jan".
> 
> |
> $ puppet facts |grep lastrebootdate
> "lastrebootdate": "Jan",
> |
> 
> What did I miss?
> 
> Thank you,
> 
> Denny
> 
> -- 
> You received this message because you are subscribed to the Google
> Groups "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to puppet-users+unsubscr...@googlegroups.com
> .
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/f91eae2b-b980-4dd5-a544-2fc0a2f8e9ef%40googlegroups.com
> .
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/df4e22da-5af0-3c78-b978-2d5c473ae0b7%40posteo.de.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature

Re: [Puppet Users] Array of properties matching_all not working

[Stefan Schulte]

On 04.12.2016 09:27, Lupin Deterd wrote:
> Hi,
>
>  I'm working on a custom type & provider. One of the property is an
> Array and I want to match every elements in it but somehow I can't
> make it work. Relevant snippet are as follow:
>
> type/zfsacl.rb
>
>   newproperty(:permission, :array => :matching_all) do

I think this should read

:array_matching => :all

instead of

:array => :matching_all

- Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/67a5b890-9fbc-9d94-dfa8-92b3ad1c05a2%40posteo.de.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Access to hiera repository

['Stefan Schulte' via Puppet Users]

Hello everyone,

I am currently working in a Linux team that decided to use Puppet as a
configuration management tool and we developed a couple of own modules,
use a lot from the forge and we keep hiera data in a separate git
repository (tools: r10k+controlrepo, one separate hiera repo not managed
by r10k, gitlabs server to manage all git repos)

The IT department is quite big and has different silos (e.g VMWare team,
Linux team, Backup team, Storage team, etc) but we (meaning the linux
team) want to use puppet to replace workflows that beforehand went
through different departments, e.g. to configure backup for a new
machine, the backup team had to create a node in their backup tool and
than give us the necessary input to generate the correct configuration
file on the new server.

Ideally I would like them to manage the data in hiera the same way as we
do, so they can leverage the hierarchy to define defaults on a subnet
level, host level, etc. but on the otherhand access to the single hiera
repo would allow them to basically reconfigure everything on a server
(like adding data for the sudo module to add custom sudo rules).

Even though this would be tracked through git logs, a lot of my
collegues are not comfortable with that (and might even be against
internal regulations) so I am wondering how you manage the fact when a
lot of different teams with different knowledge about puppet, yaml, and
git should contribute to hiera but should only manage stuff they care
about/are responsible for.

- Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/56B12FDC.8090801%40taunusstein.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: exec without a shell

['Stefan Schulte' via Puppet Users]

On 27.01.2016 15:28, jcbollinger wrote:
> [...]
> Puppet implements the "posix" provider by passing the command to
> Ruby's Kernel.exec()
> .
> [...]

Thanks for the inside view John. This would explain the current
behaviour. IIRC this behaves quite similar to perl's "system" command
(single argument vs. array). I also just remembered about some old
discussions on redmine but I could only dig up

http://projects.puppetlabs.com/issues/4288#note-16

which all talk about feeding the exec with the "array form" but that
does not work as expected either.

# test.pp
exec { 'Test03':
  command  => [ "/bin/echo", "arg1", "arg2", "arg3" ],
  provider => posix,
}
$ puppet apply test.pp
Error: Parameter command failed on Exec[Test03]: Command must be a
String,
got value of class Array at /home/stefan/test.pp:1

So without the help of the shellescape function (which I strangely never
saw in the wild before) I basically give everyone with access to hiera
data root-rights as a bonus (If I happen to use hiera data to generate
command line arguments).

I guess the sane approach would be to add a feature request to allow
passing an array as a command parameter which in turn would run ruby's
exec with an array as well, bypassing the shell.

-- Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/56A964E2.7010203%40taunusstein.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: exec without a shell

['Stefan Schulte' via Puppet Users]

On 28.01.2016 01:46, 'Stefan Schulte' via Puppet Users wrote:
> [...]
> I guess the sane approach would be to add a feature request to allow
> passing an array as a command parameter which in turn would run ruby's
> exec with an array as well, bypassing the shell.
> [...]
> -- Stefan

just for reference. There already is such a feature request:
https://tickets.puppetlabs.com/browse/PUP-3142

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/56A96695.5030508%40taunusstein.net.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] exec without a shell

['Stefan Schulte' via Puppet Users]

Hello,

I've got a quick question about the exec type. The exec type does have a
shell provider and a posix provider and the posix provider says

#
https://github.com/puppetlabs/puppet/blob/master/lib/puppet/provider/exec/posix.rb
Executes external binaries **directly, without passing through a
shell** or
performing any interpolation. This is a safer and more predictable way
to execute most commands, but prevents the use of globbing and shell
built-ins (including control logic like "for" and "if" statements).

but when I test the following manifest:

$unsafe_input = "I will fail; /bin/false"
   
exec { 'Test01':
  command  => "/bin/echo ${unsafe_input}",
  provider => posix,
}
   
exec { 'Test02':
  command  => shellquote("/bin/echo", $unsafe_input),
  provider => posix,
}


then the first test will fail (because /bin/false is executed instead of
printed), while the second test does work (I am not sure how reliable
shellquote acutally works though).

# on puppet version 4.3.1:
Notice: /Stage[main]/Main/Exec[Test01]/returns: I will fail
Error: /bin/echo I will fail; /bin/false returned 1 instead of one
of [0]
Error: /Stage[main]/Main/Exec[Test01]/returns: change from notrun to
0 failed: /bin/echo I will fail; /bin/false returned 1 instead of one of [0]
Notice: /Stage[main]/Main/Exec[Test02]/returns: executed successfully

Am I misreading the documentation here?

- Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/56A81F7C.2000702%40taunusstein.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: Prefetch in custom types in Puppet v4?

['Stefan Schulte' via Puppet Users]

On 19.01.2016 02:53, Jakov Sosic wrote:
> On 01/19/2016 02:52 AM, Jakov Sosic wrote:
>> Hi guys,
>>
>>
>> I've noticed the following problem with one of my providers in v4.
>>
>> This is the original prefetch method I used:
>>
>> def self.prefetch(resources)
>>   instances.each do |prov|
>> if resource = resources[prov[:name]]
>>   resource.provider = prov
>> +resource.provider = new(prov)
>> end
>>   end
>> end
>
> Sorry, ignore the line with `+` prefix :)
>

Are you sure the error is in the prefetch method? Looks to me like the
instances method does not return an array of provider instances but
something else (array of hashes?)

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/56A82155.2080503%40taunusstein.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: mount point directory permissions

[Stefan Schulte]

On 21.03.2014 19:53, José Luis Ledesma wrote:
 I prefer the exec resource to create the mount point ( with onlyif !
 Test-d mountpoint) and the file resource to set the proper permissions.
 
 Regards,

That's what I'd do, too. But you can use `creates` paramter to do the
check, there is no need to invoke an external command.

exec { 'create_mntpoint_/mnt/foo':
  command = '/bin/mkdir -m 0755 /mnt/foo',
  creates = '/mnt/foo',
}

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/532EA212.3060008%40taunusstein.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] How do I prevent logging of secure data?

[Stefan Schulte]

On 24.02.2014 21:13, Larry Fast wrote:
 By default puppet will report the changes to any files it updates.  If
 the file includes any secure data like passwords or private encryption
 keys, that also shows up in the logs.  Is there any way to block this
 level of logging for individual files?  Disabling it for all files is
 also acceptable.

You should be able to generally block it with the `show_diff`
configuration option [1]. It can also be deactivated on a per-file basis
[2] as long as you run a recent version of puppet (according to the
original feature request [3] this has been added in puppet 3.2)


[1] http://docs.puppetlabs.com/references/latest/configuration.html#showdiff
[2]
http://docs.puppetlabs.com/references/latest/type.html#file-attribute-show_diff
[3] http://projects.puppetlabs.com/issues/16412

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/530BBCD2.6080504%40taunusstein.net.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Let puppet configure your monitoring (here: nimsoft)

[Stefan Schulte]

Hi puppet users,

just wanted to know if there are any puppet users who are using nimsoft
as a monitoring tool? We are currently switching to nimsoft at $work and
I noticed that for a proper monitoring configuration I need information
that is already written down in our puppet manifests.

E.g. to correctly set up logfile monitoring I need to know if the server
is running an oralce database and if so I need to know the configured
oracle instances and the location of the alertlog files. Since we
install the oracle software and instances through puppet, puppet already
has all the info.

I created a few custom types to modify the nimsoft agent's configuration
[1] and would love to get some feedback from other nimsoft users or just
share your experience with nimsoft and puppet and how you automate things.

If you use a different monitoring tool: How much is your monitoring
puppetized? Do you configure your monitoring by hand? Is your monitoring
system so smart that it does not need a lot of manual configuration, or
do you use tools like puppet to automatically create configurations?

-Stefan

[1] https://github.com/stschulte/puppet-nimsoft

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/530A6FA6.6070904%40taunusstein.net.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] matching all current ipaddress_ethX facts

[Stefan Schulte]

On 21.11.2013 13:32, cko wrote:
 Hi,
 
 I'm currently trying to solve the following problem:
 
 I wrote a module that matches the $ipaddress fact for certain IP
 subnets (like 20.20.2... or 30.30.2..). Depending on the subnet, the
 variable $proxy-server changes.
 
 The problem is, that some of our physical machines have a random number
 of interfaces connected to many different subnets. In some cases the
 $ipadddress fact returns the correct subnet, lets call it production
 server lan and some don't.
 
 Is there any way to make puppet check every available NIC for a specific
 subnet/ regex? Something like this:
 
 if $ipaddress_eth*** =~ /^20\.20\.\..*$/ {
$proxy-server = foo
 }
 .
 
 -- 

I'd recommend to write a custom fact that returns your production
server lan ipaddress first and then check only that fact against your
regular expression. The custom fact may look like this:


 require 'ipaddr'
 require 'facter/util/ip'

 Facter.add(:ipaddress_production) do
   setcode do
 production_networks = [
   IPAddr.new('20.20.2.0/24'),
   IPAddr.new('30.30.2.0/24')
 ]
 production_ip = nil

 Facter::Util::IP.get_interfaces.each do |interface|
   ip = Facter::Util::IP.get_interface_value(interface, 'ipaddress')
   if production_networks.any? { |network| network.include? ip }
 production_ip = ip
   end
 end
 production_ip
   end
 end

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/529EEEB6.8090601%40taunusstein.net.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Accessing methods of parent provider

[Stefan Schulte]

On 14.07.2013 02:27, Schofield wrote:
 I'm taking some time to refactor a custom provider.  I'm trying to move
 common code into a parent provider so that it can be shared among all
 custom resource providers in the puppet module.  While verifying I can
 call methods in the parent provider I get the following error:
 
 Error: Could not prefetch jboss7_deployment provider 'jboss7':
 undefined method `echo' for
 Puppet::Type::Jboss7_deployment::ProviderJboss7:Class
 
 Here are the relevant snippets of code
 
 class Puppet::Provider::Jboss7  Puppet::Provider
   def echo(arg)
 info arg
   end
 end

so your provider has an instance method echo ...

 
 require 'puppet/provider/jboss7'
 Puppet::Type.type(:jboss7_deployment).provide(:jboss7, :parent =
 Puppet::Provider::Jboss7) do
   echo hello world
   ...
 end

.. and here you are calling echo in  a class context that will execute
as soon as the corresponding file is loaded. So depending on your actual
goal you should either only call echo in an instance method

Puppet::Type.type(:jboss7_deployment).provide(:jboss7, :parent =
Puppet::Provider::Jboss7) do
  def create
echo I was created
  end
end

or, if you want to call the `echo` method at class level (e.g.
self.prefetch), define your method as a class method in your parent provider

class Puppet::Provider::Jboss7  Puppet::Provider
  def self.echo(arg)
info arg
  end
end

Does this make sense?

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Purged packages cause servers to always list as changed in Dashboard

[Stefan Schulte]

On 12.07.2013 06:57, Kim Scarborough wrote:
 So I have a module that set several packages to purged. This generates
 messages like this in the log on every run:
 
 puppet-agent[27671]: (/Stage[main]/Foo/Package[ghostscript]/ensure) created
 
 That doesn't bother me in and of itself, but the problem is that those
 messages mark the server as Changed in Puppet Dashboard.
 
 What can I do about this?
 

Are you running on RedHat (or some other OS that uses yum)? You may hit
https://projects.puppetlabs.com/issues/11450 in this case. Specifying an
ensure state of `absent` should work as a workaround on these platforms.

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] ssh_authorized_key - does not show up in puppet resource

[Stefan Schulte]

On 12.07.2013 20:06, Dan White wrote:
 I am getting into managing user accounts with Puppet - and having a blast ! 
 
 I stumbled on this and wanted to ask: 
 
 If I type :   I get:
 puppet resource user  The expected puppet list of all the logins. 
 puppet resource file  Error: Could not run: Listing all file 
 instances is not supported.
   Please specify a file or directory, e.g. 
 puppet resource file /etc
 puppet resource file /etc/passwd  A puppet resource as I would expect
 
 HOWEVER !
 If I type puppet resource ssh_authorized_key  I get nothing.  No error, no 
 output.  Bupkis !
 
 I even tried the model of the file resource and tried:
 puppet resource ssh_authorized_key name of a resource I defined and realized
 ...and still got nothing.
 
 Is this expected behavior or what ?

`puppet resource` does only work for a limited set of resource types:
a) there is such a thing as a list of resources (e.g. it does not work
for the exec resource type because you can execute endless combinations
of commands)
b) the list can be generate without any additional information

The first one is obvious I guess. The second one is more important here:
If I ask puppet about users, puppet can get a list pretty easily (in the
end it is like running `getent passwd` on the commandline). If you ask
for a list of ssh keys: How should puppet know where to look for ssh keys?

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] ssh_authorized_key - does not show up in puppet resource

[Stefan Schulte]

On 12.07.2013 21:45, Dan White wrote:
 Great answer..
 
 On the second point -- how to generate an answer -- in
 /etc/ssh/sshd_config is a paramer named AuthorizedKeysFile which
 defaults to
 
 ~/.ssh/authorized_keys
 
 That is a starting point !
 

Yeah you're probably right that you could
- look at the operating system to guess the location of the sshd_config
file (IIRC HP-UX has this file someplace under `/opt`)
- lookup the AuthorizedKeysFile parameter and handle the fact when it is
not explicitly defined
- don't take the path literally, e.g. search for `%h` or `%u`. If a
placeholder was found, query all users/all homedirectories to generate
an array of files

Yep it is possible but I'm not sure there is a usecase worth the effort.

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Force osfamily value

[Stefan Schulte]

On Fri, 7 Jun 2013 07:03:21 -0700 (PDT)
Charly Mathieu mathieu.cha...@gmail.com wrote:

 Actually, it doesn't get better. Nice try ^^
 

What version of facter are you using now? Can you please post the output
of

% facter facterversion operatingsystem osfamily
facterversion = 1.7.0
operatingsystem = Gentoo
osfamily = Gentoo

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] ssh_authorized_key filling /var/log/messages

[Stefan Schulte]

On Mon, 3 Jun 2013 09:15:56 -0700 (PDT)
Marek Dohojda chro...@gmail.com wrote:

 
 
 On Saturday, June 1, 2013 1:59:36 PM UTC-6, Stefan Schulte wrote:
 
  On Fri, 31 May 2013 15:56:30 -0700 (PDT) 
  Marek Dohojda chr...@gmail.com javascript: wrote: 
 
   Having weird issue that I can't seem to find any solution to: 
   
   puppet 2.7.21 and 2.6.9 
   
   here is my stanza: ssh_authorized_key{ �$name�: 
   
 ensure = present, 
 name = $name, 
 key = $key, 
 type = $type, 
 user = $name, 
 require = File[$myhome/.ssh] 
   
   } 
 
  a common pitfall is that name contains spaces (at least trailing
  spaces should cause issues) or that people specify the key
  parameter as something like ssh-rsa  B3NzaC1kc3MAAA while
  instead you have to specify B3NzaC1kc3MAAA as the key and
  ssh-rsa as the type. 
 
  So does `$key` contain any spaces? Does `$name` contain any
  trailing spaces? 
 
  Can you please post one of the entries that is filling up 
  your /var/log/messages? 
 
