[Puppet Users] Re: [Please help] - How to renew/fix certificate at puppetmaster level?
I believe you only have to restart the puppetmaster if you modified the private keys used directly by master or the certs or CA used by master. Modifying client certs should not require restarting the master service. On Monday, October 18, 2021 at 5:21:38 PM UTC-4 puppet-bsd wrote: > Following the instruction to create the certificate from scratch and > reissuing one of its agents (specially the smart proxy) it generates > certificate revoke. > > In order to remote the revoked certificate, I had to restart the puppet > agent service and to sign it in master. Just to test the agent (in the > smart proxy ) works, the certificate gets revoked again. > > Do I have to stop the puppetmaster as well? > > On Saturday, October 16, 2021 at 11:47:17 AM UTC-4 treydock wrote: > >> If the key and the certificate don't match, you may have to regenerate >> your puppetserver's CA and start from scratch essentially. I'm not aware of >> a way to fix a mismatch without totally starting over from scratch. If you >> want to start from scratch, you usually just delete >> /etc/puppetlabs/puppet/ssl on puppetserver (or move to like /tmp or >> something) and restart daemon and puppetserver should regenerate everything. >> >> On Friday, October 15, 2021 at 12:57:23 PM UTC-4 puppet-bsd wrote: >> >>> Performed the Verify steps. Seems the values are not equal. Is there any >>> steps in order to make the values equal? >>> >>> >>> On Friday, October 15, 2021 at 9:34:11 AM UTC-4 treydock wrote: >>> >>>> My advise might not be the best but it's what worked for me when our >>>> master CA certificate expired. These are my raw notes from when I had to >>>> renew our puppetserver certificate. The original certificate was likely >>>> Puppet 4 and expired when running Puppet 6. I googled around and took >>>> some >>>> steps from various blog posts I found so most of this isn't my original >>>> ideas: >>>> >>>> # Verify >>>> cd /etc/puppetlabs/puppet/ssl/ca >>>> ( openssl rsa -noout -modulus -in ca_key.pem 2> /dev/null | openssl >>>> md5 ; openssl x509 -noout -modulus -in ca_crt.pem 2> /dev/null | openssl >>>> md5 ) >>>> >>>> # Generate new CSR >>>> openssl x509 -x509toreq -in ca_crt.pem -signkey ca_key.pem -out >>>> ca_csr.pem >>>> >>>> # Sign >>>> cat > extension.cnf << EOF >>>> [CA_extensions] >>>> basicConstraints = critical,CA:TRUE >>>> nsComment = "Puppet Ruby/OpenSSL Internal Certificate" >>>> keyUsage = critical,keyCertSign,cRLSign >>>> subjectKeyIdentifier = hash >>>> EOF >>>> cp ca_crt.pem ca_crt.pem.old >>>> openssl x509 -req -days 3650 -in ca_csr.pem -signkey ca_key.pem -out >>>> ca_crt.pem -extfile extension.cnf -extensions CA_extensions >>>> openssl x509 -in ca_crt.pem -noout -text|grep -A 3 Validity >>>> chown puppet: ./* >>>> cd /etc/puppetlabs/puppet/ssl >>>> cp -a ca/ca_crt.pem certs/ca.pem >>>> >>>> # CLIENTS >>>> >>>> /opt/puppetlabs/bin/puppet resource file >>>> /etc/puppetlabs/puppet/ssl/certs/ca.pem ensure=absent >>>> /opt/puppetlabs/bin/puppet ssl download_cert >>>> systemctl restart choria-server >>>> >>>> For expired client certs, when that happens to me I will do "rm -rf >>>> /etc/puppetlabs/puppet/ssl" on the agent (never master) and then run >>>> Puppet >>>> which will request new cert then sign the cert and run Puppet again. That >>>> process is rather tedious and not something I've automated really well but >>>> also not something I have had happen frequently as we don't tend to keep >>>> servers around for 5+ years. >>>> >>>> On Thursday, October 14, 2021 at 4:09:14 PM UTC-4 puppet-bsd wrote: >>>> >>>>> Hi all, >>>>> >>>>> I'm new in puppet. >>>>> >>>>> I'm currently using puppet 4.10 >>>>> >>>>> Long story short, puppet certificates were expired and by this time, I >>>>> am renewing these certificates one node at the time (including the >>>>> puppetmaster). >>>>> >>>>> Once the puppetmaster got "renewed" , I tried to create a node >>>>> successfully but its first run of pup
[Puppet Users] Re: [Please help] - How to renew/fix certificate at puppetmaster level?
If the key and the certificate don't match, you may have to regenerate your puppetserver's CA and start from scratch essentially. I'm not aware of a way to fix a mismatch without totally starting over from scratch. If you want to start from scratch, you usually just delete /etc/puppetlabs/puppet/ssl on puppetserver (or move to like /tmp or something) and restart daemon and puppetserver should regenerate everything. On Friday, October 15, 2021 at 12:57:23 PM UTC-4 puppet-bsd wrote: > Performed the Verify steps. Seems the values are not equal. Is there any > steps in order to make the values equal? > > > On Friday, October 15, 2021 at 9:34:11 AM UTC-4 treydock wrote: > >> My advise might not be the best but it's what worked for me when our >> master CA certificate expired. These are my raw notes from when I had to >> renew our puppetserver certificate. The original certificate was likely >> Puppet 4 and expired when running Puppet 6. I googled around and took some >> steps from various blog posts I found so most of this isn't my original >> ideas: >> >> # Verify >> cd /etc/puppetlabs/puppet/ssl/ca >> ( openssl rsa -noout -modulus -in ca_key.pem 2> /dev/null | openssl md5 >> ; openssl x509 -noout -modulus -in ca_crt.pem 2> /dev/null | openssl md5 ) >> >> # Generate new CSR >> openssl x509 -x509toreq -in ca_crt.pem -signkey ca_key.pem -out >> ca_csr.pem >> >> # Sign >> cat > extension.cnf << EOF >> [CA_extensions] >> basicConstraints = critical,CA:TRUE >> nsComment = "Puppet Ruby/OpenSSL Internal Certificate" >> keyUsage = critical,keyCertSign,cRLSign >> subjectKeyIdentifier = hash >> EOF >> cp ca_crt.pem ca_crt.pem.old >> openssl x509 -req -days 3650 -in ca_csr.pem -signkey ca_key.pem -out >> ca_crt.pem -extfile extension.cnf -extensions CA_extensions >> openssl x509 -in ca_crt.pem -noout -text|grep -A 3 Validity >> chown puppet: ./* >> cd /etc/puppetlabs/puppet/ssl >> cp -a ca/ca_crt.pem certs/ca.pem >> >> # CLIENTS >> >> /opt/puppetlabs/bin/puppet resource file >> /etc/puppetlabs/puppet/ssl/certs/ca.pem ensure=absent >> /opt/puppetlabs/bin/puppet ssl download_cert >> systemctl restart choria-server >> >> For expired client certs, when that happens to me I will do "rm -rf >> /etc/puppetlabs/puppet/ssl" on the agent (never master) and then run Puppet >> which will request new cert then sign the cert and run Puppet again. That >> process is rather tedious and not something I've automated really well but >> also not something I have had happen frequently as we don't tend to keep >> servers around for 5+ years. >> >> On Thursday, October 14, 2021 at 4:09:14 PM UTC-4 puppet-bsd wrote: >> >>> Hi all, >>> >>> I'm new in puppet. >>> >>> I'm currently using puppet 4.10 >>> >>> Long story short, puppet certificates were expired and by this time, I >>> am renewing these certificates one node at the time (including the >>> puppetmaster). >>> >>> Once the puppetmaster got "renewed" , I tried to create a node >>> successfully but its first run of puppet agent -t got unsuccessful due to >>> its related smart proxy server certificate for revoked. Performed a >>> certificate renewal for the proxy and the new agent now runs fine. >>> >>> However, it always happens everytime I create a new node. In the past, I >>> don't have to renew proxy certificates. That means that there is >>> something/somewhere in puppetmaster that isn't caught up in terms of >>> certificates. >>> >>> One try I made is to regenerate a new CA certificate but seems it isn't >>> successful for the early described issue. >>> >>> Can anyone please point how to fix the certificate at the puppetmaster >>> level? >>> >>> -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/d826e9e4-64d3-46a1-83b4-46dabf4a411bn%40googlegroups.com.
