from:"Tim Mooney"

Re: [Puppet Users] puppetlabs-lvm & inconsistency of pv devices

2024-05-08 Thread 'Tim Mooney' via Puppet Users


In regard to: [Puppet Users] puppetlabs-lvm & inconsistency of pv devices,...:


As we're migrating from RHEL 7 over to RHEL 9,  RedHat is stating that pv
device order should not be expected to be consistent.


LVM also no longer defaults to importing existing PVs that have been
preserved from a previous install:

https://access.redhat.com/solutions/6717161


So how are users specifying to create the pv on RedHat systems now?  Really
don't want to try and deal with UUID's, and would rather not have admins
create the PV & volume group manually either.


I've struggled with that question too, so I look forward to hearing what
other sites are doing.

I've also never been sure what the best practice is for where these
type of host-specific resources should be in the overall class hierarchy.

Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing & Infrastructure /
Division of Information Technology/701-231-1076 (Voice)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/992c0f23-10d8-e386-fb31-c67b9477010d%40ndsu.edu.

[Puppet Users] puppet idiom to select particular module stream?

2023-09-11 Thread 'Tim Mooney' via Puppet Users




All-

RHEL 8 and RHEL 9 and their rebuilds and related distros inherited DNF
modularity from Fedora, as a kind of replacement for Software Collections
Library alternate package version.

I've been unable to find the correct puppet idiom to do the following:

1) ensure a particular module stream is enabled *before* installing
   packages from that stream.
2) install the package(s).

I thought that this would work:

  package { 'enable-nodejs18':
ensure  => 'nodejs:18',
name=> 'nodejs',
provider=> 'dnfmodule',
enable_only => true,
  }

  package { 'nodejs':
ensure  => installed,
require => Package['enable-nodejs18'],
  }

But that doesn't work.  I still get the base OS version of 'nodejs'
installed.  The correct module stream isn't enabled (first).  If we
manually (outside puppet) switch the client to the correct stream,
then the 2nd package resource does install the version we want.
Obviously, we want to control the one-time module stream selection in
puppet too.

Can anyone tell me what the correct idiom is to do what I'm trying to
accomplish?

Thanks!

Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing & Infrastructure /
Division of Information Technology/701-231-1076 (Voice)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/e5efed0-5a8-de7a-ecc8-abe1835ec4a%40ndsu.edu.

Re: [Puppet Users] Can I store RPM's on the Puppet Server to install on agents ?

2022-09-29 Thread 'Tim Mooney' via Puppet Users

In regard to: Re: [Puppet Users] Can I store RPM's on the Puppet Server to...:

I would not choose an Exec resource type as the method to install RPM
packages from vendors, be it RPMs on a local filesystem or served by
HTTPS-based repo.
You can and have the ability to keep the OS Packages (RPM/DEB) on the PE
host machine like you can store any files on the PE host. But I would not
check-in the RPMs to be stored in the version control system repository
where the Puppet code and Hiera lives.
Instead the general wisdom is that Linux OS Packages (RPM or DEB) that are
not in a proper repository, should then be placed into a proper package
repository. This way it can be referred to as a Package resource type like
any other normal installable package, in this case an RPM via YUM.

+1 to everything James said.

Creating a local repo for RPMs is very easy. If you have a Linux system
that's running a web server, you're most of the way there already.

Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing & Infrastructure /
Division of Information Technology/701-231-1076 (Voice)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/78981746-8974-b2ea-51ee-3944b8d7e0a8%40ndsu.edu.

[Puppet Users] modules for NetworkManager

2022-07-26 Thread 'Tim Mooney' via Puppet Users




Hi All-

How are people using puppet to manage their interfaces and routes with
NetWorkManager?

With the advent of RHEL 9, Red Hat has removed the ability to define
network config using the old flat file method.  It had been deprecated
for a couple of major versions, but it's fully removed in RHEL 9.
NetworkManager is the only option now.

I've looked on the Forge and I haven't found a popular, supported module
for managing network config via NetworkManager.  Is there a consensus
favorite that I've missed?  If not, what are people doing to manage
the network on RHEL 9?

Thanks,

Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing & Infrastructure /
Division of Information Technology/701-231-1076 (Voice)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/4b35fbd-a56a-e5ef-ed0-5a8de7aecc8%40ndsu.edu.

Re: [Puppet Users] RHEL 9 agent support?

2022-06-13 Thread 'Tim Mooney' via Puppet Users


In regard to: Re: [Puppet Users] RHEL 9 agent support?, Josh Cooper said...:


Puppet 6 is released quarterly and support for RHEL9 will go out in the
next 6.x release. In the meantime, you can try nightly builds from
https://nightlies.puppet.com/yum/puppet6-nightly/el/9/x86_64


Thanks Josh!  Much appreciated.

Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing & Infrastructure /
Division of Information Technology/701-231-1076 (Voice)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/835ec4a-548f-783-937f-4c3b4520eb7f%40ndsu.edu.

[Puppet Users] RHEL 9 agent support?

2022-06-13 Thread 'Tim Mooney' via Puppet Users




RHEL 9 has been out for a few weeks.

I see OpenSource puppet agent 7 and puppet bolt packages for RHEL 9, but
no OpenSource puppet agent 6 releases.

Are there plans to package puppet agent 6 for RHEL 9?

Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing & Infrastructure /
Division of Information Technology/701-231-1076 (Voice)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/924b35f-bda5-6ae5-efe-d05a8de7aec%40ndsu.edu.

Re: [Puppet Users] upgrading opensource from 5.5 to 6.x

2020-05-14 Thread Tim Mooney

In regard to: Re: [Puppet Users] upgrading opensource from 5.5 to 6.x,...:

Hi Tim,

Major difference between Puppet 5 and 6:
- some types have been moved to separate git module repositories
- puppet cert command has been moved to puppet server ca command (see also
https://www.example42.com/2018/10/08/puppet6-ca-upgrading/
<https://www.example42.com/2018/10/08/puppet6-ca-upgrading/>)

The Puppet doc has more information:
https://puppet.com/docs/puppet/latest/release_notes_puppet.html#puppet-deprecations-x.0.0

<https://puppet.com/docs/puppet/latest/release_notes_puppet.html#puppet-deprecations-x.0.0>

So this is far later than it should be, but I wanted to follow-up
and thank you for your reply.

After having been through the 3.8.x to 5.x upgrade, I thought I had
to be missing something for the 5.x to 6.x upgrade. Turns out I wasn't,
5.x to 6.x was just a lot easier than 3.8.x to 5.x. Martin's info
confirmed that I had found everything I needed. The Example42 blog
post Martin linked was also very helpful in working around the CA changes.

The upgrade went smoothly and we've been using 6.x for a few weeks now.

Thanks again!

Tim

On 19. Mar 2020, at 00:09, Tim Mooney wrote:

All-

When I upgraded our opensource puppet environment from 3.8 to 5.x, there
was a lot of good documentation that highlighted changes to file locations,
deprecations, settings that needed to change, etc. There were many
things to change or update to prepare for the upgrade, but nearly
everything was spelled out pretty clearly.

I'm contemplating updating our environment from 5.5 to the most recent
6.x release, and I'm not finding any upgrade documentation of a similar
amount of detail. I understand that there are fewer changes and
deprecations between 5.5 and 6.x than there were between 3.8 and 5.x,
but there has to be more to it than just update the packages without
making any changes to your config files, etc.

For others that have been through the same upgrade recently, what docs
did you follow, and were there any gotchas that weren't covered?

Thanks!

Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing & Infrastructure /
Division of Information Technology/701-231-1076 (Voice)
North Dakota State University, Fargo, ND 58105-5164

--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing & Infrastructure /
Division of Information Technology/701-231-1076 (Voice)
North Dakota State University, Fargo, ND 58105-5164

[Puppet Users] upgrading opensource from 5.5 to 6.x

2020-03-18 Thread Tim Mooney




All-

When I upgraded our opensource puppet environment from 3.8 to 5.x, there
was a lot of good documentation that highlighted changes to file locations,
deprecations, settings that needed to change, etc.  There were many
things to change or update to prepare for the upgrade, but nearly
everything was spelled out pretty clearly.

I'm contemplating updating our environment from 5.5 to the most recent
6.x release, and I'm not finding any upgrade documentation of a similar
amount of detail.  I understand that there are fewer changes and
deprecations between 5.5 and 6.x than there were between 3.8 and 5.x,
but there has to be more to it than just update the packages without
making any changes to your config files, etc.

For others that have been through the same upgrade recently, what docs
did you follow, and were there any gotchas that weren't covered?

Thanks!

Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing & Infrastructure /
Division of Information Technology/701-231-1076 (Voice)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/alpine.GSO.2.21.2003181743460.7559%40dogbert.cc.ndsu.NoDak.edu.

Re: [Puppet Users] Re: managing users and grants with recent puppetlabs-mysql

2019-01-23 Thread Tim Mooney


In regard to: [Puppet Users] Re: managing users and grants with recent...:


Despite it being labelled as private you should still be able to add
additional user's in the same way, creating an additional mysql::grant for
each assignment. Sorry I don't have more information.


Thanks David.  We haven't yet made any changes to our code that has been
using mysql_database, mysql_user, and mysql_grant.  Those all continue to
work, so you're correct that we can still use them.

We'll keep using them until suitable replacements appear, but that's more
or less what I was trying to discover: what are the replacements for these
resources that have transitioned to "private"?  It just seems strange to
me to mark something as private without first having an established
replacement.

Thanks,

Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing & Infrastructure  701-231-1076 (Voice)
Room 242-J6, Quentin Burdick Building  701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/alpine.SOC.2.20.1901231226530.2990%40dogbert.cc.ndsu.NoDak.edu.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] managing users and grants with recent puppetlabs-mysql

2019-01-22 Thread Tim Mooney

All-

I'm using the open source Puppet 5.x platform, with puppetserver 5.3.6
and puppet-agent 5.5.8 on mostly RHEL 6 and 7 (and soon 8, I suppose).

We're long-time users of puppetlabs-mysql, right now we're on the current
latest (7.0.0).

When we started with puppetlabs-mysql, we wrote our database management
puppet classes to use puppetlabs-mysql's mysql_database, mysql_user and
mysql_grant resources directly. Most of our code still does this.

Recent versions of puppetlabs-mysql have marked those resources as
@api private, though.

There is now a mysql::db define that is part of the public API and
kind of combines all three, but AFAICT it only allows managing one user
for the defined database. Additional users or complicated grants seem
to be beyond that define.

I guess I'm confused about what the new recommended way is to manage users
and grants with puppetlabs-mysql?

I've searched these forums and the web, and other than an outdated and
now incorrect hit on StackOverflow, I'm not finding information on what
should replace *public* use of mysql_user and mysql_grant.

Thanks,

Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing & Infrastructure 701-231-1076 (Voice)
Room 242-J6, Quentin Burdick Building 701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

Re: [Puppet Users] class parameters that depend on other parameters

2018-06-13 Thread Tim Mooney


In regard to: Re: [Puppet Users] class parameters that depend on other...:


On Tuesday, June 12, 2018 at 3:14:45 PM UTC-5, Tim.Mooney wrote:


Let's say you had *many* parameters that you wanted to set defaults for
(but allow overrides on an individual basis) based on a single parameter.



The simplest and most straightforward alternative I can think of is simply
to reposition your classes.  What I mean by that is instead of using a
params class to set Puppet-level default parameter values, make the target
class a wrapper that handles parameter defaults and adjustments, and passes
them off to a private, internal class.  Truly, the internal class part is
optional, but it provides for a separation of concerns, and maps more
cleanly onto your example.


Thanks much John for your excellent reply!  Between your suggestions
and Henrik's, I have a much clearer picture of how I can modernize and
hopefully simplify several of our home-grown modules and classes.  The
time you took to read and reply is greatly appreciated.

Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing & Infrastructure  701-231-1076 (Voice)
Room 242-J6, Quentin Burdick Building  701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/alpine.SOC.2.20.1806131439180.10996%40dogbert.cc.ndsu.NoDak.edu.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] class parameters that depend on other parameters

2018-06-13 Thread Tim Mooney


In regard to: Re: [Puppet Users] class parameters that depend on other...:


Hope one of those examples gives you some inspiration.


They do.  Thank you very much for taking the time to read and consider
the wall of text and code I posted, and then come back with some
insightful suggestions.  The options you considered and then rejected,
and the reasons why were also very useful to hear.

Between you and John, I have lots of great suggestions that I now need
to consider.

Thanks,

Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing & Infrastructure  701-231-1076 (Voice)
Room 242-J6, Quentin Burdick Building  701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/alpine.SOC.2.20.1806131431230.10996%40dogbert.cc.ndsu.NoDak.edu.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] class parameters that depend on other parameters

2018-06-12 Thread Tim Mooney


In regard to: Re: [Puppet Users] class parameters that depend on other...:


On 2018-06-12 00:55, Tim Mooney wrote:


[snip some of my original context]


Here's an example:

modules/sandbox/manifests/init.pp:
#
# This module exists only to serve as a sandbox where we can experiment with
# puppet code.
#
class sandbox(
   Enum['typeA', 'typeB', 'combined'] $server_type  = 'combined',
   String $service_name = 
$::sandbox::params::service_name,

) inherits ::sandbox::params {

   notice("sandbox initialized.\n")

   notice("\$server_type  = ${server_type}\n")
   notice("\$service_name = ${service_name}\n")

}

modules/sandbox/manifests/params.pp:
#
# a 'sandbox' class for the params pattern.
#
class sandbox::params {

   $_server_type_actual = $::sandbox::server_type

   case $_server_type_actual {
     'combined': {
   $service_name = 'sandbox-typeA+typeB'
     }
     'typeA': {
   $service_name = 'sandbox-typeA'
     }
     'typeB': {
   $service_name = 'sandbox-typeB'
     }
     default: {
   fail("\n\nsandbox::server_type must be one of: combined, typeA, 
typeB\n")

     }
   }

}

Hopefully the *intent* is relatively clear: provide an intelligent default
value for $service_name based on what the value is for $server_type, but
allow our "intelligent default" value to be overridden.  If
'sandbox::server_type' is set to 'typeB' in our hiera hierarchy, I want
the *default* value for 'sandbox::service_name' to become 'sandbox-typeB'.
If the person configuring the machine needs to override that too, they
should be able to, but setting just the first setting should provide
suitable defaults for the others.


[snip some of my original context]

For starters you do not really need a params.pp or inheritance. Simply 
configure all parameters in hiera.


Then, you can produce the default value by calling a function. For example 
like this:


 function mymodule::default_from_a($x) {
   if $x == 'type-A' {
 'sandbox-typeA'
   }
 }
 class example($a, $b = mymodule::default_from_a($a)) {
   notice $a
   notice $b
 }
 class {example: a => 'type-A' }


Thanks for your response Henrik!  The function use is an interesting
approach that I would not have considered.  It works well in the simple
example I presented and accomplishes what I was trying to do.

I'm not sure how I would scale this to something that's "real world" in
size, though.

Let's say you had *many* parameters that you wanted to set defaults for
(but allow overrides on an individual basis) based on a single parameter.
In my environment, the best example where we've used this is to support
the alternate versions of particular packages that are available for
RHEL (and respins) using Software Collections Library (SCL).

For example, on RHEL 6, the standard packages provide php 5.3.3 (plus
some backports and vendor "special sauce").

However, there are alternate versions available from SCL:

php54-php

php55-php

rh-php56-php

rh-php70-php

So to support various web application requirements, we have modules
that do stuff like (sorry for the lengthy code):

  if $facts['os']['family'] == 'RedHat' {
if $facts['os']['release']['major'] == '5' {
  #
  # There's no easy httpd 2.4 option for RHEL 5, so barf
  #
  fail("\n\nRHEL 5 is not supported.\n\n")
} elsif $facts['os']['release']['major'] == '6' {

  # PHP-related settings.
  $php_variant  = hiera('scl::php', 'php54')

  if $php_variant == 'php54' or $php_variant == 'php55' {
# don't need to include the fpm package, as the phpfpm class gets it
$php_extra_packages   = hiera('scl::php::extra_packages',
  [
  "${php_variant}-runtime",
  $php_variant,
  "${php_variant}-php-cli",
  "${php_variant}-php-ldap",
  "${php_variant}-php-mbstring",
  "${php_variant}-php-pdo",
  ])
$php_fpm_package_name = "${php_variant}-php-fpm"
$php_fpm_service_name = $php_fpm_package_name
$php_fpm_pool_dir = "/opt/rh/${php_variant}/root/etc/php-fpm.d"
$php_fpm_pid_file = 
"/opt/rh/${php_variant}/root/var/run/php-fpm/php-fpm.pid"
$php_config_dir   = "/opt/rh/${php_variant}/root/etc"
  } elsif $php_variant != 'UNDEF' {
#
# for version 5.6.x and later, the name may include rh- at the start
# and many of the paths have changed.
#
# don't need to include the fpm package, as the phpfpm class gets it
$php_extra_packages   = hiera('scl::php::extra_packages',

[Puppet Users] class parameters that depend on other parameters

2018-06-11 Thread Tim Mooney




Hi All!

We've been long-time users of puppet (opensource).  A lot of our
home-grown modules were written to use direct hiera() calls (and before
that extlookup()) for loading config.  Because of prior limitations
with class parameters, we also mostly avoided parameterized classes and
class inheritance.

Since I converted my site from puppet 3.8.7 to puppetserver 5.x and
puppet-agent 5.3.x, and converted us from hiera 3.x to hiera 5.x, a lot
of the "old ways" we were doing things can and should be modernized.  For
example, I'm embarking on a project to convert all deprecated direct
hiera() calls to use lookup() instead, but before I do that I can also
greatly reduce the number of direct lookup() calls by making better use
of automatic parameter loading for classes, where appropriate.

One area where I've never found a good solution is class parameters that
depend on the value of other class parameters, especially when we want to
provide reasonable defaults for both but we also want to allow overriding
one or both of the parameters.

Here's an example:

modules/sandbox/manifests/init.pp:
#
# This module exists only to serve as a sandbox where we can experiment with
# puppet code.
#
class sandbox(
  Enum['typeA', 'typeB', 'combined'] $server_type  = 'combined',
  String $service_name = 
$::sandbox::params::service_name,
) inherits ::sandbox::params {

  notice("sandbox initialized.\n")

  notice("\$server_type  = ${server_type}\n")
  notice("\$service_name = ${service_name}\n")

}

modules/sandbox/manifests/params.pp:
#
# a 'sandbox' class for the params pattern.
#
class sandbox::params {

  $_server_type_actual = $::sandbox::server_type

  case $_server_type_actual {
'combined': {
  $service_name = 'sandbox-typeA+typeB'
}
'typeA': {
  $service_name = 'sandbox-typeA'
}
'typeB': {
  $service_name = 'sandbox-typeB'
}
default: {
  fail("\n\nsandbox::server_type must be one of: combined, typeA, typeB\n")
}
  }

}



Hopefully the *intent* is relatively clear: provide an intelligent default
value for $service_name based on what the value is for $server_type, but
allow our "intelligent default" value to be overridden.  If
'sandbox::server_type' is set to 'typeB' in our hiera hierarchy, I want
the *default* value for 'sandbox::service_name' to become 'sandbox-typeB'.
If the person configuring the machine needs to override that too, they
should be able to, but setting just the first setting should provide
suitable defaults for the others.

This doesn't work, because there's a chicken-or-the-egg problem here.
Class sandbox inherits from sandbox::params to follow the "params
pattern", so settings in the parent class end up depending upon on
parameters to the child class.

Assuming I don't have any need to support old versions of puppet (anything
before 5.x), what's the current best practice for doing this?

Thanks,

Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing & Infrastructure  701-231-1076 (Voice)
Room 242-J6, Quentin Burdick Building  701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/alpine.SOC.2.20.1806111713120.8924%40dogbert.cc.ndsu.NoDak.edu.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] debugging catalog issue for one client after upgrade

2015-06-18 Thread Tim Mooney



All-

I'm using puppet (open source) 3.7.5 on our master (RHEL6.6, x86_64) and
all clients (RHEL 5.x, RHEL 6.x, RHEL 7.x).

I'm refreshing the hardware on our puppet master, and wanted to take the
opportunity to switch the master to RHEL 7 (and therefore new Ruby and
some ruby libraries).  I'm sticking with puppet 3.7.5 during the
hardware/OS refresh.

I've been through upgrades on the puppet master before, and have found the
Option 1: spin up a temporary master section of

https://docs.puppetlabs.com/guides/install_puppet/upgrading.html

to be very useful.

After copying /etc/puppet (including our version-controlled modules) and
/var/lib/puppet/ssl from the production RHEL 6 master to the replacement
RHEL 7 master, and starting puppet on the new master as recommended:

puppet master --no-daemonize --verbose

I've gone through every one of our puppet clients and run

puppet agent --test --noop  # against current production
puppet agent --test --noop --server new-master

Both the old master and the new master return identical catalogs for
every client ... except one.