  -Stefan 
 
 
 I wish it was so simple :) I ensured the keys are fine, and there are
 no spaces.
 
 here is a sample (sanitized)
 (/Stage[main]/class/class::Mkuser[user]/Ssh_authorized_key[user]/ensure)
  
 created
 
 
 
 
  
 

So puppet thinks the key is absent otherwise it would not print this
message. But you also do not see duplicate key entries, right?

Without your actual manifest and the file content I can only take
guesses here:

- do you manage the authorized key file in any way besides
  ssh_authorized_key resources? Are you sure you do not have some file
  { 'authorized_key' :ensure = absent} around that would cause puppet
  to delete and recreate the file in every run?
- for security reasons the authorized_key file is modifed as the user
  specified with the `user` parameter. Is this one able to read and
  write to the file? Is `~username/.ssh/authorized_keys` owned by
  the user specified with the `user` parameter?
- do you have the same key in another `authorized_key` file regardless
  if you manage this second key with puppet or not? By the same key, I
  mean an ssh key with the same comment (which puppet mapps to the
  `name` parameter)

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] ssh_authorized_key filling /var/log/messages

[Stefan Schulte]

On Fri, 31 May 2013 15:56:30 -0700 (PDT)
Marek Dohojda chro...@gmail.com wrote:

 Having weird issue that I can't seem to find any solution to:
 
 puppet 2.7.21 and 2.6.9
 
 here is my stanza: ssh_authorized_key{ “$name”:
 
   ensure = present,
   name = $name,
   key = $key,
   type = $type,
   user = $name,
   require = File[$myhome/.ssh]
 
 }

a common pitfall is that name contains spaces (at least trailing spaces
should cause issues) or that people specify the key parameter as
something like ssh-rsa  B3NzaC1kc3MAAA while instead you have to
specify B3NzaC1kc3MAAA as the key and ssh-rsa as the type.

So does `$key` contain any spaces? Does `$name` contain any trailing
spaces?

Can you please post one of the entries that is filling up
your /var/log/messages?

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Having trouble with facter - invalid argument

[Stefan Schulte]

On Wed, 8 May 2013 06:49:32 -0700 (PDT)
jcbollinger john.bollin...@stjude.org wrote:
 Examining the code doesn't reveal any obvious error.  Facter uses
 this:
 
   def
 self.read_sysfs_dmi_entries(path=/sys/firmware/dmi/entries/1-0/raw)
 if File.exists?(path) File.read(path)
 end
   end
 
 That /sys/firmware/... path does not appear anywhere else in Facter
 that I (and Google) can find. That suggest that either the exists?
 test or the read must be causing the error to be emitted in your
 environment, but it's not clear which, or why.

So I guess the best would be to collect the following output

% ruby --version
% ls -l /sys/firmware/dmi/entries/1-0/raw
% stat /sys/firmware/dmi/entries/1-0/raw
% ruby -e 'puts :ok if File.exists?(/sys/firmware/dmi/entries/1-0/raw)'
% ruby -e 'puts :ok if File.read(/sys/firmware/dmi/entries/1-0/raw)'

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Re: Puppermaster certificate expired

[Stefan Schulte]

On Thu, 9 May 2013 17:10:51 +0200
Lorenzo Salvadorini lorenzo.salvador...@softecspa.it wrote:

 2013/5/9 Nicolai Mollerup nicolai.molle...@gmail.com
 
  Anyway I think the easy way is to setup some autosigning of clients
  after creating a new CA.
  Think you will have to clean the ssl-dir on clients for this to
  work, though.
 
  Since we are going to make a brand new puppetmaster here sometime
  before our CA expires that will be my approach to make the
  transition smoother.
 
 
 we are exactly at the same point: currently moving our puppetmaster on
 another host, struggling against CA hostname in SSL Certificates and
 thinking how to approach the refresh of all certificates on agents.
 
 Autosigning for some day could be a good approach for us too, since
 we have our racks with predefined networks IPs and master on amazon,
 so amazon agents can contact master via internal network.
 
 We already manage agents configuration with a puppet module, do you
 think we can do the SSL substitution with a recipe in puppet itself?
 

I'd not try to remove ssl certificates during a puppetrun because I
expect that every file resource with a `source` parameter will fail
after that point and the agent would not be able to send the last report
to the old master.

We had a slightly different approach when migrating our agents to a new
master. We run puppet out of cron and the cronentry is also managed by
puppet. Now we have the following simplified puppet::agent class:

# need_migration is mostly calculated by checking the agent's
# version and the current puppetmaster
if $need_migration {
  $cron_command = '/var/lib/puppet/migrate.sh'
}
else {
  $cron_command = '/usr/bin/puppet agent'
}

cron { 'puppet_clientrun':
  command = $cron_command
}

If an agent contacts the old puppetmaster and need_migration evaluates
to false, the agent will replace its cronjob with the migration script,
so in the next interval we run the migration script instead of the
puppet agent.

The migration script updates the puppet software, updates the server
setting in puppet.conf and erases the ssl directory (this is only done
once in case the migrate.sh is executed more than once). The migrate.sh
script will also trigger a normal puppetrun as the last step, so
the puppet agent will create new certificates. The `migrate.sh` keeps
running every hour until someones signes the new certificate request
on the new master. Once the request is signed and the agent is able to
contact the new mater, the $need_migration will evaluate to false and
the migrate.sh in cron is replaced with the normal puppet agent
invocation.

This way we keet the removal of the ssl directory completly outside of
puppet. We can also be sure that hosts that had puppet temporarily
disabled will be instructed to migrate after they contact the (old)
master again.

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] ignoring a service that doesn't exist

[Stefan Schulte]

On Thu, 9 May 2013 13:58:45 -0700 (PDT)
John Simpson j...@voalte.com wrote:

 I've done the following, it ended up being a bit simpler for me when
 I'm not sure what random services a new CentOS install has installed
 and/or enabled...
 
   define no_service ( ) {
 service { ${name} :
   ensure = stopped ,
   enable = false ,
   status = stat -t /etc/rc?.d/S??${name}  /dev/null 21 ,
 }
   }
 
 You can then declare individual service names, or lists of service
 names, each of which will be disabled and shut down if the service is
 enabled. If a particular service doesn't exist, the puppet agent does
 nothing.
 
   no_service { 'ip6tables' : }
   no_service { [ 'nfslock' , 'portmap' , 'xyzzy' ] : }
 
 The only caveat is, if a service is disabled (i.e. chkconfig service
 off) but the service is still running, the puppet agent won't stop
 it. Of course, if you have a service which is normally off and you've
 only enabled it to test something, this could be a good thing...
 

you should be able to just specify `hasstatus = false`. This way
puppet will check the process list in order to get the current status
and will not run the (absent) initscript to get the status.

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] PuppetDB: SSL problems

[Stefan Schulte]

On Wed, 8 May 2013 07:01:56 -0700 (PDT)
kl.puppetu...@gmail.com wrote:

 
 Error: Could not retrieve catalog from remote server: Error 400 on
 SERVER: Failed to submit 'replace facts' command for gaia.local
 to PuppetDB at puppetdb.local:8081: SSL_connect SYSCALL returned=5
 errno=0 state=SSLv3 read finished A
 Warning: Not using cache on failed catalog
 Error: Could not retrieve catalog; skipping run
 

seems to be an issue with OpenJDK7. Reverting to Java6 solved the
problem for a lot of users.

issue is described here: http://projects.puppetlabs.com/issues/19884

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Trouble writing authorized_keys2

[Stefan Schulte]

On Tue, 7 May 2013 10:11:44 -0400
Bret Wortman bret.wort...@damascusgrp.com wrote:

 I've got a situation where a manifest fails when writing one
 particular key for a user. What I have is a manifest that looks like
 this:
 
 class my::accounts () {
 
 Ssh_authorized_key {
 ensure = present,
 type = ssh-dss,
 }
 
 Then, after making sure the user, group, and authorized_keys2 file
 exist:
 
 ssh_authorized_key { key-name-1:
 key = omitted,
 user = user,
 target = /home/user/.ssh/authorized_keys2,
 require = File[/home/user/.ssh/authorized_keys2],
 }
 
 There's a lengthy series of these -- most of them work, but one will
 fail with this error:
 
 Error: Puppet::Util::FileType::FileTypeFlat could not write
 /home/user/.ssh/authorized_keys2: Permission denied -
 /home/user/.ssh/authorized_keys2
 Error: /Stage[main]/My::Accounts/Ssh_authorized_key[key-name-8]:
 Could not evaluate: Puppet::Util::FileType::FileTypeFlat could nto
 write /home/xmmgr/.ssh/authorized_keys2: Permission denied -
 /home/user/.ssh/authorized_keys2
 
 This is not the first nor the last key, and I get around 19 entries
 in the file, so I'm not seeing why this one in particular is failing.
 Structurally, it looks exactly like all the others. Any ideas?
 
 Thanks!
 

Do you also see notice messages about changing targets? If a ssh key is
already present in targetA and you specifiy targetB in your manifest,
puppet will try to migrate the key from targetA to targetB. As a result
puppet has to rewrite both targetA (remove the key) and targetB (add
the key) and there is a know bug where puppet tries to write the files
with the wrong user context (hence the Permission denied messages).

So if you see target change events, you'll probably hit
http://projects.puppetlabs.com/issues/10850#note-12

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Having trouble with facter - invalid argument

[Stefan Schulte]

On Tue, 7 May 2013 13:00:53 -0700 (PDT)
Charlie Brune goo...@bruneworld.com wrote:

 [root@hogwarts ~]# facter --debug --timing virtual
 kernel: 2.97ms
 Could not retrieve virtual: Invalid argument - 
 /sys/firmware/dmi/entries/1-0/raw
 virtual: 50.26ms
 lsbdistid: 0.53ms
 value for lsbdistid is still nil
 operatingsystem: 2.00ms
 hardwaremodel: 3.36ms
 architecture: 10.61ms
 virtual: 34.97ms
 physical
 
 
 Charlie
 

Still not sure what is going on here. I guess the Invalid argument
is the output of an external command that is failing. So if you
could make the following modification in `util/resolution.rb` (the
exact path may be different on your machine, on mine it
is
`/usr/lib/ruby/gems/1.9.1/gems/facter-1.7.0/lib/facter/util/resolution.rb`)

goto line 171 and change

  
begin
  out = %x{#{code}}.chomp
  [...]

to

begin
  Facter.debug about to execute #{code}
  out = %x{#{code}}.chomp
  [...]

if you now run `facter --debug virtual` you should see the exact
external commands facter is executing. This migh be helpful when
finding the root cause of your problem here.

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Having trouble with facter - invalid argument

[Stefan Schulte]

On Mon, 6 May 2013 10:26:38 -0700 (PDT)
Charlie Brune goo...@bruneworld.com wrote:

 I'm trying to install Puppet on a Fedora 17 box.
 
 The puppet agent --test command fails with this error message:
 
 Could not retrieve virtual: Invalid argument - 
  /sys/firmware/dmi/entries/1-0/raw
 
 
 I get the same error message if I type the command facter virtual.

can you please provide the output of

facter -v

(this should return the version you are using) and

facter --debug --trace virtual

When running the last command, you'll hopefully see a strack trace
so we can see where the error actually happens.

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Retrieve scoped resource defaults from class method in custom type

[Stefan Schulte]

On Tue, 30 Apr 2013 15:37:11 -0700
Ryan Uber r...@ryanuber.com wrote:

 [accidently sent this to puppet-dev, re-posting to puppet-users]
 
 Hello puppet-users,
 
 I am working on a module that provides a custom type. The type when
 called will create new resources in the catalog using syntax like:
 
 Puppet::Type.type(:file).new(:title = 'blah')
 
 This works fine and the resources are added as expected. However, I am
 unable to apply any scoped defaults to the generated resources. So
 something like:
 
 File {
   mode = 0750
 }
 

were do you generate the resources? Puppet already has a method
eval_generate that every type can implement and which has to return
an array of generated resources (that's how puppet generates implicit
file resource when you use `recurse`). These resources are
automatically added to the catalog.

So e.g.

Puppet::Type.newtype(:foo) do
  newparam(:name)
  [...]
  def eval_generate
resources = []
resources  Puppet::Type.type(:file).new(:title = 'blah')
resources
  end
end

I played with it a little bit (wanted to make a proof of concept for
a `dirtree` type that simulates the behaviour of `mkdir -p`) but I hit
problems because autorequirements of generated resources do not seem to
work (e.g. You have File['/foo'] in your puppet manifest and your
custom type generates a resource File['/foo/bar'] there a no automatic
dependencies so File['/foo/bar'] may be applied before File['/foo'] but
maybe I am wrong about that one.

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Windows Puppet waits for CR, then warns Facter::Util::Resolution.exec with a shell built-in is deprecated

[Stefan Schulte]

On Mon, 22 Apr 2013 10:08:45 +0200
Dirk Heinrichs dirk.heinri...@altum.de wrote:

 On Mon, Apr 22, 2013 at 12:45:35AM -0700, Paul Tötterman wrote:
 
  Shouldn't environment variables be case-insensitive? What code is 
  responsible for expanding those environment variables?
 
 This is Windows, so I'd say: It depends. I can do this:
 
 C:\Program Files (x86)\Puppet Labs\Puppet\binecho %SYSTEMROOT%
 C:\Windows
 
 C:\Program Files (x86)\Puppet Labs\Puppet\binecho %SYSTEMRoot%
 C:\Windows
 
 But, as seen, expanding %SYSTEMROOT% in %PATH% only seems to work when
 it's all uppercase...
 

Maybe this does not apply to your case but I once saw a crappy
application that changed the type of the registry key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session
Manager\Environment to REG_SZ (instead of REG_EXPAND_SZ). This way
other environment variables inside PATH (like %SYSTEMROOT%) were not
expanded anymore and it took me ages to discover that one ;-)


-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Passenger failing sporadically

[Stefan Schulte]

On Mon, 22 Apr 2013 07:06:50 -0700 (PDT)
Drew Blessing drew.bless...@mac.com wrote:

 We're having a very strange issue with Puppet running on Passenger.
 Every day or 2, our clients start receiving Passenger back traces.
 It's the generic Ruby (Rack) application could not be started.  My
 initial thought was that this is a resource/configuration problem.
 Maybe we're overrunning our resources or need to tune Passenger.
 However, the way we have to temporarily fix it leads me to believe
 it's not related to Passenger configuration or resources issues.
 
 A simple Apache restart will not fix the issue.  In *every* case the
 fix is to stop Apache, start the puppetmaster service, stop the
 puppetmaster service, and start Apache again.  Any other combination
 will not work.  So there is something significant about what's
 happening when puppetmaster process starts.  Any ideas what could be
 causing our grief?
 
 Thanks for your help.
 

If you run puppet through passenger, passenger will start the puppet
master process as the puppet user. This means that if some
files cannot be accessed by the puppet user you'll have a problem.

If you run puppet via `service puppetmaster start`, the
puppetmaster will start as root, makes sure that
`/var/lib/puppet/ssl` and stuff are owned by puppet, and will then drop
priviledges and continue to run as the puppet user.

Do you run the agent on the puppetmaster, too? Then check the logs
(typically syslog) wether the puppet agent performed any changes, or run
your agent from the commandline with `--verbose` and check the console
output.

E.g. I had a problem in the past where the agent pluginsynced some
plugins into `/var/lib/puppet/lib` and set ownership in a way that the
puppetmaster was not able to access the plugins anymore.

Second: When you have the problem the next time, stop apache and then
start the master as `puppet master --no-daemonize --verbose --debug`.
This way you'll hopefully see if the master process fixes something
during the startup-as-root-phase (and therefore cannot be fixed if you
start your puppet master under passenger).

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Windows Puppet waits for CR, then warns Facter::Util::Resolution.exec with a shell built-in is deprecated

[Stefan Schulte]

On Fri, 19 Apr 2013 13:50:59 +0200
Dirk Heinrichs dirk.heinri...@altum.de wrote:
 I'm facing a similar problem, on one single Windows machine out of
 more than 100. If I run any puppet command, I get above warning.

We'll first try to get a clearer error message. Please go to your facter
installation directory on your agent and modify the file
`util/resolution.rb`. Change

Facter.warnonce 'Using Facter::Util::Resolution.exec with a shell built-in is 
deprecated. Most built-ins can be replaced with native ruby commands. If you 
really have to run a built-in, pass cmd /c your_builtin as a command' unless 
expanded_code

to

Facter.warnonce Using Facter::Util::Resolution.exec with a shell built-in 
(here: #{code}) is deprecated. Most built-ins can be replaced with native ruby 
commands. If you really have to run a built-in, pass \cmd /c your_builtin\ as 
a command unless expanded_code

Then run your agent again. This way you should see the command that
puppet complains about.