[Puppet Users] Re: [Please help] - How to renew/fix certificate at puppetmaster level?
My advise might not be the best but it's what worked for me when our master CA certificate expired. These are my raw notes from when I had to renew our puppetserver certificate. The original certificate was likely Puppet 4 and expired when running Puppet 6. I googled around and took some steps from various blog posts I found so most of this isn't my original ideas: # Verify cd /etc/puppetlabs/puppet/ssl/ca ( openssl rsa -noout -modulus -in ca_key.pem 2> /dev/null | openssl md5 ; openssl x509 -noout -modulus -in ca_crt.pem 2> /dev/null | openssl md5 ) # Generate new CSR openssl x509 -x509toreq -in ca_crt.pem -signkey ca_key.pem -out ca_csr.pem # Sign cat > extension.cnf << EOF [CA_extensions] basicConstraints = critical,CA:TRUE nsComment = "Puppet Ruby/OpenSSL Internal Certificate" keyUsage = critical,keyCertSign,cRLSign subjectKeyIdentifier = hash EOF cp ca_crt.pem ca_crt.pem.old openssl x509 -req -days 3650 -in ca_csr.pem -signkey ca_key.pem -out ca_crt.pem -extfile extension.cnf -extensions CA_extensions openssl x509 -in ca_crt.pem -noout -text|grep -A 3 Validity chown puppet: ./* cd /etc/puppetlabs/puppet/ssl cp -a ca/ca_crt.pem certs/ca.pem # CLIENTS /opt/puppetlabs/bin/puppet resource file /etc/puppetlabs/puppet/ssl/certs/ca.pem ensure=absent /opt/puppetlabs/bin/puppet ssl download_cert systemctl restart choria-server For expired client certs, when that happens to me I will do "rm -rf /etc/puppetlabs/puppet/ssl" on the agent (never master) and then run Puppet which will request new cert then sign the cert and run Puppet again. That process is rather tedious and not something I've automated really well but also not something I have had happen frequently as we don't tend to keep servers around for 5+ years. On Thursday, October 14, 2021 at 4:09:14 PM UTC-4 puppet-bsd wrote: > Hi all, > > I'm new in puppet. > > I'm currently using puppet 4.10 > > Long story short, puppet certificates were expired and by this time, I am > renewing these certificates one node at the time (including the > puppetmaster). > > Once the puppetmaster got "renewed" , I tried to create a node > successfully but its first run of puppet agent -t got unsuccessful due to > its related smart proxy server certificate for revoked. Performed a > certificate renewal for the proxy and the new agent now runs fine. > > However, it always happens everytime I create a new node. In the past, I > don't have to renew proxy certificates. That means that there is > something/somewhere in puppetmaster that isn't caught up in terms of > certificates. > > One try I made is to regenerate a new CA certificate but seems it isn't > successful for the early described issue. > > Can anyone please point how to fix the certificate at the puppetmaster > level? > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/d9584c3c-b59d-4ebb-ab0a-bfa6e8af040en%40googlegroups.com.
[Puppet Users] Re: Puppet CA expiring and puppetserver cert expiring
I ran into this issue a few weeks ago, but only my CA cert was expired as my master certs were a few years newer than CA. There are a couple blog articles I found (lost URLs) that pieced together these steps to renew CA cert. For clients you just have to remove then re-download the CA cert once those are renewed. For renewing the master certs, it's same as client certs I believe where you delete the client cert from /etc/puppetlabs/puppet/ssl and then do something like "puppet cert clean ..." to remove expired cert from CA and then rerun Puppet on client to generate new cert then sign it with "puppet cert sign ...". The commands to clean / sign are different for Puppet 6 as they go through puppetserver, so my pseudo examples maybe wrong as I haven't used Puppet 5 in a while. # Verify cd /etc/puppetlabs/puppet/ssl/ca ( openssl rsa -noout -modulus -in ca_key.pem 2> /dev/null | openssl md5 ; openssl x509 -noout -modulus -in ca_crt.pem 2> /dev/null | openssl md5 ) # Generate new CSR openssl x509 -x509toreq -in ca_crt.pem -signkey ca_key.pem -out ca_csr.pem # Sign cat > extension.cnf << EOF [CA_extensions] basicConstraints = critical,CA:TRUE nsComment = "Puppet Ruby/OpenSSL Internal Certificate" keyUsage = critical,keyCertSign,cRLSign subjectKeyIdentifier = hash EOF cp ca_crt.pem ca_crt.pem.old openssl x509 -req -days 3650 -in ca_csr.pem -signkey ca_key.pem -out ca_crt.pem -extfile extension.cnf -extensions CA_extensions openssl x509 -in ca_crt.pem -noout -text|grep -A 3 Validity chown puppet: ./* cd /etc/puppetlabs/puppet/ssl cp -a ca/ca_crt.pem certs/ca.pem # CLIENTS /opt/puppetlabs/bin/puppet resource file /etc/puppetlabs/puppet/ssl/certs/ca.pem ensure=absent /opt/puppetlabs/bin/puppet ssl download_cert On Monday, July 12, 2021 at 9:40:24 AM UTC-4 pkraw...@gmail.com wrote: > Version: Puppet 5.5 > > We have an open source puppet environment which has been up for almost 5 > years and certs are about to expire. We are running 5.5. I know it's an > older version but we are sunsetting puppet by year end. > > Setup: > PuppetCA Server > Pupper Master Server 1 > Puppet Master Server 2 > Puppet Master Server 3 > Puppet Master Server 4 > PuppetDB Server > > The 4 master serves are load balanced using an F5 and DNS name. > > I have read many different solutions for this issue and was wondering if > someone has a step-by-step process to renew not only the CA cert but also > the puppet master server certs. > > I'll be using certregen to deal with the CA certificate but I'm not sure > when I should clean the puppet master servers cert which also needs a > dns_alt_names parm (I believe that goes in the master section of > puppet.conf) and then run puppet agent -t command to create a new puppet > master server cert. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/6004a239-7177-4086-8a0a-03e7b8a7d75cn%40googlegroups.com.