On one client, it appears that the *client* may be closing the connection
very shortly after supplying facts to the new master.  I've run both
the new master and the client with --debug, and there's no obvious
error messages or output that would indicate what the source of
the problem is.  The client only says:

$ sudo puppet agent --test --noop --server new-server
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Error: Could not retrieve catalog from remote server: Broken pipe
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run

This client happens to be our largest, as far as # of resources (about
1700, mostly because of a bunch of web proxy lines added to a httpd
config file via a define() and concat).  The old master takes a while to
compile the catalog (so much so that I sometimes have to specify
--configtimeout=300 on the client when communicating with the old master),
but it does reliably compile and deliver the catalog.

The communication between the client and the new master breaks very
quickly (within a few seconds), so it's not the same timeout causing
the issue.

Any suggestions for how I proceed with debugging this issue?  I can
provide the output from --debug for both the new master and the client,
if anyone is interested in looking through it.

Thanks,

Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing  Infrastructure  701-231-1076 (Voice)
Room 242-J6, Quentin Burdick Building  701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

Re: [Puppet Users] Re: workarounds for ruby segfaults on puppet master

2014-11-25 Thread Tim Mooney


In regard to: [Puppet Users] Re: workarounds for ruby segfaults on puppet...:


Since RHEL 6.x has alternate versions of some packages (including ruby)
available via its Software Collections Library (SCL), I'm tempted to
try switching our puppet master to use the ruby193-* packages from
SCL.  A minor downside is that I won't be able to use the Puppet Labs
packages
anymore, at least on the master.



Hi Tim, why is it that you wouldn't be able to use the packages on the
master?

I think you should be able to point your apache 'PassengerRuby' directive
at the SCL ruby and be good to go.


As John Julien already responded, unfortunately that won't work.

When you use an updated package from the Software Collections Library,
it's essentially installed under a separate installation root, outside
of the /usr space.  The Puppet Labs packages install their bits to e.g.

/usr/lib/ruby/site_ruby/1.8/

but with the SCL packages, that directory isn't going to be anything that
the SCL ruby would search.  It's going to instead look for things
installed in various places under its root, which is

/opt/rh/ruby193/root/usr

I don't know if the package root directory is different for CentOS,
Scientific Linux, or other RHEL derivatives.


Another alternative that I'd recommend is to use the new puppetserver
package, which runs the master under JRuby and replaces the whole
Apache+Passenger+MRI ruby part of the stack.


We just got to 3.7.3, after running with 3.4.2 for about 9 months.  I
haven't yet had a chance to enable the future parser with our traditional
stack, so I don't think we're quite ready to bite the bullet and go to
puppetserver.  It's in our future, to be sure, but it has been painful
enough just getting the traditional stack upgraded.

Thanks for your thoughts on this!  Very much appreciated.

Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing  Infrastructure  701-231-1076 (Voice)
Room 242-J6, Quentin Burdick Building  701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

Re: [Puppet Users] Re: workarounds for ruby segfaults on puppet master

2014-11-25 Thread Tim Mooney


In regard to: [Puppet Users] Re: workarounds for ruby segfaults on puppet...:


FWIW here's what I put in /etc/puppet/rack/config.ru that has resolved it
for me:


Thanks Trey!  It was your original post about the issue that got me
on a track that eventually got me a workaround.  We're now on 3.7.3,
and so far (fingers crossed) John's suggestion of just adding
--profile, without any of the other options, has allowed us to
avoid the problem.


ARGV  --confdir  /etc/puppet
ARGV  --vardir   /var/lib/puppet
*ARGV  --debug*
*ARGV  --trace*
*ARGV  --profile*
ARGV  --logdest  /var/log/puppet/puppetmaster.log

If I remove the lines the segfaults become a problem.  I'm now on Puppet
3.6.2 and this is still an issue that requires the above work around.




Just be sure if you use that work-around to update logrotate to clean out
puppetmaster.log as that file will get very large very quickly.  The
--logdest portion I used to keep the logs out of syslog and so they could
be cleaned up more easily using logrotate.


Yeah, I was worried about log growth when using those options, but just
--profile hasn't had any impact on our logs.  If it turns out that we
start having the segfaults again, I'll pursue your recommendation and
add the remaining options that you're using.

Thanks again!

Tim


On Wednesday, November 19, 2014 11:02:00 AM UTC-6, Tim.Mooney wrote:



All-

For those of you that are using puppet on RHEL 6.x (/CentOS/Oracle
Linux/Scientific Linux/etc.) and have experienced ruby segfaults on
your puppet master(s), what workaround or workarounds have you been
using?

We have been using puppet 3.4.2 (from Puppet Labs repos) for some time,
with a RHEL 6.x puppetmaster under mod_passenger.  RHEL 6.x currently
has ruby 1.8.7 patchlevel 374 as its default ruby version.

In the past couple weeks we've started to see a couple of different
clients that are triggering segfaults in ruby on the master during a
puppet agent run.  Examples include:

/usr/lib/ruby/site_ruby/1.8/puppet/util/profiler.rb:30: [BUG] Segmentation
fault ruby 1.8.7 (2013-06-27 patchlevel 374) [x86_64-linux]

/usr/lib/ruby/site_ruby/1.8/puppet/parser/type_loader.rb:110: [BUG]
Segmentation fault ruby 1.8.7 (2013-06-27 patchlevel 374) [x86_64-linux]

Web searches related to this issue turned up a thread from puppet-users
earlier this year started by treydock:

 https://groups.google.com/forum/#!topic/puppet-users/qWN6j-eNiZ0

Unfortunately, I've tried a lot of the workarounds suggested in that
thread, and none of them seem to reliably avoid the problem.

- I tried back-porting the small patch from PUP-1592 to our 3.4.2
   puppet master.  No luck.

- Yesterday, I bit the bullet and upgraded our entire puppet
   infrastructure from 3.4.2 to 3.7.3.  We still see the same
   segfaults on the master, both under mod_passenger and when
   running the master in standalone mode for testing.

Since RHEL 6.x has alternate versions of some packages (including ruby)
available via its Software Collections Library (SCL), I'm tempted to
try switching our puppet master to use the ruby193-* packages from
SCL.  A minor downside is that I won't be able to use the Puppet Labs
packages
anymore, at least on the master.

The big concern I have relates to how advisable it is to use a different
version of ruby on the master vs. all of the clients?  Have other RHEL
users tried this, with any success?

Thanks,

Tim
--
Tim Mooney tim.m...@ndsu.edu
javascript:
Enterprise Computing  Infrastructure  701-231-1076
(Voice)
Room 242-J6, Quentin Burdick Building  701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164






--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing  Infrastructure  701-231-1076 (Voice)
Room 242-J6, Quentin Burdick Building  701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

Re: [Puppet Users] Re: workarounds for ruby segfaults on puppet master

2014-11-20 Thread Tim Mooney


In regard to: [Puppet Users] Re: workarounds for ruby segfaults on puppet...:


For those of you that are using puppet on RHEL 6.x (/CentOS/Oracle
Linux/Scientific Linux/etc.) and have experienced ruby segfaults on
your puppet master(s), what workaround or workarounds have you been
using?



I found that adding the following to config.ru stops the problem.
ARGV  --profile
I am presuming this is because the --profile option is incrementing the
reference count to all the objects in memory for a single catalog compile
and prevents the ruby GC bug from thinking something is no longer needed.


Thanks John!  I had seen that + other options, but I was pretty concerned
about running our production master with the amount of logging it would
generate.  I'll give just --profile a try and see if the situation
improves.


Another option that will be crazy memory intensive is to disable GC in
config.ru
GC.disable

This worked fine on our test machines, but the only way to make it
sustainable in production is to set a really low PassengerMaxRequests.
This wasn't a good option for us in production either, as it removed the
performance gains of hiera file caching.  If you don't have a lot of
parameterized classes or your Puppet Masters have a lot of capacity,
disabling GC and lowering PassengerMaxRequests might be an option, but I
still think --profile is the better way to go.


We don't have a lot of parameterized classes, but their use is definitely
growing, especially as we start making more use of the best forge modules.
GC.disable is a good fall-back idea for us, if the --profile option
doesn't completely fix it.


I found a bugzilla on the GC bug, don't have the number handy, but it
basically said that GC in ruby 1.8.7 has a flawed design and this can't be
fixed.  So the only real way to avoid all the headaches this bug can cause
is repackage to ruby193 or upgrade to Red Hat 7.


Yeah, I had seen that one too:

https://bugzilla.redhat.com/show_bug.cgi?id=843199

It was the it's so broken it can't be fixed that caused me to ask here.

You have been extremely helpful!  Thanks so much for the information
you've provided!  It very likely has saved me a lot of work.

Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing  Infrastructure  701-231-1076 (Voice)
Room 242-J6, Quentin Burdick Building  701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

[Puppet Users] workarounds for ruby segfaults on puppet master

2014-11-19 Thread Tim Mooney

All-

For those of you that are using puppet on RHEL 6.x (/CentOS/Oracle
Linux/Scientific Linux/etc.) and have experienced ruby segfaults on
your puppet master(s), what workaround or workarounds have you been
using?

We have been using puppet 3.4.2 (from Puppet Labs repos) for some time,
with a RHEL 6.x puppetmaster under mod_passenger. RHEL 6.x currently
has ruby 1.8.7 patchlevel 374 as its default ruby version.

In the past couple weeks we've started to see a couple of different
clients that are triggering segfaults in ruby on the master during a
puppet agent run. Examples include:

/usr/lib/ruby/site_ruby/1.8/puppet/util/profiler.rb:30: [BUG] Segmentation
fault ruby 1.8.7 (2013-06-27 patchlevel 374) [x86_64-linux]

/usr/lib/ruby/site_ruby/1.8/puppet/parser/type_loader.rb:110: [BUG]
Segmentation fault ruby 1.8.7 (2013-06-27 patchlevel 374) [x86_64-linux]

Web searches related to this issue turned up a thread from puppet-users
earlier this year started by treydock:

https://groups.google.com/forum/#!topic/puppet-users/qWN6j-eNiZ0

Unfortunately, I've tried a lot of the workarounds suggested in that
thread, and none of them seem to reliably avoid the problem.

- I tried back-porting the small patch from PUP-1592 to our 3.4.2
puppet master. No luck.

- Yesterday, I bit the bullet and upgraded our entire puppet
infrastructure from 3.4.2 to 3.7.3. We still see the same
segfaults on the master, both under mod_passenger and when
running the master in standalone mode for testing.

Since RHEL 6.x has alternate versions of some packages (including ruby)
available via its Software Collections Library (SCL), I'm tempted to
try switching our puppet master to use the ruby193-* packages from
SCL. A minor downside is that I won't be able to use the Puppet Labs packages
anymore, at least on the master.

The big concern I have relates to how advisable it is to use a different
version of ruby on the master vs. all of the clients? Have other RHEL
users tried this, with any success?

Thanks,

Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing Infrastructure 701-231-1076 (Voice)
Room 242-J6, Quentin Burdick Building 701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups Puppet
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/alpine.SOC.2.11.1411191037010.18829%40dogbert.cc.ndsu.NoDak.edu.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: creating hashes from other hashes

2014-11-13 Thread Tim Mooney

In regard to: Re: [Puppet Users] Re: creating hashes from other hashes,...:

On 2014-07-11 23:43, Tim Mooney wrote:

In regard to: [Puppet Users] Re: creating hashes from other hashes,
Luke...:

Huh, at first glance that to me looks like a parser bug.

Not so much a bug as an unessesary constraint.
This is changed in Puppet 4.0 (and when using --parser future in late 3x
releases).

i.e. this then works:
apply --parser future -e '$x = hello notice({$x = world})'
Notice: Scope(Class[main]): {hello = world}

WARNING: string containing only a variable on line 39
WARNING: variable not enclosed in {} on line 39

Lint is simply complaining too much. There are several reasons for
interpolating a single variable either as $x, or ${x} - one such reason is
the constraint on hash keys, another is to force numeric to string conversion
- say $x = 2 + 3 which makes $x not be a string but an Integer, some functions
/ uses does not do well when they receive an Integer instead of a String, and
it must be transformed to a string, either via interpolation, or by calling
the printf function.

So, while you in general do not have to do single variable interpolation, link
is wrong in complaining about it everywhere.
You could perhaps trick it by doing ${$x} which is an interpolation of an
interpolation :-)

Yet another option is to call the printf function in the interpolation
expression.

Hope that helps explain why it does not work and how you can work around it
until Puppet 4.0.0 comes out.

Thanks Henrik! We're probably still a few weeks from upgrading to 3.7.x,
but when we do, getting our code ready for the future parser is also on
the list of things to do.

I had been planning on just temporarily disabling our entire pre-commit
hook, but since I've needed to use this in a couple of defines now, I did
end up going the route that Denmat suggested in a separate email, and just
used --no-only_variable_string-check with the other lint flags we're
passing to puppet-lint.

I appreciate your response and insight regarding this!

--
You received this message because you are subscribed to the Google Groups Puppet
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/alpine.SOC.2.11.1411131109390.6400%40dogbert.cc.ndsu.NoDak.edu.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: creating hashes from other hashes

2014-11-07 Thread Tim Mooney


In regard to: [Puppet Users] Re: creating hashes from other hashes, Luke...:


Huh, at first glance that to me looks like a parser bug.


That's what I was thinking too.


Now that I think
more on it I seem to recall this coming up before. The $name of a Defined
Type is not of type String, and Puppet Hash keys are always strings,
according to the docs:

https://docs.puppetlabs.com/puppet/latest/reference/lang_datatypes.html#hashes

This code works, explicitly enclosing $name in a string:


Ok, thanks.  Unfortunately, we have puppet-lint hooked into our pre-commit
hook, and puppet-lint objects to a variable that is enclosed in double
quotes for no reason:

  WARNING: string containing only a variable on line 39
  WARNING: variable not enclosed in {} on line 39

I even tried doing this, to get around puppet-lint:

$my_key = strip( ${name } )
$new_pool = {
  $my_key = $fpm_pool,
}

Still no joy, as now the parser objects to $my_key.  This really does
seem like a bug in the parser.

It looks like I'm going to have to temporarily disable our pre-commit
hook, and check in the code using $name.

Thanks again Luke, your insight on this is much appreciated!

Tim



On Thursday, November 6, 2014 10:04:00 PM UTC, Tim.Mooney wrote:



All-

We're using puppet (opensource) 3.4.2 master and clients.  We've been
using puppet a few years, including create_resources, but this is my
first foray into creating complicated nested hashes.

I've boiled the problem I'm running into down to this example:

$ cat /tmp/foo.pp
class foo {
   foo::bar { 'somevalue':
 stuff = {
   'one' = 'doesnt_matter',
   'two' = 'doesnt_matter',
 }
   }
}

define foo::bar (
   $stuff = {},
) {

   #
   # not valid: fails with a parser validation error on the key $name:
   #
   # Error: Could not parse for environment production: Syntax error at
   # 'name';
   # expected '}' at /tmp/foo.pp:21
   #
   $new_hash = {
 $name = $stuff,
   }

   #
   # this works, using a constant key
   #
   $new_hash = {
 'a_constant' = $stuff,
   }
}


This comes from a larger, more complicated example, but what I'm trying to
do is

- take a hash ($stuff) that has all the parameters I need
- create a new hash with a single key that's the $name/$title for the
define,
   and a value that contains the hash $stuff that I was passed.

As you might guess, this is to make $new_hash suitable for passing
to create_resources.

Is there some other way to create a new hash, give it a single top-level
key that is a variable, and assign a separate (passed-in as a parameter)
hash as the value for that key?  I would be fine with using stdlib::merge,
but I don't see any obvious way to accomplish this task with stdlib::merge
either.

Thanks,

Tim
--
Tim Mooney tim.m...@ndsu.edu
javascript:
Enterprise Computing  Infrastructure  701-231-1076
(Voice)
Room 242-J6, Quentin Burdick Building  701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164






--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing  Infrastructure  701-231-1076 (Voice)
Room 242-J6, Quentin Burdick Building  701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/alpine.SOC.2.11.1411071622310.23044%40dogbert.cc.ndsu.NoDak.edu.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] creating hashes from other hashes

2014-11-06 Thread Tim Mooney



All-

We're using puppet (opensource) 3.4.2 master and clients.  We've been
using puppet a few years, including create_resources, but this is my
first foray into creating complicated nested hashes.

I've boiled the problem I'm running into down to this example:

$ cat /tmp/foo.pp
class foo {
  foo::bar { 'somevalue':
stuff = {
  'one' = 'doesnt_matter',
  'two' = 'doesnt_matter',
}
  }
}

define foo::bar (
  $stuff = {},
) {

  #
  # not valid: fails with a parser validation error on the key $name:
  #
  # Error: Could not parse for environment production: Syntax error at
  # 'name';
  # expected '}' at /tmp/foo.pp:21
  #
  $new_hash = {
$name = $stuff,
  }

  #
  # this works, using a constant key
  #
  $new_hash = {
'a_constant' = $stuff,
  }
}


This comes from a larger, more complicated example, but what I'm trying to
do is

- take a hash ($stuff) that has all the parameters I need
- create a new hash with a single key that's the $name/$title for the define,
  and a value that contains the hash $stuff that I was passed.

As you might guess, this is to make $new_hash suitable for passing
to create_resources.

Is there some other way to create a new hash, give it a single top-level
key that is a variable, and assign a separate (passed-in as a parameter)
hash as the value for that key?  I would be fine with using stdlib::merge,
but I don't see any obvious way to accomplish this task with stdlib::merge
either.

Thanks,

Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing  Infrastructure  701-231-1076 (Voice)
Room 242-J6, Quentin Burdick Building  701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/alpine.SOC.2.11.1411061531150.12196%40dogbert.cc.ndsu.NoDak.edu.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] parameters for puppetlabs-apache module with RHEL SCL httpd24

2014-10-03 Thread Tim Mooney



All-

I'm hoping there are at least a few people on the list that are
successfully using the puppetlabs-apache module with the httpd24
packages from the Red Hat Software Collections Library, aka SCL.
If you're one of those people, can you share what parameters you've
had to override, or anything else you had to do to get puppetlabs-apache
to work with the nonstandard package/service/file/path names in httpd24
from SCL?

For those that aren't familiar with SCL, it's a collection of updated,
alternate versions of some packages.  It's provided by Red Hat for
RHEL, and CentOS and potentially other RHEL-respins have it too.
For backward compatibility, Red Hat won't do major upgrades to the
httpd package from the 2.2.x version that shipped in RHEL 6.0,
but they are now providing a parallel httpd24 package that installs
in a different spot, has a different init script, etc.

The default parameters in the puppetlabs-apache module assume the
older 'httpd' package, /etc/httpd for the base dir, etc.  I'm looking
for what parameters people are passing to the apache class to get it
to work with the httpd24 alternate.

Thanks,

Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing  Infrastructure  701-231-1076 (Voice)
Room 242-J6, Quentin Burdick Building  701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/alpine.SOC.2.11.1410031120580.7601%40dogbert.cc.ndsu.NoDak.edu.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] advice and best practices for environments

2014-07-17 Thread Tim Mooney



All-

I'm looking for some advice/wisdom/guidance about workflow and
configuration from sites that have been using environments for a while.
I'll happily take advice from anyone, but I'm especially interested in
tips from people that are using subversion as their VCS and are not
using an ENC.

The TL;DR list of questions I have is roughly:

- how are you controlling which nodes get assigned to which environments?
  Templated puppet.conf and hiera()?  Some other method?
- how are you using hiera with environments, especially in relation to
  the environments limitations[1] page?
- what about custom puppet:/// mount points (outside of modules)?  The
  puppet doc overview of environments say that custom file paths are
  not supported with environments[2], but that's not mentioned on
  the limitations[1] page.
- do you use dynamic environments, and if so what's your subversion
  workflow look like?  The puppet docs call these Temporary Test
  Environments [3]


[1] - 
http://docs.puppetlabs.com/puppet/latest/reference/environments_limitations.html
[2] - 
http://docs.puppetlabs.com/guides/environment.html?utm_campaign=docsutm_medium=blogutm_source=puppetlabs.comutm_content=environments
[3] - 
http://docs.puppetlabs.com/puppet/latest/reference/environments_suggestions.html


Additional details on our environment:

We've been using puppet since 2.6.x, and are currently at 3.4.2.  We're
looking to go to 3.6.x and also update our configuration for both
directory environments and the manifests dir, to be more prepared for
what 4.x will likely require.

We're not currently using any environments hangs head in shame/, so
the workflow and configuration needed for a non-git deployment has
me a little confused.

We don't use an ENC -- we have Puppet Dashboard, but use it rarely,
and only for reporting.  As part of the move to 3.6.x, I would want to
switch us from site.pp with import nodes/*.pp to a manifests directory.

Our current /etc/puppet/hiera.yaml looks like:

---
:backends: - yaml

:hierarchy: - secure/fqdn/%{clientcert}
- fqdn/%{clientcert}
- secure/location/%{location}
- location/%{location}
- secure/common
- common

:yaml:
:datadir: /etc/puppet/hiera-data


%{location} is a custom fact associated with a particular datacenter.