 Additionally, it can't execute the following simple class to update
 the puppet.conf file:
 
 class puppetconf {
   service { 'PuppetAgent':
 name = 'puppet',
 ensure = 'running',
 enable = 'true',
 subscribe = File['puppet.conf'],
   }
 
   file { 'puppet.conf':
 path = 'C:/ProgramData/PuppetLabs/puppet/etc/puppet.conf',
 ensure = file,
 source = 'puppet:///modules/puppetconf/puppet.conf',
   }
 }
 
 It fails with the following error:
 
 Error: /Service[PuppetAgent]: Could not evaluate: Could not find init
 script for 'puppet'

Can you provide the output of your agent when you run with `--debug`?
This way we should be able to see the actual provider the agent picks
for the service resource.

Also the output of the following command would be helpful

facter operatingsystem

the above command should return windows

net.exe

the above command should be found. If not please check your path
(try running `facter path`)

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Windows Puppet waits for CR, then warns Facter::Util::Resolution.exec with a shell built-in is deprecated

[Stefan Schulte]

On Tue, 16 Apr 2013 22:46:53 -0700 (PDT)
Larry Fast lfast1...@gmail.com wrote:
 
 Side issue: diagnostics could have been better.  The error did not
 indicate a source file. And Pluginsync does not indicate the source
 module for any of the files it loads.  Not even in debug mode.
 

FYI: I created a feature request for a better deprecation message:
http://projects.puppetlabs.com/issues/20321

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Re: Puppet and OVO/ITO/OML

[Stefan Schulte]

On Sun, 7 Apr 2013 02:16:07 -0700 (PDT)
ro...@liveperson.com wrote:

 Thanks for all the information Stefan!
 I'd be happy to see the module you're using if it's possible.
 
 Roee.
 

Ok so I have a hpoml::client class to include at node level. It
basically consists of a hpoml::user class where I define the `opc_op`
User and the `opcgrp` group (to have consistent uid and gid across
machines) and the class hpoml::client::package. I guess I can share
that one:

class hpoml::client::package ($server = 'your_master_server', $minversion = 
'11.11.025') {

  if ! ($::operatingsystem in [ 'Solaris', 'RedHat' ]) {
fail operatingsystem ${::operatingsystem} is currently not supported. Must 
be one of Solaris, RedHat
  }

  $installer = '/some/nas/share/Agt_11.11.x/oainstall.sh'
  $install_arguments = '-install -agent -includeupdates -defer_configure'
  $update_arguments = '-install -agent -includeupdates'

  exec { 'Install_OML':
command  = ${installer} ${install_arguments},
creates  = [
  '/opt/OV/bin/ovc',
  '/opt/OV/bin/ovconfget',
],
timeout  = '1800',  # 30 minutes
  }

  exec { 'Configure_OML':
command = '/opt/OV/bin/OpC/install/oainstall.sh -configure -agent',
creates = [
  '/var/opt/OV/installation/inventory/HPOvAgtLc.xml',
  '/var/opt/OV/installation/inventory/HPOvBbc.xml',
  '/var/opt/OV/installation/inventory/HPOvConf.xml',
  '/var/opt/OV/installation/inventory/HPOvCtrl.xml',
  '/var/opt/OV/installation/inventory/HPOvDepl.xml',
  '/var/opt/OV/installation/inventory/HPOvEaAgt.xml',
  '/var/opt/OV/installation/inventory/HPOvGlanc.xml',
  '/var/opt/OV/installation/inventory/HPOvPacc.xml',
  '/var/opt/OV/installation/inventory/HPOvPerfAgt.xml',
  '/var/opt/OV/installation/inventory/HPOvPerfMI.xml',
  '/var/opt/OV/installation/inventory/HPOvPerlA.xml',
  '/var/opt/OV/installation/inventory/HPOvSecCC.xml',
  '/var/opt/OV/installation/inventory/HPOvSecCo.xml',
  '/var/opt/OV/installation/inventory/HPOvXpl.xml',
  '/var/opt/OV/installation/inventory/Operations-agent.xml',
],
require = Exec['Install_OML'],
  }

  exec { 'Activate_OML':
command = /opt/OV/bin/OpC/install/opcactivate -srv ${server} -cert_srv 
${server},
unless  = /opt/OV/bin/ovconfget sec.core.auth MANAGER | /bin/grep 
${server},
require = Exec['Configure_OML'],
  }

  # only patch if ovo is already installed and if the current version
  # is below the minversion. We do not downgrade.
  if $::opcagtversion and versioncmp($::opcagtversion, $minversion)  0 {
exec { 'Patch_OML':
  command = ${installer} ${update_arguments},
  timeout = '1800',  # 30 minutes
  require = Exec['Install_OML'],
}
  }
}

works pretty well. If we get a new version I try the installer by hand
a couple of times (the class does not downgrade, only upgrade). If it
does not fail I bump the $minversion default parameter and puppet will
patch all my systems.

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Re: Puppet and OVO/ITO/OML

[Stefan Schulte]

On Thu, 4 Apr 2013 02:29:51 -0700 (PDT)
ro...@liveperson.com wrote:

 Hi Stefan,
 I know it's an old post, but I'll be happy to hear more about how
 you're doing the agent installations with puppet, and maybe even get
 some code from you if it's possible. :)
 Is there an option to contact you?
 

You can contact me by mail or just replying on this list. The
repository https://github.com/stschulte/puppet-hpom is still up if you
are interested in custom types. I'm happy to merge in pull request, too.

About the installation itself:

I do not have the code around right now but I install the agent with an
exec resource from a NAS share (something along oainstall.sh -i -a
-includeupdates -defer_configure). The same is true for configuration
(oainstall.sh -c -a -s $server) and activation (If you have a lot of
updates and hotfixes, doing the installation and configuration in
seperate steps will be a *a lot* faster)

I also have an if clause to check the custom fact opcagtversion against
the desired version (with the versioncmp function) and trigger another
exec to update the agent if necessary.

If you want a more concrete example I'll check the module at
work and will see what I can actually make public.

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Flush provider - Differentiating between new resource and modification?

[Stefan Schulte]

On Fri, 5 Apr 2013 00:57:32 -0700 (PDT)
Gavin Williams fatmc...@gmail.com wrote:

 Morning all
 
 I'm working on converting some of my NetApp providers to
 prefetch/flush style to try and optimize performance. 
 
 I've hit an issue on my Netapp_user provider, around handling
 resource creation versus resource modification? 
 What's the easiest way to differentiate? 
 
 Current code is here: 
 https://github.com/fatmcgav/fatmcgav-netapp/commit/66092978f4182c5474a60011db99ee2e3e12e689
 
 Any tips appreciated. 
 
 Regards
 Gavin 
 

There is no way to check *why* the flush method was called, you just now
that at least one property has been updated. You do not see if `ensure`
updated or let's say `passmaxage`. Does this actually cause problems?

One thing I've spotted is that your create method does update the
@property_hash[:ensure] value but no other value. This seems to be
wrong because if the resource was absent before, @property_hash is
initally an empty hash. Because when `ensure` changes no other
properties are synced you don't have the desired values of all the other
properties available in the `flush` method. So your `create` method
should propably look like

def create
  resource.class.validproperties.each do |property|
if value = resource.should(property)
  @property_hash[property] = value
end
  end
end

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] facter fact within a custom provider

[Stefan Schulte]

On Fri, 22 Mar 2013 10:29:22 -0700 (PDT)
Jist Anidiot jistanid...@gmail.com wrote:

 I have a custom package provider.  However within the ruby code, I
 need access a custom facter fact (which has the path to the
 executable which handles the package installation). 
 
 I tried doing lookupvar('bin_path' ) but it complained undefined
 method `lookupvar'
 
 So how do I reference a facter fact from within a custom provider?
 
 Thanks in advance.  
 

to get the value of a fact (no matter if it is a custom fact or a
buildin fact) use `my_path = Facter.value(:bin_path)`

-Stefan


-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Re: Custom ensure instead of ensurable in type provider

[Stefan Schulte]

On Wed, 13 Mar 2013 09:00:18 -0700 (PDT)
jcbollinger john.bollin...@stjude.org wrote:
 Your problem is that you are conflating distinct (for your purposes) 
 aspects of your resource's state.  If you care at times whether the 
 variable is declared at all or not, and at other times what its value
 is, then those should be separate properties.  Your resource
 declarations will then look like this:
 
 env_var { 'AWESOMENESS':
   value = 'meh',
   # optional:
   ensure = present
 }
 
 or
 
 env_var { 'AWESOMENESS':
   ensure = absent
 }
 
 
 John
 

I tend to disagree here. If the presence of an environment variable
inherently means that it has a value and the absence of a value
inherently means that the resource is absent I don't see the point in
having two properties.

I'd suggest to not use ensurable and define the ensure property
yourself:

in your type:

newproperty(:ensure) do
  newvalues :absent
  newvalues /.*/ # or whatever is valid for a value
end

in your provider, drop exists?, create and destroy and use

def ensure
  if value = get_environment_variable(resource[:name])
value
  else
:absent
  end
end

def ensure=(new_value)
  if new_value == :absent
destroy_environment_variable(resource[:name])
  else
set_environment_variable(resource[:name], new_value)
  end
end

you can then either specify

env_var { 'TMP':
  ensure = 'C:\TEMP'
}

or
env_var { 'TMP':
  ensure = absent,
}

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Sometimes getting 'undef' in template

[Stefan Schulte]

On Sun, Jan 06, 2013 at 08:54:23AM -0500, Brian Lalor wrote:
 Morning, all.  I've got a problem with a custom class and template that has 
 me stumped.  I've created the following class:
 
 class graphite::carbon(
 $cache_port = 2003,
 $cache_enable_udp = false,
 $cache_udp_port = $cache_port,
 ) {
 package {'carbon': }
 
 file {'/etc/carbon/carbon.conf':
 content = template(graphite/carbon.conf.erb),
 
 require = Package['carbon'],
 notify  = Service['carbon-cache'],
 }
 
 service {'carbon-cache':
 enable  = true,
 ensure  = running,
 
 require = Package['carbon'],
 }
 }
 
 carbon.conf.erb contains this:
 
 UDP_RECEIVER_PORT = %= cache_udp_port %
 
 And I use the class like this:
 
 class {'graphite::carbon': }
 
 The problem I'm having is that, without making any changes *AT ALL* 
 UDP_RECEIVER_PORT will sometimes have the default port of 2003 and other 
 times undef.  This is with Puppet 2.7.17 in standalone mode.
 
 Am I doing something wrong with the definition of cache_udp_port?  I want it 
 to default to the value provided for cache_port, which defaults to 2003.
 
 Thanks,
 Brian
 

No you are doing nothing wrong except that variable interpolation is
random so you get random results if the default value of parameterA
depends on the value of parameterB.

This has been accepted as a bug so you may want to watch
http://projects.puppetlabs.com/issues/9848

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] expiry attribut of users applied every time

[Stefan Schulte]

On Wed, Dec 12, 2012 at 04:19:17AM -0800, digrouz wrote:
 Hello,
 
 Any updates when the fix will be implemented?
 
 

Hi digrouz,

I am currently assigned to the ticket
http://projects.puppetlabs.com/issues/11675 and have done some work
already. The problem is that I first have to improve the test coverage
to do any real changes so it is more work than I had expected.

I hope I'll have a pull request ready around christmas.

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] /etc/ssh/ssh_known_hosts not world readable when using sshkey resource

[Stefan Schulte]

On Sat, Dec 01, 2012 at 09:58:43AM -0800, Yanis Guenane wrote:
 When I apply a sshkey resource I do obtain the /etc/ssh/ssh_known_hosts 
 file, but it is not world reable.
 
 According to the ssh man page,
 
  /etc/ssh/ssh_known_hosts
   Systemwide list of known host keys.  This file should be 
  prepared by the system administrator to contain the public host keys of all 
  machines in the organization.  It should be world-readable.  See sshd(8) 
  for further details of the format of this file.
 
 
 Is there any specific reason why when Puppet generates it it is only user 
 (root) Readable and Writable ? Security maybe ?
 

No it is a bug http://projects.puppetlabs.com/issues/2014 that happens
when the file was not present before and the sshkey provider needs to
create it first.

You can use a file resource to actually set the correct permissions,
like

file { '/etc/ssh/ssh_known_hosts':
  ensure = file,
  owner  = 'root',
  group  = 'root',
  mode   = '0644',
}

Now the owner/group/mode are controlled with your file resource while
the actual content is controlled by your sshkey resources.

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Puppet Oracle Database config management

[Stefan Schulte]

On Thu, Nov 22, 2012 at 04:18:02AM -0800, Gavin Williams wrote:
 Ok, I've come back to this functionality, and need to move it along... 
 
 My challenge now is how I can use the oratab resource to trigger other 
 actions... 
 
 So if oratab creates a new entry in /etc/oratab, then I want to ideally 
 call a define which will go away and create the require directory 
 structure, mount NFS volumes and add details to fstab... 
 
 Any ideas???
 
 Cheers
 Gavin 

Why do you need the resource to trigger anything? I guess you are
already using puppet to define your instances so you can do something
like

define oracle::instance($home, ...) {

  # some instance specific subdirectory
  file { /u01/app/oracle/admin/${name}:
ensure = directory}
  }

  # some instance specific mount
  mount { ...${name}:
ensure = mounted,
  }

  file { responsefile_for_${name}:
ensure  = file,
content = template(responsefile.cfg.erb,
  }

  exec { install_db_${name}
command = 
'some_wrapperscript_around_dbca_to_install_instance_with_responsefile',
creates = 'some_flagfile_the_wrapperscript_creates_on_success',
require = File[responsefile_for_${name}],
  }

  oratab { $name:
ensure = present,
home   = $home,
atboot = yes,
  }
}

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Trouble adding a user to a group

[Stefan Schulte]

On Thu, Oct 25, 2012 at 05:11:34PM -0700, Ben McCann wrote:
 Definitely seems like a bug.  I added the Puppet Ubuntu repo and upgraded 
 to puppet 3.0.1 and it works now.  I'm not going to bother filing it since 
 it seems like it's since been fixed.
 
 

One question though: Do any of the groups you want to assign have the
same gid?

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] OperatingSystem fact for Oracle Linux?

[Stefan Schulte]

On Fri, Oct 26, 2012 at 02:19:25AM -0700, Gavin Williams wrote:
 Morning all
 
 Not sure on the best place to raise this, so thought I'd start here... 
 
 I'm starting to work with Puppet and Oracle Linux 6.1. 
 Unfortunately I'm finding a lot of existing modules aren't working with OL 
 6.1, because they're coded to expect an operatingsystem fact of oel. 
 However at OL 6, the operatingsystem fact is now OracleLinux. 
 
 Any ideas on where this issue should go?
 
 Cheers
 Gavin  

Do you mean core functionalities of puppet or modules from the forge or
elsewhere from the net?

If you think that there should not be a difference between
OracleLinux, OVS and OEL (I don't even know what they stand for)
you might comment on http://projects.puppetlabs.com/issues/9178 that
introduced the OracleLinux fact or raise an issue.

If there is a coretype that does not work for you also create a ticket
on redmine. Most providers for example that will run on all RedHatish
versions should not confine on operartingsystem but on osfamily.

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Have Class Only Perform Actions When There Is Work To Do (i.e. Making Them Idempotent)

[Stefan Schulte]

On Fri, Oct 26, 2012 at 06:55:32AM -0700, Dave Mankoff wrote:
 Howdy. I feel like I am missing something really simply with regards to the 
 way that Puppet works and I am wondering if someone can point me in the 
 write direction.
 
 I have written a class that downloads, uncompresses, compiles, and installs 
 Python from source. So far so good. The problem is that it only needs to do 
 this once, when Python is not already in place (or some other custom 
 indicator of the Python version). I have my 3 calls to exec doing their 
 checks just fine, but my calls to wget::fetch and archive::untar both fire 
 during every apply. Specifically, archive::untar takes about 30 seconds to 
 run and I'd prefer it if it only ran conditionally. 
 