[Puppet Users] Re: Puppet 5 ENC parameters and facts missing from PuppetDB 5 facts
In case anyone comes across this same problem, the issue was not with the fact the ENC parameters matched facts. The issue was that I had a flat file fact in /etc/facter/facts.d/facts.txt that defined the hostgroup, which was populated during provisioning by the Foreman hostgroup value. I also had a Ruby fact distributed by Puppet that defined hostgroup but for a subset of my systems using a confine to limit use to just masterless systems. When the ruby fact was nil it the facts.txt would be ignored and the nil value used. Based on debug output this appeared to be behavior in Facter and not Puppet. - Trey On Wednesday, November 8, 2017 at 3:36:26 PM UTC-5, treydock wrote: > > I just upgraded my Puppet masters and PuppetDB to latest Puppet 5 > releases. All other systems remain Puppet 3.8.6. I've discovered that the > masters and puppetdb running puppet-agent 5.3.3 are no longer sending ENC > (Foreman) parameters as facts to PuppetDB [1]. What's really odd is one of > the parameters, hostgroup, is also put in /etc/facter/facts.d/facts.txt as > a static external fact. The value is returned by "facter hostgroup". This > value is no longer being sent to PuppetDB and this is only occurring for > agents running 5.3.3, my 3.8.6 agents are still sending their hostgroup > value as a fact to PuppetDB. I also have custom ruby facts like > hostgroup_parent that are based on the value of hostgroup and these are > returned by facter but no longer exist in PuppetDB for puppet 5.x clients. > This hostgroup_parent is also returned by my ENC as a parameter. It's as > if any facts that facter resolves and also exist in ENC as parameters are > omitted from uploads to PuppetDB. > > I ran puppet with debug on a 5.3.3 client and puppet is picking up the > external facts and resolving the values, so something else must be removing > the values before being sent to PuppetDB. > > Is this behavior intentional? I don't want to rewrite all my hostgroup > based puppet code that queries from puppetdb if this is some kind of bug. > > Thanks, > - Trey > > [1]: > > puppet-agent 5.3.3: > > # curl --cacert /etc/puppetlabs/puppet/ssl/certs/ca.pem --cert > /etc/puppetlabs/puppet/ssl/certs/$(hostname -f).pem --key > /etc/puppetlabs/puppet/ssl/private_keys/$(hostname -f).pem --tlsv1 -X GET > https://puppetdb.DOMAIN:8081/pdb/query/v4/facts --data-urlencode > 'query=["and",["=", "certname", > "puppet0. DOMAIN"],["=","name","hostgroup"]]' > > [] > > puppet 3.8.6: > > # curl --cacert /etc/puppetlabs/puppet/ssl/certs/ca.pem --cert > /etc/puppetlabs/puppet/ssl/certs/$(hostname -f).pem --key > /etc/puppetlabs/puppet/ssl/private_keys/$(hostname -f).pem --tlsv1 -X GET > https://puppetdb. DOMAIN:8081/pdb/query/v4/facts --data-urlencode > 'query=["and",["=", "certname", "logs. DOMAIN"],["=","name","hostgroup"]]' > > > [{"certname":"logs.DOMAIN","name":"hostgroup","value":"base/infrastructure","environment":"production"}] > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/730b556c-4b19-4638-aa3d-607eb9d557f8%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Puppet 5 ENC parameters and facts missing from PuppetDB 5 facts
I just upgraded my Puppet masters and PuppetDB to latest Puppet 5 releases. All other systems remain Puppet 3.8.6. I've discovered that the masters and puppetdb running puppet-agent 5.3.3 are no longer sending ENC (Foreman) parameters as facts to PuppetDB [1]. What's really odd is one of the parameters, hostgroup, is also put in /etc/facter/facts.d/facts.txt as a static external fact. The value is returned by "facter hostgroup". This value is no longer being sent to PuppetDB and this is only occurring for agents running 5.3.3, my 3.8.6 agents are still sending their hostgroup value as a fact to PuppetDB. I also have custom ruby facts like hostgroup_parent that are based on the value of hostgroup and these are returned by facter but no longer exist in PuppetDB for puppet 5.x clients. This hostgroup_parent is also returned by my ENC as a parameter. It's as if any facts that facter resolves and also exist in ENC as parameters are omitted from uploads to PuppetDB. I ran puppet with debug on a 5.3.3 client and puppet is picking up the external facts and resolving the values, so something else must be removing the values before being sent to PuppetDB. Is this behavior intentional? I don't want to rewrite all my hostgroup based puppet code that queries from puppetdb if this is some kind of bug. Thanks, - Trey [1]: puppet-agent 5.3.3: # curl --cacert /etc/puppetlabs/puppet/ssl/certs/ca.pem --cert /etc/puppetlabs/puppet/ssl/certs/$(hostname -f).pem --key /etc/puppetlabs/puppet/ssl/private_keys/$(hostname -f).pem --tlsv1 -X GET https://puppetdb.DOMAIN:8081/pdb/query/v4/facts --data-urlencode 'query=["and",["=", "certname", "puppet0. DOMAIN"],["=","name","hostgroup"]]' [] puppet 3.8.6: # curl --cacert /etc/puppetlabs/puppet/ssl/certs/ca.pem --cert /etc/puppetlabs/puppet/ssl/certs/$(hostname -f).pem --key /etc/puppetlabs/puppet/ssl/private_keys/$(hostname -f).pem --tlsv1 -X GET https://puppetdb. DOMAIN:8081/pdb/query/v4/facts --data-urlencode 'query=["and",["=", "certname", "logs. DOMAIN"],["=","name","hostgroup"]]' [{"certname":"logs.DOMAIN","name":"hostgroup","value":"base/infrastructure","environment":"production"}] -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/243ad315-1d91-452d-ae1d-7c47f6670e9f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] One master per environment, or one to rule them all?