We are using one custom puppet:/// file mount point (fileserver.conf):

[secure]
path /etc/puppet/secure/%H
allow *


Our modulepath in our current puppet.conf on the master looks like:

modulepath = 
/etc/puppet/modules:/usr/share/puppet/modules:/etc/puppet/forge-modules


Any tips and advice people have regarding workflow with environments and
subversion would be greatly appreciated!

Thanks,

Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing  Infrastructure  701-231-1076 (Voice)
Room 242-J6, Quentin Burdick Building  701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/alpine.SOC.2.11.1406261426440.15804%40dogbert.cc.ndsu.NoDak.edu.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: RHEL7 facts missing

2014-06-25 Thread Tim Mooney


In regard to: Re: [Puppet Users] Re: RHEL7 facts missing, Bas Wildemann...:


I think you may be right and I'm thinking about opening a ticket.
AFAIK net-tools will be deprecated in future RHEL versions, so a solution
is necessary.


I discovered this issue independently last week, and opened a ticket
before seeing Bas' email.

https://tickets.puppetlabs.com/browse/FACT-597

Note that I linked that issue to the larger underlying issue, the
deprecation of ifconfig and the need to use ip for things like
ip address and network interfaces:

https://tickets.puppetlabs.com/browse/FACT-184

Tim


Op maandag 23 juni 2014 09:55:49 UTC+2 schreef Felix.Frank:


Hi,

if this is a crucial package for correct Facter operation, and it's not
a hard dependency in the RHEL7 package, then this may be a bug.

Would either of you look through the tickets at
https://tickets.puppetlabs.com/ and open a new one if this is not being
tracked already?

Thanks,
Felix

On 06/21/2014 11:05 PM, Bas Wildemann wrote:

Jelle,

Installing net-tools package solved it.
Thanks for your pointer!


Op zaterdag 21 juni 2014 14:17:56 UTC+2 schreef Jelle B:

Hi , Yes this is to be expected as RHEL 7 does away with some of the
dependencies like ifconfig etc. You will have to install thoose

after.

For that you will also have to install some extra repos if I recall
right.

You will have to install bind-utils and net-tools for all to
function normal again.

Hope this helps.







--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing  Infrastructure  701-231-1076 (Voice)
Room 242-J6, Quentin Burdick Building  701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/alpine.SOC.2.11.1406251735570.14208%40dogbert.cc.ndsu.NoDak.edu.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: selecting a command in a provider based on class variable?

2014-04-14 Thread Tim Mooney

In regard to: [Puppet Users] Re: selecting a command in a provider based on...:

On Friday, April 11, 2014 7:15:05 PM UTC-5, Tim Mooney wrote:

Hi All!

The tl;dr version:

Can anyone point me at an example of an existing provider that selects
a particular command based not on a facter fact or whether a particular
path exists, but instead on a variable from a puppet class?

No, and that's a poor idea. Providers should not have visibility into or
dependency on the class declaring the resource provided for.

If your provider is for a custom type, however, then it seems to me that
the natural approach would be to add a parameter (not a property) to the
type. Providers can easily access the parameter values of a resource
instance; in fact, that's the entire purpose of parameters that are not
properties.

If you are writing custom providers for built-in types, however, then the
best I can come up with is to write different flavors of the provider (with
different names) to cover the specific cases you care about.

Thanks John! That idea occurred to me over the weekend and you've
confirmed that it's a much better way to go.

Much appreciated,

--
You received this message because you are subscribed to the Google Groups Puppet
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/alpine.SOC.2.11.1404141351490.17447%40dogbert.cc.ndsu.NoDak.edu.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] selecting a command in a provider based on class variable?

2014-04-11 Thread Tim Mooney



Hi All!

The tl;dr version:

Can anyone point me at an example of an existing provider that selects
a particular command based not on a facter fact or whether a particular
path exists, but instead on a variable from a puppet class?

The full version:

We have puppet 3.4.2 on master and all agents, generally from the 
PuppetLabs packages for OpenSource puppet.


Red Hat has begun providing alternate (updated) versions of some packages
as part of its Software Collections Library, aka SCL.  If you have
a RHEL 6.5 system subscribed to the appropriate software collections
channel, it's entirely possible to have something like this:

$ rpm -q -f /usr/bin/mysql
mysql-5.1.73-3.el6_5.x86_64
$ rpm -q -f /opt/rh/mysql55/root/usr/bin/mysql
mysql55-mysql-5.5.36-1.1.el6.x86_64

For a provider that relies on the mysql command-line tool to accomplish
certain tasks, it's no longer a great solution to just do

commands :mysql = 'mysql'

I also don't want to just have it always use the binary from
/opt/rh/mysql55/root/usr/bin/mysql if it's present, since it's at least
conceivable that one might need to use a particular version of the client
when accessing a particular database.

The best idea I've come up with is to have the provider decide which
specific version of a command to use based on a variable that has already
been set in the class, but I haven't found any examples of providers that
do that.  If anyone can point me at some prior art, I would greatly
appreciate it.

Thanks,

Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing  Infrastructure  701-231-1076 (Voice)
Room 242-J6, Quentin Burdick Building  701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/alpine.SOC.2.11.1404111843100.17447%40dogbert.cc.ndsu.NoDak.edu.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] error testing puppet 3.x upgrade: You need rubygems to use Hiera

2014-01-17 Thread Tim Mooney

= inclusive,
uid= '709844',
password = hiera('ncsprime_password', '!!'),
}

Our /etc/puppet/hiera.yaml that I copied from our existing 2.7.14 master
to the promoted 3.4.2 temporary master is

---
:backends: - yaml

:hierarchy: - secure/fqdn/%{clientcert}
- fqdn/%{clientcert}
- secure/location/%{location}
- location/%{location}
- secure/common
- common

:yaml:
:datadir: /etc/puppet/hiera-data

I don't understand what I'm missing; I have the rubygems package installed
on both the promoted master and the client I'm trying to test with. I know
that hiera moved into the core at 3.x and that on my real master I will need
to uninstall the 'rubygem-hiera-puppet' package, but the client I promoted
to be the temporary master has never had that installed.

Google searches for this error just turn up the install rubygems response.
Brent Clark posted to this list in December with the same problem, but
there were no follow-up responses.

Any suggestions as to what the problem really is, because it's *not* that
I'm missing rubygems.

Thanks,

Tim

--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing Infrastructure 701-231-1076 (Voice)
Room 242-J6, Quentin Burdick Building 701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups Puppet
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/alpine.SOC.2.11.1401171651430.29424%40dogbert.cc.ndsu.NoDak.edu.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] error testing puppet 3.x upgrade: You need rubygems to use Hiera

2014-01-09 Thread Tim Mooney


In regard to: Re: [Puppet Users] error testing puppet 3.x upgrade: You need...:

	Any chance you have a symlink to 
/usr/lib/ruby/site_ruby/1.8/hiera/backend/ (or something similar) floating 
around in your /var/lib/puppet? This was a common way to get Hiera to work in 
Puppet 2.7 before the necessary glue was built into 3.x. If you do, remove it 
and restart.


I checked, and there are no symlinks anywhere in /var/lib/puppet on
the client that was promoted to be the test server:

# cd /var/lib/puppet
# find . -type l -print
# find . -name 'site_ruby' -print
# find . -name 'hiera' -print
# find . -name 'backend' -print
# find . -name '*.rb' -print
#

After I sent my message to the list last night, I also decided to try
deleting everything (except the ssl directory) under /var/lib/puppet
on the promoted client and then re-installing the puppet  puppet-server
packages, and that still didn't make any difference.

I definitely appreciate the response and the suggestions for stuff
to look for, but unfortunately it doesn't seem to be what's causing
the issue.

Tim


On 1/8/2014 5:16 PM, Tim Mooney wrote:


All-

I've been struggling with this all afternoon, so it's time to ask for
some help.

The TL;DR version:

On a 2.7.14 puppet client promoted to be a test 3.4.2 master, whenever a
client connects I get:

Warning: Puppet.features.rubygems? is deprecated. Require rubygems in your
application's entry point if you need it.
(at /usr/lib/ruby/site_ruby/1.8/puppet/util/feature.rb:17:in `add')
Error: You need rubygems to use Hiera at
/etc/puppet/manifests/users.pp:243 on
node rh6client.example.com
Error: You need rubygems to use Hiera at
/etc/puppet/manifests/users.pp:243 on
node rh6client.example.com
Error: You need rubygems to use Hiera at
/etc/puppet/manifests/users.pp:243 on
node rh6client.example.com

I have the RHEL-provided rubygems package installed (it gets installed
automatically as a dependency of puppet 3.4.2 from Puppet Labs), so why
the error?


The full version:

We're currently using puppet 2.7.14 with facter 1.5.9, both on master and
on our clients.  All of our clients are currently RHEL 5.x or RHEL 6.x,
though we'll likely be adding other OSes once we're on Puppet 3.x.

I'm beginning our testing of 3.4.x by following the documentation here:

 http://docs.puppetlabs.com/guides/upgrading.html

I'm following the Option 1 route, promoting a client to be the master.
The client I'm promoting is a fresh install of RHEL 6.5 with our puppet
2.7.14,
and I have done a puppet apply on it to get all local config in place for
a basic puppet client in our environment.

I then copied all of /etc/puppet and /var/lib/puppet from our
current master over to the client I wish to promote.

To promote the client to be the test master, I uninstall our locally-built
RPMs for facter  puppet, then install the PuppetLabs EL6 rpms for

 facter-1.7.4-1.el6
 hiera-1.3.0-1.el6
 puppet-3.4.2-1.el6
 puppet-server-3.4.2-1.el6
 rubygem-json-1.5.5-1.el6
 ruby-rgen-0.6.5-1.el6

That also auto-installed, for dependencies, Red Hat's packages for

 ruby-rdoc-1.8.7.352-13.el6.x86_64
 ruby-irb-1.8.7.352-13.el6.x86_64
 rubygems-1.3.7-5.el6.noarch

I have updated the auth.conf to have allow_ip stanzas for the one custom
file serving location we use.

I start up the temporary puppet master:

# puppet master --no-daemonize --verbose
Notice: Starting Puppet master version 3.4.2

I then pick an existing client, rh6client.example.com, uninstall
facter  puppet, install the Puppet Labs facter  puppet, which also
pull in Puppet Labs' hiera  rubygem-json, as well as the Red Hat
ruby-rdoc,
ruby-irb, and rubygems.

I point the client at the temporary master and receive (on the client)
the error:

# puppet agent --server pm-tmp.example.com --test --noop
Info: Retrieving plugin
Info: Loading facts in /var/lib/puppet/lib/facter/printers.rb
Info: Loading facts in /var/lib/puppet/lib/facter/root_home.rb
Info: Loading facts in /var/lib/puppet/lib/facter/net_location.rb
Info: Loading facts in /var/lib/puppet/lib/facter/biosversion.rb
Info: Loading facts in /var/lib/puppet/lib/facter/net_info.rb
Info: Loading facts in /var/lib/puppet/lib/facter/ipmi_product.rb
Info: Loading facts in /var/lib/puppet/lib/facter/facter_dot_d.rb
Info: Loading facts in /var/lib/puppet/lib/facter/pacemaker.rb
Error: Could not retrieve catalog from remote server: Error 400 on
SERVER: You
need rubygems to use Hiera at /etc/puppet/manifests/users.pp:243 on node
rh6client.example.com
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run


On the temporary server, it has output a bunch of Info statements about
processing for auth.conf, but follows that with:

Info: Caching node for rh6client.example.com
Info: Caching node for rh6client.example.com
Warning: Puppet.features.rubygems? is deprecated. Require rubygems in your
application's entry point if you need it.
(at /usr/lib/ruby/site_ruby/1.8/puppet

[Puppet Users] error testing puppet 3.x upgrade: You need rubygems to use Hiera

2014-01-08 Thread Tim Mooney

 missing; I have the rubygems package installed
on both the promoted master and the client I'm trying to test with.  I know
that hiera moved into the core at 3.x and that on my real master I will need
to uninstall the 'rubygem-hiera-puppet' package, but the client I promoted
to be the temporary master has never had that installed.

Google searches for this error just turn up the install rubygems response.
Brent Clark posted to this list in December with the same problem, but
there were no follow-up responses.

Any suggestions as to what the problem really is, because it's *not* that
I'm missing rubygems.

Thanks,

Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing  Infrastructure  701-231-1076 (Voice)
Room 242-J6, Quentin Burdick Building  701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/alpine.SOC.2.11.1401081910330.14091%40dogbert.cc.ndsu.NoDak.edu.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] passing an environment variable to a command in a provider

2013-07-01 Thread Tim Mooney


In regard to: Re: [Puppet Users] passing an environment variable to a...:


On Fri, Jun 28, 2013 at 2:03 PM, Tim Mooney tim.moo...@ndsu.edu wrote:


We have some custom types  providers related to mysql (mysql_user,
mysql_grant, mysql_db) written by an admin that's no longer here.  The
provider just uses the mysql command to run various commands, e.g:

Puppet::Type.type(:mysql_user)**.provide(:mysql) do
desc Provider for a mysql user

optional_commands :mysql = 'mysql'

mk_resource_methods

def create
debug mysql_user create
@property_hash[:ensure] = :present
mysql('mysql','-e',create user '%s' identified by '%s'; %
[@resource[:name].sub(@,'@'**),@resource[:password]])
end

def flush
debug in flush
mysql('mysql','-e','flush privileges;')
@property_hash.clear
end

# other stuff elided
end

For this particular provider/type to work, though, it requires that
you actually have root's environment, because it relies on reading some
config from /root/.my.cnf.

That means that on most of our hosts, doing

sudo puppet agent --test

works fine, but on hosts where we use our mysql module with the custom
types and provider, we can't do that.  We instead have to

sudo su -
puppet agent --test

to make certain we've picked up root's environment, specifically HOME.

What I would like to do is augment the provider so that the mysql command
is always invoked with the environment augmented with HOME=/root or
(even better) HOME=roots_home_from_facter.


In Puppet 3, home environment can be passed something like:

has_command(:brew, 'brew') do
 environment({ 'HOME' = ENV['HOME'] })
end


Thanks Nan.  Even though I know better, I forgot to supply one bit of
info -- we're still running puppet 2.7.x and I'm not certain when we're
going to move to 3.2.x.

Is there a puppet 2.7.x equivalent?

Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing  Infrastructure  701-231-1076 (Voice)
Room 242-J6, IACC Building 701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] passing an environment variable to a command in a provider

2013-07-01 Thread Tim Mooney


In regard to: Re: [Puppet Users] passing an environment variable to a...:


On Jun 28, 2013 2:06 PM, Tim Mooney tim.moo...@ndsu.edu wrote:


works fine, but on hosts where we use our mysql module with the custom
types and provider, we can't do that.  We instead have to

sudo su -
puppet agent --test


An alternative and trivia in addition to what Nan said:

You can use

   sudo -H

to set $HOME, or

   sudo -i

to get a full login environment like 'su -' gives. There are also sudoers
config params that can make at least the former default, and probably the
latter too.


Thanks Wil.  I knew about each of these, but I would rather fix the
type/provider to work even with normal sudo usage, rather than requiring
people to remember to use one of these.  Yes, they could use aliases or
shell functions, but I still think it's a better solution to make
type/provider work for any case.


Additionally, you can explicitly pass the path of the `my.cnf`, rather than
relying on $HOME,


I've thought about this too and I agree that it's even better.  To
do it right, though, I would want to make it use the root_home fact.
That's one more thing I don't know how to do yet, though.  It looks like

http://docs.puppetlabs.com/guides/provider_development.html

has a section on using facts in providers, so I'll do some experimenting
and see if I can't muddle through.

Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing  Infrastructure  701-231-1076 (Voice)
Room 242-J6, IACC Building 701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] passing an environment variable to a command in a provider

2013-06-28 Thread Tim Mooney



All-

We have some custom types  providers related to mysql (mysql_user,
mysql_grant, mysql_db) written by an admin that's no longer here.  The
provider just uses the mysql command to run various commands, e.g:

Puppet::Type.type(:mysql_user).provide(:mysql) do
desc Provider for a mysql user

optional_commands :mysql = 'mysql'

mk_resource_methods

def create
debug mysql_user create
@property_hash[:ensure] = :present
mysql('mysql','-e',create user '%s' identified by '%s'; %
[@resource[:name].sub(@,'@'),@resource[:password]])
end

def flush
debug in flush
mysql('mysql','-e','flush privileges;')
@property_hash.clear
end

# other stuff elided
end

For this particular provider/type to work, though, it requires that
you actually have root's environment, because it relies on reading some
config from /root/.my.cnf.

That means that on most of our hosts, doing

sudo puppet agent --test

works fine, but on hosts where we use our mysql module with the custom
types and provider, we can't do that.  We instead have to

sudo su -
puppet agent --test

to make certain we've picked up root's environment, specifically HOME.

What I would like to do is augment the provider so that the mysql command
is always invoked with the environment augmented with HOME=/root or
(even better) HOME=roots_home_from_facter.

I'm not certain how to pass an environment variable to an external command
that's invoked as part of a puppet provider, though, and the searches I've
done so far haven't turned up anything helpful.

Can anyone that's familiar with writing types and providers shed some
light on what I should be doing to augment this?  I know this is as much
ruby ignorance as puppet ignorance, but I have to believe that there are
people here that can point me in the right direction.

Thanks,

Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing  Infrastructure  701-231-1076 (Voice)
Room 242-J6, IACC Building 701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Puppetdb source install on Solaris. Agents complain about invalid encoding (UTF-8//IGNORE, UTF-8)

2012-11-30 Thread Tim Mooney


In regard to: Re: [Puppet Users] Puppetdb source install on Solaris. Agents...:


It looks like the iconv library in the version of Ruby provided by the
OpenIndiana repo may be too old, lack a required method or have an
incompatible version of the method being used to transform the contents of
the catalog.


I don't think it's an issue with your ruby Iconv.


root@atropos:~# ruby -r iconv -ve 'pp Iconv.list'
ruby 1.8.7 (2009-06-12 patchlevel 174) [i386-solaris2.11]
-e:1: undefined method `list' for Iconv:Class (NoMethodError)


I get the exact same error when I run Deepak's suggested command on
RHEL 6, which includes ruby 1.8.7:

$ ruby -e require 'iconv'; puts Iconv.list.sort
-e:1: undefined method `list' for Iconv:Class (NoMethodError)

If I run that on Solaris 10 with ruby 1.9.3 p327 compiled from source, I get:

$ ruby -e require 'iconv'; puts Iconv.list.sort
/local/lib/64/ruby/1.9.1/rubygems/custom_require.rb:36:in `require': iconv
will be deprecated in the future, use String#encode instead.
-e:1:in `list': list() function is unimplemented on this machine
(NotImplementedError)
from -e:1:in `main'


(learning Ruby
is still on my to-do list)


Same for me, and it has presented a slight barrier to entry for becoming
really comfortable with puppet.


ruby -e require 'iconv'; puts Iconv.list.sort

That should dump out the list of available encodings. That should help us
at least more properly triangulate the issue.


Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing  Infrastructure  701-231-1076 (Voice)
Room 242-J6, IACC Building 701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] upgrading puppet

2012-11-28 Thread Tim Mooney


In regard to: [Puppet Users] upgrading puppet, Paolo said (at 2:08am on Nov...:


I have an old puppet infrastructure that runs puppet 0.24.4 (client and
server) and I was finally given the go ahead to upgrade (both client and
server) :-) I have a few questions:
1. To which version should I upgrade puppet to? I was thinking of upgrading
to the latest 2.6 version...


I think the answer is, it depends.

I personally would want to upgrade to puppet 3.0.x.  Since you're going
to go through the pain of upgrading anyway, it would be best to upgrade
to what's current, so you avoid a separate upgrade from 2.6 or 2.7 to
3.x.  Of course, there's always a chance that doing separate upgrades
will be less work overall, but I'm skeptical about that in this case.

The main gotcha is that 3.x introduces a number of incompatible, so
it might require changes to some of your classes to upgrade to 3.x than
it would to go to 2.6.  It all depends on what features you've made
use of and how your classes are written.

If you don't decide to upgrade to 3.x, you should at least consider
2.7.  I can't think of any compelling reason to choose 2.6 over 2.7,
at this point.


2. Anyone knows of any pitfalls I should watch out for in upgrading from
such an old version?


Scoping with variable names and facts is probably the big one.

Another one that we had to adjust is classes with a - in the name.  That
even breaks in some of the later 2.7 versions, though there's a setting in
2.7.20 that allows it to work again.

My recommendation is that you install 3.0.x somewhere, install
puppet-lint, and use puppet-lint and puppet parser validate on your
manifests.  Study the output from both, and adjust accordingly.

Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing  Infrastructure  701-231-1076 (Voice)
Room 242-J6, IACC Building 701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Managing ssh server's keys?

2012-11-26 Thread Tim Mooney


In regard to: Re: [Puppet Users] Managing ssh server's keys?, Matt...:


Here is my fileserver.conf:



[private]
 path /etc/puppet/private/%h
 allow *


FWIW, we're handling ssh keys and other sensitive full-file content nearly
identically, although we we chose /secure rather than /private and we're
using %H (fqdn) rather than %h (short host name).

Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing  Infrastructure  701-231-1076 (Voice)
Room 242-J6, IACC Building 701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] New to Puppet -- why the puppet user

2012-11-26 Thread Tim Mooney


In regard to: Re: [Puppet Users] New to Puppet -- why the puppet user,...:


Because standard systems administration practice is to rarely if ever
run anything at all as root.


When it doesn't require root, that's absolutely true.  This relates to
the principle of least privilege.

However, the puppet agent that runs on each puppet client requires the
ability to make modifications to nearly everything about the client
system, all in an effort to enforce the state that the puppet server
has indicated that the client should be in.

I suppose you could do that using something like sudo or Solaris
RBAC, but you would end up granting so much access to the puppet agent
that you would essentially be running it as root anyway.  There's 
very little point going through that exercise for an agent that requires

unfettered access to the client system.

To answer the original question: there's a puppet user and group for
the very few things that do *not* require root: specifically, the puppet
master and components like Dashboard.  They are, essentially, web
applications, and don't require any special privileges, so the PuppetLabs
folks wisely made them run as a non-privileged user ( group).

Note that if your puppet master is a client of itself (or some other
puppet master) then the puppet agent running there still needs to be
run as root.  The agent enforces the state, which requires administrative
access.  The master calculates the state, which doesn't.

Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing  Infrastructure  701-231-1076 (Voice)
Room 242-J6, IACC Building 701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Seeking some Puppet advice for a newbie (specifically Virtualmin/CSF related)

2012-11-20 Thread Tim Mooney


In regard to: Re: [Puppet Users] Re: Seeking some Puppet advice for a...:


On Tue, Nov 20, 2012 at 1:54 PM, Laurence Cope
amitywebsoluti...@gmail.com wrote:

you will need to create your own Yum repository, have Puppet configure yum
to make use of that repo, then create a manifest that installs the package.


Ah right... this bit helps a lot. never thought of creating an own repo,
that makes sense now. so if its in a repo puppet can do it. I will look into
that, and also request Virtualmin do it because I asked them about this on
their forum, but they had no experience with Puppet. Makes sense for it to
come from a repo they manage.


I generally favour my own private yum repositories rather than
upstream repositories for the following reasons:


+1, for all the reasons Matt mentioned.

Making your own repo may seem daunting, but it's not bad at all.  If you
have an internal server that's running http and has enough disk space to
store your RPMs, you're already most of the way there.

Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing  Infrastructure  701-231-1076 (Voice)
Room 242-J6, IACC Building 701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet - Postfix - How-To edit generic.db

2012-11-09 Thread Tim Mooney


In regard to: [Puppet Users] Puppet - Postfix - How-To edit generic.db,...:


New-ish to Puppet.  I'm just getting beyond the basics, now.

Got a postfix module defined.  But there is a wrinkle: the server needs to
send mail from root as r...@domain.com not r...@hostname.domain.com


So the big question is whether this config needs to be applied to *all*
the systems where you might run postfix, or whether it's specific to
one particular system or set of systems.


Because our service desk accepts tickets from servers BUT the counts as
'spam' anything NOT from domain.com.

This is easy with postfix:

edit /etc/postfix/generic - add r...@hostname.domain.com
hostn...@domain.com


You need to modify a file, so you'll want to have a file resource
defined somewhere.  Are there other settings in that file you typically
customize?  If so, you may want the source for the file to be a
template().  If not, there are other ways you might handle it.

So, the file resource is going to look something like

file { '/etc/postfix/generic':
ensure = file,
owner  = 'some_user',
group  = 'some_group',
mode   = '0somethingsomethingsomething',
source = yet_to_be_determined,
notify = Exec['postmap-generic'],
}

The real question is what goes in the yet_to_be_determined area for
the source.  It could be a template

source = template('postfix/generic.erb'),

or perhaps it's a list of files (first one that matches is used):

source = [
puppet:///modules/postfix/generic.${::fqdn},
'puppet:///modules/postfix/generic',
],

Determining how you pick the source for the file is going to be the
most difficult part of this, and it depends on how much customization
you need to do.


$ postmap /etc/postfix/generic


For that, you need an exec resource to execute your command after the file
is modified:

exec { 'postmap-generic':
cwd = '/etc/postfix',
path= '/bin:/usr/bin:/sbin:/usr/sbin',
command = 'postmap generic',
refreshonly = true,
notify  = Service['postfix'],
}


restart service postfix


service { 'postfix':
ensure = running,
enable = true,
}

Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing  Infrastructure  701-231-1076 (Voice)
Room 242-J6, IACC Building 701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Apply multiple defines in sequence

2012-11-05 Thread Tim Mooney


In regard to: [Puppet Users] Re: Apply multiple defines in sequence, Erwin...:


Thanks again for you reply, but it seems like you don't fully understand
what I'm having problems with. So I'll try to clarify it a little more:
1. The current way of using two defines is working flawlessly. So I (at
least partly) understand the concepts surrounding those.
2. Because I have two types of machines: some with just sugar and some with
sugar and wordpress, I now use two defines that overlap in part (define1
contains all kinds of info about creating sugar db + unpacking tar, etc,
while define2 contains all the sugar info of define1 + stuff about creating
a wordpress db + unpacking wp tar, etc), this means editing two files when
I change something in the sugar define.


So have one additional parameter to your define,

sugar_with_wordpress = 'no'

and then in the body of your define, after you've done all the necessary
setup for sugar, that is always present, have

  if $sugar_with_wordpress == 'yes' {
 # wordpress-specific stuff here
  }

I use yes/no strings instead of boolean true/false because you'll
eventually want to have those settings come from hiera, and as things
currently stand booleans from hiera are just a trap for the unwary.

I would actually do the wordpress stuff as a separate class, which has
its own wordpress::instance define, and then call that define from within
your sugar::instance define.

Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing  Infrastructure  701-231-1076 (Voice)
Room 242-J6, IACC Building 701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Install RPM package via puppet

2012-11-01 Thread Tim Mooney


In regard to: [Puppet Users] Install RPM package via puppet, Sixthmoon said...:


I have the package added to an internal yum repo. OS is Centos 5.4. Puppet
version is 2.6.2-1. The module is utilities. This is a working production
environment. (Person who set it no longer around) As a verification item to
note, I have added a custom fact to the utilities module and it correctly
being picked up by the test node.

I have added the following to init.pp

class utilities {

   package { iftop:
 ensure = present,
   source =
'http://yum.repo.internal/misc/iftop-0.17-1.el5.rf.x86_64.rpm'
   }
}


package { 'iftop':
ensure = present,
require = Yumrepo['your-repo-name-here'],
}

You should also have a

yumrepo {'your-repo-name-here':
baseurl = 
'http://your.host.here/repo/CentOS/$releasever/$basearch/',
enabled = 1,
descr   = 'whatever',
metadata_expire = '300',
}

somewhere in your catalog.

You've already done the parts that a lot of people seem to want to skip;
specifically packaging the software and creating a local repo with the
software in it.  You just need to define your repo to puppet and then
use a very standard package resource to make it present.

Note the yumrepo resource type supports a lot more attributes, which you
may wish to investigate.

Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing  Infrastructure  701-231-1076 (Voice)
Room 242-J6, IACC Building 701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] RHEL 6 Protected multilib versions Requirment to have both 32 and 64 bit libs installed.

2012-10-29 Thread Tim Mooney


In regard to: [Puppet Users] RHEL 6 Protected multilib versions Requirment...:


(/Stage[main]/Libstdc/Package[libstdc++.i686]/ensure) change from absent to
present failed: Execution of '/usr/bin/yum -d 0 -e 0 -y install
libstdc++.i686' returned 1: Error: Protected multilib versions:
libstdc++-4.4.6-4.el6.i686 != libstdc++-4.4.6-3.el6.x86_64#012 You could
try using --skip-broken to work around the problem#012 You could try
running: rpm -Va --nofiles --nodigest

the .pp :

class libstdc {

Class[rhn]-Class[libstdc]


Are you really intending to have Class['rhn'] applied *before*
Class['libstdc'], because that's what your arrow chaining says.  I would
assume you're trying to install both archs because RHN Satellite needs
both but doesn't have the 32 bit version as an explicit dependency.
If that's the case, you should swap what side of the - the two classes
are on.


package { libstdc++.i686:
ensure = installed,
}

package { libstdc++:
ensure = installed,
}


As John said, your best bet is to get the 32 bit version installed
because of a dependency of something else.  It's frankly ridiculous
that Red Hat provides a product that doesn't do this correctly, but
we can work around that, even without having to try repackage RHN
Satellite.

This can be done very easily by creating a package that contains no files
at all, but lists other packages as requirements.  The trick is to have
empty %prep/%build/%install/%files sections of your spec file, but list
either

- package names
- exact shared library SONAMES
- (as a last resort) full paths to a file or library

in the Requires: entries for the RPM.  An example spec file you might
start with to build an RPM is included after my signature.  You would
just need a RHEL box with the 'rpm-build' package installed, something
like

rpmbuild -ba -v rhn-satellite-32bit-deps.spec

and then you put that package in your local repo and have puppet

package { 'rhn-satellite-32bit-deps':
ensure = installed,
}

This virtual package then pulls in whatever dependencies you have listed.

Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing  Infrastructure  701-231-1076 (Voice)
Room 242-J6, IACC Building 701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164



Summary: pull in the 32 bit dependencies for RHN Satellite
Name: rhn-satellite-32bit-deps
Version: 1.0
Release: 1
Group: Local/Whatever
License: Copyright (C) your organization here
URL: http://yourcompany/whatever/you/want/here
Vendor: Your Company and possibly OU here
Distribution: Your distribution name here

#
# Preference #1: require package names, like make or kernel-headers
# 
#Requires:


#
# If you need specific SONAME and arch for a library, that can be
# accomplished like this
#
# the 32 bit version
Requires: libstdc++.so.6
# the 64 bit version
#Requires: libstdc++.so.6()(64bit)


#
# Last resort, only use if others don't work: specify a full path to the file
# that some other RPM should be installing.  This can generally be
# accomplished better by using a package name instead.
#
#Requires: /usr/bin/bash

%description
This package contains no files.  It exists solely to specify other
packages that should be installed when this virtual package is installed.

%prep
# no software to extract and prepare for compilation
exit 0

%build
# nothing to build
exit 0

%install
# nothing to install
exit 0

%files
# no files contained in this RPM.

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Have Class Only Perform Actions When There Is Work To Do (i.e. Making Them Idempotent)

2012-10-26 Thread Tim Mooney


In regard to: [Puppet Users] Have Class Only Perform Actions When There Is...:


Howdy. I feel like I am missing something really simply with regards to the
way that Puppet works and I am wondering if someone can point me in the
write direction.

I have written a class that downloads, uncompresses, compiles, and installs
Python from source. So far so good.


I would highly recommend you just package your custom python and install
it using a package management system, rather than doing what you're doing.
Depending on what host OS you're using, it's not too difficult, and it
works a lot better with puppet *and* you get all the benefits of having
the package installed through a more coherent means.


The problem is that it only needs to do
this once, when Python is not already in place (or some other custom
indicator of the Python version). I have my 3 calls to exec doing their
checks just fine, but my calls to wget::fetch and archive::untar both fire
during every apply. Specifically, archive::untar takes about 30 seconds to
run and I'd prefer it if it only ran conditionally.

What is the best way to make sure that this code:

 wget::fetch { python-${version}:
   source =
http://python.org/ftp/python/${version}/Python-${version}.tgz;,
   destination = /tmp/Python-${version}.tgz,
 }

 archive::untar {/tmp/python-${version}:
   source = /tmp/Python-${version}.tgz,
   compression = 'gz',
   rootdir = Python-${version},
   require = Wget::Fetch[python-${version}],
 }


As you're discovering, these kind of exec chains, where the first part
of the chain involves temporary files, don't really fit into the puppet
paradigm very well.  About the best you can do is something like

exec { '/usr/local/sbin/install-python-if-necessary.sh':
source  = 'http://your_module/install-python-if-necessary.sh',
creates = '/your/python/lib/dir',
}

and then bury all the fetch/extract/configure/compile/install logic
in the shell script, which puppet will make certain is always present
on the system.  It will only execute it if /your/python/lib/dir is not
present.

But if you're going to build fetch/extract/configure/compile/install logic
into a shell script, you're probably 85% of the way to packaging the
software appropriately anyway.

Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing  Infrastructure  701-231-1076 (Voice)
Room 242-J6, IACC Building 701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Have Class Only Perform Actions When There Is Work To Do (i.e. Making Them Idempotent)

2012-10-26 Thread Tim Mooney


In regard to: Re: [Puppet Users] Have Class Only Perform Actions When There...:




On Friday, October 26, 2012 2:31:56 PM UTC-4, Tim Mooney wrote:


In regard to: [Puppet Users] Have Class Only Perform Actions When There
Is...:

I would highly recommend you just package your custom python and install
it using a package management system, rather than doing what you're doing.
Depending on what host OS you're using, it's not too difficult, and it
works a lot better with puppet *and* you get all the benefits of having
the package installed through a more coherent means.

As you're discovering, these kind of exec chains, where the first part
of the chain involves temporary files, don't really fit into the puppet
paradigm very well.  About the best you can do is something like

 exec { '/usr/local/sbin/install-python-if-necessary.sh':
 source  = '
http://your_module/install-python-if-necessary.sh',
 creates = '/your/python/lib/dir',
 }

and then bury all the fetch/extract/configure/compile/install logic
in the shell script, which puppet will make certain is always present
on the system.  It will only execute it if /your/python/lib/dir is not
present.

But if you're going to build fetch/extract/configure/compile/install logic
into a shell script, you're probably 85% of the way to packaging the
software appropriately anyway.



Interesting. It sounds like you're actually advocating _for_ the bash
script approach.


Absolutely not.  I think the package management system is definitely the
way to go.  If you're bound and determined to not do it that way, and
you want to avoid having the pre-cursor exec's fire in your
fetch/extract/compile chain, then the shell script is really your
best option.

Otherwise, the wget fetch will fire any time that
/tmp/Python-${version}.tgz is not present.  That won't be present if
your /tmp cleaner gets rid of it.  Ditto for the extract step.

I'm assuming that none of these systems are multi-user systems, where you
might have less-than-trustworthy people with local access on the system.
If that's not the case, I definitely wouldn't be having the first step
of a multi-exec chain depend on a file in /tmp.


I wanted to avoid package management systems only because
they are way more complicated than a basic install of python requires:

 wget python.tgz
 tar -xzvf python.tgz
 cd python
 ./configure --prefix=/install/path
 make
 make test
 make install

I wanted to make (I have made?) a simple python class that accepts a
python version number, downloads it, and runs those steps, irrespective of
the base Linux flavor. I don't know much of anything about deb or rpm files
other than that they are more complicated than that; and I don't want to
have to package up and maintain several different python versions for
several different package managers.


You don't have to create your package from whole cloth, though.  You
download the source format for the package management system, extract
the recipe file, make a couple of changes for your local install, and
then build the package.

In the case of an RPM, that means starting with the source RPM (.srpm) for
the python that comes from your CentOS/RHEL/RHEL-derived vendor.  You
would extract the spec file (the recipe), tweak the %_prefix, the
Version, and probably not much else.

If you're still against packaging it, there's external repos you might
consider, to get packages that someone else has created.  That might not
meet your needs, though.

Ultimately, use puppet however it works best for your organization.  Just
be advised that some things fit better into the puppet paradigm than
others.

Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing  Infrastructure  701-231-1076 (Voice)
Room 242-J6, IACC Building 701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet Oracle Database config management

2012-10-25 Thread Tim Mooney


In regard to: Re: [Puppet Users] Puppet  Oracle Database config...:


Have you got any examples of the hiera config you're using?


As I said, it's pretty rough.

class oracledb::sysctl(
  $use_amm = false,
  $large_mem_pages = '0',
  $hugetlb_gid = '1001',
) {

  validate_bool($use_amm)
  validate_string($large_mem_pages)
  validate_string($hugetlb_gid)

  if ( $use_amm and ($large_mem_pages != '0')) {
fail(\$use_amm must be false when \$large_mem_pages is not 0\n)
  }

  #
  # The basic settings that should always be present.  Can be overridden
  # via hiera().
  #

  # sem, default is '250 32000 100 128'
  sysctl::set{'kernel.sem':
value = hiera('oracle_sysctl_sem', '250 32000 100 128')
  }

  # shmmni
  sysctl::set{'kernel.shmmni':
value   = hiera('oracle_sysctl_shmmni', '4096'),
require = Sysctl::Set['kernel.sem'],
  }

  # file_max
  sysctl::set{'fs.file-max':
value   = hiera('oracle_sysctl_file_max', '6815744'),
require = Sysctl::Set['kernel.shmmni'],
  }

  sysctl::set{'fs.aio-max-nr':
value   = hiera('oracle_sysclt_aio_max_nr', '1048576'),
require = Sysctl::Set['fs.file-max'],
  }


  # ip local port range.
  sysctl::set{'net.ipv4.ip_local_port_range':
value   = hiera('oracle_sysctl_ip_local_port_range', '9000 65500'),
require = Sysctl::Set['fs.aio-max-nr'],
  }

  # network buffer defaults
  sysctl::set{'net.core.rmem_default':
value   = hiera('oracle_sysctl_rmem_default', '262144'),
require = Sysctl::Set['net.ipv4.ip_local_port_range'],
  }

  sysctl::set{'net.core.rmem_max':
value   = hiera('oracle_sysctl_rmem_max', '4194304'),
require = Sysctl::Set['net.core.rmem_default'],
  }

  sysctl::set{'net.core.wmem_default':
value   = hiera('oracle_sysctl_wmem_default', '262144'),
require = Sysctl::Set['net.core.rmem_max'],
  }

  sysctl::set{'net.core.wmem_max':
value   = hiera('oracle_sysctl_wmem_max', '1048576'),
require = Sysctl::Set['net.core.wmem_default'],
  }

  sysctl::set{'vm.swappiness':
value   = hiera('oracle_sysctl_swappiness', '0'),
require = Sysctl::Set['net.core.wmem_max'],
  }

  #
  # Only if AMM is false and $large_mem_pages  0 do we set these
  #
  if (!$use_amm and ($large_mem_pages  0)) {
sysctl::set{'vm.nr_hugepages':  value = $large_mem_pages }
#1001 is the dba group which the oracle user belongs to
sysctl::set{'vm.hugetlb_shm_group': value = $hugetlb_gid }
  }
}


We've talked about having the sysctl class also make certain that
/dev/shm is mounted and of the appropriate size if $use_amm is true, but
that hasn't been done yet.

All of the other setup (limits.conf, paths, user, groups) happens in
oracledb::serverbase, which doesn't use hiera and is more or less specific
to our environment.

Tim

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet Oracle Database config management

2012-10-24 Thread Tim Mooney


In regard to: [Puppet Users] Puppet  Oracle Database config management,...:


My next challenge is maintaining Oracle database specific configuration on
the relevant hosts. This contains various elements, such as /etc/oratab,
/etc/oranfstab (as we're using dNFS), various NFS mounts required for a
given database, and a few other bits and pieces...
Ideally, it would be a 1-to-1 relationship between a given host and a given
DB. However that's unlikely in our env - We're more likely to have 1 or
multiple databases on a given host, which all need to be maintained.

My initial thoughts are to use something like hiera to maintain this
configuration data.
Is this my best approach? Any other suggestions? Anyone doing this for
real?


We're doing it, but not particularly well.

We mostly configure the prereqs for Oracle -- packages, user  group,
limits.d entries, profile.d shell settings, sysctl, paths, etc.  We use
puppet's file shipping for tnsnames.ora.  I don't think we're actually
managing /etc/oratab; the first run of puppetizing our db servers left
some content that we allow the DBA to change directly.

I am using hiera for the sysctl settings, along with a bit of logic in
the manifest for whether AMM is in use or hugepages.

We too have multiple databases per host, which complicates things
somewhat.

If you come up with something you feel is even moderately elegant,
consider sharing it on the forge.

Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing  Infrastructure  701-231-1076 (Voice)
Room 242-J6, IACC Building 701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Managing untemplatable configuration files

2012-10-24 Thread Tim Mooney


In regard to: [Puppet Users] Managing untemplatable configuration files,...:


So, does it make sense to store files with host specific configuration in
them on the puppet master? Files that are either unable to be turned into
templates, or that I don't know enough about the application to make
templates. Or is there a better way?


It's not the best way, but if it gets you started on puppet and helps you
get to the point where your infrastructure is in a known state, then it's
worth doing.  It's definitely better than not managing the file content,
and remember that that too is an option; you can manage just the
permissions and existence, without managing the content itself.

Learning puppet is kind of like software development.  Some day you'll
look back on your 1.0 version and think what was I thinking?!, but
even knowing that's going to happen, you shouldn't get caught up in
paralysis by analysis at the start.  It's good that you want to
do things elegantly or correctly even starting out, but don't let
the lack of a perfect solution keep you from making any progress at all.
Start with the simple stuff, like file-shipping entire config files
where necessary, but keep learning and keep refining.

Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing  Infrastructure  701-231-1076 (Voice)
Room 242-J6, IACC Building 701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: The free software tarballs are now difficult to find

2012-10-15 Thread Tim Mooney


In regard to: [Puppet Users] Re: The free software tarballs are now...:


The Products - Puppet Open Source link on the main page takes you here:

http://puppetlabs.com/puppet/puppet-open-source/

where we promote getting the source from GitHub rather than tarballs
directly from us.

The reasoning has generally been that if you want to use Puppet, the best
way of consuming it is via packages, and if you want to get the source, the
best way of consuming it is via Git.


There are certainly some benefits to GitHub, but my recurring gripe is
that most software that's hosted on GitHub no longer seems to follow
any notion of versions or releases.  This makes packaging and local
version tracking a bit more tricky.

I see that you PuppetLabs folks are continuing to do a good job of tagging
release versions, though.  That's great news, and I certainly hope it
continues.

Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing  Infrastructure  701-231-1076 (Voice)
Room 242-J6, IACC Building 701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] One client out of 150 doesn't apply config changes

2012-10-13 Thread Tim Mooney


In regard to: [Puppet Users] One client out of 150 doesn't apply config...:


I have one puppet client that suddenly stopped applying configuration
changes during the. I'm running with -v to see errors - no errors are shown
and the puppet run completes with:

info: Caching catalog for system name
info: Applying configuration version '1349982313'
notice: Finished catalog run in 49.28 seconds


Does it change if you also add '--no-noop' to the puppet apply command?

Is it possible someone modified /etc/puppet.conf and added 'noop = true'?

Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing  Infrastructure  701-231-1076 (Voice)
Room 242-J6, IACC Building 701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] anchor pattern and class containment status

2012-10-04 Thread Tim Mooney


In regard to: Re: [Puppet Users] anchor pattern and class containment...:


On Wed, Oct 3, 2012 at 2:57 PM, Tim Mooney tim.moo...@ndsu.edu wrote:



All-

We're currently using puppet 2.7.14 on master and all clients.

I thought I understood why 'anchor' is part of stdlib, but after
re-reading both

http://projects.puppetlabs.**com/projects/puppet/wiki/**
Anchor_Patternhttp://projects.puppetlabs.com/projects/puppet/wiki/Anchor_Pattern

and


http://projects.puppetlabs.**com/issues/8040http://projects.puppetlabs.com/issues/8040

yesterday in preparation for trying to explain it to one of our team
that's coming up to speed on puppet, now I'm not so certain I really
understand.



yep, its probably the most confusing part of Puppet :(


:-)  I think I would vote for create_resources() in that competition.


Specifically, is it necessary to use the anchor pattern if your module
only defines resources and doesn't require or include any other classes?



you only have to use the anchor pattern when you need to depend on a class
that has classes defined in it. The example below does not need the anchor
pattern.


Thanks Dan!  The info from you  John  Ryan has been very helpful.

Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing  Infrastructure  701-231-1076 (Voice)
Room 242-J6, IACC Building 701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] anchor pattern and class containment status

2012-10-04 Thread Tim Mooney


In regard to: Re: [Puppet Users] anchor pattern and class containment...:


On Wed, Oct 3, 2012 at 2:57 PM, Tim Mooney tim.moo...@ndsu.edu wrote:

I thought I understood why 'anchor' is part of stdlib, but after
re-reading both


I suspect Dan  John have covered this well enough for you but I
wanted to point out a nice piece of the Puppet reference manual that
covers this. 
http://docs.puppetlabs.com/puppet/2.7/reference/lang_containment.html#known-issues


Thanks Ryan, and thanks especially for the rewritten reference.  I haven't
been through all of it yet, but the parts I've seen are excellent.


It explains things better than I ever could. If it's still not clear
enough, please consider filing a ticket against our docs for
improvement: https://projects.puppetlabs.com/projects/puppet-docs


I created

  https://projects.puppetlabs.com/issues/16783

which mentions what I think might be a bug in the second example on that
page and also asks for a little clarification.

Thanks again for the pointer to the docs!

Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing  Infrastructure  701-231-1076 (Voice)
Room 242-J6, IACC Building 701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] anchor pattern and class containment status

2012-10-03 Thread Tim Mooney



All-

We're currently using puppet 2.7.14 on master and all clients.

I thought I understood why 'anchor' is part of stdlib, but after
re-reading both

http://projects.puppetlabs.com/projects/puppet/wiki/Anchor_Pattern

and

http://projects.puppetlabs.com/issues/8040

yesterday in preparation for trying to explain it to one of our team
that's coming up to speed on puppet, now I'm not so certain I really
understand.

Specifically, is it necessary to use the anchor pattern if your module
only defines resources and doesn't require or include any other classes?

For example, if I have

class benthic {

  group { 'squarepants':
ensure = present,
gid= '9',
  }

  user { 'spongebob':
ensure = present,
uid= '9',
gid= 'squarepants',
home   = '/home/pineapple',
  }

  package { 'starfish':
ensure = present,
  }

  file { '/etc/starfish.conf':
ensure  = file,
owner   = 'root',
group   = 'squarepants',
mode= '0640',
source  = 'puppet:///benthic/starfish.conf',
require = [
  Package['starfish'],
  User['spongebob'],
],
  }

  service { 'i_m_ready',
ensure  = running,
enable  = true,
require = Package['starfish'],
  }
}

Given that class, do I need to use anchors to ensure that the
group/user/package/file/service resource graph is correctly attached to
(contained within) Class['benthic'], so that if some other module does

  someresource { 'whatever':
...
require = Class['benthic'],
  }

it just works, or, should I augment my class to also have

anchor { 'benthic::begin': }
anchor { 'benthic::end': }

Anchor['benthic::begin'] - Group['squarepants']
Service['i_m_ready'] - Anchor['benthic::end']

?

My resources within the class are using explicit require when necessary
and relying on puppet's automatic require logic in other places so 
they are correctly ordered, but it's not clear from the pattern document

in the wiki or the ticket whether the issue is solely with nested
classes, or whether it's important to also use the pattern for standard
resources.

Also, the ticket was with respect to 2.6.  I know this hasn't changed for
2.7, but is there anything in 3.0 that addresses the issue?

Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing  Infrastructure  701-231-1076 (Voice)
Room 242-J6, IACC Building 701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet module dependencies

2012-09-28 Thread Tim Mooney


In regard to: [Puppet Users] Puppet module dependencies, DRivard said (at...:


I am having difficulties understanding how to get 2 modules to install one
after the other.
I have in total 3 modules:

   common  # contains everything common to the master and slave
configuration
   slave   # contains what is specific to the slaves config
   master  # contains what is specific to the masters config

   node  'myslave1'
   {
 class {
 common:
 database = 192.168.1.10,
 before = Class[slave];
 }

 class {
 slave:
 }
   }

I am trying to tell the slave module to run after the common module is
totally applied, but it doesn't work like I am expecting. In the common
module
I set some repository and execute an update on the newly added repository.
But what happen is that, some slave package tries to get installed before
the common module complete the configuration of the repositories.

How can I achieve my goal?


I'm going to guess that the issue is this

http://projects.puppetlabs.com/projects/puppet/wiki/Anchor_Pattern

Pay particular attention to the paragraph between the first two code
blocks.  That spells out why the 'before = Class[slave]' that you're
using isn't doing what you want.

Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing  Infrastructure  701-231-1076 (Voice)
Room 242-J6, IACC Building 701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] nested modules and autoloading

2012-09-28 Thread Tim Mooney



All-

I'm using puppet 2.7.14.  I've reviewed

  http://docs.puppetlabs.com/puppet/2.7/reference/modules_fundamentals.html

but it doesn't seem to cover what I'm attempting.

Consider a module layout like this:

$ tree mymodule
mymodule
|-- Modulefile
|-- README
|-- manifests
|   |-- init.pp
|   |-- special_type
|   |   `-- prereqs.pp
|   `-- special_type.pp
|-- spec
|   `-- spec_helper.rb
`-- tests
`-- init.pp

4 directories, 7 files


$ egrep -v '^#|^$' mymodule/manifests/init.pp 
class mymodule($type = hiera('mymodule_type', 'client')) {

  case $type {
'client' : {  }
'custom' : {  }
'special_type'   : { include mymodule::special_type }
default  : { fail(Unknown mymodule_type=${mymodule_type}\n) }
  }
}


The problem is the include mymodule::special_type.  I've tried both
having

mymodule/manifests/special_type/init.pp

as well as just

mymodule/manifests/special_type.pp

In both cases, doing this in a node definition:

  class { 'mymodule':
type = 'special_type',
  }

results in

err: Could not retrieve catalog from remote server: Error 400 on SERVER: Could 
not find class mymodule::special_type for host.ndsu.edu at 
/etc/puppet/modules/mymodule/manifests/init.pp:41 on node host.ndsu.edu

Is it even possible to do what I'm attempting?  I know that

  http://docs.puppetlabs.com/puppet/2.7/reference/modules_fundamentals.html

discusses nested implementation modules, but there's only examples of
loading specific implementations, e.g.

include my_module::implementation::foo

rather than

include my_module::implementation


I know from plenty of first-hand experience that another reason why I
might see a could not find class whatever is if I have a typo in the
class name within the .pp file, but I've reviewed the classes involved
here and don't see any problems.

Any thoughts on whether it's possible to load the top level of a nested
class?

Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing  Infrastructure  701-231-1076 (Voice)
Room 242-J6, IACC Building 701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] nested modules and autoloading

2012-09-28 Thread Tim Mooney


In regard to: Re: [Puppet Users] nested modules and autoloading, Martin...:


Hi Tim,

please check your class and file names.

The following is working:

modules/http/manifests/init.pp
class  'http' {
include http::config_file
}

modules/http/manifests/config_file.pp
class http::config_file {
file { '/tmp/http':
content = 'http',
}
}


Martin-

I found the problem, and it was something simple.

I was originally confused because I had expected that

include mymodule::special_type

should work if I had

modules/mymodule/manifests/special_type/init.pp

but it does not.  When I tried

modules/mymodule/manifests/special_type.pp

and that didn't work, I thought there was a general problem with
nested classes that I wasn't understanding.

The actual problem was that I hadn't committed
modules/mymodule/manifests/special_type.pp to our VCS.  :-|  Oops.

Thanks,

Tim


On 28.09.2012, at 12:53, Tim Mooney wrote:



All-

I'm using puppet 2.7.14.  I've reviewed

 http://docs.puppetlabs.com/puppet/2.7/reference/modules_fundamentals.html

but it doesn't seem to cover what I'm attempting.

Consider a module layout like this:

$ tree mymodule
mymodule
|-- Modulefile
|-- README
|-- manifests
|   |-- init.pp
|   |-- special_type
|   |   `-- prereqs.pp
|   `-- special_type.pp
|-- spec
|   `-- spec_helper.rb
`-- tests
   `-- init.pp

4 directories, 7 files


$ egrep -v '^#|^$' mymodule/manifests/init.pp class mymodule($type = 
hiera('mymodule_type', 'client')) {
 case $type {
   'client' : {  }
   'custom' : {  }
   'special_type'   : { include mymodule::special_type }
   default  : { fail(Unknown mymodule_type=${mymodule_type}\n) }
 }
}


The problem is the include mymodule::special_type.  I've tried both
having

mymodule/manifests/special_type/init.pp

as well as just

mymodule/manifests/special_type.pp

In both cases, doing this in a node definition:

 class { 'mymodule':
   type = 'special_type',
 }

results in

err: Could not retrieve catalog from remote server: Error 400 on SERVER: Could 
not find class mymodule::special_type for host.ndsu.edu at 
/etc/puppet/modules/mymodule/manifests/init.pp:41 on node host.ndsu.edu

Is it even possible to do what I'm attempting?  I know that

 http://docs.puppetlabs.com/puppet/2.7/reference/modules_fundamentals.html

discusses nested implementation modules, but there's only examples of
loading specific implementations, e.g.

include my_module::implementation::foo

rather than

include my_module::implementation


I know from plenty of first-hand experience that another reason why I
might see a could not find class whatever is if I have a typo in the
class name within the .pp file, but I've reviewed the classes involved
here and don't see any problems.

Any thoughts on whether it's possible to load the top level of a nested
class?

Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing  Infrastructure  701-231-1076 (Voice)
Room 242-J6, IACC Building 701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.






--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing  Infrastructure  701-231-1076 (Voice)
Room 242-J6, IACC Building 701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Module critique

2012-09-07 Thread Tim Mooney


In regard to: Re: [Puppet Users] Re: Module critique, Bai Shen said (at...:


I strongly recommend that you build a native package for SOLR, put it in a
local repository, and ensure it installed via a Puppet Package resource.
Recursive directory management will bite you, especially if there are many
files or large ones, plus using packages is in general a major win.  You
can package up your custom SOLR configuration files along with, or manage
just those via File resources as you are now doing; either is fine.



I'll take a look at that.  I'm not really familiar with how to build rpms
yet.  The tomcat one was built using a file I found online.


With Tomcat WAR files its generally pretty easy.  We're actually not
packaging SOLR but I have packaged other WAR files and could provide
an example that you could adapt to SOLR pretty easily.

Our lead developer just finished a SOLR deploy with puppet about a month
ago, I'll see if I can get permission to share his module for you to
compare to.  One thing he did that I didn't see on first inspection with
your solr module was he has a define so that we can have multiple solr
cores.  Right now it's all just using file shipping, though.  We looked
at templating some of the config but decided that was more advanced than
what we wanted for our first solr roll-out.

Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing  Infrastructure  701-231-1076 (Voice)
Room 242-J6, IACC Building 701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet visudo/ sudoers help

2012-08-29 Thread Tim Mooney


In regard to: Re: [Puppet Users] Puppet visudo/ sudoers help, Tony Caffe...:


I understand but that is not what I asked for help. I would like some help
on making or writing the code needed to add users to visudo.


$ cat puppet/modules/sudo/manifests/config.pp 
define sudo::config($content='', $source='') {


  case $content {
'': {
  file {/etc/sudoers.d/${name}:
ensure = file,
owner  = 'root',
group  = 'root',
mode   = '0440',
source = $source,
  }
}
default: {
  file {/etc/sudoers.d/${name}:
ensure  = file,
owner   = 'root',
group   = 'root',
mode= '0440',
content = $content,
  }
}
  }

}

# vim:sm:ts=2:expandtab



Example usage for source:

  sudo::config{ 'networker-jukebox':
source = 'puppet:///networker/networker_jb_sudoers',
  }

Example usage for contents:

  sudo::config{ 'myuser':
content = myuser ALL = (ALL) ALL\n
  }

Note that both RHEL 5.x and 6.x have a sudo that supports the include
mechanism, but only RHEL 6.x ships with an /etc/sudoers.d and an
/etc/sudoers that has the include /etc/sudoers.d/* pre-populated.

Since both flavors support it, we just have our sudo init.pp make sure
the directory is present and make certain that the /etc/sudoers has the
necessary include statement.  From then on, it's just puppet dropping
files into /etc/sudoers.d via the sudo::config() define.

The bad part about our current implementation is that there's no syntax
checking for the contents/source, so a bad entry can sneak in and cause
sudo to completely not work until it's fixed.  There are ways around this
but it's more complicated than we felt like getting for now.

If you need to support systems where sudo is old enough that include
isn't even an option, then I highly recommend you look at the concat
module, and build up your sudoers file from file fragments.

Another option for older sudo versions that don't support including
fragments is using file_line from puppetlabs-stdlib.

Tim


On Wednesday, August 29, 2012 1:34:35 PM UTC-7, Ygor wrote:


First suggestion:

Use a group name ( like wheel ) and declare the sudo privileges to the
group.
Then all you need do is add that group in the groups parameter for
puppet type user.

On Aug 29, 2012, at 11:31 AM, Tony Caffe wrote:


Hi,

I am trying to get puppet going on CentOS 6.3 and I got it installed and

running. I want to create good manifests for basic stuff. I know I will
learn more as I go but I am new to programming in general and puppet code.
I have puppet master install on 1 cloud server and a client test puppet on
another cloud server. I was able to run this code correctly. Now I want to
make it better.

Here is what I have so far for my Push to add users to my nodes.

site.pp: (I know its short lol)

node 'puppet-client' {
  import classes/adduser.pp
}


adduser.pp  located in /etc/puppet/manifests/classes/

define custom_user($passwd) {
   user { ${name}:
   ensure = present,
   password   = $passwd,
   shell  = /bin/bash,
   managehome = true,
   }
}
custom_user {
   anthony:
   passwd = 'Removed real hash here',
}
custom_user {
   admin:
   passwd = 'Hash for password gone',
}
custom_user {
luca:
passwd   = 'My Password Hash Here',
}


So I am testing on a test-only server till I get the hang of it. So I

have many  cloud servers and need to be able to add my admin users. I need
help now to modify /etc/sudoers or visudo and add these people to the doc
with ALL=(ALL)   ALL


Please help me. I know I need to add a template and also a module of my

own. I mainly need help with code and learning to build off this for future
system changes. Please help me keep this simple and dumb-down lol. FYI -
After this I want to start on Apache and editing the config and setting up
new servers from an image. This is more practical and important to start
with.


Thanks all.

--
You received this message because you are subscribed to the Google

Groups Puppet Users group.

To view this discussion on the web visit

https://groups.google.com/d/msg/puppet-users/-/k7r-BpgI4s4J.

To post to this group, send email to puppet...@googlegroups.comjavascript:.



To unsubscribe from this group, send email to

puppet-users...@googlegroups.com javascript:.

For more options, visit this group at

http://groups.google.com/group/puppet-users?hl=en.










--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing  Infrastructure  701-231-1076 (Voice)
Room 242-J6, IACC Building 701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To post to this group, send email to puppet-users@googlegroups.com

Re: [Puppet Users] Getting all variable occurrences from Hiera

2012-08-23 Thread Tim Mooney


In regard to: Re: [Puppet Users] Getting all variable occurrences from...:


On Wednesday, August 22, 2012 6:01:06 PM UTC-7, Tim Mooney wrote:



If I need to open a separate ticket to get that kind of directional
clarity, I would be happy to do so.



A ticket specifically about this use-case would be awesome. Thanks, Tim!


http://projects.puppetlabs.com/issues/16107

Sorry about how the config ended up in that ticket, I didn't realize how
it was going to be wiki-fied.  I can update the ticket with fixed
formatting if necessary.

Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing  Infrastructure  701-231-1076 (Voice)
Room 242-J6, IACC Building 701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] package handling in puppet?

2012-08-22 Thread Tim Mooney


In regard to: Re: [Puppet Users] package handling in puppet?, lamour said...:


Another, less gross, way to do it is to do something like this:




  if !defined(Package['perl']) {
 package { 'perl':
ensure = installed,
 }
  }


I would instead do something more like

   file { 'your-unpackaged-perl-script-here.pl':
 ensure  = file,
 owner   = 'whomever',
 group   = 'ditto',
 mode= '0whatever-whatever-whatever',
 require = Package['perl'],
 source  = 'puppet:///module_name/script-source-here.pl',
   }



So, I guess I don't understand this.  Does this require not cause a
collision?


The answer is, it depends.  I didn't include everything I should have
in that example, because you *still* need to have a

package { 'perl': }

somewhere *and* that needs to be either included from some other class
or it needs to be established in the same manifest.


 Does this require cause the resource to become defined?


No it does not, that still has to happen elsewhere.


 Can
you require more than one package?


Yes, and you can have multiple different resources that require the
same resource, e.g.

  package { 'cricket':
ensure  = installed,
require = [
  Yumrepo['ndsu'],
  Package['httpd', 'pmacct'],
  User['cricket'],
],
  }

  package { 'flow-utils':
ensure  = installed,
require = [
  User['cricket'],
  Mount['/var/netflow'],
],
  }


 I'll have to go read the documentation
to learn more about what this does, even though I don't think this helps
me, because I can't see how I could realistically tie all of my package
definitions to files.


My example was really meant for the case where you have one-off scripts
that are *not* installed via the OS package management system.  As I said
before, you generally want to let the OS package management system handle
the dependencies as much as possible.

One more thing: if you search the archives, I think you'll find that
although defined() has its uses, it seems like the general feeling is
that it's somewhat overused, and used in cases where it really was not
intended.  Your use of defined() might be perfect, but I just tend to shy
away from defined(), probably because my knowledge of puppet doesn't make
me certain that I would use it in the appropriate cases.


Thanks for all of your advice.  It's nice to get a bit of perspective from
people who are already using puppet in the wild.


I'm hoping that other more experienced puppet users will weigh in on this
too, as I certainly am not expert enough yet to have all the answers for
this particular area.

Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing  Infrastructure  701-231-1076 (Voice)
Room 242-J6, IACC Building 701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Getting all variable occurrences from Hiera

2012-08-22 Thread Tim Mooney


In regard to: Re: [Puppet Users] Re: Getting all variable occurrences from...:


I'll comment in the ticket as well,


I see you have, and you've closed it out.