 What is the best way to make sure that this code:
 
   wget::fetch { python-${version}:
 source = 
 http://python.org/ftp/python/${version}/Python-${version}.tgz;,
 destination = /tmp/Python-${version}.tgz,
   }
 
   archive::untar {/tmp/python-${version}:
 source = /tmp/Python-${version}.tgz,
 compression = 'gz',
 rootdir = Python-${version},
 require = Wget::Fetch[python-${version}],
   }
 
 only runs when some condition is met? I can easily put a custom file in 
 place to look for, but how do I make these commands dependent on its 
 absence? I tried making such a file and subscribing to it, but these 
 commands still ran each time.
 

You don't tell us how wget::fetch is implemented so I can only guess
that there is an exec resource in there? The wget::fetch resource is
*always* evaluated so you have to make sure that the exec resource inside
does not do anything (the exec resource has a `creates` parameter you
can point to a file. If this file is present the command specified by
the `command´ parameter will not run).

Is there a reason why you do not install python as a package or build a
package your own?

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Trouble adding a user to a group

[Stefan Schulte]

On Thu, Oct 25, 2012 at 04:34:26PM -0700, Ben McCann wrote:
 Yes, I am realizing it:
   Users::Virtual::Localuser | gid == users |
 
 If I go onto the host and delete the user (sudo userdel myuser) then puppet
 will create a new user and that user will be a member of all the groups I
 desire:
 notice:
 /Stage[main]/Users/Users::Virtual::Localuser[myuser]/User[myuser]/ensure:
 created
 notice: Finished catalog run in 0.43 second
 
 However, if I delete the user from the group (sudo gpasswd -d myuser
 mygroup) and rerun then puppet does not re-add the group membership:
 notice: Finished catalog run in 0.34 seconds
 
 This seems like a bug in puppet perhaps?
 
 Thanks,
 Ben

Are you sure you have not defined the user resource a second time in
another location? Because

  Users::Virtual::Localuser | gid == users |

will realize nothing because your localuser define does not have a gid
parameter (the user resource inside the define does, but that does not
matter here).

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Glassfish custom provider and 'file does not exist'

[Stefan Schulte]

On Wed, Oct 24, 2012 at 03:38:20AM -0700, Gavin Williams wrote:
 Ok, I've gone about it a slightly different way now, and have stripped the 
 'commands' argument from the domain function provider, and am trying to 
 validate the presence of asadmin at the main asadmin.rb level. 
 
 I've created an 'exists?' definition, but it doesn't appear to be getting 
 called. Any ideas how I can force it to be called prior to attempting to 
 execute asadmin? 
 
 Latest code commit has been pushed to github, available here: 
 https://github.com/fatmcgav/puppet-glassfish/commit/429f9e8e1d08e99c69d8ffdcb3043648af5fa18a
 
 Any comments welcome. 
 
 Regards
 Gavin 

Your exists? method in puppet/provider/domain/el.rb overwrites the
exists? method in puppet/provider/asadmin.rb. I don't know if you get
problems when you have an el.rb file but you define an asadmin provider
here. This may create classname clashes with the asadmin provider defined in
provider/asadmin.rb

The exists? method in asadmin.rb is not going to work because `commands`
is a class method while `exists` is an instance method. It does make no
sense to call `commands` inside an instance method.

What exactly are you trying to archive anyhow? If the excutable is not in
PATH how should your provider work? The best approach in my opinion
is to always specify the full path to the executable. If you want your
provider considered suitable even if commands are missing, you can use

  optional_commands :asadmin = 'binary_that_may_be_absent'

If you want the user to supply the path to the binary via a resource
parameter then you cannot realize this at a class level but at an
instance level. That beeing said, you cannot define your executables
with use the `commands` method.

To execute something you can use the execute method. You then have to
do something like.

  output = execute([resource[:asadmin_binary], arg1, arg2])

-Stefan

 
 On Wednesday, 26 September 2012 17:01:47 UTC+1, Gavin Williams wrote:
 
  Hi there, 
 
  I'm trying to setup Glassfish config management using puppet. 
  I've found larstobi's module here 
  https://github.com/larstobi/puppet-glassfish/which I've cloned and am 
  starting to tweak, as it would appear that the mentioned module is based on 
  Solaris, therefore I'm starting to add support for EL. My code tree is 
  here https://github.com/fatmcgav/puppet-glassfish.
 
  The challenge I'm hitting currently is that upon executing, it's failing 
  with 
 
  *err: Could not find a suitable provider for domain*
 
 
  When running at debug level, I can see the following:
 
  *debug: Puppet::Type::Domain::ProviderAsadmin: file asadmin does not 
  exist
  debug: Class[Glassfish::Domain]: The container Stage[main] will propagate 
  my refresh event
  err: Could not find a suitable provider for domain
  *
 
 
  I've verified that the asadmin file exists, as follows:
 
  *notice: /Stage[main]/Glassfish::Domain/Notify[gfdomain]/message: 
  defined 'message' as 'Creating Glassfish domain cms using portbase 9000.
   Asadmin file is: /usr/local/glassfish-3.1.2/bin/asadmin.'*
 
 
  *# file /usr/local/glassfish-3.1.2/bin/asadmin
  /usr/local/glassfish-3.1.2/bin/asadmin: POSIX shell script text executable
  *
 
 
  So the file definitely exists, and is a valid 'asadmin' file. 
 
  Any ideas? 
 
  Cheers
  Gavin 
 
 
 -- 
 You received this message because you are subscribed to the Google Groups 
 Puppet Users group.
 To view this discussion on the web visit 
 https://groups.google.com/d/msg/puppet-users/-/_pJvxmzaEmUJ.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to 
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at 
 http://groups.google.com/group/puppet-users?hl=en.
 

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet Oracle Database config management

[Stefan Schulte]

On Wed, Oct 24, 2012 at 03:03:28PM +0100, fatmcgav wrote:
 Afternoon all.
 
 I've been reading around on Puppet and Oracle, and have come up with a few
 links that suggest how to get Oracle installed and base configured, which
 has got me started in the right direction on that.
 
 My next challenge is maintaining Oracle database specific configuration on
 the relevant hosts. This contains various elements, such as /etc/oratab,
 /etc/oranfstab (as we're using dNFS), various NFS mounts required for a
 given database, and a few other bits and pieces...
 Ideally, it would be a 1-to-1 relationship between a given host and a given
 DB. However that's unlikely in our env - We're more likely to have 1 or
 multiple databases on a given host, which all need to be maintained.
 
 My initial thoughts are to use something like hiera to maintain this
 configuration data.
 Is this my best approach? Any other suggestions? Anyone doing this for
 real?
 
 Basically, any info/pointers you give me is greatly appreciated.
 
 Regards
 Gavin
 
 -- 
 You received this message because you are subscribed to the Google Groups 
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to 
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at 
 http://groups.google.com/group/puppet-users?hl=en.
 

A collegue of mine wrote an oracle::server class that makes sure
directories, users, groups and NFS mounts are in place. The class will
also install oracle itself with an exec resource (silent install). The
exec resource will not run the installer directly but will launch a
wrapperscript. It basically looks like

exec { 'Install_Oracle':
  command = /path/to/nas/share/install_oracle${version}.sh,
  creates = /u01/some/path/log/install_oracle${version}.done.log,
}

The wrapper script will launch a slient install and will create the
.done.log file afterwards. This was in our opinion the best way to keep
puppet from installing the software in each puppet run. The
oracle::server class does nothing that is related to a specific
instance.

We then have an oracle::instance define that installs instance related
files. The define has a similar exec resource that can install a single
instance (I guess the command is dbca or similar).

To manage oratab entries we use a custom type I've written:
https://github.com/stschulte/puppet-oracle

We do not use hiera to store instance related data (instance name,
charset, homedirectory) we use parameterized classes (oracle::server) and
defines (oracle::instance) with parameters at node level in site.pp

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Failed to set group to '0': Operation not permitted

[Stefan Schulte]

On Mon, Oct 22, 2012 at 03:05:40PM -0700, jcbollinger wrote:
 I'm not sure why that inherently means you don't have root, but whatever.
 
 So, supposing the issue is with 
 File[/home/user/rabbitmq-server-generic-unix-2.8.7.tar.gz], it's not 
 immediately clear to me whether Puppet's behavior is correct here.  It 
 seems to be defaulting the target group to 0 (since you don't specify a 
 group, that has to be coming in as a default).  That's not documented 
 behavior, but it may still be intentional.  On the other hand, it is usual 
 for the agent to run as root, which would mask this behavior.  I would 
 suggest that you file a ticket.
 

If you do not specify owner/group/mode and you don't have a global
default and the file needs to be created, it will be created with
owner/group/mode of the source file. This can of course fail if the
agent is not run as root.

FWIW there was a discussion about the current behaviour quite a while
ago, but the last comment is over a year old now:
http://projects.puppetlabs.com/issues/5240

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] custom type with array property?

[Stefan Schulte]

On Mon, Oct 22, 2012 at 10:53:44PM +0200, Jakov Sosic wrote:
 On 10/21/2012 10:43 PM, Nan Liu wrote:
 
  Puppet::Type.newtype(:customtype) do
newproperty(:myarray, array_matching = :all) do
end
  end
 
 Thank you!
 
 Although you have syntax error, it should be:
 
  newproperty(:myarray, :array_matching = :all) do
 
 Note the collon in front of array_matching.
 
 
 Also, what I did notice is that this code:
 
   newproperty(:nameservers, :array_matching = :all) do
 desc list of nameservers
 defaultto []
   end
 
 Doesn't revert to default if I remove the 'nameservers' property from my
 manifest.
 
 I had to overload insync? for it to work, and now type looks like this:
 
   newproperty(:nameservers, :array_matching = :all) do
 desc list of nameservers added to profile
 defaultto []
 def insync?(is)
   # if members of arrays are not the same, something
   # was added or removed from manifest, so return false
   return false unless is == should
   true
 end
   end
 
 
 Although I don't get it because I didn't do anything special in the
 overloaded insync? :) And without it won't work. It won't work even if I
 set:
 
  nameservers = []
 
 in my manifest.
 
 But never mind, I got it working so I'm satisfied so far.

Yeah I also consider this a bug. There is a ticket for the issue though
http://projects.puppetlabs.com/issues/10237

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Systems Provisioning

[Stefan Schulte]

On Sun, Oct 14, 2012 at 04:20:09PM +0200, Jakov Sosic wrote:
 On 10/14/2012 03:01 PM, Stefan Schulte wrote:
  If you use ensurable, puppet will expect the provider to have an
  exists? method and if that returns true your create method will not be
  called so you do not have to check the existance in the create method
  again.
 
 But then I would have to change all params to properties and add 
 appropriate methods to provider, but that would both slow it down and 
 complicate it more... I don't know if it's worth it just for the sake of 
 log message stating property changed from A to B instead of 
 cobblersystem created on every param change.
 

Is it possible to run a command to get all the desired information about
every systems at once? This way you can implement a prefetch pattern.
Basically you create provider instances for each system at once and
write the current values in the @property_hash hash. Then your get methods
just return the cached value which scales pretty well.
 
  If adding interfaces to a new host is exactly the same as changing
  interfaces of an already existing host you can call
 
   interface = resource[:interface] if resoure[:interface]
 
 I'll try that.
 
 
  Is your provider dealing with files or does it execute commands? When
  dealing with files I find it is often easier to do all the work in the
  flush method (which is only called if it is implemented by the provider)
  and the other set methods are only updating the @property_hash hash.
 
  So if you want to share your provider code I am always interested ;-)
 
 Offcourse, I have nothing to hide. Here's the current code:
 
 http://pastebin.com/f7GFU2qp
 
 
 
 -- 
 Jakov Sosic
 www.srce.unizg.hr
 
 -- 
 You received this message because you are subscribed to the Google Groups 
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to 
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at 
 http://groups.google.com/group/puppet-users?hl=en.
 

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Systems Provisioning

[Stefan Schulte]

On Mon, Oct 15, 2012 at 01:09:09PM +0200, Jakov Sosic wrote:
 On 10/15/2012 09:13 AM, Stefan Schulte wrote:
 
  Is it possible to run a command to get all the desired information about
  every systems at once? This way you can implement a prefetch pattern.
  Basically you create provider instances for each system at once and
  write the current values in the @property_hash hash. Then your get methods
  just return the cached value which scales pretty well.
 
 
 Yes it is possible to get all systems at once. It's what the XMLRPC call
 does:
 
xmlrpcresult = cobblerserver.call(get_systems)
 
 I already do that, but I select only one system, examine the hash, and
 if I notice differences from current puppet settings, approach to
 running CLI commands editing that system.
 
 Your idea would require top to bottom rewrite of provider, and I don't
 have currently time for it... also, what are the benefits?
 
 Currently I am planning to change params to properties (every param that
 is not needed for creation of system can be managed as property - it's
 more native way as I figured it out now).
 

The fact that your exists? method does not really answer the question if
a resource is present or absent is a bit strange. And inside the create
method you are basically reimplementing properties with parameters. If
something has to be checked for correctness it should be a property.
Otherwise it is a parameter. Like the service resource: enable is a
property because it can be out of sync. hasstatus is a parameter because
it cannot be out of sync but only changes the behaviour of the provider

Your main concern against properties if I got you correctly was about
speed because puppet would run one query for each property. One way around
that is to implement a query method that will query all properties at once
and store them in a hash (@property_hash). Every get-method now check
if @property_hash[:some_property] does already exist and return that
value if it does or run the query method that would populate the
@property_hash hash.

Another speed improvement is to implement an `instances` and `prefetch`
method. That has the benefit that puppet does react on such methods
if they are implemented:

* you are able to run puppet resource cobblersystem on the command
  line to get the current configuration of all systems (that depends on
  an instances classmethod)
* you can use the resources type to purge unmanaged systems

resources { 'cobblersystem':
  purge = true
}
* the prefetch method is automatically called by puppet if implemented
  to create provider instances
* your get methods become trivial

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Systems Provisioning

[Stefan Schulte]

On Mon, Oct 15, 2012 at 08:18:36PM +0200, Jakov Sosic wrote:
 On 10/15/2012 07:23 PM, Stefan Schulte wrote:
 
  The fact that your exists? method does not really answer the question if
  a resource is present or absent is a bit strange. And inside the create
  method you are basically reimplementing properties with parameters. If
  something has to be checked for correctness it should be a property.
  Otherwise it is a parameter. Like the service resource: enable is a
  property because it can be out of sync. hasstatus is a parameter because
  it cannot be out of sync but only changes the behaviour of the provider
 
 OK, I've figured that out through this conversation...
 
 Now this is somewhat fixed code:
 
 http://pastebin.com/q0TBX4KB
 
 I've moved some params to properties.
 
 
  Your main concern against properties if I got you correctly was about
  speed because puppet would run one query for each property. One way around
  that is to implement a query method that will query all properties at once
  and store them in a hash (@property_hash). Every get-method now check
  if @property_hash[:some_property] does already exist and return that
  value if it does or run the query method that would populate the
  @property_hash hash.
 
 That sounds interesting, and more important it seems to me that complete
 rewrite is not necessary in this case. Do you have some examples of this
 idea?
 
 
  Another speed improvement is to implement an `instances` and `prefetch`
  method. That has the benefit that puppet does react on such methods
  if they are implemented:
  
  * you are able to run puppet resource cobblersystem on the command
line to get the current configuration of all systems (that depends on
an instances classmethod)
  * you can use the resources type to purge unmanaged systems
  
  resources { 'cobblersystem':
purge = true
  }
  * the prefetch method is automatically called by puppet if implemented
to create provider instances
  * your get methods become trivial
 
 Wow, sounds very interesting.
 
 I would plea for possible examples :)

The instances method is a class method and has to return an array of
providers. So this often looks like this

def self.instances
  systems = []
  my_fancy_command.each_line do |line|
somehow_split_line_into_different_fields_like_name_and_interfaces
systems  new(
  :name   = name,
  :interfaces = interfaces,
  :ensure = :present
)
  end
  systems
end

One important thing: If you create a new provider instance you can pass
a hash (like I did in new(:name = name, :interfaces = interface)) and
this hash is stored in the member variable @property_hash of that new
provider.