I think a combination of the two makes sense, and that's what we do. Our production masters have many environment to segregate systems. We also have a test master with isolated CA, mcollective, PuppetDB and Foreman to test changes to those systems. Our test environment uses a dedicated puppet environment that way we can use a single r10k managed control repo across all systems. So things like roles and profiles and hiera data can be shared between prod and test puppet with separate changes managed in branches. - Trey -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/93e60b28-e621-41ee-a400-8264da76abb4%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Re: workarounds for ruby segfaults on puppet master
FWIW here's what I put in /etc/puppet/rack/config.ru that has resolved it for me: ARGV --confdir /etc/puppet ARGV --vardir /var/lib/puppet *ARGV --debug* *ARGV --trace* *ARGV --profile* ARGV --logdest /var/log/puppet/puppetmaster.log If I remove the lines the segfaults become a problem. I'm now on Puppet 3.6.2 and this is still an issue that requires the above work around. I have a second Puppetmaster that's on EL7 and I don't have to add this workaround thankfully. They serve the same clients and use the same modules as the masters are load balanced using round-robin DNS, so it's definitely an EL6 issue. Just be sure if you use that work-around to update logrotate to clean out puppetmaster.log as that file will get very large very quickly. The --logdest portion I used to keep the logs out of syslog and so they could be cleaned up more easily using logrotate. - Trey On Wednesday, November 19, 2014 11:02:00 AM UTC-6, Tim.Mooney wrote: All- For those of you that are using puppet on RHEL 6.x (/CentOS/Oracle Linux/Scientific Linux/etc.) and have experienced ruby segfaults on your puppet master(s), what workaround or workarounds have you been using? We have been using puppet 3.4.2 (from Puppet Labs repos) for some time, with a RHEL 6.x puppetmaster under mod_passenger. RHEL 6.x currently has ruby 1.8.7 patchlevel 374 as its default ruby version. In the past couple weeks we've started to see a couple of different clients that are triggering segfaults in ruby on the master during a puppet agent run. Examples include: /usr/lib/ruby/site_ruby/1.8/puppet/util/profiler.rb:30: [BUG] Segmentation fault ruby 1.8.7 (2013-06-27 patchlevel 374) [x86_64-linux] /usr/lib/ruby/site_ruby/1.8/puppet/parser/type_loader.rb:110: [BUG] Segmentation fault ruby 1.8.7 (2013-06-27 patchlevel 374) [x86_64-linux] Web searches related to this issue turned up a thread from puppet-users earlier this year started by treydock: https://groups.google.com/forum/#!topic/puppet-users/qWN6j-eNiZ0 Unfortunately, I've tried a lot of the workarounds suggested in that thread, and none of them seem to reliably avoid the problem. - I tried back-porting the small patch from PUP-1592 to our 3.4.2 puppet master. No luck. - Yesterday, I bit the bullet and upgraded our entire puppet infrastructure from 3.4.2 to 3.7.3. We still see the same segfaults on the master, both under mod_passenger and when running the master in standalone mode for testing. Since RHEL 6.x has alternate versions of some packages (including ruby) available via its Software Collections Library (SCL), I'm tempted to try switching our puppet master to use the ruby193-* packages from SCL. A minor downside is that I won't be able to use the Puppet Labs packages anymore, at least on the master. The big concern I have relates to how advisable it is to use a different version of ruby on the master vs. all of the clients? Have other RHEL users tried this, with any success? Thanks, Tim -- Tim Mooney tim.m...@ndsu.edu javascript: Enterprise Computing Infrastructure 701-231-1076 (Voice) Room 242-J6, Quentin Burdick Building 701-231-8541 (Fax) North Dakota State University, Fargo, ND 58105-5164 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/c7c531ce-3598-471f-befa-51867c3abf89%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Puppet 3.6.2 package gem provider unable to update r10k gem
I have Puppet 3.6.2 on CentOS 7 server acting as Puppetmaster. I had r10k 1.2.1 installed and I changed my ensure to 1.3.4. My other Puppetmaster running CentOS 6 had no problem with this (except for NOTICE output being printed as an error). The CentOS 7 system fails with the following: Debug: Executing '/usr/bin/gem install -v 1.3.4 --no-rdoc --no-ri r10k ' Error: Could not update: Execution of '/usr/bin/gem install -v 1.3.4 --no-rdoc --no-ri r10k ' returned 1: ERROR: Can't use --version w/ multiple gems. Use name:ver instead. snip trace output Error: /Stage[main]/R10k::Install/Package[r10k]/ensure: change from [1.2.1] to 1.3.4 failed: Could not update: Execution of '/usr/bin/gem install -v 1.3.4 --no-rdoc --no-ri r10k ' returned 1: ERROR: Can't use --version w/ multiple gems. Use name:ver instead. If I run that gem install command outside Puppet, on the same server, it works just fine. # /usr/bin/gem install -v 1.3.4 --no-rdoc --no-ri r10k Fetching: r10k-1.3.4.gem (100%) NOTICE == If you are upgrading from 1.1.0 and are using multiple sources, please read this. (If not, feel free to continue with your regularly scheduled day.) GH-48 (https://github.com/adrienthebo/r10k/issues/48) introduced the ability for environments to be prefixed with the source name so that multiple sources installed into the same directory would not overwrite each other. However prefixing was automatically enabled and would break existing setups where multiple sources were cloned into different directories. Because this introduced a breaking change, SemVer dictates that the automatic prefixing has to be rolled back. Prefixing can be enabled but always defaults to off. If you are relying on this behavior you will need to update your r10k.yaml to enable prefixing on a per-source basis. Please see the issue (https://github.com/adrienthebo/r10k/issues/48) for more information. Successfully installed r10k-1.3.4 1 gem installed # echo $? 0 - Trey -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/b3dbd100-1a14-4b79-a41b-a11950761355%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Exported resources applied on exporting host - EL7 only