In Tim Mooney's example, which I think is
the usual case for hiera data, hiera doesn't have an enumeration of all the
'type: client' nodes, nor should it.


What I'm asking for (or at least, about) is indeed somewhat different than
what Alexander was asking for.

I'm a little surprised at the quick dismissal.  It seems reasonable to me
that since at least YAML supports data structures *and* puppet supports
hashes and arrays and nesting of same, one might choose to design the
configuration namespace for a particular class to use an actual data
structure in hiera.  I've been watching the list very closely
for several months for any official statement from Puppetlabs folks about
best practices with hiera data, and your statement is really the first
I've seen.

What you've said has a pretty clear implication: don't use nested data
structures in hiera, because they're not going to work in the way that
I think most people would expect them to work -- you can't merge different
sub-keys from different parts of your hierarchy.

In other words, we shouldn't use something like this:

ntp:
  type: 'client'
  servers:
- 10.1.2.3
- 10.1.2.4
  allow_query:
- '10.1.0.0/255.255.0.0'
- '10.2.0.0/255.255.0.0'
- '10.3.0.0/255.255.0.0'
- '2001:4930::/:::'

We should instead use:

ntp_type: 'client'
ntp_servers:
  - 10.1.2.3
  - 10.1.2.4
ntp_allow_query:
  - '10.1.0.0/255.255.0.0'
  - '10.2.0.0/255.255.0.0'
  - '10.3.0.0/255.255.0.0'
  - '2001:4930::/:::'


You could pretty easily write a custom parser function to return the data
structures you want.


Perhaps if I was as adept in ruby as many of the Puppetlabs employees,
that would be pretty easy, but unfortunately I'm not.

I do appreciate the response!  It's really nice to know the thoughts of
the people that are the experts on this.  It helps me to plan the
direction for our environment.

Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing  Infrastructure  701-231-1076 (Voice)
Room 242-J6, IACC Building 701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Getting all variable occurrences from Hiera

2012-08-22 Thread Tim Mooney


In regard to: Re: [Puppet Users] Getting all variable occurrences from...:


Now I really think we're talking about different things, because this
data design seems quite reasonable and I agree that merging a various
intermediate keys from a nested data structure ought to work. Indeed
this seems like something that is back-end dependent, i.e. a different
yaml backend could behave exactly this way behind the scenes when you
request the 'ntp' hash for a node, without needing a different hiera_*
function at all.


Agreed.


So I guess I should ask, Alexander did I misunderstand what you were
asking about in #16003?


My impression is that you understood #16003 correctly, and that the
use-case I was asking about is in reality different.  I hope Alexander
chimes in to confirm or refute that, but I think we're asking about
things that seem related but aren't.

Keep in mind that I'm not saying I think hiera *must* work the way I've
described, I'm just asserting that I can see people potentially thinking
it would work that way and I can see some potential benefits to having
it work that way.  What I'm really asking for, more than anything, is
a stance from the designers and architects saying either bad idea, don't
do it or yeah, should work and we're not opposed to it.

If I need to open a separate ticket to get that kind of directional
clarity, I would be happy to do so.

Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing  Infrastructure  701-231-1076 (Voice)
Room 242-J6, IACC Building 701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Dynamic Lookup of facter variable.

2012-08-21 Thread Tim Mooney


In regard to: Re: [Puppet Users] Dynamic Lookup of facter variable., Nigel...:


It's one of those things that I wish I had known before I spent hours
changing our modules in preparation for what I thought was going to
be a requirement for puppet 3.x, but better late than never.  :-)

I appreciate the clarity you've provided on this.


I do apologize for us messing up the deprecation warning.

It's caused a lot of unnecessary churn for everyone, and it's
frustrating for everyone involved :(


puppet's a moving target, and I think that most people that follow
the list understand that this kind of thing is going to happen on
occasion, especially when a major release is in the works.  I certainly
do.

The trick is going to be stamping out places where you must top-scope
facts may have already crept into documentation or people's puppet
idioms.

Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing  Infrastructure  701-231-1076 (Voice)
Room 242-J6, IACC Building 701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] package handling in puppet?

2012-08-21 Thread Tim Mooney

 {

realize(Package['perl-Foo-Bar'])

  }

That might be worth considering.  We're not doing it that way, but
perhaps we should be.


So...what am I doing wrong?  Does the puppet philosophy not really allow
for maintaining package lists in classes?


It does, but in my experience it should be done in a minimal fashion.
Specify the highest level dependency, and let the OS package management
system pull in the prereqs, rather than trying to repeat all of the same
relationships in your puppet classes.

Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing  Infrastructure  701-231-1076 (Voice)
Room 242-J6, IACC Building 701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] puppet-lint and 80 characters line limit?

2012-08-20 Thread Tim Mooney


In regard to: [Puppet Users] puppet-lint and 80 characters line limit?,...:


I'm getting lots of warning like this one from puppet-lint:

WARNING: line 67 has more than 80 characters

Now, I don't like warnings, so any idea how should I rewrite this line
for example, to void the warning?

package {'rpmforge-release':
ensure   = '0.5.2-2.el6.rf',
provider = 'rpm',
source   =
'http://apt.sw.be/redhat/el6/en/i386/rpmforge/RPMS/rpmforge-release-0.5.2-2.el6.rf.i686.rpm',
}

Is it possible to break links into two lines?


I asked the same question on May 21st, check the group archives for the
thread and some options.  I believe the subject was linting manifests
with long lines.

My solution:

01:20 PM dogbert ~$ cat ~/.puppet-lintrc 
--no-80chars-check


Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing  Infrastructure  701-231-1076 (Voice)
Room 242-J6, IACC Building 701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Dynamic Lookup of facter variable.

2012-08-20 Thread Tim Mooney


In regard to: Re: [Puppet Users] Dynamic Lookup of facter variable., Nigel...:


On Sun, Aug 19, 2012 at 8:00 PM, Douglas Garstang
doug.garst...@gmail.com wrote:

Oh god that's ugly.


Yes it is, and it was an unwitting bug with the deprecation warning
that is resolved in later versions.

Facts were supposed to be able to be referenced as $factname without
throwing the deprecation warning in your release, it's been fixed in
later versions.


Can you expound on this, Nigel?

Are you saying that we do *not* need to reference facts as $::factname
in all our classes, not even in preparation for puppet 3.x?  What if
we *are* referencing them that way, now?

Tim


On Sun, Aug 19, 2012 at 7:48 PM, Eric Shamow e...@puppetlabs.com wrote:

Facts exist at top scope, as indicated in the scoping doc several people have 
referred you to on this list.  Use $::ec2_instance_type

Sent from my iPad

On Aug 19, 2012, at 10:44 PM, Douglas Garstang doug.garst...@gmail.com wrote:


I don't get it...

   if ! ( $ec2_instance_type in [$ec2_inst_type_allow]) {
   notice(NOT ALLOWED)
   } else {
   notice(ALLOWED)
   }

2012-08-20T02:39:10.537134+00:00 truth puppet-master[24080]: Dynamic
lookup of $ec2_instance_type at /truth/sauce/env/prod/modules/rol
e/manifests/validate_server.pp:12 is deprecated.  Support will be
removed in Puppet 2.8.  Use a fully-qualified variable name (e.g., $
classname::variable) or parameterized classes.

Line 12 is the if statement. However, on the same client system...

[us1:i-16c5c050] root@testweb11:~# facter | grep ec2_instance_type
ec2_instance_type = m1.large

It's a facter variable. What's it complaining about?


--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing  Infrastructure  701-231-1076 (Voice)
Room 242-J6, IACC Building 701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Dynamic Lookup of facter variable.

2012-08-20 Thread Tim Mooney


In regard to: Re: [Puppet Users] Dynamic Lookup of facter variable., Nigel...:


Facts were supposed to be able to be referenced as $factname without
throwing the deprecation warning in your release, it's been fixed in
later versions.


Are you saying that we do *not* need to reference facts as $::factname
in all our classes, not even in preparation for puppet 3.x?  What if
we *are* referencing them that way, now?


There's no harm in going that extra mile and being explicit that
you're looking at a top scope variable fact, rather than a local
variable of the same name, so you can continue to reference them as
$::factname if you would like to do so.

Requiring that wasn't an original goal, as it was deemed too high a
cost for the most common case to force that rather ugly syntax on
everyone. It was a bug in the deprecation warning code.

Does that help?


It does help, thank you.

It's one of those things that I wish I had known before I spent hours
changing our modules in preparation for what I thought was going to
be a requirement for puppet 3.x, but better late than never.  :-)

I appreciate the clarity you've provided on this.

Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing  Infrastructure  701-231-1076 (Voice)
Room 242-J6, IACC Building 701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Getting all variable occurrences from Hiera

2012-08-17 Thread Tim Mooney


In regard to: [Puppet Users] Re: Getting all variable occurrences from...:


That yaml file should keep alle the specific params of that host. and
every other module should be able to take advantage of that information.
This is not only the case for dhcp, but for dns as well. and of course the
/etc/network/interfaces file of the host itself.

And to avoid needless redundancy of information, certain values should be
written into that file maximum once. so, the ipaddress for example must not
be written in some dns config yaml file as well. and in the hostname.yaml.
Should you decide to change the ipaddress, you definitely forget either the
bind or the dhcp config.



Certainly data duplication should be avoided, and that could be aided by
putting all information for each host into a single hash for that host.
Those per-host hashes could equally well (for this purpose) appear in
separate YAML files or all together as values in a larger hash in one YAML
file.


Agreed, for the original case.

However, the original suggestion matches closely with an issue I've run
into as well, which also had me thinking that something like hiera_all
(I was thinking it should be hiera_merge) would be needed.

Consider:

:hierarchy: - secure/fqdn/%{clientcert}
- fqdn/%{clientcert}
- secure/location/%{location}
- location/%{location}
- secure/common
- common


common.yaml:
---
ntp:
  type: client
  servers:
- 10.0.0.1
- 10.0.0.2

location/datacenter1.yaml:
ntp:
  servers:
- 10.1.0.101
- 10.1.0.102

fqdn/clock1.example.com.yaml:
ntp:
  type: server




Hopefully, the intent is relatively clear: the defaults for all systems
are to be an ntp client and to use ntp servers with the IP addresses from
the common.yaml, however everyone in location=datacenter1 should have
the list of servers overridden, and the one system with
fqdn=clock1.example.com should have its type=server.

As hiera currently works, I don't believe there's any way to merge these
types of nested data from multiple sources in the hierarchy.  If I try
lookup ntp['type'] for any of the systems in location=datacenter1, it
will be empty, because type is not specified (duplicated) for the
location/datacenter1.yaml.

Because of this, what ends up happening is that you instead need to use
a flat namespace, so you design things like this

common.yaml:
ntp_type: client
ntp_servers:
  - 10.0.0.1
  - 10.0.0.2

location/datacenter1.yaml:
ntp_servers:
  - 10.1.0.101
  - 10.1.0.102

fqdn/clock1.example.com.yaml:
ntp_type: server


As I've said before on the list, this strikes me as a bit unnatural.

Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing  Infrastructure  701-231-1076 (Voice)
Room 242-J6, IACC Building 701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Override a file{} directive - is it possible?

2012-08-17 Thread Tim Mooney


In regard to: [Puppet Users] Override a file{} directive - is it possible?,...:


Maybe one of you can help with this.  I have a class that's got a
file{} type directive in it.  It populates /etc/security/limits.conf
with specific settings.  I have a small handful of hosts where we want
to manage /etc/security/limits.conf manually.  Is there a simple way
to tell puppet to exclude this file type just on those hosts, without
copying the entire class?


Is there a way that puppet can detect these particular hosts?  For
example, is it true for all hosts that are in a particular datacenter,
or for which some class (or even user) is present?

I ask, because the way you would typically do what you're asking is to
either use facts about systems to trigger the don't manage
/etc/security/limits.conf logic, or to have your manifests key on
external configuration that you keep in something like extlookup(),
hiera(), or your ENC (external node classifier).

So, there are several ways to accomplish what you're looking for, but
which one is best depends on your needs and how you actually detect that
hostB shouldn't have limits.conf managed.

You don't say what version of puppet you're using, whether you're using
an ENC, or whether you're already using either extlookup() or hiera(),
so it's really difficult to suggest something that integrates well with
your current environment.

I can give you two examples from my environment, though.

We're using puppet 2.7.14 without an ENC (we have dashboard but don't
use it for ENC purposes), but we are using hiera.  The absolute easiest
way (but likely *not* best) way to do this would be to do this with
a hiera setting like:

common.yaml:
---
manage_limits_conf: 'yes'


host1.example.com.yaml:
---
manage_limits_conf: 'no'


and then in your manifest that sets up limits.conf, just wrap with the
appropriate logic to check hiera() whether it should be managed or not.


A second example would be if you have a fact (probably a custom fact)
that could be used to determine the exact set of systems for which
limits.conf should not be managed.  For example, we have a custom fact
(location) that returns the name of the datacenter a system is located in.
If you wanted all the systems in location=datacenter1 to not manage
limits.conf, then you could wrap your file{} resource in a conditional
that tests the fact.

Certainly vague answers to your question, but hopefully this gives you
something to go on.  If it's not enough to go on, provide more information
about your environment.  That will hopefully make it easier for someone to
suggest a method that works well for your environment.

Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing  Infrastructure  701-231-1076 (Voice)
Room 242-J6, IACC Building 701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] how to resolve hostnames to IP addresses in templates

2012-08-09 Thread Tim Mooney



Environment: puppet 2.7.14 on both master and all clients.  We're also
using puppetlabs-stdlib and hiera, if that matters.

I know this is really more of a ruby/erb question, but I've been searching
for a couple hours and haven't turned up anything relatively close to what
I'm trying to do, and I'm hoping someone here has had to do this and can
provide a suggestion for how to proceed.

I'm generating a configuration file from a template.  The configuration
file will need to have IP addresses in it, but I would like to be able to
use either hostnames or IP adresses in the puppet config.  This means
that I need to be able to resolve the hostnames and turn them into IP
addresses, probably in the template itself.

Basically, given something like this in puppet:

class foo::data {

  $webfarm = {
http_servers = hiera('webfarm_http_servers', [
  {
host = 'foo1.example.com',
port = '80',
  },
  {
host = 'foo2.example.com',
port = '80',
  },
  {
host = 'foo3.example.com',
port = '80',
  },
]),
https_servers = hiera('webfarm_https_servers', [
  {
host = 'foo1.example.com',
port = '443',
  },
  {
host = 'foo22.example.com',
port = '443',
  },
  {
host = 'foo99.example.com',
port = '443',
  },
]),
  }
}

I need my template to iterate over the http_servers and https_servers
arrays and resolve the values for the host key for each element.

Anyone have an example of how to do this in a template?

Thanks,

Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing  Infrastructure  701-231-1076 (Voice)
Room 242-J6, IACC Building 701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] how to resolve hostnames to IP addresses in templates

2012-08-09 Thread Tim Mooney


In regard to: Re: [Puppet Users] how to resolve hostnames to IP addresses...:


if you're using hiera, why not something like:

foo_data_webfarm_http_servers:
 foo1.example.com: {
   ip: '1.2.3.4',
   port: '80',
 }
 foo2.example.com: {
   ip: '2.3.4.5',
   port: '80',
 }
foo_data_webfarm_https_servers:
 foo1.example.com: {
   ip: '1.2.3.4',
   port: '443',
 }
 foo2.example.com: {
   ip: '2.3.4.5',
   port: '443',
 }

class foo::data {
 include foo::params
file { 'foo.conf':
 path   = '/etc/foo.conf',
 ensure  = 'file',
 content  = template(foo_conf.erb),
 mode = '0555',
}

class foo::params {
 $webfarm_http_servers   = hiera('foo_data_webfarm_http_servers', '')
 $webfarm_https_servers = hiera('foo_data_webfarm_https_servers', '')
}


foo_conf.erb
% http_servers = scope.lookupvar('foo::params::webfarm_http_servers')
  https_servers = scope.lookupvar('foo::params::webfarm_https_servers')
-%
#
# http servers
% http_servers.each_pair do |key, hash| -%
#%=key%
IPADDR= %=hash['ip'] %
PORT=  %=hash['port'] %
% end%
#
# https servers
% https_servers.each_pair do |key, hash| -%
#%=key%
IPADDR= %=hash['ip'] %
PORT=  %=hash['port'] %
% end%

% end%


Thanks for the fully-formed example Wolf.  John's subsequent response
was spot-on as to why I would like to avoid duplicating the IPs in the
data structure.  They won't change frequently, but at the same time,
I really don't want to have to manually duplicate and sync information
that's stored in our DNS.

I do have one follow-on question regarding your example, though.

Did you choose foo_data_webfarm_http_servers as the top level hiera
name for any particular reason, such as how hiera is going to work in
puppet 3 with parameterized classes?

I must admit that while I find hiera fantastic, I've really struggled
with how our complex data should be organized in hiera.  I'm looking
forward to the hiera examples that Kelsey Hightower mentioned a couple
weeks ago on the list, but seeing examples like this in the interim is
really helpful and appreciated.

Tim


On Aug 9, 2012, at 3:38 PM, Tim Mooney tim.moo...@ndsu.edu
wrote:



Environment: puppet 2.7.14 on both master and all clients.  We're also
using puppetlabs-stdlib and hiera, if that matters.

I know this is really more of a ruby/erb question, but I've been searching
for a couple hours and haven't turned up anything relatively close to what
I'm trying to do, and I'm hoping someone here has had to do this and can
provide a suggestion for how to proceed.

I'm generating a configuration file from a template.  The configuration
file will need to have IP addresses in it, but I would like to be able to
use either hostnames or IP adresses in the puppet config.  This means
that I need to be able to resolve the hostnames and turn them into IP
addresses, probably in the template itself.

Basically, given something like this in puppet:

class foo::data {

 $webfarm = {
   http_servers = hiera('webfarm_http_servers', [
 {
   host = 'foo1.example.com',
   port = '80',
},
 {
   host = 'foo2.example.com',
   port = '80',
},
 {
   host = 'foo3.example.com',
   port = '80',
},
   ]),
   https_servers = hiera('webfarm_https_servers', [
 {
   host = 'foo1.example.com',
   port = '443',
},
 {
   host = 'foo22.example.com',
   port = '443',
},
 {
   host = 'foo99.example.com',
   port = '443',
},
   ]),
 }
}

I need my template to iterate over the http_servers and https_servers
arrays and resolve the values for the host key for each element.

Anyone have an example of how to do this in a template?

Thanks,

Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing  Infrastructure  701-231-1076 (Voice)
Room 242-J6, IACC Building 701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.






This message may contain confidential or privileged information. If you are not 
the intended recipient, please advise us immediately and delete this message. 
See http://www.datapipe.com/legal/email_disclaimer/ for further information on 
confidentiality and the risks of non-secure electronic communication. If you 
cannot access these links, please notify us by reply message and we will send 
the contents to you.




--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing  Infrastructure  701-231-1076 (Voice)
Room 242-J6, IACC Building 701-231-8541 (Fax)
North

Re: [Puppet Users] Re: how to resolve hostnames to IP addresses in templates

2012-08-09 Thread Tim Mooney


In regard to: [Puppet Users] Re: how to resolve hostnames to IP addresses...:


There's no way to do DNS lookups in a template with stock Puppet,


Thanks for confirming what my futile research seemed to be implying.  :-)


but you can pretty easily write a custom function to do that for you. By
default, Resolv will use the settings in /etc/resolv.conf, so as long as
your nameservers are set up correctly on the puppetmaster, you shouldn't
run into any problems.

Try plopping something like this into 
lib/puppet/parser/functions/get_ip_addr.rb in your module's directory:
a href=https://gist.github.com/3308273;https://gist.github.com/3308273/a

require 'resolv'

module Puppet::Parser::Functions
 newfunction(:get_ip_addr, :type = :rvalue) do |args|
   # Super sexy regex to match valid IPs
   ip_addr_re = 
/\b(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b/
   hostname = args[0].strip
   if hostname =~ ip_addr_re then return hostname end
   begin
 Resolv::DNS.open { |dns| return dns.getaddress hostname }
   rescue Resolv::ResolvError
 return ''
   end
 end
end


Then you can call it in your template file as ```scope.function_get_ip_addr``` 
and it will either return the IP address for a hostname, the unchanged IP 
address for a valid IP address, and an empty string otherwise.

I'm not sure what your hiera() calls are supposed to return, but assuming 
$webfarm ends up as a hash with keys http_servers and https_servers containing 
an array of hashes with keys host and port, you could do something like this:

% webfarm = scope.lookupvar 'foo::data::webfarm' %
% webfarm['http_servers'].each do |server| %
   %= scope.function_get_ip_addr server['host'] %:%= server['port'] %
% end %


Thank you for the excellent example!  There are several things here that
I'm going to have to ponder for a while.  I've seen scope.lookupvar before
but never personally had to use it, but the scope.function_functionname
is new to me.

Time to do some more reading and research, but what you've provided really
helps point me in the right direction.