An example of a simple instances method:
https://github.com/stschulte/puppet-rpmkey/blob/master/lib/puppet/provider/rpmkey/rpm.rb

The rpmkey type can make sure that a certain gpg key is imported into
rpm. To get the currently installed keys the provider runs

rpm -q gpg-key

This command can either return with a non zero exit code (no packages
found) in case we have zero keys or it will print one line per key.
For each line a provider instance is added to the array that is finally
returned.

prefetch:
The prefetch method is called by puppet for each providerclass that
implements such a method (see lib/puppet/transaction.rb#prefetch). The
prefetch method is called with a hash of every resource that is defined
in the user's manifest (=every resource puppet should manage). The
hash will have the form resource[:name] as a key and resource as the
value. What the prefetch method can do now is create provider instances
and bind the provider instances to resources. A common prefetch method
that is also shown in the rpm provider for rpmkey:

def self.prefetch(resources)
  instances.each do |prov|
if resource = resources[prov.name]
  resource.provider = prov
end
  end
end

The prefetch method first calls instances that will return a list of
every key that is currently present. Then I check if that key is also
managed by puppet. If the lookup succeeds (the key is indeed managed by
puppet), I'll bind the provider to the resource. At this point the provider
instance already has @property_hash[:ensure] set, so when puppet later
handles the different rpmkey resources and asks exists? I can simply
return the cached value.

def exists?
  get(:ensure) != :absent
end

Note: get(:ensure) is implemented in lib/provider.rb as

def get(param)
  @property_hash[param.intern] || :absent
end

A more complex provider that has to manage multiple properties:
https://github.com/stschulte/puppetlabs-solaris/blob/feature/master/projects/lib/puppet/provider/project/projadd.rb

The instances method is more complicated here but it basically does the
same thing: return an array of provider instances. You'll notice that I
do not implement any method to get

Re: [Puppet Users] Systems Provisioning

[Stefan Schulte]

On Sat, Oct 13, 2012 at 11:52:49PM +0200, Jakov Sosic wrote:
 On 10/13/2012 11:17 PM, Stefan Schulte wrote:
  If puppet has to sync ensure it will not sync any other property. That
  means if your type defines ensurable or you have defined an ensure
  property manually and your system is not yet present, your create method
  is called and puppet expects the create method to create your system with
  interfaces. 
 
 My understanding of the problem was along those lines too. Now I have
 confirmation...
 
 
  Otherwise you will see the described behaviour:
  
  1) First run: Puppet finds out ensure is out of sync (is absent, should
  be present) and calls create
  2) Second run: Puppet finds out interfaces is out of sync and and calls
  interfaces= (or whatever method you have defined for that)
 
 
 I am already detecting in my create method if 'system' is added to
 'cobbler' (if it's present on the machine agent is running on), and if
 it is, I choose to edit it rather then to try to create it again.

If you use ensurable, puppet will expect the provider to have an
exists? method and if that returns true your create method will not be
called so you do not have to check the existance in the create method
again.

 
 So, can I just call method interface=, if I detect I have to create
 the 'system', or is there any way to solve this issue?

If adding interfaces to a new host is exactly the same as changing
interfaces of an already existing host you can call 

interface = resource[:interface] if resoure[:interface]

Is your provider dealing with files or does it execute commands? When
dealing with files I find it is often easier to do all the work in the
flush method (which is only called if it is implemented by the provider)
and the other set methods are only updating the @property_hash hash.

So if you want to share your provider code I am always interested ;-)

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Systems Provisioning

[Stefan Schulte]

On Sat, Oct 13, 2012 at 10:50:05PM +0200, Jakov Sosic wrote:
 On 10/13/2012 05:55 PM, Dan White wrote:
  Is this module posted somewhere public ?
  Looks interesting enough to try out.
 
 It's not posted yet but it will be soon. I'm currently rewriting some
 providers from CLI cobbler to XMLRPC calls, and I'm not yet fully
 satisfied with integration with puppetlabs/apache module. I had to
 modify apache module to make it work...
 
 
 Also I have some minor issues, like first run adds system without
 interfaces to cobbler, and subsequent run add interfaces. So you have to
 run it twice to properly add the system.
 
 Maybe someone can point out is there a way to fix this, because I've
 implemented interfaces as property and not param, so provider has
 separate methods for checking/modifying current state, and I don't quite
 get it why it doesn't run seamlessly in the first run
 

If puppet has to sync ensure it will not sync any other property. That
means if your type defines ensurable or you have defined an ensure
property manually and your system is not yet present, your create method
is called and puppet expects the create method to create your system with
interfaces. 

Otherwise you will see the described behaviour:

1) First run: Puppet finds out ensure is out of sync (is absent, should
be present) and calls create
2) Second run: Puppet finds out interfaces is out of sync and and calls
interfaces= (or whatever method you have defined for that)

(see lib/puppet/transaction/resource_harness.rb#perform_changes)

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] always changing sshkeys

[Stefan Schulte]

On Tue, Oct 09, 2012 at 03:46:36PM +0100, Klaus Ethgen wrote:
 I have a setup where I construct the host_aliases of sshkey. This work
 fine. But now I encounter that several (not all) keys are changed every
 run of puppet:
notice: /Stage[main]/Ssh/Sshkey[XX.XXX.XXrsa]/host_aliases: 
 host_aliases changed 'XX257.257.257.257' to  'XX 257.257.257.257'
 
 I changed the name part to Xes and the IP to 257.257.257.257, but they
 are the correct IP and name of one host.
 
 So why is this happening? Except from the fact that the first output is
 not separated by space and the second is. (In the file
 /etc/ssh/sshd_known_hosts all entries are separated correctly by coma.)
 
 It seems not have to do with versions of puppet. I use versions 2.7.6,
 2.6.16, 0.25.4 and 2.7.11.
 
 I tried to debug this to find where the decision is made to replace an
 entry but failed to find.
 
 Any Idea?
 

It's a bit hard to debug your problem without seeing the actual line in
your /etc/ssh/ssh_known_hosts file. If you dont want to paste it please
do this:

extract the complete line from the target file. Now run

  # irb
  irb line = 'your actual line'
  irb fields = line.split(/\s+/)
  # you should now see an array. The first item should be hostname and
  # all aliases
  irb name = fields[0]
  irb name.split(',')

What do you see after executing the last line? You should see something
like [ name, host_alias1, host_alias2 ]

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] expiry attribut of users applied every time

[Stefan Schulte]

On Thu, Oct 11, 2012 at 10:47:41AM -0700, Jeff McCune wrote:
 Nicholas,
 
 [...]
  We can't make this idempotent as a result.  This is definitely a bug,
 would you mind filing it?  If so, I'd be happy to do so on your behalf, but
 bugs from users are always better than bugs I report.
 
 Please feel free to add me as a watcher, I'll update it with the
 information I found.
 
 Hope this helps,
 -Jeff
 

As Nicolas stated there already is a bug report:
http://projects.puppetlabs.com/issues/11675#change-73099

Puppet simply does not check the current state at (it is not even
implemented anywhere in the code, at least I have not found it)

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Wrapper classes, ordering anchors

[Stefan Schulte]

On Fri, Oct 12, 2012 at 03:49:48AM +0530, Mohit Chawla wrote:
 Hi, it works with code like in your paste. But check this out :
 http://pastie.org/5037832, the original situation I found myself in,
 and you can see the floating off behaviour again.
 

Because you are saying that Class[abc] should be done *before*
Class[wrapper] and Class[three,two,one] should also be done *before*
Class[wrapper]. That does not imply any relationship between Class[abc]
and Class[three,two,one].

The example that was mentioned earlier does only work when you specify
that Class[abc] depends on Class[wrapper] because then you define that
Class[one,two,three] should run *before* Class[wrapper] and Class[abc]
should run *after* Class[wrapper]. That does indeed imply a relationship
between Class[one,two,three] and Class[abc].

So to let your example work

class 'wrapper' {
  include one,two,three
  
  Class['wrapper']-Class['one']
  Class['wrapper']-Class['two']
  Class['wrapper']-Class['three']
}

class 'abc' {
}

class 'xyz' {
  include abc
  include wrapper
  Class['abc']-Class['wrapper']
}

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: is_virtual selector

[Stefan Schulte]

On Fri, Oct 05, 2012 at 06:42:25PM -0700, Matt wrote:
 Thanks Krzysztof.  It successfully runs now, but output is misleading on 
 subsequent runs:
 
 build ~]# puppet agent -tv
 Info: Retrieving plugin
 Info: Caching catalog for build
 Info: Applying configuration version '1349482471'
 /Stage[main]/Baseline-testing::Ntpd/Package[ntp]/ensure: ensure changed 
 '4.2.4p8-2.el6' to 'purged'
 Finished catalog run in 6.10 seconds
 build ~]# 
 build ~]# puppet agent -tv
 Info: Retrieving plugin
 Info: Caching catalog for build
 Info: Applying configuration version '1349482471'
 /Stage[main]/Baseline-testing::Ntpd/Package[ntp]/ensure: created
 Finished catalog run in 1.10 seconds
 build ~]#
 build ~]# rpm -q ntp
 package ntp is not installed
 
 
 The only class being called for the 'build' node is 
 'baseline-testing::ntpd', which only ensures that the NTP package is 
 removed (the 8 lines of code you recommended).  It does remove the package, 
 but I don't know why it mentions creating it upon the second run, even 
 though it does not actually get re-installed.  Maybe traditional 'if' 
 statements are advised.
 
 ~Matt

Can you run puppet agent with the --debug flag? This way you should see
the command puppet is executing.

I guess puppet uses the yum provider (as your package name indicates a
redhat system) and the yum provider does not support purged (only
absent). There is an open feature request for it
http://projects.puppetlabs.com/issues/11450

And the issue about running yum erase multiple times is also on redmine
https://projects.puppetlabs.com/issues/2833

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet cron job class stamps file with date-time. How?

[Stefan Schulte]

In case of the cron type it is easy for puppet to savely add a header
because puppet knows the purpose of a cronfile and knows that # is
treated as a comment.

If you use the filetype puppet does not know what your file is for. If
you ship a *.tar.gz file you certainly don't want puppet to put a header
in front of it.

So to add a static header puppet has to know what kind of file you are
shipping and if adding a header is safe. In my opinion this is rather
complicated, e.g. a shellscript is a textfile but #!/bin/sh has to
remain the first line, so puppet now has to add the header after line 1.

Adding a date is a bit complicated because puppet has to strip the
header from the source and target file before calculating any checksums,
otherwise puppet would always treat the target out of sync.

While you may be able to implement that I never thought that the date in
the file was of any help. I'd just look at the mtime. This can change
because of two reasons:

a) puppet changed the file because the source file on the server
   changed. Now mtime is the time you want to have in the header
b) some user changed the targetfile. This should not last long
   because puppet will reset the file soon and I have case a) again

-Stefan

On Thu, Oct 04, 2012 at 03:56:06PM -0400, Christopher Wood wrote:
 You may as well port the code from the cron provider into your environment.
 
 For the generic string I was thinking of something as simple as Don't touch 
 this file.
 
 On Thu, Oct 04, 2012 at 12:46:09PM -0700, Jo Rhett wrote:
 I'm not sure it's that easy. The original question about how to include
 the date would cause some issues.. If the hiera lookup generated the date
 each time, the file would be different each time and be overwritten each
 time, which is probably not desirableable especially if a notify or
 subscribe caused a service to restart.
 On Oct 4, 2012, at 12:19 PM, Christopher Wood wrote:
  
   In this case the text appears to be a hardcode in a couple of 
  providers:
  
   $ grep -r managed\ manually `pwd`
   /usr/lib/ruby/1.8/puppet/provider/parsedfile.rb:# HEADER: by puppet.
    While it can still be managed manually, it
   /usr/lib/ruby/1.8/puppet/provider/cron/crontab.rb:# HEADER: While it 
  can
   still be managed manually, it is definitely not recommended.
  
   But this sounds like a great string for an environment-wide variable
   (hiera lookup) that all your templates can use.
  
   On Thu, Oct 04, 2012 at 12:08:39PM -0700, Jo Rhett wrote:
  
   I would also like to know this. I keep hacking the same text into
 our
  
   templates. If there is a tag we could put in a template to get this
 output
  
   I'd like to know it.
  
   On Oct 1, 2012, at 12:05 PM, Brian Dunbar wrote:
  
 New puppet user.  I see that the cron class creates a cronjob 
  with
 a
  
 date-time in the header, which is cool.
  
 # HEADER: This file was autogenerated at Mon Oct 01 11:43:25 
  -0500
 2012
  
 by puppet.
  
 # HEADER: While it can still be managed manually, it is 
  definitely
 not
  
 recommended.
  
 1. How does it do that? 
  
 2. I'd like to be able to edit the text, customize it.
  
 3. More particularly, how can I put a date/time stamp in other
 managed
  
 files?  
  
 I tried to do so with a template but that was not working out so
 well.
  
 Regards,
  
 ~brian
  
 --
  
 You received this message because you are subscribed to the 
  Google
  
 Groups Puppet Users group.
  
 To view this discussion on the web visit
  
 
  [1][1]https://groups.google.com/d/msg/puppet-users/-/Wsckx5euwRgJ.
  
 To post to this group, send email to
 [2][2]puppet-users@googlegroups.com.
  
 To unsubscribe from this group, send email to
  
 [3][3]puppet-users+unsubscr...@googlegroups.com.
  
 For more options, visit this group at
  
 [4][4]http://groups.google.com/group/puppet-users?hl=en.
  
   -- 
  
   Jo Rhett
  
   Net Consonance : net philanthropy to improve open source and
 internet
  
   projects.
  
   --
  
   You received this message because you are subscribed to the Google
 Groups
  
   Puppet Users group.
  
   To post to this group, send email to
 [5]puppet-users@googlegroups.com.
  
   To unsubscribe from this group, send email to
  
   [6]puppet-users+unsubscr...@googlegroups.com.
  
   For more options, visit this group at
  
   [7]http://groups.google.com/group/puppet-users?hl=en.
  
 References
  
   Visible links
  
   1. 

Re: [Puppet Users] Glassfish custom provider and 'file does not exist'

[Stefan Schulte]

On Fri, Sep 28, 2012 at 10:39:11AM +0100, fatmcgav wrote:
 Ok, so I thought I'd take another look, and try and get some debug logging
 out of the provider to make sure it's constructing things correctly...
 
 I've applied the following patch to asadmin.rb, however I'm not seeing
 anything on the client trace...
 
 diff --git a/lib/puppet/provider/asadmin.rb b/lib/puppet/provider/asadmin.rb
  index f95d6ab..c8bd4a7 100644
  --- a/lib/puppet/provider/asadmin.rb
  +++ b/lib/puppet/provider/asadmin.rb
  @@ -8,6 +8,7 @@
   passed_args.each { |arg| args  arg }
   exec_args = args.join  
   command = #{@resource[:asadminpath]} #{exec_args}
  +Puppet.debug(Command = #{command})
   command = su - #{@resource[:user]} -c \#{command}\ if
  @resource[:user] and
 not command.match /create-service/
   self.debug command
 
 
 Any ideas how I can get the provider logging???
 
 Cheers
 Gavin
 

do you have the code somewhere? If you dropped the debug call in the
create method or something it will never be executed if puppet thinks
the provider is not valid at all.

So having the actual provider code may make is more obvious why it is
failing for you.

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] require file/package not managed by puppet

[Stefan Schulte]

On Thu, Sep 27, 2012 at 05:58:34AM -0700, jcbollinger wrote:
 That's actually kinda cool, but I think either you've missed the OP's 
 point, or I'm missing yours.  Declaring the package for only auditing 
 should indeed support any Puppet relationships with that resource without 
 forcing the package to be installed, but how does it achieve the main 
 objective of conditionally managing a file depending on whether the package 
 is installed?  As far as I can tell, relationships in general cannot 
 address this problem.  Am I missing something?
 
 
 John
 

Nope, I did not read the question carefully enough. So as you already
mentioned a custom fact should do the trick.

But it general determining the desired state (that's what puppet tries
to enforce) by looking at the current state (is the package installed?)
may not be the best design here. So why not finding out when the package
needs to be installed (e.g. because application X needs mysql) and then
enforce that rule by puppet?

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Glassfish custom provider and 'file does not exist'

[Stefan Schulte]

On Thu, Sep 27, 2012 at 12:57:01PM +0100, fatmcgav wrote:
 Hi there
 
 I thought that initially as well, so I modified the provider to use a full
 path rather than assume it was on the path.
 
 The log files below are prints of the variables which are being passed
 around...
 