I have noticed a very strange problem on CentOS 7 nodes where they are collecting and/or applying their exported resources. I have a class called brazos::firewall that's used internally to export a firewall rule that is then collected by brazos::gw to allow specific systems through the gateway server's NAT. Below are the actual classes. I've found that on CentOS 6 systems, the resource is correctly exported (NOT applied by exporting host) and collected by the gw server. On CentOS 7 systems the resource is exported, and also applied by the exporting host when it's not supposed to be. All systems are running Puppet 3.6.2. I have tested this issue using the Pupppetlabs yum repo version of Puppet as well as the EPEL7 version, both show this issue. How can this behavior be debugged? I have looked in /var/lib/puppet/state/classes.txt on the nodes incorrectly applying their exported resource and the brazos::gw class is not listed. I have no idea WHY the Firewall resource is being applied when it should be exported. I am using Hiera to assign classes and set parameters and Foreman to set the environment and provide various top-scope variables. The only thing applied to EL7 systems that's different than EL6 systems in my Hiera configuration is the path to EPEL repos, paths to a few commands (like mco), and the Puppet version. No separate classes are applied that differ from EL6 systems. Thanks - Trey brazos::firewall: class brazos::firewall ( $allow_forward = false, ) inherits brazos::params { validate_bool($allow_forward) if $allow_forward { @@firewall { 050 allow forward ${::fqdn}: ensure = 'present', chain = 'FORWARD', action = 'accept', proto = 'all', source = $::fqdn, destination = '0.0.0.0/0', tag = 'allow_forward', } } } brazos::gw: class brazos::gw ( $private_interface = 'UNSET', $private_subnet = '192.168.200.0/22', $ib_interface = 'ib0', $ib_subnet = '192.168.208.0/22', $public_interface = 'UNSET', ) inherits brazos::params { snip Firewall | tag == 'allow_forward' | snip } -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/15ce31eb-07bd-4076-bc75-4f51f577162f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] apache module class order issue with ENC
I'm attempting to use puppetlabs-apache with all my classes defined via Foreman (1.5.1) with Puppet 3.4.3. Servers are all CentOS 6.5. With puppetlabs-apache-1.0.1 when I applied both the apache class and apache::mod::ssl class in Foreman I received this error on the server: Error: Could not retrieve catalog from remote server: Error 400 on SERVER: undefined method `=' for :undef:Symbol at /etc/puppet/environments/production/modules/apache/manifests/mod/ssl.pp:36 on node web01.brazos.tamu.edu Warning: Not using cache on failed catalog Error: Could not retrieve catalog; skipping run I found the commit that changed how apache_version was handled and deployed that and then I get: Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Failed to parse template apache/mod/ssl.conf.erb: Filepath: /usr/lib/ruby/site_ruby/1.8/puppet/util/package.rb Line: 4 Detail: private method `scan' called for nil:NilClass at /etc/puppet/environments/production/modules/apache/manifests/mod/ssl.pp:51 on node web01.brazos.tamu.edu Warning: Not using cache on failed catalog Error: Could not retrieve catalog; skipping run This time the @apache_version variable in the template is being passed the to versoncmp function, producing that error. I don't know if this is a symptom of using an ENC, or a bug in the apache module, but the class parameters in apache::mod::ssl reference the apache class and despite the class being defined, the variables are all 'undef'. I also ran into this same issue when I applied the apache::mod::wsgi class: Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Invalid relationship: File[wsgi.conf] { before = File[undef] }, because File[undef] doesn't seem to be in the catalog Warning: Not using cache on failed catalog Error: Could not retrieve catalog; skipping run In that case the fix was easier, just add include ::apache to the top of the class. Thanks - Trey -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/f1d69f13-7a11-40cf-b5ab-0f33e8e6038f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] puppetlabs_spec_helper 0.5.x breaks puppet-lint's ignore_paths ?
Version 0.5.x of puppetlabs_spec_helper seems to make it impossible to add additional paths to be ignored using PuppetLint.configuration.ignore_paths. If I pin my module to ~ 0.4.0 for puppetlabs_spec_helper, the ignore_paths defined in my Rakefile are respected. Commit 4ca208bde329aa6861094ccefa07fc8338de6691 added PuppetLint.configuration.ignore_paths to the puppetlabs_spec_helper lint task, but wasn't till today that my modules began using puppetlabs_spec_helper 0.5.x. An example of the Rakefile I use on dozens of Puppet modules, https://github.com/treydock/puppet-zfsonlinux/blob/master/Rakefile. Is this user error on my part or an actual bug? The problem I'm hitting is that the pkg directory is making the autoload tests fail because my PuppetLint.configuration.ignore_paths in the Rakefile are seemingly ignored. Thanks - Trey -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/6891176a-b735-43e4-9a6f-07a701e8199b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Exported Concat::Fragment not using concat_basedir
I am having a very odd issue when exporting Concat::Fragment resources. They export just fine, but if the node that exported the resource tries to also realize that resource, the fragment loses the path defined by concat_basedir. The export: @@concat::fragment { slurm.conf-nodelist_${::hostname}: tag = 'slurm_nodelist', target = '/etc/slurm/slurm.conf', content = template('slurm/slurm.conf/worker/slurm.conf.nodelist.erb'), order = 2, } In the same class, the resource is realized: Concat::Fragment | tag == 'slurm_nodelist' | That same collector is used by another class and it successfully realized the resource at '/var/lib/puppet/concat/_etc_slurm_slurm.conf/fragments/2_slurm.conf-nodelist_c0926b'. The node that exported the resource is trying to create the fragment at '/_etc_slurm_slurm.conf/fragments/2_slurm.conf-nodelist_c0926b'. This is the error I get Error: Could not set 'present' on ensure: cannot generate tempfile `/_etc_slurm_slurm.conf/fragments/2_slurm.conf-nodelist_c0926b20140502-22071-9r3m7r-9' at 66:/etc/puppet/environments/production/modules/concat/manifests/fragment.pp Error: Could not set 'present' on ensure: cannot generate tempfile `/_etc_slurm_slurm.conf/fragments/2_slurm.conf-nodelist_c0926b20140502-22071-9r3m7r-9' at 