Tim


On Thursday, August 9, 2012 1:38:14 PM UTC-7, Tim Mooney wrote:

Environment: puppet 2.7.14 on both master and all clients.  We're also

using puppetlabs-stdlib and hiera, if that matters.



I know this is really more of a ruby/erb question, but I've been searching

for a couple hours and haven't turned up anything relatively close to what

I'm trying to do, and I'm hoping someone here has had to do this and can

provide a suggestion for how to proceed.



I'm generating a configuration file from a template.  The configuration

file will need to have IP addresses in it, but I would like to be able to

use either hostnames or IP adresses in the puppet config.  This means

that I need to be able to resolve the hostnames and turn them into IP

addresses, probably in the template itself.



Basically, given something like this in puppet:



class foo::data {



   $webfarm = {

 http_servers = hiera('webfarm_http_servers', [

   {

 host = 'foo1.example.com',

 port = '80',

  },

   {

 host = 'foo2.example.com',

 port = '80',

  },

   {

 host = 'foo3.example.com',

 port = '80',

  },

 ]),

 https_servers = hiera('webfarm_https_servers', [

   {

 host = 'foo1.example.com',

 port = '443',

  },

   {

 host = 'foo22.example.com',

 port = '443',

  },

   {

 host = 'foo99.example.com',

 port = '443',

  },

 ]),

   }

}



I need my template to iterate over the http_servers and https_servers

arrays and resolve the values for the host key for each element.



Anyone have an example of how to do this in a template?



Thanks,



Tim

--

Tim Mooney tim.moo...@ndsu.edu

Enterprise Computing  Infrastructure  701-231-1076 (Voice)

Room 242-J6, IACC Building 701-231-8541 (Fax)

North Dakota State University, Fargo, ND 58105-5164



On Thursday, August 9, 2012 1:38:14 PM UTC-7, Tim Mooney wrote:

Environment: puppet 2.7.14 on both master and all clients.  We're also

using puppetlabs-stdlib and hiera, if that matters.



I know this is really more of a ruby/erb question, but I've been searching

for a couple hours and haven't turned up anything relatively close to what

I'm trying to do, and I'm hoping someone here has had to do this and can

provide a suggestion for how to proceed.



I'm generating a configuration file from a template.  The configuration

file will need to have IP addresses in it, but I would like to be able to

use either hostnames or IP adresses in the puppet config.  This means

that I need to be able to resolve the hostnames and turn them into IP

addresses, probably in the template itself.



Basically, given something like this in puppet

Re: [Puppet Users] how to resolve hostnames to IP addresses in templates

2012-08-09 Thread Tim Mooney


In regard to: Re: [Puppet Users] how to resolve hostnames to IP addresses...:


Did you choose foo_data_webfarm_http_servers as the top level hiera
name for any particular reason, such as how hiera is going to work in
puppet 3 with parameterized classes?


I have no real knowledge of how that's going to work; I have been
namespacing things based on what I felt made things very clear for
people looking at the hiera values, and the templates.

afaik there's no significant penalty for longish names, but it makes it
a bit easier for me to ingest when looking through a gaggle of hiera
parameters.


Understood about the longish names and honestly that's what we're mostly
doing with our hiera usage so far, but every time I look at my site's
hiera setup, it strikes me as wrong, or at least not the best way.

I've posted about this before, but when we converted from extlookup() to
hiera(), we didn't really do any kind of data reorganization.  As an
example, we have things like

nameserver_type: client
primary_nameserver: 1.2.3.4
secondary_nameserver: 2.3.4.5
tertiary_nameserver: 3.4.5.6

All of that's fine, but since hiera supports structure, it strikes me as
more elegant to do something like:

nameserver:
  type: client
  addresses:
  - 1.2.3.4
  - 2.3.4.5
  - 3.4.5.6

etc.

However, there are precious few examples of how to actually look up and
reference nested data in hiera and the ones that do exist make it appear
that it's much more complicated than just using the namespace via _
method that we're currently using.

My hope is that some best practices and more examples with be part of some
forthcoming documentation.

Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing  Infrastructure  701-231-1076 (Voice)
Room 242-J6, IACC Building 701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: A few questions about setting up Custom Facts

2012-08-08 Thread Tim Mooney


In regard to: Re: [Puppet Users] Re: A few questions about setting up...:


I want to use puppetlabs-stdlib and /etc/facter/facts.d to create a set
of local facts.  Some of these facts come in variable quantities.  I
would like to stack these up into a delimited string.  I can deal with
that.

On thing about your responses that puzzles me is the repeated mention of
facts going from the agent to the master.  What is that about, please ?
I am looking at facts local to the agent.  My understanding is that all
the Magic Behind the Curtains about puppet happens on the agent.


That part is at least partially incorrect.

Catalog compilation happens on the master.  This means that the master
has to know all the facts for each client, so that it can correctly build
the catalog.  The client gathers the facts and ships them to the master,
so the master can build a catalog and ship the final result back to the
client for application.

Note also that this means that all functions run on the master too.

See:

http://docs.puppetlabs.com/learning/agent_master_basic.html

though I've actually seen better diagrams of the communication, that's
the one I'm finding right now.

Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing  Infrastructure  701-231-1076 (Voice)
Room 242-J6, IACC Building 701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Could not evaluate: Could not retrieve information from environment production source(s) for one module, for other is ok

2012-08-06 Thread Tim Mooney


In regard to: [Puppet Users] Could not evaluate: Could not retrieve...:


class ntp {
   if $is_virtual == 'false' {
   package { 'ntp':
   ensure = present,
   }
   service { 'ntp':
 ensure = 'running',
 enable = 'true',
 hasrestart = 'true',
 require= Package['ntp']
   }
   file { /etc/ntpd.conf:
 owner   = root,
 group   = root,
 mode= 0644,
 require = Package[ntp],
 source =
puppet://$puppetserver/modules/ntp/files/etc/ntp.conf,
   }
   }
   if $is_virtual == 'true' {
   package { 'ntp':
   ensure = purged,
   }
   }
}


Your indenting is a little strange, but I would start by using
notice/notify/fail or whatever you prefer to determine what is_virtual
actually is set to.

There was a thread about quoting and true/false a few months ago, search
the archives for that.  I can't remember if the style guide was updated
with recommendations regarding quoting true/false, but that would also
be a place to look.

Try using yes/no (as strings) and checking for that in your class.

You may also want to run puppet-lint on your manifests, it's not perfect
but it will help catch a number of issues.

Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing  Infrastructure  701-231-1076 (Voice)
Room 242-J6, IACC Building 701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: The Puppet Way to handle slow resources? (newbie)

2012-07-12 Thread Tim Mooney


In regard to: [Puppet Users] Re: The Puppet Way to handle slow resources?...:


Chris, I'll take a look at exported resources. I don't have a problem with
MCollective per se, I just don't want to add a bunch of other software if
there's a native puppet way to solve the problem. From what I've seen,
Puppet itself isn't supposed to solve this problem, MCollective is.


Agreed.


My plan A right now is that when the slow-running service is up and
running it will tell Puppet to run. I haven't really thought about how this
would work for multiple instances of the slow-service, I'm pretty sure
that's not a hard problem to solve though.


I've only partially followed this thread so I don't know if someone else
has already suggested this, but if the real issue is that the interaction
between software, init script, and puppet isn't working correctly, then
why not have puppet manage and use a wrapper init script?  You keep the
init script that came with the software, but instead of having puppet use
that for start/stop/status, you write your own local-service or
mycompany-service init script and have that script call the original
script and augment the logic in start/stop/status/whatever to do whatever
is needed to work correctly with puppet.

Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing  Infrastructure  701-231-1076 (Voice)
Room 242-J6, IACC Building 701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: groups dependencies at user creation

2012-07-03 Thread Tim Mooney


In regard to: [Puppet Users] Re: groups dependencies at user creation,...:


Thanks tim for answer me, The fact is $groups is an array, so when i
try something like this

--
   Group[$groups] - User[$username]

   user { $username:
   comment = $email,
   home= /home/$username,
   shell   = /bin/bash,
   password = !!,
   groups  = $groups
   }

--

I'd got :

err: Could not retrieve catalog from remote server: Error 400 on
SERVER: Could not find resource 'Group[sudo]Group[admin]Group[deploy]'
for relationship on 'User[ppuser7]' on node casa


I was afraid that might be the case, but thought it was worth a try.

Does this work better:

$groups_as_array = split($groups, ',')
Groups[$groups_as_array] - User[$username]

?  I have my doubts, but it's what I would try next.

Note that split() is part of the default set of functions that are part
of puppet.  For more info on functions, see

http://docs.puppetlabs.com/references/stable/function.html

Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing  Infrastructure  701-231-1076 (Voice)
Room 242-J6, IACC Building 701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] groups dependencies at user creation

2012-07-02 Thread Tim Mooney


In regard to: [Puppet Users] groups dependencies at user creation, eduardo...:


 I'm trying to create new users members of some groups so it's need
to ensure they exist before user creation.

 I have something like :


define updssh::add_user ( $email , $groups  ) {

   $username = $title

   user { $username:
   comment = $email,
   home= /home/$username,
   shell   = /bin/bash,
   password = !!,
   groups  = $groups
   }

--

 How to ensure groups dependencies at user creation ?.


If you were just talking about the user's default group, then it would
be one of the few cases where puppet establishes an ordering relation
for you automatically.  In other words:

  user { 'foo':
gid = 'bar',
  }

automatically ensures that group 'bar' is present before user 'foo'.

I don't know if that same thing is true for supplemental groups, but if
it's not, I would first try using the - notation to establish ordering,
like this

  Group[$groups] - User[$username]

Does that work for you?

Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing  Infrastructure  701-231-1076 (Voice)
Room 242-J6, IACC Building 701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Nvidia driver install - condition for install

2012-06-29 Thread Tim Mooney


In regard to: [Puppet Users] Nvidia driver install - condition for install,...:


Hello all,

I'd like to use puppet to install an Nvidia driver on a local workstation.
I've written the following manifest for this puprpose:

class nvidia_driver {
   # This will place the nvidia installer locally in /tmp.  File is
pulled from puppet.
   file { /tmp/NVIDIA-Linux-x86_64-295.53.run :
   source  =
puppet:///modules/nvidia_driver/NVIDIA-Linux-x86_64-295.53.run ,
   ensure  = present ,
   }

   # This will run the nvidia installer locally on the machine.
   exec { /tmp/NVIDIA-Linux-x86_64-295.53.run -s -X --opengl-headers
--no-distro-scripts --force-tls-compat32=new :  }

}


First, you probably want to set up an explicit ordering relation between
the file and the exec.  Otherwise, you're relying on ordering that may
work, but only by chance.


Upon the initial run of the manifest on the target machine, everything
works great (although I do believe there is some room for improvement of
the code above; particularly on the exec portion) and the driver then gets
installed.  The issue occurs on subsequent puppet runs on the same machine
and I'm getting the following error during my second puppet run from the
client:

err: /Stage[main]/Nvidia_driver/Exec[/tmp/NVIDIA-Linux-x86_64-295.53.run -s
-X --opengl-headers --no-distro-scripts --force-tls-compat32=new]/returns:
change from notrun to 0 failed: /tmp/NVIDIA-Linux-x86_64-295.53.run -s -X
--opengl-headers --no-distro-scripts --force-tls-compat32=new returned 1
instead of one of [0] at
/etc/puppet/modules/nvidia_driver/manifests/init.pp:12

It appears to me that the above error is occurring because the
nvidia_driver class is running on each subsequent run and since the driver
is already installed, I'm getting an exit status of 1 instead of 0, which
to my knowledge would be expected.


Right.  The exec will fire every time.  The way to fix this is to use
one of the attributes for exec.  Most likely candidates are

unless = some command here

or

onlyif = some command here

Read the resource guide for exec and note that those two have opposite
senses.

Note that you probably *don't* want to use notify from the file and
refreshonly on the exec, because the file may get downloaded
semi-regularly (because it was cleaned from /tmp) but you don't want
the exec to fire every time the file is (re)downloaded.

The trick is finding the right command that can be used in the unless or
onlyif.  That amounts to being able to determine, via some (potentially
compound) command, whether or not the driver is installed.  So how do you
do that?  Does it show up in an RPM list?  Is there a /dev file that's
created?  An area that exists in the /proc or /sys filesystem?

Let's pretend for the purposes of example that when the driver is loaded,
there's a /sys/device/class/graphics/nvidia directory that's created.  If
that's the case, you could make your class look like

class nvidia_driver {

  # This will place the nvidia installer locally in /tmp.  File is
  # pulled from puppet.

  # if you have hiera, it would be even better to use it:
  # $driver_version = hiera('nvidia_driver_version', 'fallback version here')
  # might want to abstract the architecture too...
  $driver_version = '295.53'

  file { /tmp/NVIDIA-Linux-x86_64-${driver_version}.run :
source = 
puppet:///modules/nvidia_driver/NVIDIA-Linux-x86_64-${driver_version}.run ,
ensure = present ,
  }

  # This will run the nvidia installer locally on the machine.
  exec { 'install_nvidia_driver':
cmd= /tmp/NVIDIA-Linux-x86_64-${driver_version}.run -s -X --opengl-headers 
--no-distro-scripts --force-tls-compat32=new,
unless = 'test -d /sys/device/class/graphics/nvidia',
 }

 File[/tmp/NVIDIA-Linux-x86_64-${driver_version}.run] -
 Exec['install_nvidia_driver']

}

Be advised that's untested.


So, what I'd like to do is put some sort of condition that will look to see
if the driver is installed and if it is, the class nvidia_driver won't
run.


What I'm describing would still have the file resource fire every time
/tmp gets cleaned and you need to re-download the driver, but it wouldn't
cause the exec to happen unless then driver was detectable as not
available.

The real trick is detecting whether or not the driver is installed.  Once
you figure out how to do that, the rest just falls into place.

Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing  Infrastructure  701-231-1076 (Voice)
Room 242-J6, IACC Building 701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit

Re: [Puppet Users] hiera questions

2012-06-29 Thread Tim Mooney


In regard to: Re: [Puppet Users] hiera questions, llow...@oreillyauto.com...:


On Thursday, June 28, 2012 2:04:09 PM UTC-5, R.I. Pienaar wrote:

- Original Message -

I would make facts on the nodes for these.  Let say $role and $subrole
and then just use those in your hierarchy with %{role} and %{subrole}
thus allowing you to set variable for all those machines there.



That's simple enough, and the docs [1] for creating a custom fact are
mostly straightforward.


I would echo what others have said.  Create some custom facts for
personalities or roles (and subroles, etc., if necessary) for your
systems, and have your hierarchy set to search based on those.  We use:

:hierarchy: - secure/fqdn/%{clientcert}
- fqdn/%{clientcert}
- secure/location/%{location}
- location/%{location}
- secure/common
- common

Note that location is a custom fact for us, based on datacenter.  You
could do something similar, just don't go crazy with the hierarchy levels.


The one thing I am unclear on, in the plugins in modules [2] document, it
says that if you are going to put your custom stuff in a module (such as in
their example, named 'custom') it says to follow the standard layout, and
that you have to have a manifests/init.pp.

If all that is actually in the thing is lib/facter/myfact.rb, what do I put
in the manifests/init.pp ? Is it enough for it to exist but be empty?


Yes it is.

You probably have some kind of base or our_site module already that
just does things like

include ntp
include admin_packages
include ssh
include syslog

etc.  You could associate your custom fact(s) with that module by putting
them in the lib/facter directory for that module.

Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing  Infrastructure  701-231-1076 (Voice)
Room 242-J6, IACC Building 701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Hiera Tutorials

2012-06-29 Thread Tim Mooney


In regard to: [Puppet Users] Hiera Tutorials, Kelsey Hightower said (at...:


I'm beginning the process of creating Hiera tutorials covering the
following topics:

*Beginner*

  - Getting Started with Hiera 
(drafthttps://github.com/kelseyhightower/hiera/blob/maint/1.0rc/add_getting_started_tutorial/docs/tutorials/getting_started.md
  )
  - Understanding hierarchies, sources, and scope
  - Understanding answer resolution (array, priority, hash, resolution
  order, etc)
  - Hiera and Puppet - Using the parser functions and data bindings for
  parameterized classes

*Advanced*

  - Hiera backends -- Creating new backends
  - Hiera parser functions -- Creating new hiera parser functions



This is fantastic news Kelsey and I'm really looking forward to it.

We've been using hiera with the community edition for about 6 months,
and we're really happy with it, but we're really not using it to its
full potential yet.

One area where there's a dearth of documentation (and best practices
recommendations) relates to how to namespace settings within hiera.
What I mean is that when we converted from extlookup() to hiera, we
took the easy route, so we now have stuff in hiera that looks like:

nameserver_type: client
nameserver_primary: XXX.YYY.ZZZ.AAA
nameserver_secondary: XXX.YYY.ZZZ.BBB
nameserver_tertiary: XXX.YYY.ZZZ.CCC

Hiera would support something like

nameserver:
  type: client
  servers:
- XXX.YYY.ZZZ.AAA
- XXX.YYY.ZZZ.BBB
- XXX.YYY.ZZZ.CCC

in other words, more complicated data structures.

Both recommendations on whether or not that's a good idea *and* examples
on how to successfully access the nested bits from within puppet would
be appreciated.

Advanced examples with create_resources() might also be useful.

Thanks much,

Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing  Infrastructure  701-231-1076 (Voice)
Room 242-J6, IACC Building 701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] puppet node report

2012-06-29 Thread Tim Mooney


In regard to: [Puppet Users] puppet node report, hai wu said (at 3:04am on...:


Is there a way to download latest node report log from puppet dashboard?


There's a way to do just about anything, but before you write some
complicated web screen-scraping code to get the report from the web
interface of dashboard, consider just enabling additional report backends
and instead pulling the data from there.

There was a very good blog post about when puppet reports a few weeks
ago, check it out for more information on other reporting backends that
are available and how you might go about developing your own (perhaps
one for a database).  See

http://puppetlabs.com/blog/when-puppet-reports-part-1/

Note also there's a part 2 that you'll want to check out.

The most straightforward method would probably be to enable the yaml
backend and just pull the data from there.

Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing  Infrastructure  701-231-1076 (Voice)
Room 242-J6, IACC Building 701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] can´t call custom fact

2012-06-29 Thread Tim Mooney


In regard to: [Puppet Users] can?t call custom fact, Spter said (at 6:46am...:


Both on puppetmaster and my node:
puppet.conf:
pluginsync = true

on my puppetmaster:
modules/system/manifest/init.pp:
file { /root/my_oc4j:
 ensure = link,
 target = /var/${::oc4j},
}

modules/system/lib/facter/oc4j.rb:
Facter.add(oc4j) do
 ja
end


When i called on my node:
puppet agent --no-daemonize --onetime --ignorecache --verbose --noop
no error occurs, but the link looks like:
my_oc4j - /var/

So, when i modify the init.pp like:
file { /root/my_oc4j:
 ensure = link,
 target = /var/$oc4j,
}
The link looks like the same.



What does

facter --puppet oc4j

report?  You may need to run that as root or via sudo to get your
custom facts.

If it doesn't output anything, then the problem is that facter isn't
getting the information you expect, so what it reports to the puppet
master is empty.

Next step would be to run

sudo puppet config print all | egrep fact

on the client in question.  That should show a setting for factpath,
probably something like /var/lib/puppet/lib/facter.

Look in that directory.  Does your oc4j.rb file exist in the directory?
If it does, then pluginsync is working correctly, but the code itself
isn't doing what you expect.

If it doesn't exist, then it's not getting synced down to the client(s)
correctly, so you'll need to debug why that is.

Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing  Infrastructure  701-231-1076 (Voice)
Room 242-J6, IACC Building 701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: advice on module/class refactoring for defines

2012-05-25 Thread Tim Mooney


In regard to: [Puppet Users] Re: advice on module/class refactoring for...:



On May 24, 7:43 pm, Nan Liu n...@puppetlabs.com wrote:

I would say include 'ldconfig' in define ldconfig::config, then the
define is self contained, and you don't need remember include ldconfig
everywhere.


+1

That's all around the best available option.  It's much nicer than the
original version, even, because users don't have to separately include
class 'ldconfig' before they can use the define.


Agreed, that's something I was hoping to avoid.

Thanks,

Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing  Infrastructure  701-231-1076 (Voice)
Room 242-J6, IACC Building 701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] advice on module/class refactoring for defines

2012-05-25 Thread Tim Mooney


In regard to: Re: [Puppet Users] advice on module/class refactoring for...:


Note the define for config() within the init.pp for ldconfig.  That's now
out of favor.  Moving that define into it's own file in
modules/ldconfig/manifests/config.pp is straightforward, but it leaves
me with questions about where the exec should be.


I would say include 'ldconfig' in define ldconfig::config, then the
define is self contained, and you don't need remember include ldconfig
everywhere.


