[Puppet Users] Secure hostname/Serial number through puppet before signing certs
Hi, I want to apply a security check on hostnames in my domain (abc.example.com) so that puppet should verify the hostname or serial number through dmidecode -s system-serial-number instead of facter| grep -i serial so that if any node in the domain changes the hostname of the system then also puppet should pick the hostname/serial number through dmidecode -s system-serial-number as I had configured *.example.com in my autosign.conf file. How can this be achived through puppet ? Also is there any other way so that I can secure my hostname in my domain. Thanks -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: No child processes error message in dashboard
Can anyone assist whats the root cause of Could not evaluate: No child processes error message in dashboard how this can be resolved ? Thanks On Mar 1, 9:05 am, mukulm smilemukul2...@gmail.com wrote: Hi, I am getting the Could not evaluate: No child processes error message in dashboard for the task as /Stage[main]/Ubuntu_laptop/Exec[/bin/echo -e 'runinterval=7200' / etc/puppet/puppet.conf] but when I execute the puppet syntax (puppetd -td) manually in terminal on the node then it does not return any error. Any idea why I am receiving the above error message. Thanks -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Cache for the local system while offline
Hi, Please assist on the below request as I am not able to receive the updates offline. Thanks mukulm On Feb 20, 7:59 pm, mukulm smilemukul2...@gmail.com wrote: I am not able tocachethe updates from the server as I had updated the nodes puppet.conf with usecacheonfailure=true or any other info need to be updated ? I am getting the error messages as, err: Could not retrieve catalog from remote server: getaddrinfo: Name or service not known err: Could not retrieve catalog; skipping run err: Could not send report: getaddrinfo: Name or service not known Please assist. Thanks mukulm On Feb 16, 1:29 pm, mukulm smilemukul2...@gmail.com wrote: I am too getting the same message error as, err: Could not retrieve catalog from remote server: getaddrinfo: Name or service not known err: Could not retrieve catalog; skipping run err: Could not send report: getaddrinfo: Name or service not known Can anyone assist howcachecachecan be achieve on the nodes. Thanks mukulm On Feb 16, 8:05 am, Khoury Brazil khoury.bra...@gmail.com wrote: On Wed, Feb 15, 2012 at 5:51 PM, Daniel Pittman dan...@puppetlabs.com wrote: On Wed, Feb 15, 2012 at 17:26, Khoury Brazil khoury.bra...@gmail.com wrote: On Thu, Feb 9, 2012 at 1:09 PM, Daniel Pittman dan...@puppetlabs.com wrote: On Thu, Feb 9, 2012 at 06:12, mukulm smilemukul2...@gmail.com wrote: I want tocachethe updates for the users system received from the server so that the users can get the updates from the local systemcachewhile offline. Any idea how can server updates be stored on the users system while offline ? You likely want `--usecacheonfailure`, or the equivalent setting in `puppet.conf`: http://docs.puppetlabs.com/references/stable/configuration.html#useca... Whether to use the cached configuration when the remote configuration will not compile. This option is useful for testing new configurations, where you want to fix the broken configuration rather than reverting to a known-good one. That should also apply when you can't communicate with the master. Unfortunately, at least in my case, when I run puppet on a client that is off of the network (in this particular case its a Macbook Pro) it seems that something is failing locally, causing a warning: not using cacheon failed catalog. […] This is the output from an offline debug run: macbookproagent:/ admin$ sudo puppet agent -t --debug One of the features of the `-t` or `--test` flag is that it disables use of the cached catalog when you can't fetch it down. Does it work better if you don't specify `--test`? If not, please file a bug report. :) -- Daniel Pittman ⎋ Puppet Labs Developer –http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- I guess I *was* missing something (something very obvious...). Thanks for the help, that was indeed the issue. :) -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Cache for the local system while offline