66:/etc/puppet/environments/production/modules/concat/manifests/fragment.pp Wrapped exception: cannot generate tempfile `/_etc_slurm_slurm.conf/fragments/2_slurm.conf-nodelist_c0926b20140502-22071-9r3m7r-9' Error: /Stage[main]/Slurm::Worker::Config/Concat::Fragment[slurm.conf-nodelist_c0926b]/File[/_etc_slurm_slurm.conf/fragments/2_slurm.conf-nodelist_c0926b]/ensure: change from absent to present failed: Could not set 'present' on ensure: cannot generate tempfile `/_etc_slurm_slurm.conf/fragments/2_slurm.conf-nodelist_c0926b20140502-22071-9r3m7r-9' at 66:/etc/puppet/environments/production/modules/concat/manifests/fragment.pp The module I'm working on is at https://github.com/treydock/puppet-slurm. As a temporary workaround I've done 'mkdir -p /_etc_slurm_slurm.conf/fragments' to allow the fragments to be created, as I'm still unsure if I want to use concat or file_line exports. Working: https://github.com/treydock/puppet-slurm/blob/master/manifests/master/config.pp#L73 Failing: https://github.com/treydock/puppet-slurm/blob/master/manifests/worker/config.pp#L121 The node does have the concat_basedir fact present: # facter -p concat_basedir /var/lib/puppet/concat Both systems are on Puppet 3.4.3. I'm using PuppetDB 1.6.2 and puppetlabs-concat-1.0.2. Thanks - Trey -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/cae901ad-80cf-46b1-b984-2c3562ea000c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] puppet module permissions - librarian-puppet
I have noticed lately that on my development system (OS X) and my production Puppet master (CentOS 6.5) that when installing puppet modules using librarian-puppet the permissions of some modules and files is very restrictive to the point where the puppetmaster can't read the files. Some modules end up with all files being 0400, while some end up 0644 and some 0664. The files read-only to user are unable to be accessed by the Passenger based Puppet master and the files that sometimes go from 0664 to 0644 are creating a lot of noise in agent reports. Is there a defacto standard for the appropriate permissions, especially for custom puppet providers/types/functions? I've noticed that whatever the permissions end up being on the master is what they get set to on the clients. I'm unsure if the permissions are being set by librarian-puppet, the puppet module command, or some other mechanism. The permissions are always like this after a bundle exec librarian-puppet install. I've since had to put a script in my librarian-puppet repo that executes a find and modifies permissions, which does not seem right. Curious if anyone else has seen this or has suggestions for how to debug. Thanks - Trey -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/bc4f86d5-0c65-4ec6-bc98-43f437a611e6%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Unable to use centos-510-x64 vagrant box with beaker-rspec
: urlopen error (-3, 'Temporary failure in name resolution') Trying other mirror. http://mirrors.sonic.net/centos/5.10/extras/x86_64/repodata/repomd.xml: [Errno 4] IOError: urlopen error (-3, 'Temporary failure in name resolution') Trying other mirror. http://yum.phx.singlehop.com/centos/5.10/extras/x86_64/repodata/repomd.xml: [Errno 4] IOError: urlopen error (-3, 'Temporary failure in name resolution') Trying other mirror. http://yum.singlehop.com/CentOS/5.10/extras/x86_64/repodata/repomd.xml: [Errno 4] IOError: urlopen error (-3, 'Temporary failure in name resolution') Trying other mirror. ftp://mirror.nandomedia.com/pub/CentOS/5.10/updates/x86_64/repodata/repomd.xml: [Errno 4] IOError: urlopen error (-2, 'Name or service not known') Trying other mirror. http://bay.uchicago.edu/centos/5.10/updates/x86_64/repodata/repomd.xml: [Errno 4] IOError: urlopen error (-3, 'Temporary failure in name resolution') Trying other mirror. http://centos.aol.com/5.10/updates/x86_64/repodata/repomd.xml: [Errno 4] IOError: urlopen error (-3, 'Temporary failure in name resolution') Trying other mirror. http://centos.mirrors.hoobly.com/5.10/updates/x86_64/repodata/repomd.xml: [Errno 4] IOError: urlopen error (-3, 'Temporary failure in name resolution') Trying other mirror. http://mirror.chpc.utah.edu/pub/centos/5.10/updates/x86_64/repodata/repomd.xml: [Errno 4] IOError: urlopen error (-3, 'Temporary failure in name resolution') Trying other mirror. http://mirror.cs.uwp.edu/pub/centos/5.10/updates/x86_64/repodata/repomd.xml: [Errno 4] IOError: urlopen error (-3, 'Temporary failure in name resolution') Trying other mirror. http://mirror.es.its.nyu.edu/centos/5.10/updates/x86_64/repodata/repomd.xml: [Errno 4] IOError: urlopen error (-3, 'Temporary failure in name resolution') Trying other mirror. http://mirror.oss.ou.edu/centos/5.10/updates/x86_64/repodata/repomd.xml: [Errno 4] IOError: urlopen error (-3, 'Temporary failure in name resolution') Trying other mirror. http://mirrors.advancedhosters.com/centos/5.10/updates/x86_64/repodata/repomd.xml: [Errno 4] IOError: urlopen error (-3, 'Temporary failure in name resolution') Trying other mirror. http://mirrors.usc.edu/pub/linux/distributions/centos/5.10/updates/x86_64/repodata/repomd.xml: [Errno 4] IOError: urlopen error (-3, 'Temporary failure in name resolution') Trying other mirror. Setting up Install Process No package ntpdate available. Nothing to do centos-510-x64 executed in 4800.41 seconds centos-510-x64 16:06:38$ rpm -ivh http://yum.puppetlabs.com/puppetlabs-release-el-5.noarch.rpm error: skipping http://yum.puppetlabs.com/puppetlabs-release-el-5.noarch.rpm - transfer failed - Unknown or unexpected error Retrieving http://yum.puppetlabs.com/puppetlabs-release-el-5.noarch.rpm centos-510-x64 executed in 80.01 seconds Exited: 1 /Users/treydock/.rvm/gems/ruby-1.8.7-p371@puppet_dev/gems/beaker-1.9.1/lib/beaker/host.rb:183:in `exec': Host 'centos-510-x64' exited with 1 running: (Beaker::Host::CommandFailure) rpm -ivh http://yum.puppetlabs.com/puppetlabs-release-el-5.noarch.rpm Last 10 lines of output were: error: skipping http://yum.puppetlabs.com/puppetlabs-release-el-5.noarch.rpm - transfer failed - Unknown or unexpected error Retrieving http://yum.puppetlabs.com/puppetlabs-release-el-5.noarch.rpm from /Users/treydock/.rvm/gems/ruby-1.8.7-p371@puppet_dev/gems/beaker-1.9.1/lib/beaker/dsl/helpers.rb:85:in `on' from /Users/treydock/.rvm/gems/ruby-1.8.7-p371@puppet_dev/gems/beaker-1.9.1/lib/beaker/dsl/install_utils.rb:445:in `install_puppet' from /Users/treydock/.rvm/gems/ruby-1.8.7-p371@puppet_dev/gems/beaker-1.9.1/lib/beaker/dsl/install_utils.rb:442:in `each' from /Users/treydock/.rvm/gems/ruby-1.8.7-p371@puppet_dev/gems/beaker-1.9.1/lib/beaker/dsl/install_utils.rb:442:in `install_puppet' from /Users/treydock/puppet/modules/repo_centos/spec/spec_helper_acceptance.rb:6 from /Users/treydock/puppet/modules/repo_centos/spec/spec_helper_acceptance.rb:4:in `each' from /Users/treydock/puppet/modules/repo_centos/spec/spec_helper_acceptance.rb:4 from /Users/treydock/puppet/modules/repo_centos/spec/acceptance/01_repo_centos_spec.rb:1:in `require' from /Users/treydock/puppet/modules/repo_centos/spec/acceptance/01_repo_centos_spec.rb:1 from /Users/treydock/.rvm/gems/ruby-1.8.7-p371@puppet_dev/gems/rspec-core-2.14.8/lib/rspec/core/configuration.rb:896:in `load' from /Users/treydock/.rvm/gems/ruby-1.8.7-p371@puppet_dev/gems/rspec-core-2.14.8/lib/rspec/core/configuration.rb:896:in `load_spec_files' from /Users/treydock/.rvm/gems/ruby-1.8.7-p371@puppet_dev/gems/rspec-core-2.14.8/lib/rspec/core/configuration.rb:896:in `each' from /Users/treydock/.rvm/gems/ruby-1.8.7-p371@puppet_dev/gems/rspec-core-2.14.8/lib/rspec/core/configuration.rb:896:in `load_spec_files' from /Users/treydock/.rvm/gems/ruby-1.8.7-p371@puppet_dev/gems/rspec-core-2.14.8/lib/rspec/core/command_line.rb:22:in `run' from /Users/treydock/.rvm/gems/ruby-1.8.7
[Puppet Users] beaker-rspec failing to test resources with should_not matcher
This MAY be a bug with serverspec or specinfra gems, but I was hoping someone here could help me identify the problem. I wrote some tests that ensure file resources are removed and yumrepo resources are disabled. I was using older beaker gem and recently updated to latest 1.9.1 to find that my should_not matchers all fail. describe yumrepo('centos-scl') do it { should exist } it { should_not be_enabled } end centos-65-x64 17:29:19$ yum repolist all -C | grep ^centos-scl | grep enabled centos-65-x64 executed in 0.14 seconds Exited: 1 should not be enabled (FAILED - 4) should not be enabled (FAILED - 4) 4) repo_centos class default parameters Yumrepo centos-scl should not be enabled Failure/Error: it { should_not be_enabled } yum repolist all -C | grep ^centos-scl | grep enabled expected Yumrepo centos-scl not to be enabled The same false failure occurs for file with should_not be_file matcher. describe file('/etc/yum.repos.d/CentOS-Base.repo') do it { should_not be_file } end 6) repo_centos class default parameters File /etc/yum.repos.d/CentOS-Base.repo should not be file Failure/Error: it { should_not be_file } test -f /etc/yum.repos.d/CentOS-Base.repo expected file? to return false, got #SpecInfra::CommandResult:0x10eff4498 @stderr=, @stdout=, @exit_signal=nil, @exit_status=1 # ./spec/acceptance/01_repo_centos_spec.rb:56 The module I'm working on is at https://github.com/treydock/repo_centos. Thanks - Trey -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/5d9ef6d6-f753-42c4-bede-bb3c1544212e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Puppet under passenger constantly crashing
I recently moved from manually configured Puppetmaster under passenger to fully managed using theforeman/puppet module. Now I am experiencing constant crashes (every few minutes) of the passenger process that runs the puppetmaster. Host is CentOS 6.5 running Puppet 3.4.3. This is the entry I see in /var/log/httpd/puppet_error_ssl.log: [Tue Mar 25 16:25:26 2014] [error] [client 127.0.0.1] Premature end of script headers: production This is the entry I see in /var/log/httpd/error_log /usr/lib/ruby/site_ruby/1.8/puppet/parser/ast.rb:49: [BUG] rb_gc_mark(): unknown data type 0x20(0x2e6b230) non object ruby 1.8.7 (2011-06-30 patchlevel 352) [x86_64-linux] [ pid=28256 thr=139906534451168 file=ext/apache2/Hooks.cpp:841 time=2014-03-25 16:25:26.86 ]: The backend application (process 32724) did not send a valid HTTP response; instead, it sent nothing at all. It is possible that it has crashed; please check whe. /etc/httpd/conf.d/passenger.conf: LoadModule passenger_module modules/mod_passenger.so IfModule mod_passenger.c PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-3.0.19 PassengerRuby /usr/bin/ruby PassengerTempDir /var/run/rubygem-passenger /IfModule /etc/httpd/conf.d/25-puppet.conf # # Vhost template in module puppetlabs-apache # Managed by Puppet # VirtualHost *:8140 ServerName puppet ## Vhost docroot DocumentRoot /etc/puppet/rack/public/ ## Directories, there should at least be a declaration for /etc/puppet/rack/public/ Directory /etc/puppet/rack/public/ AllowOverride None Order allow,deny Allow from all PassengerEnabled On /Directory ## Load additional static includes ## Logging ErrorLog /var/log/httpd/puppet_error_ssl.log ServerSignature Off CustomLog /var/log/httpd/puppet_access_ssl.log combined ## SSL directives SSLEngine on SSLCertificateFile /var/lib/puppet/ssl/certs/puppet.DOMAIN.pem SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/puppet.DOMAIN.pem SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem SSLCACertificatePath/etc/pki/tls/certs SSLCACertificateFile/var/lib/puppet/ssl/ca/ca_crt.pem SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem SSLProtocol -ALL +SSLv3 +TLSv1 SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP SSLVerifyClient optional SSLVerifyDepth 1 SSLOptions +StdEnvVars +ExportCertData ## Request header rules ## as per http://httpd.apache.org/docs/2.2/mod/mod_headers.html#requestheader RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e RequestHeader unset X-Forwarded-For ## Custom fragment /VirtualHost Any suggestions or means to work around this issue? Thanks - Trey -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/570ab513-d4e3-4c42-9481-c53ac49e2845%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Re: Puppet under passenger constantly crashing