 Cheers
 Gav
 On Sep 27, 2012 12:53 PM, Dick Davies rasput...@hellooperator.net wrote:
 
[...]
   notice: /Stage[main]/Glassfish::Domain/Notify[gfdomain]/message: defined
   'message' as 'Creating Glassfish domain cms using portbase 9000.
Asadmin file is: /usr/local/glassfish-3.1.2/bin/asadmin.'
   # file /usr/local/glassfish-3.1.2/bin/asadmin
   /usr/local/glassfish-3.1.2/bin/asadmin: POSIX shell script text
  executable
[...]

Has the file the executable bit set for the user that is running the
script (probably root)?

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] require file/package not managed by puppet

[Stefan Schulte]

On Fri, Sep 21, 2012 at 05:40:52PM -0700, Justin Ryan wrote:
 I would like to place a file with puppet only if a certain package is 
 installed on the system -- but assuming this package is not puppet-managed. 
 Checking for the presence of a non-puppet-managed file is also ok. Is this 
 possible? using require = Package['mypkg'] doesn't work if it's not 
 puppet-managed. thanks. 
 

I haven't tried it but

package { 'mypkg':
  audit = all,
}

should work. This way you are declaring the resource so you should be
able to refer to it later as Package['mypkg'] while on the other hand
only auditing the state and not actually changing it through puppet.

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: [Puppet-dev] Do you rely on 'param=undef' being equal to '(nothing)'?

[Stefan Schulte]

On Tue, Sep 18, 2012 at 05:27:07PM -0700, Eric Sorenson wrote:
 On Friday, September 14, 2012 3:36:20 PM UTC-7, Stefan Schulte wrote:
 
 
  I use this a lot to be able to have an optional parameter in a parent 
  class that is passed to an included class and the included class 
  determines the default value. Like: 
 
  class basic($puppet_cron = undef) { 
class { 'puppet::client': 
  cron = $puppet_cron, 
} 
  } 
 
 
 Stefan - This is exactly the case I'm concerned about.
 
 The simplest way to preserve this pattern would be putting the default 
 value for cron in the `basic` typedef, where you now have `undef`.
 
 class basic($puppet_cron = some_default) {
class { 'puppet::client': 
   cron = $puppet_cron,
   }
 }
 
 The advantage is that if you want to really revert to the default for the 
 `cron` parameter, you can actually invoke it with undef, just like a 
 regular resource.
 
 The bad side is that you now have to move your defaults to the calling 
 class, or worse, duplicate them.
 
 What do you think?
 
 -=Eric
 

Eric -

In my case a class that is included in a wrapper class is not supposed
to be included directly at node level. So I could move the default
values in the wrapper class.

This would also make documenting the wrapper class cleaner (I dont have
to write param foo determines bar. For the default value check the
documentation of class X). On the other hand I am not able to include
the class directly anymore without specifying all paramters explicitly
(as I said I currently don't do that, but others might). Duplicating the
default value seems like a bad thing to do, especially when they get out
of sync. And I am not sure if I like the fact that the knowledge what
is a sane default value for this particular parameter is shifting out
of the actual class.

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Automatic require in custom type?

[Stefan Schulte]

On Fri, Sep 14, 2012 at 03:49:56PM +0200, Jakov Sosic wrote:
 Hi.
 
 I have 3 custom types, for example A, B, and C.
 
 A and B are build blocks for C. So if there is no A or B, C will fail to
 be added. For example:
 
 
 typeA { 'A':
  ...
  ...
 }
 
 
 typeB { 'B':
  ...
  ...
 }
 
 typeC { 'C':
   optionA = 'A',
   optionB = 'B',
 }
 
 So, I would have to write the require in this case:
 
 typeC { 'C':
   optionA = 'A',
   optionB = 'B',
   require = [ typeA['A'], typeB['B'] ],
 }
 

Do you mean a custom type you have defined with

define typeC($optionA,$optionB) {
  ...
}

or a custom type you are shipping as a plugin and is written in ruby? If
it is the latter you can use

Puppet::Type.newtype(:typeC) do
  ...
  autorequire(:typeA) do
self[:optionA]
  end

  autorequire(:typeB) do
self[:optionB]
  end
end

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Complex custom type?

[Stefan Schulte]

On Fri, Sep 14, 2012 at 06:37:28PM +0200, Jakov Sosic wrote:
 Hi.
 
 I've successfully written and tested three puppet custom types for
 managing cobbler so far (distro, repo and profile). So far it has been
 interesting week, learning ruby from zero, learning custom types etc.
 But I'm really satisfied with the results so far.
 
 Now I'm trying to figure out how to write rather complex provider, so
 maybe someone can help with some thoughts or input.
 
 What am I trying to do is write a provider for a command that looks
 something like this:
 
 cobbler add system --name=blah \
   --profile=someprofile  \
   --interface=eth0 \
 --mac=SOMEMAC \
 --interface-type=bond_slave \
 --interface-master=bond0 \
   --interface=eth1 \
 --mac=SOMEMAC \
 --interface-type=bond_slave \
 --interface-master=bond0 \
   --interface-name=bond0 \
 --interface-type=bond
 --bonding-opts=miimon=300 mode=1 primary=eth0
 --ip-address=MYIP \

As you pointed out you can write different types and the system types
will create the system with no interfaces at all (if that is possible)
and the interface type will add them later on.

The second way I can think of is a delimiter if the interface options
are more or less always the same like

interfaces = [
  'eth0:mac=SOME_MAC:type=bond_slave:master=band0',
  'eth1:...'
],

or the interface property could accept a hash. I have not tried it
myself but it should work because the puppetlabs f5 type seems to use
it:

https://github.com/puppetlabs/puppetlabs-f5#appendix

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: [Puppet-dev] Do you rely on 'param=undef' being equal to '(nothing)'?

[Stefan Schulte]

On Fri, Sep 14, 2012 at 11:31:08AM -0700, Eric Sorenson wrote:
 Hi, there's an issue that came up recently in the 3.0RCs -- Big thanks to 
 Erik Dalén for reporting it in #16221 -- that involves a behaviour change to 
 part of the DSL. In a nutshell, this code:
 
[..] 
 class toplevel (
$maybe = false,
$optional = undef ) {
if ($maybe) {
   class { toplevel::secondlevel: optional = undef }
}
 }
 
 In order to make use of the default for the `optional` parameter in 
 toplevel::secondlevel, you'd now need to either test in `toplevel` whether 
 `$optional` was passed into it, or have toplevel::secondlevel use an 
 `$optional_real` value inside it, similar to what's commonly done to append 
 to defaults that are array values. 
 
[...]
 
 So, I'm trying to determine whether this is a widespread pattern or an 
 edge-case. Do you expect 'param=undef' to be the same as not specifying 
 param at all, or for the receiver to see the undef?
 
 Eric Sorenson - eric.soren...@puppetlabs.com
 PuppetConf'12 - 27-28 Sep in SF - http://bit.ly/pcsig12
 

I use this a lot to be able to have an optional parameter in a parent
class that is passed to an included class and the included class
determines the default value. Like:

class basic($puppet_cron = undef) {
  class { 'puppet::client':
cron = $puppet_cron,
  }
}

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet smoking crack?

[Stefan Schulte]

On Wed, Sep 05, 2012 at 03:01:42PM -0700, Douglas Garstang wrote:
 On Wed, Sep 5, 2012 at 2:23 PM, Christopher Wood
 christopher_w...@pobox.com wrote:
  (inline)
 
  On Wed, Sep 05, 2012 at 02:04:59PM -0700, Douglas Garstang wrote:
  Couple of questions. Firstly, what's the plugin error about?
 
  puppet agent --onetime --test --verbose
 
  Could you also try with --debug?
 
 I could. What are we looking for?
 
 
  info: Retrieving plugin
  err: /File[/var/lib/puppet/lib]: Could not evaluate: Could not
  retrieve information from source(s) puppet://puppet/plugins
 
  Worth looking into your pluginsync config here.
 
 I have on the client 'pluginsync = true' in the [main] section.
 

Do you have any plugins on your server side? If not you are hitting a bug
that will be fixed in 3.0.0 http://projects.puppetlabs.com/issues/2244

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Package install from a URL

[Stefan Schulte]

On Mon, Sep 03, 2012 at 05:26:30AM -0700, matonb wrote:
 puppet-server 2.7.19 on CentOS 6.3 x64
  
 I have the follow very bsaic class, which I would expect to install the 
 package if it's not already  present on the system:
  
 class yum::repos::puppetlabs {
   package { 'puppetlabs-release':
 ensure = installed,
 source = 
 'http://yum.puppetlabs.com/el/6/products/x86_64/puppetlabs-release-6-5.noarch.rpm',
   }
 }
 It doesn't appear to use the source value, simply the package name in the 
 yum command:
  
 err: /Stage[main]/Yum::Repos::Puppetlabs/Package[puppetlabs-release]/
 ensure: change from absent to present failed:
 Execution of '/usr/bin/yum -d 0 -e 0 -y install puppetlabs-release' 
 returned 1: Error: Nothing to do
  
 If I manually install with
  yum install 
 http://yum.puppetlabs.com/el/6/products/x86_64/puppetlabs-release-6-5.noarch.rpm
  
 It works just fine.
  
 Any help appreciated.
 

The package type actually has a lot of parameters that are only used by
a subset of all providers. Like category is only used on gentoo (i
guess) and adminfile is a solaris pkgadd specific.

If you think that source should not only be respected by the rpm
provider but also in the yum provider you should file a feature request:

http://projects.puppetlabs.com/issues

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] getting output from command in custom provider

[Stefan Schulte]

On Mon, Aug 13, 2012 at 11:55:23AM -0700, ZJE wrote:
 Is the output of a command called by puppet stored somewhere on the master 
 or agent?
 
 For example, if have the statement
 ---
 commands :ls = ls
 ---
 
 and then I try something like  ls, '/' 

this does not seem right. The above command method marks the provider as
unsuitable if the ls command is not present and creates a method with
the name ls. So if you want to execute ls you do:

output = ls('-l', '/tmp')

 
 where does the output of ls / go?

it is the return value of the method ls

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Pass array to a define

[Stefan Schulte]

On Fri, Aug 10, 2012 at 05:10:20PM -0700, Douglas Garstang wrote:
 How can I pass an array to a define? It's not documented in the puppet
 language guide.
 
 I've got:
 
 define lvm::create_vg ( $pvdisks ) {
 exec {
 'pvcreate':
 command = /sbin/pvcreate -yf $pvdisks,
 unless  = /sbin/pvdisplay $pvdisks,
...
 }
 }
 
 class someclass {
 lvm::create_vg {
 'bcvg01':
 pvdisks = ['/dev/xvdb1', '/dev/xvdc1'];
 }
 }
 
 Inside the define, $pvdisks gets expanded to '/dev/xvdb1/dev/xvdc1'
 
 Doug.

Inside your define $pvdisks is whatever you passed as the pvdisks
parameter, so in your case $pvdisks *is* an array. But in the unless
parameter you use the array in a string context so all your items are
concatenated. Unfortunately puppet does not have a join function to
convert an array to a string.

On the other hand it may not be desired to destroy every disk you pass
as in the pvdisks array if only one of the disks is not a LVM disk (as
pvdisplay returns with a non-zero exitcode as soon as one disk is not
recognized to be a LVM disk)

So the best approach is probably to get the LVM puppet plugin and
replace your exec with

physical_volume { $pvdisks:
  ensure = present,
}

The physical_volume is a new type that comes with the LVM plugin.

[1] http://forge.puppetlabs.com/puppetlabs/lvm

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Extending Puppet Woes

[Stefan Schulte]

On Fri, Aug 10, 2012 at 08:51:33PM -0700, Mike Carr wrote:
 I am looking to extend one of the puppet modules -mysql. I found that they 
 are extending Puppet with types and providers. First off I am having a 
 difficult time find any documentationo on this and I do not know Ruby that 
 well. The problem that I am having is this, I have the following code:
 
 Puppet::Type.type(:database).provide(:mysql) do
 desc Manages MySQL database.
 
   defaultfor :kernel = 'Linux'
 
   optional_commands :mysql  = 'mysql'

This will automatically define a method called mysql you can use later.

 
 def create
 def create
 mysql(-u #{resource[:rootuser]} -p\'#{resource[:rootpassword]}\' -h 
 #{resource[:host]} -NBev, create database #{@resource[:name]} character set 
 #{resource[:charset]})
   end
 

The mysql method does not use a shell to execute your command, instead every
argument you pass to the mysql method is passed as an argument to the mysql
executable. So in your case mysql is only executed with one huge argument.
What you want is:

mysql(
  '-u', resource[:rootuser],
  '-p', resource[:rootpassword],
  '-h', resource[:host],
  '-NBev', create database #{resource[:name]} character set 
#{resource[:charset]}
)

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Pass array to a define

[Stefan Schulte]

On Sat, Aug 11, 2012 at 01:46:57PM -0700, James A. Peltier wrote:
 - Original Message -
 | On Fri, Aug 10, 2012 at 05:10:20PM -0700, Douglas Garstang wrote:
 |  How can I pass an array to a define? It's not documented in the
 |  puppet
 |  language guide.
 |  
 |  I've got:
 |  
 |  define lvm::create_vg ( $pvdisks ) {
 |  exec {
 |  'pvcreate':
 |  command = /sbin/pvcreate -yf $pvdisks,
 |  unless  = /sbin/pvdisplay $pvdisks,
 | ...
 |  }
 |  }
 |  
 |  class someclass {
 |  lvm::create_vg {
 |  'bcvg01':
 |  pvdisks = ['/dev/xvdb1', '/dev/xvdc1'];
 |  }
 |  }
 |  
 |  Inside the define, $pvdisks gets expanded to '/dev/xvdb1/dev/xvdc1'
 |  
 |  Doug.
 | 
 | Inside your define $pvdisks is whatever you passed as the pvdisks
 | parameter, so in your case $pvdisks *is* an array. But in the unless
 | parameter you use the array in a string context so all your items are
 | concatenated. Unfortunately puppet does not have a join function to
 | convert an array to a string.
 | 
 | On the other hand it may not be desired to destroy every disk you
 | pass
 | as in the pvdisks array if only one of the disks is not a LVM disk
 | (as
 | pvdisplay returns with a non-zero exitcode as soon as one disk is not
 | recognized to be a LVM disk)
 | 
 | So the best approach is probably to get the LVM puppet plugin and
 | replace your exec with
 | 
 | physical_volume { $pvdisks:
 |   ensure = present,
 | }
 | 
 | The physical_volume is a new type that comes with the LVM plugin.
 | 
 | [1] http://forge.puppetlabs.com/puppetlabs/lvm
 | 
 | -Stefan
 
 Great!  But what happens if you want to specify multiple physical volumes be 
 a member of a single data volume during creation.  Is the expectation that 
 you'd always specify a lvm:vg with the initial disk and then lvm:vg extend 
 that volume?

Do you mean something like sda1 and sda2 beeing two physical volumes in
the volume group vg? This should work:


physical_volume { [ '/dev/sda1', '/dev/sda2']:
  ensure = present.
}

volume_group { 'vg':
  ensure   = present,
  physical_volumes = [ '/dev/sda1', '/dev/sda2' ],
  require  = [
Physical_volume['/dev/sda1'],
Physical_volume['/dev/sda2'],
  ],
}

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] string matching in erb template

[Stefan Schulte]

On Sat, Aug 04, 2012 at 03:10:11AM -0700, danielt wrote:
 Hi!
 
 I am trying to match a string in an ERB template but for what ever reason 
 it does not work.
 
  % if has_variable?(apache2_phpmyadmin_url)  apache2_phpmyadmin_url != 
  then %
 ProxyPass /%= apache2_phpmyadmin_url %/ !
  % end %
 
 The conditional works on has_variable? but the !=  is not getting 
 evaluated. When the variable is set to  than the Proxypass is set to  / 
 instead of being left out.
 
 Any ideas what I am doing wrong?
 
 Best Regards,
 
 Dan

Are you sure the variable is an empty string? I just did a short test
myself and your example does work for me.

try to modify your ProxyPass line to

ProxyPass /%= apache2_phpmyadmin_url.inspect %/ !

This way an empty string should appear as  and you may find out that
apache2_phpmyadmin_url does contain some spaces or is not a string at
all.

Sitenote: The documentation recommends to reference your variables as
instance variables [1] to avoid nameclashes with ruby functions [2].
This way your template could look like this

% if @apache2_phpmyadmin_url and !@apache2_phpmyadmin_url.empty? -%
ProxyPass /%= @apache2_phpmyadmin_url %/ !
% end -%

[1] http://docs.puppetlabs.com/guides/templating.html#referencing-variables
[2] http://projects.puppetlabs.com/issues/14527


-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Get extra error output when debugging custom types?