I am not able to cache the updates from the server as I had updated the nodes puppet.conf with usecacheonfailure=true or any other info need to be updated ? I am getting the error messages as, err: Could not retrieve catalog from remote server: getaddrinfo: Name or service not known err: Could not retrieve catalog; skipping run err: Could not send report: getaddrinfo: Name or service not known Please assist. Thanks mukulm On Feb 16, 1:29 pm, mukulm smilemukul2...@gmail.com wrote: I am too getting the same message error as, err: Could not retrieve catalog from remote server: getaddrinfo: Name or service not known err: Could not retrieve catalog; skipping run err: Could not send report: getaddrinfo: Name or service not known Can anyone assist howcachecachecan be achieve on the nodes. Thanks mukulm On Feb 16, 8:05 am, Khoury Brazil khoury.bra...@gmail.com wrote: On Wed, Feb 15, 2012 at 5:51 PM, Daniel Pittman dan...@puppetlabs.com wrote: On Wed, Feb 15, 2012 at 17:26, Khoury Brazil khoury.bra...@gmail.com wrote: On Thu, Feb 9, 2012 at 1:09 PM, Daniel Pittman dan...@puppetlabs.com wrote: On Thu, Feb 9, 2012 at 06:12, mukulm smilemukul2...@gmail.com wrote: I want tocachethe updates for the users system received from the server so that the users can get the updates from the local systemcachewhile offline. Any idea how can server updates be stored on the users system while offline ? You likely want `--usecacheonfailure`, or the equivalent setting in `puppet.conf`: http://docs.puppetlabs.com/references/stable/configuration.html#useca... Whether to use the cached configuration when the remote configuration will not compile. This option is useful for testing new configurations, where you want to fix the broken configuration rather than reverting to a known-good one. That should also apply when you can't communicate with the master. Unfortunately, at least in my case, when I run puppet on a client that is off of the network (in this particular case its a Macbook Pro) it seems that something is failing locally, causing a warning: not using cacheon failed catalog. […] This is the output from an offline debug run: macbookproagent:/ admin$ sudo puppet agent -t --debug One of the features of the `-t` or `--test` flag is that it disables use of the cached catalog when you can't fetch it down. Does it work better if you don't specify `--test`? If not, please file a bug report. :) -- Daniel Pittman ⎋ Puppet Labs Developer –http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- I guess I *was* missing something (something very obvious...). Thanks for the help, that was indeed the issue. :) -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Cache for the local system while offline
I am too getting the same message error as, err: Could not retrieve catalog from remote server: getaddrinfo: Name or service not known err: Could not retrieve catalog; skipping run err: Could not send report: getaddrinfo: Name or service not known Can anyone assist how cache cache can be achieve on the nodes. Thanks mukulm On Feb 16, 8:05 am, Khoury Brazil khoury.bra...@gmail.com wrote: On Wed, Feb 15, 2012 at 5:51 PM, Daniel Pittman dan...@puppetlabs.com wrote: On Wed, Feb 15, 2012 at 17:26, Khoury Brazil khoury.bra...@gmail.com wrote: On Thu, Feb 9, 2012 at 1:09 PM, Daniel Pittman dan...@puppetlabs.com wrote: On Thu, Feb 9, 2012 at 06:12, mukulm smilemukul2...@gmail.com wrote: I want to cache the updates for the users system received from the server so that the users can get the updates from the local system cache while offline. Any idea how can server updates be stored on the users system while offline ? You likely want `--usecacheonfailure`, or the equivalent setting in `puppet.conf`: http://docs.puppetlabs.com/references/stable/configuration.html#useca... Whether to use the cached configuration when the remote configuration will not compile. This option is useful for testing new configurations, where you want to fix the broken configuration rather than reverting to a known-good one. That should also apply when you can't communicate with the master. Unfortunately, at least in my case, when I run puppet on a client that is off of the network (in this particular case its a Macbook Pro) it seems that something is failing locally, causing a warning: not using cache on failed catalog. […] This is the output from an offline debug run: macbookproagent:/ admin$ sudo puppet agent -t --debug One of the features of the `-t` or `--test` flag is that it disables use of the cached catalog when you can't fetch it down. Does it work better if you don't specify `--test`? If not, please file a bug report. :) -- Daniel Pittman ⎋ Puppet Labs Developer –http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- I guess I *was* missing something (something very obvious...). Thanks for the help, that was indeed the issue. :) -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: SSL certificates issues with some of the nodes