Thanks Nan.  Not certain why that wasn't obvious to me before you pointed
it out, but it's perfect.  :-)

Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing  Infrastructure  701-231-1076 (Voice)
Room 242-J6, IACC Building 701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] linting manifests with long lines

2012-05-24 Thread Tim Mooney


In regard to: Re: [Puppet Users] linting manifests with long lines, Nan Liu...:


On Mon, May 21, 2012 at 11:55 AM, Tim Mooney tim.moo...@ndsu.edu wrote:


All-

I've been working through our local manifests with puppet-lint, trying
to make certain we're as prepared as possible for puppet 3.x.  I would
like for our manifests to be warning-free.  The class of warnings
related to long lines has me questioning what the best practice is to
avoid lines longer than 80 characters.


You can use a variable to shorten it, but I don't know if that
actually improves code clarity.


As I suggested in my original email, in some cases it would be OK, but
in many cases it wouldn't improve clarity and would cause other problems.


There's some discussion about removing it from the recommendation:
https://github.com/puppetlabs/puppet-docs/pull/68


Thanks for pointing that out.

What I've ended up doing is just adding

--no-80chars-check

to my ~/.puppet-lintrc, to silence the warning.

Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing  Infrastructure  701-231-1076 (Voice)
Room 242-J6, IACC Building 701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] advice on module/class refactoring for defines

2012-05-24 Thread Tim Mooney



All-

We have several modules that have defines within them that the style guide
(sections 11.1  11.4) and puppet-lint suggest should be in their own
file.  I'm working on fixing them and have a question about how things
should be refactored.

A stripped down example:

The node:

node 'foo.bar.edu' {
  include oracledb::instantclient
}


file modules/oracledb/manifests/instantclient.pp:

class oracledb::instantclient($version='11.1') {

  include ldconfig

  # other non-relevant stuff here

  ldconfig::config { 'oracle-instantclient':
content = template('oracledb/instantclient.ld.conf.erb'),
  }

}


file modules/ldconfig/manifests/init.pp:

class ldconfig {

  exec { '/sbin/ldconfig':
refreshonly = true,
alias   = 'ldconfig',
  }


  define config($content) {
file { /etc/ld.so.conf.d/${name}.conf:
  ensure  = file,
  owner   = 'root',
  group   = 'root',
  mode= '0644',
  content = $content,
  notify  = Exec['ldconfig'],
}
  }
}


Note the define for config() within the init.pp for ldconfig.  That's now
out of favor.  Moving that define into it's own file in
modules/ldconfig/manifests/config.pp is straightforward, but it leaves
me with questions about where the exec should be.

- if I add a requires = Class['ldconfig'] to the file within the
  config() define, I now have a circular dependency that puppet errors on.

- if I don't include the requires = Class['ldconfig'] but I'm careful
  to keep the include ldconfig in every class that also uses
  ldconfig::config, things work, but that seems like the wrong way to
  do it, as it only works if I do both things, because of the implicit
  dependency on the exec.

- I've tried moving the exec inside the define, like this:

file modules/ldconfig/manifests/config.pp:

define ldconfig::config($content) {

  exec { '/sbin/ldconfig':
refreshonly = true,
alias   = 'ldconfig',
  }

  file { /etc/ld.so.conf.d/${name}.conf:
ensure  = file,
owner   = 'root',
group   = 'root',
mode= '0644',
content = $content,
notify  = Exec['ldconfig'],
  }
}

  but that results in duplicate definitions of the exec:

err: Could not retrieve catalog from remote server: Error 400 on SERVER:
Duplicate declaration: Exec[/sbin/ldconfig] is already declared in file
/etc/puppet/modules/ldconfig/manifests/config.pp at line 6; cannot
redeclare at /etc/puppet/modules/ldconfig/manifests/config.pp:6 on node
foo.bar.edu

- I've considered giving the exec an alias that is unique per define,
  e.g. something like

  exec { '/sbin/ldconfig':
refreshonly = true,
alias   = ldconfig-${name},
  }

  and then doing a 'notify = Exec[ldconfig-${name}]', but that too
  seems pretty hackish, though it may be my fall-back position if
  someone doesn't have a more elegant way to handle this.

Any thoughts on how this should be re-organized?

Thanks,

Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing  Infrastructure  701-231-1076 (Voice)
Room 242-J6, IACC Building 701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] linting manifests with long lines

2012-05-21 Thread Tim Mooney



All-

I've been working through our local manifests with puppet-lint, trying
to make certain we're as prepared as possible for puppet 3.x.  I would
like for our manifests to be warning-free.  The class of warnings
related to long lines has me questioning what the best practice is to
avoid lines longer than 80 characters.

The two big offenders are URLs:

class foo {
  yumrepo { 'some-repo':
baseurl  = 
'http://some-relatively-long-domain.com/some-path/centos$releasever/$basearch',
gpgcheck = '1',
descr= 'Some Yum Repository',
  }
}

and obviously file resources:

class bar {
  file {'/path/to/some/convenience/symlink':
ensure = file,
target = 
'/path/to/some/unfortunately/extremely/deep/file/that/we/want/to/manage/with/puppet',
  }
}

but even content can at times exceed 80 columns.

I know I could be creating variables to help with line length, a la:

class foo {

  $url_base = 'http://some-relatively-long-domain.com'
  $url_path = '/some/url/path'

  yumrepo { 'some-repo':
baseurl  = ${base_url}${url_path},
gpgcheck = '1',
descr= 'Some Yum Repository',
  }
}

But that seems suboptimal, especially if there are things in the URL
(like $releasever/$basearch) that need to be preserved verbatim (they're
not puppet variables, they're for yum).

Is there a better way to break up long lines, perhaps a join function
I've missed that would allow me to do something like

class foo {
  yumrepo { 'some-repo':
baseurl  = join(
  '',
  'http://some-relatively-long-url.com',
  '/some-path/centos$releasever/$basearch'
),
gpgcheck = '1',
descr= 'Some Yum Repository',
  }
}

Thanks,

Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing  Infrastructure  701-231-1076 (Voice)
Room 242-J6, IACC Building 701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] mixing source content (templates) in concat::fragment

2012-05-03 Thread Tim Mooney


In regard to: Re: [Puppet Users] mixing source  content (templates) in...:


the file type in puppet does not provide a way to do this, so
unfortunately
the concat cant do it either - since its just relying on the file
type


Thanks R.I. (and thanks for concat).  I guess I'll switch all of our
host-specific base fragments to be a templates, even when there's no
template code in them, and use

   concat::fragment { 'firewall-base':
 target = $firewall_config,
 content = [
   template(firewall/firewall-base.${::fqdn}.erb),
   template('firewall/firewall-base'),
 ],
 order = '01',
   }



puppet does not support this either :)

what you'll get there is a concat of the 2 templates


Oh, that's quite disappointing.  We'll need to completely rethink how
we're doing this.

Thanks again,

Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing  Infrastructure  701-231-1076 (Voice)
Room 242-J6, IACC Building 701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] mixing source content (templates) in concat::fragment

2012-05-02 Thread Tim Mooney



All-

We're using puppet 2.7.11.

Our custom firewall module currently builds the RHEL
/etc/sysconfig/iptables (and ip6tables) from multiple fragments using
concat::fragment.

The base part of the firewall is constructed like this:

class firewall {
  include concat::setup

  $firewall_config  = '/etc/sysconfig/iptables'

  concat::fragment { firewall-base:
target = $firewall_config,
source = [
  puppet:///modules/firewall/firewall-base.$fqdn,
  puppet:///modules/firewall/firewall-base
],
order = '01',
  }

  concat::fragment {firewall-end:
target  = $firewall_config,
content = COMMIT\n,
order   = '99',
  }
}


As you can see, we use source to look for a per-box custom firewall base
first, and then fall back to a stock firewall-base file fragment.

I want to modify this config so that the fall-back fragment comes from
a template, rather than a file fragment.  The problem is that it appears
I can't do this:

  concat::fragment { firewall-base:
target = $firewall_config,
source = [
  puppet:///modules/firewall/firewall-base.$fqdn,
  template('firewall/firewall-base.erb'),
],
order = '01',
  }

When I try that, I get:

$sudo puppet agent --test --noop
info: Retrieving plugin
info: Loading facts in /var/lib/puppet/lib/facter/ipmi_product.rb
info: Loading facts in /var/lib/puppet/lib/facter/biosversion.rb
info: Loading facts in /var/lib/puppet/lib/facter/net_info.rb
info: Loading facts in /var/lib/puppet/lib/facter/facter_dot_d.rb
info: Loading facts in /var/lib/puppet/lib/facter/net_location.rb
info: Loading facts in /var/lib/puppet/lib/facter/pacemaker.rb
info: Loading facts in /var/lib/puppet/lib/facter/root_home.rb
info: Caching catalog for host.nodak.edu
err: Failed to apply catalog: Parameter source failed: Could not understand 
source #


and then it spits out the file template.

Is there an easy way to mix, in one fragment, a source and a template,
as I'm trying to do?

It occurs to me that I could just pretend that all of our per-host
firewall-base.$fqdn files are instead templates, even if there's no
actual templating going on, and use something like:

  concat::fragment { firewall-base:
target = $firewall_config,
content = [
  template(firewall/firewall-base.$fqdn.erb),
  template('firewall/firewall-base.erb'),
],
order = '01',
  }

But that seems kind of hackish.  Can anyone suggest a more elegant method,
or some syntax that I'm missing?

Thanks,

Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing  Infrastructure  701-231-1076 (Voice)
Room 242-J6, IACC Building 701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] mixing source content (templates) in concat::fragment

2012-05-02 Thread Tim Mooney


In regard to: Re: [Puppet Users] mixing source  content (templates) in...:


All-

We're using puppet 2.7.11.

Our custom firewall module currently builds the RHEL
/etc/sysconfig/iptables (and ip6tables) from multiple fragments using
concat::fragment.

The base part of the firewall is constructed like this:

class firewall {
   include concat::setup

   $firewall_config  = '/etc/sysconfig/iptables'

   concat::fragment { firewall-base:
 target = $firewall_config,
 source = [
   puppet:///modules/firewall/firewall-base.$fqdn,
   puppet:///modules/firewall/firewall-base
 ],
 order = '01',
   }

   concat::fragment {firewall-end:
 target  = $firewall_config,
 content = COMMIT\n,
 order   = '99',
   }
}


As you can see, we use source to look for a per-box custom firewall
base first, and then fall back to a stock firewall-base file fragment.

I want to modify this config so that the fall-back fragment comes
from a template, rather than a file fragment.  The problem is that it
appears I can't do this:



the file type in puppet does not provide a way to do this, so unfortunately
the concat cant do it either - since its just relying on the file type


Thanks R.I. (and thanks for concat).  I guess I'll switch all of our
host-specific base fragments to be a templates, even when there's no
template code in them, and use

  concat::fragment { 'firewall-base':
target = $firewall_config,
content = [
  template(firewall/firewall-base.${::fqdn}.erb),
  template('firewall/firewall-base'),
],
order = '01',
  }

Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing  Infrastructure  701-231-1076 (Voice)
Room 242-J6, IACC Building 701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Optional values from Hiera (no default value)

2012-04-26 Thread Tim Mooney


In regard to: [Puppet Users] Optional values from Hiera (no default value),...:


Hello Puppet List,

I'm writing a module that should take an optional value and I want to
get it (amongst other places) from Hiera.

$repository = $::java_repository ? {
 undef   = hiera('java_repository')
 default = $::java_repository,
}


hiera() can take a second argument which is the default you want to
supply if no data store provides a value.  Before you ask, no, I don't
know where that's documented, but we've been using it for a while in
our puppet manifests and it has been mentioned on the list even today.

Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing  Infrastructure  701-231-1076 (Voice)
Room 242-J6, IACC Building 701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet-dev] Re: [Puppet Users] Telly: Nagios types moving into Module

2012-04-17 Thread Tim Mooney


In regard to: Re: [Puppet-dev] Re: [Puppet Users] Telly: Nagios types...:


Todd, welcome and I feel your pain.  Trust me, I pushed every way I
could to use native packages as our module deliver mechanism.  However
we have some odd requirements that make things not work as well with
RPM (or deb, or gems).  Basically we need a mechanism to allow
multiple versions installed into separate environments (paths on
disk).


You make a compelling argument for why this doesn't map well to native
packaging tools.  While it is possible to have multiple copies of an RPM
installed simultaneously, it would be a kludge in this case.


Something like pm2rpm and pm2deb is very likely something we'll need
to make the lives of Puppet Users happy.


Now that puppet has drug me into the ruby world, I've started down the
path of RPM packaging of gems.  gem2rpm helped me get started.  Having
something that works very similar to that would be a big help to those
that are experienced with ruby  gems.

Whatever you choose, though, there needs to be a way for admins to query
a client and find out

- what puppet modules are installed
- where each instance of the module is installed
- what version is present in each instance

Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing  Infrastructure  701-231-1076 (Voice)
Room 242-J6, IACC Building 701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Telly: Nagios types moving into Module

2012-04-16 Thread Tim Mooney


In regard to: Re: [Puppet Users] Telly: Nagios types moving into Module,...:

If I wanted to use a 
secondary package management system, I could use gems or eggs or CPAN, but I 
don't. ;)


+1.

Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing  Infrastructure  701-231-1076 (Voice)
Room 242-J6, IACC Building 701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Need advice how to architect solution for /etc/resolv.conf

2012-03-16 Thread Tim Mooney


In regard to: [Puppet Users] Need advice how to architect solution for...:


I'm having difficulty determining the best course of action how to
implement /etc/resolv.conf on my RHEL5 hosts.

Here's my requirements, IN ORDER OF PRECEDENCE:

* All hosts, regardless of function, need /etc/resolv.conf
* Dependiing upon which environment the host lives in (i.e. Facture
$domain)  this changes search paths and nameservers to use in
/etc/resolv.conf
* Any host defined as a 'DNS Server' should ignore environment specific
settings and use nameserver of '127.0.0.1'
* There are one or two one-off DNS servers that should have their own
per-host settings which shall override all previous definitions.


We're doing something like this, although I need to expand it to be a
little bit smarter, but wouldn't setting something like

---
named_type: client  # or 'caching', 'secondary', 'primary'

in your extdata/hiera/ENC and then using a selector in your class to pick
which template to use for resolv.conf essentially solve all of this?


The only things that need to change between these rules are the values of
the search path and the list of nameservers. So I would like to use a
single template for /etc/resolv.conf which simply plug in data available in
variables accessible by the template


You probably could do that, but I think the template will be more
complicated this way.  Selecting different templates based on what type
of system it is makes the template simpler.

Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing  Infrastructure  701-231-1076 (Voice)
Room 242-J6, IACC Building 701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Quoting 'true' and 'false' (was: Re: [Puppet Users] new user: need Conditional statement example within a file resource type)

2011-12-16 Thread Tim Mooney


In regard to: Re: [Puppet Users] new user: need Conditional statement...:


Obviously I had a syntax error here because case statement is not
happy within the resource.


That's why the documentation says to use a selector.


So, what's a recommended puppet way to do something like this? thx in
advance.


file {
 somefile :
   ensure = $hasfile ? {
   true  = present,
   default  = absent
  },
   source = puppet:///somefile,
   owner = root,
}

Please note that true is not strictly equivalent to the bareword true
in the puppet language :)


Ah, perfect segue.  I had been meaning to follow up to John Bollinger
when he earlier posted something similar that also had 'true' quoted.

I've been through the style guide and several other areas in the
documentation and I can't find any recommendations on whether it's better
to use bare

true
false

or whether it's better to quote them.  This is specifically for use in
parameterized classes.  For example:

foo.bar.edu.pp:

node 'foo.bar.edu' {

  class {'rhel':
version  = '5',
ipv6_enabled = true,
  }
}

rhel/manifests/init.pp:

class rhel($version, $ipv6_enabled='default') {
  include rhel::common

  case $ipv6_enabled {
true: {
class {'network': ipv6 = true }
}
false: {
class {'network': ipv6 = false }
}
default: {
  case $version {
'5': {
class {'network': ipv6 = false }
}
'6': {
class {'network': ipv6 = true }
}
default: { fail(only version 5 and 6 of rhel are currently supported)}
  }
}
  }
}


In other words, our default for RHEL 5 is ipv6 disabled, on RHEL 6 it's
ipv6 enabled, but the default can be overridden for either.

The problem is that we had to be very careful to make certain that we
didn't quote true or false in some places and leave them as barewords
elsewhere, or it just wouldn't work.  Mixing quoted  nonquoted gave us
unreliable and unexpected results.

This brings me back to the questions: where in the docs is this covered,
and what are the recommendations for whether we should (or shouldn't) be
quoting true  false when passing them around into parameterized classes
and testing them in selectors?

Thanks much,

Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing  Infrastructure  701-231-1076 (Voice)
Room 242-J6, IACC Building 701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: hasstatus not working as expected

2011-08-12 Thread Tim Mooney


In regard to: [Puppet Users] Re: hasstatus not working as expected, Chad...:


status)
 /sbin/iptables -L | /bin/egrep '^DROP+\s+all.*NEW\s?+$'  /dev/
null


I doubt this is the actual problem, but you could more portably and
more correctly write that regex as

'^DROP[[:space:]]+all.*NEW[[:space:]]*$'

You don't need the + after the P, since you don't want to match things
like DROP, and you don't need the ? or the + after NEW, since you're
anchoring the end and there's therefore really no reason to use non-greedy
matching.  Your comment also mentions any amount of whitespace, which
presumably includes 0 matches, hence the * instead of the +.

Also, you should probably run (as you)

env grep -i grep

and see if something like GREP_OPTIONS is in your environment.


# A string has to start with DROP then whitespace, then all, then
anything, then NEW, then any amount of whitespace
# For some reason iptables -L has a whitespace after NEW
 if [ $? = 0 ]; then
echo iptables is running
exit 0
 else
echo iptables is stopped
exit 3
 fi
 ;;
**


Tim
--
Tim Mooney  moo...@dogbert.cc.ndsu.nodak.edu
Enterprise Computing  Infrastructure   701-231-1076 (Voice)
Room 242-J6, IACC Building  701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] augeas modify pam.d argument by relative position

2011-08-06 Thread Tim Mooney




All-

I've been using puppet (now 2.6.9) and augeas (now 0.7.2 + ruby-augeas 0.3.0)
for a few weeks and I'm a convert.

I'm trying to modify a particular argument to a particular entry in
the RHEL 6.1 /etc/pam.d/password-auth-ac file, and although I've come
up with a way that works, it's fragile.  I'm hoping someone can suggest
a better way.

First, the line in question in /etc/pam.d/password-auth-ac is

authrequisite pam_succeed_if.so uid = 500 quiet

It's the third line in the auth section of that file.  The problem
is that we have a few old-timers that have uids in the range 101-499, and
this line causes them problems on login via things like sshd.

In the past we would have scripted something in perl in our kickstart
%post script to switch that particular 500 to be 100.

Using this excellent past thread as a guide:


http://groups.google.com/group/puppet-users/browse_thread/thread/ab96038a5658ec98/cb0c0beb8cd5418b?lnk=gstq=augeas+%2Bpam#cb0c0beb8cd5418b

I can match the line in question in augtool with:

print /files/etc/pam.d/password-auth-ac/*[type = auth][module = 
pam_succeed_if.so]
/files/etc/pam.d/password-auth-ac/3
/files/etc/pam.d/password-auth-ac/3/type = auth
/files/etc/pam.d/password-auth-ac/3/control = requisite
/files/etc/pam.d/password-auth-ac/3/module = pam_succeed_if.so
/files/etc/pam.d/password-auth-ac/3/argument[1] = uid
/files/etc/pam.d/password-auth-ac/3/argument[2] = =
/files/etc/pam.d/password-auth-ac/3/argument[3] = 500
/files/etc/pam.d/password-auth-ac/3/argument[4] = quiet


The problem is that 'uid', '=', and '500' are all separate arguments.
I can get puppet to apply my modification if I use an entry like this:

 #
 # RHEL 6 has a new PAM file that needs to have the nid for special
 # users adjusted down from 500 to 100.
 #
 augeas { pam.d/password-auth-ac_uidfix:
 context = '/files/etc/pam.d/password-auth-ac/*[type = auth][module = 
pam_succeed_if.so]',
 changes = [
 set argument[3] 100,
 ],
 onlyif  = 'get argument[3] == 500'
 }


But that only works if argument[1]=uid, argument[2]==, and
argument[3]=500.  Ideally, my rule would find the position of uid in
the line, and then match only if position() + 2 = 500.   I've tried
things like:

print /files/etc/pam.d/password-auth-ac/*[type = auth][module = 
pam_succeed_if.so][argument[position()] = uid]

within augtool and that much works, but as soon as I try something like:

print /files/etc/pam.d/password-auth-ac/*[type = auth][module = 
pam_succeed_if.so][argument[position()] = uid][argument[position() + 1] = =]

it fails to match.

Anyone have an idea how I can rewrite things so that the match isn't
dependent on the exact current order of arguments, and instead matches
relative to the position of a previous argument (uid) or pair of arguments
(uid and =)?

Any thoughts appreciated,

Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing  Infrastructure  701-231-1076 (Voice)
Room 242-J6, IACC Building 701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

97 matches

Mail list logo