[Stefan Schulte]

On Tue, Jul 31, 2012 at 03:24:15PM -0700, ZJE wrote:
 Is it possible to get extra output when running custom types? Right now, 
 I'm getting an error message and I'm not sure where in the code it's being 
 thrown from.
 For example, I can see that I'm trying to iterate over a null object, but 
 I'm not sure where in the code this happening when the message is this:
 ---
 Error: /Stage[main]//Node[testnode0101]/TestType[testname]: Could not 
 evaluate: undefined method `each' for nil:NilClass
 ---
 

Try to run puppet with the --trace option which will hopefully show a
stacktrace when the error is happening. Otherwise you can place a few
method call like

debug inside validation block

etc and run puppet with -d/--debug

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] a complete solution for puppet

[Stefan Schulte]

On Wed, Jul 25, 2012 at 02:00:37PM -0700, Hai Tao wrote:
 Hi,
 
[...]
 
 My question is why the designer of puppet did not consider this and
 integrate everything into a complete solution at the beginning, rather
 than having us have to reconfigure everything by hand. Who will use
 puppet if he has only 50 nodes?
 

You probably want Puppet Enterprise as it comes with one installer for
all these dependencies

http://puppetlabs.com/puppet/faq/

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] access facts in ENC

[Stefan Schulte]

On Mon, Jul 23, 2012 at 08:25:49PM -0400, Brian Gupta wrote:
 Your ENC script can pretty much do whatever you want it to do. I'm not
 exactly following what you want to do with the facts, but you could
 upload them to your ENC like so:
 https://github.com/theforeman/puppet-foreman/blob/master/templates/external_node.rb.erb
 
 -Brian
 

This may also be helpful:
http://docs.puppetlabs.com/guides/external_nodes.html#tricks-notes-and-further-reading

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] erb question - can you if val in an each do statement?

[Stefan Schulte]

On Tue, Jul 24, 2012 at 08:08:30AM -0700, earthgecko wrote:
 Quick erb question:
 
 Can you use a if val in an each do iteration?  And if so... how :/  If 
 someone knows and is kind enough to shed some light.
 
 Trying to figure what will work and the following do NOT work.
 
 % hosts.each do |val| %% if val != %= hostname % %  host (%= val 
 %);% end %% end %
 
 % hosts.each do |val| %% if %= val % != %= hostname % %  host 
 (%= val %);% end %% end %
 
 % hosts.each do |val| %% if %= val % != %= hostname % %  host 
 (%= val %);% end %% end %
 
 All error with something similar to:
 
 syntax error, unexpected $undefined, expecting kTHEN or ':' or '\n' or ';'
 ...= hostname ; _erbout.concat \ %  host (; _erbout.concat...
   ^
 .cfg.erb:15: syntax error, unexpected kEND, expecting $end
 ...rbout.concat );;  end ;  end ; _erbout.concat \n  key /et...
 
 Thanks in advance..

Haven't tested it but does

% @hosts.reject { |h| h == @hostname }.each do |host| -%
%= host %
% end -%

work for you?

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] erb question - can you if val in an each do statement?

[Stefan Schulte]

On Tue, Jul 24, 2012 at 10:47:40AM -0700, earthgecko wrote:
[...]
 Would still be interested to know if you can use if val in the each do 
 context.
 
[...]
 On Tuesday, July 24, 2012 6:12:27 PM UTC+1, Stefan Schulte wrote:
  On Tue, Jul 24, 2012 at 08:08:30AM -0700, earthgecko wrote: 
   Trying to figure what will work and the following do NOT work. 
   
   % hosts.each do |val| %% if val != %= hostname % %  host (%= 
  val 
   %);% end %% end % 

if you write

% if val != %= hostname % %

The thing between % and % will be interpreted as ruby code but you mix
in erb syntax inside this ruby fragment. Maybe erb thinks the ruby code
ends after the inner % not after the outer %. However what you really
wanted to write was probably

% if val != @hostname %

Notice that I am addressing hostname as an instance variable. Addressing
it as plain hostname (as a function) does also work but should be avoided
because you may accidentally call a real ruby function instead
(http://projects.puppetlabs.com/issues/14527 is a great example for
that)

So the endresult could be

% hosts.each do |val| -%
%   if val != @hostname -%
host (%= val %)
%   end -%
% end -%

-Stefan

   
   % hosts.each do |val| %% if %= val % != %= hostname % % 
   host 
   (%= val %);% end %% end % 
   
   % hosts.each do |val| %% if %= val % != %= hostname % %  host 
   (%= val %);% end %% end % 
   
   All error with something similar to: 
   
   syntax error, unexpected $undefined, expecting kTHEN or ':' or '\n' or 
  ';' 
   ...= hostname ; _erbout.concat \ %  host (; _erbout.concat... 
 ^ 
   .cfg.erb:15: syntax error, unexpected kEND, expecting $end 
   ...rbout.concat );;  end ;  end ; _erbout.concat \n  key /et... 
   
   Thanks in advance.. 
 
  Haven't tested it but does 
 
  % @hosts.reject { |h| h == @hostname }.each do |host| -% 
  %= host % 
  % end -% 
 
  work for you? 
 
  -Stefan 
 
 
 
 -- 
 You received this message because you are subscribed to the Google Groups 
 Puppet Users group.
 To view this discussion on the web visit 
 https://groups.google.com/d/msg/puppet-users/-/WizWNp4VO-QJ.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to 
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at 
 http://groups.google.com/group/puppet-users?hl=en.
 

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: puppet freezes on FUTEX_WAKE_PRIVATE

[Stefan Schulte]

On Fri, Jul 13, 2012 at 06:30:41AM -0700, Thomas Sturm wrote:
 We have the same problem on Ubuntu 12.04 with kernel 3.2.0-24 and puppet 
 2.7.11. This occurs just after info: Retrieving plugin and before loading 
 the facter facts. It occurs every 100th or 200th puppet run. Any hint much 
 appreciated!
 
 cheers,
 Thomas
 

Is this a relativly new issue for you? FUTEX_WAIT reminds me of the leap
second kernelbug. If that's the case setting the time will fix the issue.

http://serverfault.com/questions/407224/java-process-opends-consumes-all-cpu-futex-flood-how-to-debug-futex

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet 2.7.18 puppetstoredconfigclean.rb

[Stefan Schulte]

On Fri, Jul 13, 2012 at 12:41:46PM -0400, Worker Bee wrote:
 I downloaded the tar.gz for 2.7.18.
 I noticed that ext/ puppetstoredconfigclean.rb is missing.
 
 Can anyone tell me where to get this script?  Is it okay to use the script
 from 2.7.10?
 
 Thanks!
 

The script was removed because »puppet node clean« does the same thing,
see http://projects.puppetlabs.com/issues/12405

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Crontab overwritten by Puppet

[Stefan Schulte]

On Mon, Jul 09, 2012 at 06:48:41AM -0700, Kmbu wrote:
 Hello folks..
 
 I suddenly found the crontab on one of my puppet clients overwritten. It 
 had many entries, including one created by Puppet. Suddenly during one run 
 it was overwritten, keeping only the Puppet entry and removing everything 
 else. Nothing changed between the previous runs and the one that re-created 
 the crontab in terms of configuration. I'm running Puppet 2.7.6.
 
 Fri Jul 06 22:00:16 +0200 2012 Puppet (notice): Reopening log files
 Fri Jul 06 22:03:58 +0200 2012 Puppet (notice): Finished catalog run in 
 5.34 seconds
 Fri Jul 06 22:10:15 +0200 2012 Puppet (notice): Reopening log files
 Fri Jul 06 22:11:18 +0200 2012 Puppet (notice): Finished catalog run in 
 5.30 seconds
 Fri Jul 06 22:20:15 +0200 2012 Puppet (notice): Reopening log files
 Fri Jul 06 22:23:05 +0200 2012 Puppet (notice): Finished catalog run in 
 5.81 seconds
 Fri Jul 06 22:30:15 +0200 2012 Puppet (notice): Reopening log files
 Fri Jul 06 22:35:04 +0200 2012 Puppet (notice): Finished catalog run in 
 5.92 seconds
 Fri Jul 06 22:40:15 +0200 2012 Puppet (notice): Reopening log files
 Fri Jul 06 22:44:35 +0200 2012 
 /Stage[main]/Cre-base/Cron[puppet-run]/ensure (notice): created
 Fri Jul 06 22:44:39 +0200 2012 Puppet (notice): Finished catalog run in 
 5.54 seconds
 
 Why would one run suddenly do this?
 
 Regards,
 

It looks like prefetching (executing »crontab -l root« to get current
cronentries) failed in some way. As a result puppet's in-memory
representation of the crontab is empty. When puppet now evaluates your
Cron['puppet-run'] resource, it detects it to be out of sync (is absent,
should be present), so the in-memory representation now contains only
your 'puppet-run' cronjob. If the new crontab is written back to disk,
you will loose every other cronentry.

Normally I would expect an error message if prefetching failed:

Could not prefetch cron provider

but that doesn't seem to be the case here. On the other hand there is an
outstanding bug about failures beeing silently ignored on solaris [1]

So a failure when running »crontab -l root« (do you manage crontabs of
other users as well? You may hit [2] in that case) would at least
explain the log output but the interesting question now is:
Can you think of a situation *why* the command failed?

[1] http://projects.puppetlabs.com/issues/14283
[2] http://projects.puppetlabs.com/issues/5752

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: How do I cd (change directory) with Puppet's exec?

[Stefan Schulte]

On Fri, Jul 06, 2012 at 08:44:51AM -0700, jcbollinger wrote:
 
 
 On Friday, July 6, 2012 2:10:13 AM UTC-5, Hendrik Jäger wrote:
 
  [...] let a shell 
  execute your command [...]
 
 
 Which you can do fairly easily by adding provider = 'sh' to your Exec's 
 parameters.
 
 Or if you need a non-default shell or you just like doing things the hard 
 way, then you can use a variation on
 
 bash -c 'my command here'
 
 as your command.

Instead of doing these kinds of work-arounds I'd just use the cwd
parameter of the exec resource as described in the type reference [1]

so e.g.

exec { 'make_sendmail':
  command = '/usr/bin/make',
  cwd = '/etc/mail'
}

If you have GNU make you can also ask the make command itself to change
the directory (-C dir, --directory=dir)

[1] http://docs.puppetlabs.com/references/latest/type.html#exec

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] groups dependencies at user creation

[Stefan Schulte]

On Mon, Jul 02, 2012 at 12:20:40PM -0500, Tim Mooney wrote:
   How to ensure groups dependencies at user creation ?.
 
 If you were just talking about the user's default group, then it would
 be one of the few cases where puppet establishes an ordering relation
 for you automatically.  In other words:
 
user { 'foo':
  gid = 'bar',
}
 
 automatically ensures that group 'bar' is present before user 'foo'.
 
 I don't know if that same thing is true for supplemental groups

It is also true for supplemental groups. You can see puppet creates the
relationship when you run puppet agent / puppet apply in debug mode.

So when I run

# puppet apply -vd --noop  EOF
group { ['foo', 'bar']:ensure = present }
user { 'bob': groups = [ 'foo', 'bar' ], ensure = present }
EOF

I get

debug: /Stage[main]//User[bob]: Autorequiring Group[bar]
debug: /Stage[main]//User[bob]: Autorequiring Group[foo]

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] hash to_yaml in erb template not giving valid yaml

[Stefan Schulte]

On Thu, Jul 05, 2012 at 05:43:10PM +0200, Martin Willemsma wrote:
 Hi,
 
 I want to use a file resource to write a facts.yaml file for
 Mcollective. For some reason it won't provide a valid yaml format if I
 dump my scope to hash and convert to_yaml.
 
   file {
   /etc/mcollective/facts.yaml :
   owner = root,
   group = root,
   mode = 400,
   loglevel = debug,
   #content = inline_template(%= scope.to_hash.reject { 
 |k,v| !(
 k.is_a?(String)  v.is_a?(String) ) }.to_yaml %),
 
   #content = inline_template(%= { \a\ = 1, \b\= 
 2}.to_yaml %),
   content =
   inline_template(%= facts = {}; 
 scope.to_hash.each_pair {|k,v|
 facts[k.to_s] = v.to_s unless k.to_s =~
 /pkg_|_hours|_seconds|memoryfree|plugin_|config|_timestamp/ };
 facts.to_yaml.sort %),
   }
 


The to_yaml output should start with a ---\n line, but if you sort
your list  (BTW: I get an error on ruby 1.9 when I call sort on a
string) you may produce an invalid yaml file if the --- is not on top
anymore.

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet commands require root access

[Stefan Schulte]

On Mon, Jun 25, 2012 at 05:46:39PM -0400, Worker Bee wrote:
 Hi Everyone;
 
 Why does running puppet resource require root/sudo access?  Is it
 supposed to be this way or do I have a permissions issue?
 I installed using the gzip files...
 
 Thanks!
 

puppet resource doesnt necessarily require root access. E.g. running
»puppet resource group« should show you present groups and it should
work as a normal user. Like:

  % puppet resource group wheel
  group { 'wheel':
ensure = 'present',
gid= '10',
  }

Just note that »puppet resource some_resource_type« needs a suitable
provider for the type. Most of the providers specify a few files that
have to be executable by the user that is running puppet. The »groupadd«
provider e.g. requires the commands groupadd, groupdel and groupmod.
If your unprivileged user doesnt have these commands in $PATH or doesn't
have access rights (I guess ubuntoo ships these commands with mode 0700)
puppet will not work.

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Base directory with File

[Stefan Schulte]

On Mon, Jun 25, 2012 at 10:27:40AM -0700, Mark Roggenkamp wrote:
 Hi all,
 
 I'd like to specify a base_directory and a list of directories (as 
 variables that may be pulled via hiera later) that will be created under 
 that base directory.
 
 base_dir = /home/base
 bars = [a, b, c]
 
 bars will be used to create the folders under base and also part of the 
 information going into building a template so I don't want to store them as 
 [$base_dir/a, $base_dir/b, $base_dir/c]. 
 
 What's the best way to create the bar directories under the base_dir? I'd 
 love to just give File the bars array and specify the base_dir as a 
 property. Should I make a prepend function that would prepend base_dir to 
 each bar and then pass that to File? 
 
 I tried a definition but then to loop I have to generate a single loop-able 
 structure to call the definition with that contains both bars and base_dir. 
 I looked at create_resources but that seems like it'd force me to make more 
 things variables than I wanted and duplicate more than I would like.
 
 Thanks,
 Mark
 

If you don't want to use a define here you can use the way how the regsubst
function works on arrays: It will apply the substition on all elements and
will then return an array with the same length. So this does also work:

$base_dir = '/home/base'
$bars = ['a', 'b', 'c']

# prefix all bars with base_dir
$dirs = regsubst($bars, '(.*)', ${base_dir}/\\1)

file { $dirs:
  ensure = directory,
}

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Gentoo package provider

[Stefan Schulte]

Hi,

I recently looked at the gentoo package provider and I think it has a
few problems and I'm interested in how gentoo people tackle these
problems:

1) The package provider puts a dependency on eix. While chances are good
   that eix is installed it is not part of the base system (AFAIK).
   Puppet will not immediatly fail though. If you have e.g. ruby
   installed you might ask yourself why puppet tries to install
   app-editors/vim with the gem provider.
2) The package provider makes a few assumption where the eix cache is
   stored and about PORTDIR beeing /usr/portage. A while ago I saw a
   discussion on gentoo-users were multiple people said they place
   there portagetree in /var/portage
3) Packagenames are not unique in gentoo. While you can e.g. specify

 package { 'rubygems':
   ensure   = latest,
   category = 'dev-ruby',
 }

   this still seems to confuse puppet (in my case puppet wants to update
   the package saying the installed version is 1.8.24 [which is true] and
   the latest version beeing 4 (which is the latest version of
   virtual/rubygems, not dev-ruby/rubygems).
   To be on the safe side you really have to specify

 package { 'dev-ruby/rubygems':
   ensure = latest,
 }

   and ignore the category parameter.
4) running puppet resource package does create resources with only
   the packagename, without the category. So you don't see the true result
   if you have two packages installed that come from different
   categories.