Thanks for the valuable info but my scenario is option (A) but my question is if once SSL certificates are signed for a node then how due to what reason the SSL private key changes what does preserving SSL private keys means ? Thanks mukulm On Feb 14, 7:14 pm, jcbollinger john.bollin...@stjude.org wrote: On Feb 13, 10:58 am, Mukul Malhotra smilemukul2...@gmail.com wrote: Hi, I am getting the following error message as after removing the SSL certificates from the node server, *err: Could not request certificate: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key* It looks like the master is returning a signed certificate to the client that doesn't match its signing request. Specifically, it doesn't match the client's private key. I can think of a couple of ways that might happen: A) (i) Node A issues a certificate request to the master using certname a.mydomain.com, then (ii) the CA signs the request but node A's Puppet SSL private key is changed, before (iii) node A's Puppet agent requests a catalog B) (i) Node B1 issues a certificate request to the master using certname b.mydomain.com, then (ii) node B2 also issues a certificate request to the master using certname b.mydomain.com, then (iii) the CA signs either B1's or B2's certificate (but not both, because of the certname clash), then (iv) nodes B1 and B2 request catalogs (one of them should give an error similar to the one you present) Basically, the error message is pretty clear as these things go: the signed certificate returned by the master to the agent does not correspond to a certificate request signed by the agent's (current) private key. The agent doesn't need to track specific certificate requests to know this; the private key is sufficient. My best guess about your overall problem would be that either you are triggering (A) by rebuilding client nodes without preserving their SSL private keys, or else that you are triggering (B) by having multiple nodes using the same certname (which by default is based on their hostname). John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Time interval within execution of scripts from the server
Hi, I am running multiple scripts on number of machines through puppet server as my server is CentOS 5.6 clients are Ubuntu 11.04 the scripts are executed in above 2000 clients/nodes so I dont want to execute the scripts on multiple nodes at the same time. Thanks mukulm On Feb 10, 6:45 pm, Ygor y...@comcast.net wrote: http://lmgtfy.com/?q=cron+random+delay Inserting Random Delay In Cron Jobshttp://www.moundalexis.com/archives/76.php On Feb 9, 9:00 am, mukulm smilemukul2...@gmail.com wrote: Hi, I have multiple script to be copied executed from the puppet server on the client systems but i want to execute each script within a timeframe such as hourly, weekly or monthly from the puppet server as i dont want to execute all scripts on the same frequency. Any help will be greatly appreciated. Thanks mukulm -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] SSL certificates issues with some of the nodes
Hi, I am using puppet open source their are above 2000 nodes in my network getting SSL certificates issues with some of the remote nodes they are not in sync with puppet server where others are in sync with server date of the nodes systems are in sync with ntp server, also tried the following as, 1. Deleted the nodes certificate on the puppet server 2. Deleted the SSL directory of the agent. 3. Run puppet agent --test on that agent to generate a new certificate request. but I have to regularly repeat the above process within a timeframe (weekly or monthly) so is there any other way other than this so that all of my agent should be in sync. Also how can I find the sync unsync count? Thanks mukulm -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Time interval within execution of scripts from the server
Hi, I have multiple script to be copied executed from the puppet server on the client systems but i want to execute each script within a timeframe such as hourly, weekly or monthly from the puppet server as i dont want to execute all scripts on the same frequency. Any help will be greatly appreciated. Thanks mukulm -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Cache for the local system while offline
Hi, I want to cache the updates for the users system received from the server so that the users can get the updates from the local system cache while offline. Any idea how can server updates be stored on the users system while offline ? Thanks mukulm -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Creating group of nodes with different class
Hi, How can I create two nodes with differnert hostnames i.e, nodeSD.pp nodesCTO.pp import that nodes in site.pp with different classes (class1 class2) such as, classes1 with nodesSD.pp classes2 with nodesCTO.pp Both the classes has different configuration need to be run with different nodes Can anyone please assist me regarding the above senario. Thanks -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.