   # portageq match / '*/rubygems'
   dev-ruby/rubygems-1.8.24
   virtual/rubygems-4

   # puppet resource package |grep -A 2 rubygems
   package { 'rubygems':
 ensure = '1.8.24',
   }
   #

5) The provider sometimes lies which seems to be caused by the --stable
   flag which is passed to eix. In my case puppet thinks that tar is not
   installed.

   # portageq match / tar
   app-arch/tar-1.26

   # puppet resource package tar
   package { 'tar':
 ensure = 'absent',
   }

So I'd like to change the following:
- query with portageq not with eix, e.g.:
  packagelist:
  # portageq match / ''
  version of a specific package
  # portageq match / dev-ruby/rubygems
  latest version of a specific package
  # portageq best_visible / dev-ruby/rubygems
- drop/deprecate the category parameter
- encourage people to include the category in the resource title
- when using puppet resource package also include the category in the
  packagename

In my opinion these changes should fix all the issues above. One issue will
still exists though: You can install multiple versions of the same package
(slots):

# portageq match / autoconf
sys-devel/autoconf-2.13
sys-devel/autoconf-2.69

I don't really now what puppet should return as the current version
here.

I'd love to know what you think about the current portage provider and the
proposed changes.

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet and Ruby 1.9

[Stefan Schulte]

On Mon, Jun 18, 2012 at 10:02:10PM +0300, Ohad Levy wrote:
 On Mon, Jun 18, 2012 at 9:32 PM, Forrie for...@gmail.com wrote:
 
  What is the status of compatibility with Puppet 2.7.16+ and Ruby
  1.9?   I searched through this group and found some older posts.  I am
  not certain what the core issues are (and there's probably a
  PuppetLabs page for it, I bet).
 
 
 afair, there is an issue with ssl requests on fedora 17 which is ruby 1.93.
 
 Ohad
 

According to redmine there are also a few other issues that might matter
for you:
http://projects.puppetlabs.com/projects/puppet/issues?query_id=107

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Puppet not applying my config

[Stefan Schulte]

On Fri, May 25, 2012 at 05:59:01AM -0700, jcbollinger wrote:
 
 
 On May 24, 7:42 pm, Peter Bukowinski pmb...@gmail.com wrote:
  On May 24, 2012, at 8:05 PM, macmichael01 macmichae...@gmail.com wrote:
 
   Here is the configuration that I am trying to apply:
 
   /etc/puppet/manifests/site.pp
   node default {
      file { /srv/test_file.txt:
          owner = 'root',
          group = 'root',
          mode  = '0777',
      }
   }
 
   Thanks in advance!
 
  Try adding an 'ensure = file,' attribute to the beginning of the file 
  resource block.
 
 
 Yes, do, but that's not the problem.
 
 
 I believe puppet's default behavior is to *not* create a resource unless 
 ensure is used to specify it.
 
 
 That is mistaken.  Generally speaking, the default value for 'ensure'
 parameters is present or some equivalent value.  There has to be
 some default value because otherwise the resource declaration is
 meaningless.  Puppet's default might actually be file for this
 resource type, but it makes no actual difference in this case.

Just for the record:

That is not true for the filetype. The filetype has no default value for
ensure. If you do not specify ensure here it means: Manage the specified
attributes if file/directory is present, otherwise do nothing.

So if I e.g. just manage owner but not ensure and the resource is not
present...

# ls -l /tmp/test
ls: cannot access /tmp/test: No such file or directory
# puppet apply -ve 'file { /tmp/test: owner = nobody }'
info: Applying configuration version '1338042729'
notice: Finished catalog run in 0.12 second

... puppet will not create the file. But if the file is present...

# touch /tmp/test
# puppet apply -ve 'file { /tmp/test: owner = nobody }
info: Applying configuration version '1338042740'
notice: /Stage[main]//File[/tmp/test]/owner:
owner changed 'root' to 'nobody'
notice: Finished catalog run in 0.08 seconds

...Puppet will manage owner

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Custom type, autoinclude

[Stefan Schulte]

On Sun, May 20, 2012 at 01:17:57PM +0200, Markus Falb wrote:
 Hi,
 I was thinking about a conceptual thing and I will try to explain with a
 concrete example.
 
 In the puppetlabs-lvm module
 there is code like this in the logical_volume provider
 
 if mount( '-f', '--guess-fstype', path) =~ /ext[34]/
   resize2fs( path) || ...
 end
 
 The resize2fs command is in the e2fsprogs package (well it is more
 complicated, but this is another topic), so this package has to be
 installed or an error will thrown.
 
 I was thinking about how to ensure that the package is installed.
 I realize that I could do just
 
 package { 'e2fsprogs': }
 logical_volume { 'bla':
   fs_type = 'ext3',
   require = Package['e2fsprogs']
 }
 
 Is it possible to hide this dependency in the custom type?

The custom type logical_volume could specify an autorequire:

in logical_volume.rb:

autorequire(:package) do
  'e2fsprogs'
end

This way every logical_volume will depend on Package['e2fsprogs'] but
only if such a package is present in the catalog.

But what version of puppet are you using? Not sure if

http://projects.puppetlabs.com/issues/6907

already covers your case.

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] odd behaviour on file ensure = absent

[Stefan Schulte]

On Tue, May 15, 2012 at 01:05:03PM -0400, Christopher Wood wrote:
 Here's my test (done on Debian Stable with puppet 2.7.13 from the puppetlabs 
 apt repository):
 
 
 $ cat /tmp/t1.pp 
 file { '/tmp/xx/yy/zz/1':
   ensure = absent,
 }
 $ ls /tmp/xx
 ls: cannot access /tmp/xx: No such file or directory
 $ puppet apply /tmp/t1.pp 
 notice: Finished catalog run in 0.02 seconds
 $ touch /tmp/xx
 $ puppet apply /tmp/t1.pp 
 err: /Stage[main]//File[/tmp/xx/yy/zz/1]: Could not evaluate: Not a directory 
 - /tmp/xx/yy/zz/1
 notice: Finished catalog run in 0.02 seconds
 
 
 It seems counter-intuitive that if /tmp/xx is a regular file then this causes 
 the manifest run to fail. If /tmp/xx is a regular file then /tmp/xx/yy/zz/1 
 can't exist. Does anybody use this behaviour for anything?
 
 I found this while testing if it would work with only one subdirectory of a 
 deep path, without realizing that /tmp/xx was a regular file not a directory.
 

Hi Christopher,

can you raise a ticket for that on redmine as it is clearly a bug?
(http://projects.puppetlabs.com/issues)

The reason is that puppet does a stat call on the path /tmp/xx/yy/zz/1 to get
ownership, mode etc and this will of course fail if the file is not present.
Now the stat system call can raise different errors
(http://linux.die.net/man/2/stat):

EACCES - Search permission is denied for one of the directories in the path
prefix of path (this one is handled by puppet)

ENOENT - A component of path does not exist, or path is an empty string.
(this one is also handled by puppet and the reason why your first run
does not raise an error)

ENOTDIR - A component of the path prefix of path is not a directory.

The last error is *not* handled in the puppet code and is considered a
bug.

So raising a ticket file resource should handle ENOTDIR would be
great. If you don't want to open it yourself just say so and I'll be happy
to do it instead.

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] ssh_authorized_keys fails if a line is empty

[Stefan Schulte]

On Thu, Apr 19, 2012 at 07:20:10AM -0700, Maurice Meeden wrote:
 Hi group,
 
 we want to manage our authorized_keys with puppet and are trying
 ssh_authorized_keys. Everything works as expected, but if ~/.ssh/
 authorized_keys contains en empty line, puppet raises an error and
 generate a complete new file:
 
 debug: Prefetching parsed resources for ssh_authorized_key
 err: Could not prefetch ssh_authorized_key provider 'parsed': Could
 not parse line  at /root/.ssh/authorized_keys:3
 
 If the line contains a blank, it works. How can we change this
 behaviour? We've looked into /usr/lib64/ruby/vendor_ruby/1.8/puppet/
 provider/ssh_authorized_key/parsed.rb but I believe the match
 statement is correct:
 
 text_line :blank, :match = /^\s+/
 

The match means »one or more whitespace characters at the beginning of
a line«. So it would match »   aaa« or » « but not »«. It should read

text_line :blank, :match = /^\s*$/

which means »beginning of a line, followed by zero, one or more
whitespace characters, followed by the end of line.

Would you mind opening a ticket on redmine? This is clearly a bug
http://projects.puppetlabs.com/issues

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Migrate installation to different directory

[Stefan Schulte]

On Thu, Apr 19, 2012 at 03:56:37PM -0400, JA wrote:
 Hi Everyone;
 
 I want puppet to be installed in /app/puppet instead of the default /etc.
 I cannot figure out how to get the puppetmasterd to look for the
 config file (puppet.conf) in /app/puppet instead of /etc/puppet.
 
 If anyone can help, I would really appreciate it!
 

It should work if you start your master with --confdir /app/puppet

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Ordering issues: Stages?

[Stefan Schulte]

Hi,

I have the following basic node definition

node 'mynode' {
  class { 'oracle::server': }
  class { 'oracle::patch::patchA':
require = Class['oracle::server'],
  }
  class { 'oracle::patch::patchB':
require = Class['oracle::server'],
  }
  oracle::instance { 'foo':
require = [ 'oracle::server', ??? ],
  }
}

And the following constraints

- The foo resource depends on oracle::server but it does
  also depend on ALL oracle::patch::XX classes
- The patches I want to install on different nodes may vary

so my problem is

- I can modify the patch classes to also specifiy `before = instanceFoo,
  instanceBar` etc but this seems ugly
- Setting require = Class['oracle::patch::patchA','oracle::patch::patchB']
  for all instances does also feel wrong.

I tried to work around this with stages but I cannot assign a stage to
oracle::instance because stages are just allowed at class level, not
resource level.

How would you solve the issue? I thought about one parameterized
oracle::patch class that (based on a the parameters) includes the
specific patch classes. Then at oracle::instance level I only have one
require to this oracle::patch class. Or create an empty class as an anchor.
All patches will then define before = Class['empty_class'] and all instances
define require = Class['empty_class'].

Any best practices?

-Stefan


pgpLnRJIr3RZX.pgp
Description: PGP signature

Re: [Puppet Users] exec: How to logoutput = on_failure and get STDERR too?

[Stefan Schulte]

On Tue, Feb 14, 2012 at 04:05:22PM +0100, Peter Valdemar Mørch wrote:
 When a *nix command fails, it most often prints an error to STDERR:
 
 capmon@peter:~ /bin/rm /nonexist
 /bin/rm: cannot remove `/nonexist': No such file or directory
 
 exec's logoutput = true doesn't capture STDERR by default:
 

What version of puppet are you using? This should have been fixed in
2.6.3 (http://projects.puppetlabs.com/issues/2359)

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Adding a parameter to a custom Puppet type/provider

[Stefan Schulte]

Can you provide your resource definition where you use the
logical_volume type?

-Stefan

On Sat, Feb 11, 2012 at 09:31:36AM -0600, Jason Koppe wrote:
 I do have /var/lib/puppet/lib/puppet/type/logical_volume.rb on my puppet
 master and I still get the same error.
 
 On Wed, Dec 7, 2011 at 6:01 AM, Stefan Schulte 
 stefan.schu...@taunusstein.net wrote:
 
  On Tue, Dec 06, 2011 at 10:34:47AM -0800, Jason Koppe wrote:
   http://pastie.org/private/t9nl5wa91bd6rx1afad7sq is a pastie of my
   changes to https://github.com/puppetlabs/puppet-lvm and the error i'm
   seeing is
  
   err: Could not retrieve catalog from remote server: Error 400 on
   SERVER: Invalid parameter physical_volume at file.pp:26 at node
  
 
  Parameter validation happens on your puppet master so I guess you have
  to update
 
 /var/lib/puppet/lib/puppet/type/logical_volume.rb
 
  on your master first.
 
  -Stefan
 
 
 
 
 -- 
 Jason Koppe
 jason.robert.ko...@gmail.com
 Cell (210) 445-8242
 
 -- 
 You received this message because you are subscribed to the Google Groups 
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to 
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at 
 http://groups.google.com/group/puppet-users?hl=en.
 

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Mining hash field out of the /etc/shadow shadow file

[Stefan Schulte]

On Sun, Jan 29, 2012 at 07:26:13AM -0800, Olivier wrote:
 Hello
 
 in James Loope's book (called Managing Infrastructure with Puppet), he
 writes on page23: The password hash can either be mined out of a
 shadow file or generated with the mkpasswd utility. My question is:
 how can the hash field be mined out of the shadow field. I tried to
 use the generate function to execute the following command:
 grep username /etc/shadow | cut -d: -f2
 but that did not work. It seems that the generate function does not
 like the | pipe command.
 
 My question is: how can I extract that hash value and store it in a
 Puppet variable?
 
 Thank you
 

The question is what are you trying to accomplish?

The generate function executes on your puppet master which is most
certainly not what you want.

If you want to have the root passwordhash on your node to be available
as a variable you have write a custom fact [1] but be aware of the
possible security implications.

If you just want to create a useraccount and set a login password or you
want to make sure that a certain user has a certain login password you
can already do so with the user type [2]

like

user { 'root':
  ensure   = present,
  uid  = 0,
  password = 'my hashed password',
}


[1] http://docs.puppetlabs.com/guides/custom_facts.html
[2] http://docs.puppetlabs.com/references/2.7.9/type.html#user

-Stefan


pgpHHeUPB8zbS.pgp
Description: PGP signature

Re: [Puppet Users] Mining hash field out of the /etc/shadow shadow file

[Stefan Schulte]

On Sun, Jan 29, 2012 at 11:39:46PM +0100, Stefan Schulte wrote:
 On Sun, Jan 29, 2012 at 07:26:13AM -0800, Olivier wrote:
  Hello
  
  in James Loope's book (called Managing Infrastructure with Puppet), he
  writes on page23: The password hash can either be mined out of a
  shadow file or generated with the mkpasswd utility. My question is:
  how can the hash field be mined out of the shadow field. I tried to
  use the generate function to execute the following command:
  grep username /etc/shadow | cut -d: -f2
  but that did not work. It seems that the generate function does not
  like the | pipe command.
  
  My question is: how can I extract that hash value and store it in a
  Puppet variable?
  
  Thank you
  
 
 The question is what are you trying to accomplish?
 

Searched the book online. This is what he is trying to say:

You can make sure that a user has a certain login password with the
`password` property of the user resource. But you have to supply the
hashed password as it would be stored in the /etc/shadow file.

But in general you just know the clear text password. An easy way to get
the hash value for your clear text password is to set the clear text
password with passwd and then lookup the hash in the /etc/shadow file
or use the mkpasswd utility (with which I am not familiar)

Once you have the hashed value of your desired clear text password
you can copypaste that in the user definition.

-Stefan


pgpvWSYCL4KDE.pgp
Description: PGP signature

Re: [Puppet Users] arrays after upgrade to 2.7 and ['A','B'] compared to 'A B'?

[Stefan Schulte]

On Thu, Jan 26, 2012 at 11:52:52AM -0800, Daniel Pittman wrote:
 On Thu, Jan 26, 2012 at 10:39, Steve Traylen steve.tray...@cern.ch wrote:
  On 26 Jan 2012, at 19:29, Stefan Schulte stefan.schu...@taunusstein.net 
  wrote:
  On Thu, Jan 26, 2012 at 03:57:08PM +, Steve Traylen wrote:
 
  After upgrading a server and client from 2.6.13 to 2.7.10 my 
  configuration with array attributes
  are behaving differently. 3 examples:
 
 […]
 
  Can you please tell me the ruby version you are using? So we can rule
  1.8.5 incompabilities out?
 
  Hi, Stefan, other than puppet and facter which are from the puppetlabs repo 
  everything is rhel6 defaults so ruby 1.8.7 and facter 1.6.5
 
 Hrm.  Looks like that might be a bug.  Can you file tickets reflecting
 the different issues you are hitting?

I was able to reproduce the issue and filed a bug:
http://projects.puppetlabs.com/issues/12197

I've tried the following combinations

puppet 2.7.9 / ruby 1.8.7 - No issue
puppet 2.7.9 / ruby 1.9.3 - No issue
puppet 2.7.10 / ruby 1.8.7 - Bug as described earlier
puppet 2.7.10 / ruby 1.9.3 - No issue

-Stefan


pgpwO1ix9S7aR.pgp
Description: PGP signature