As an update, I tried running 'puppet master --no-daemonize --debug' and am seeing a segmentation fault running outside of passenger/apache... /usr/lib/ruby/site_ruby/1.8/puppet/parser/scope.rb:555: [BUG] Segmentation fault ruby 1.8.7 (2011-06-30 patchlevel 352) [x86_64-linux] another run /usr/lib/ruby/1.8/pathname.rb:287: [BUG] rb_gc_mark(): unknown data type 0x10(0x935ce90) non object ruby 1.8.7 (2011-06-30 patchlevel 352) [x86_64-linux] This only seems occur most frequently when I run puppet agent --test from the puppet master server. Remote clients do not seem to crash puppet master as frequently. On Tuesday, March 25, 2014 4:30:27 PM UTC-5, treydock wrote: I recently moved from manually configured Puppetmaster under passenger to fully managed using theforeman/puppet module. Now I am experiencing constant crashes (every few minutes) of the passenger process that runs the puppetmaster. Host is CentOS 6.5 running Puppet 3.4.3. This is the entry I see in /var/log/httpd/puppet_error_ssl.log: [Tue Mar 25 16:25:26 2014] [error] [client 127.0.0.1] Premature end of script headers: production This is the entry I see in /var/log/httpd/error_log /usr/lib/ruby/site_ruby/1.8/puppet/parser/ast.rb:49: [BUG] rb_gc_mark(): unknown data type 0x20(0x2e6b230) non object ruby 1.8.7 (2011-06-30 patchlevel 352) [x86_64-linux] [ pid=28256 thr=139906534451168 file=ext/apache2/Hooks.cpp:841 time=2014-03-25 16:25:26.86 ]: The backend application (process 32724) did not send a valid HTTP response; instead, it sent nothing at all. It is possible that it has crashed; please check whe. /etc/httpd/conf.d/passenger.conf: LoadModule passenger_module modules/mod_passenger.so IfModule mod_passenger.c PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-3.0.19 PassengerRuby /usr/bin/ruby PassengerTempDir /var/run/rubygem-passenger /IfModule /etc/httpd/conf.d/25-puppet.conf # # Vhost template in module puppetlabs-apache # Managed by Puppet # VirtualHost *:8140 ServerName puppet ## Vhost docroot DocumentRoot /etc/puppet/rack/public/ ## Directories, there should at least be a declaration for /etc/puppet/rack/public/ Directory /etc/puppet/rack/public/ AllowOverride None Order allow,deny Allow from all PassengerEnabled On /Directory ## Load additional static includes ## Logging ErrorLog /var/log/httpd/puppet_error_ssl.log ServerSignature Off CustomLog /var/log/httpd/puppet_access_ssl.log combined ## SSL directives SSLEngine on SSLCertificateFile /var/lib/puppet/ssl/certs/puppet.DOMAIN.pem SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/puppet.DOMAIN.pem SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem SSLCACertificatePath/etc/pki/tls/certs SSLCACertificateFile/var/lib/puppet/ssl/ca/ca_crt.pem SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem SSLProtocol -ALL +SSLv3 +TLSv1 SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP SSLVerifyClient optional SSLVerifyDepth 1 SSLOptions +StdEnvVars +ExportCertData ## Request header rules ## as per http://httpd.apache.org/docs/2.2/mod/mod_headers.html#requestheader RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e RequestHeader unset X-Forwarded-For ## Custom fragment /VirtualHost Any suggestions or means to work around this issue? Thanks - Trey -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/f8163a17-abed-4735-9b90-49e62b9306ce%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] puppet certificate generate fails for mcollective client
Following the mcollective documentation [1] for adding clients to execute mco commands when using SSL I am getting an error executing the 'puppet certificate generate' command as my user account. I feel like I'm missing something very obvious here. $ puppet certificate generate treydock --ssldir ~/.mcollective.d/credentials --ca-location remote --ca_server puppet.DOMAIN Error: The certificate retrieved from the master does not match the agent's private key. Certificate fingerprint: E3:EA:FA:AD:68:53:D8:AF:DB:63:C9:2A:89:CC:68:AA:4F:B2:35:F6:9F:8C:E0:3C:3F:56:D5:1F:41:45:0D:53 To fix this, remove the certificate from both the master and the agent and then start a puppet run, which will automatically regenerate a certficate. On the master: puppet cert clean login3.DOMAIN On the agent: rm -f /home/treydock/.mcollective.d/credentials/certs/login3.DOMAIN.pem puppet agent -t Error: Try 'puppet help certificate generate' for usage This happens from all my systems. The host 'login3' puppet.conf (comments removed): $ cat /etc/puppet/puppet.conf [main] logdir = /var/log/puppet rundir = /var/run/puppet ssldir = $vardir/ssl privatekeydir = $ssldir/private_keys { group = service } hostprivkey = $privatekeydir/$certname.pem { mode = 640 } autosign = $confdir/autosign.conf { mode = 664 } [agent] classfile = $vardir/classes.txt localconfig = $vardir/localconfig default_schedules = false report= true pluginsync= true masterport= 8140 environment = production certname = login3.brazos.tamu.edu server= puppet.brazos.tamu.edu listen= false splay = false runinterval = 3600 noop = true show_diff = true configtimeout = 120 Thanks - Trey [1] - http://docs.puppetlabs.com/mcollective/deploy/standard.html#managing-client-credentials -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/a31a3ff6-4907-4fd4-a496-b03869e8a151%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Facter errors with InfiniBand and VDSM
I have an ovirt node that has Infiniband and I'm seeing two seperate errors when running facter. sh: vdsmdummy: command not found and Ifconfig uses the ioctl access method to get the full address information, which limits hardware addresses to 8 bytes. Because Infiniband address has 20 bytes, only the first 8 bytes are displayed correctly. Ifconfig is obsolete! For replacement check ip. I'm using the --trace option with facter but am not seeing any backtrace information to identify and submit a fix for these two issues. Installed packages on CentOS 6.5: facter.x86_64 1:1.7.4-1.el6 @puppetlabs-products puppet.noarch 3.4.2-1.el6 @puppetlabs-products The vdsmdummy is likely from the bridge created by VDSM: $ brctl show bridge name bridge id STP enabled interfaces ;vdsmdummy; 8000. no ipmi8000.003048bc981e no eth0.2 ovirtmgmt 8000.003048bc981e no eth0.1 public 8000.003048bc981f no eth1 So far I think the reason the vdsmdummy: command not found is the semi-colons are passed to the /sbin/ip command and appear like subcommands. The Infiniband issue seems to be STDERR being printed as a ifconfig 2/dev/null does not print that message. Thanks - Trey -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/64b3dc17-6e6f-472d-b280-da91158dcc49%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Facter errors with InfiniBand and VDSM
After some debugging it seems it's the ;vdsmdummy; interface that's causing both problems. I have a host with Infiniband, and the same version of Puppet and Facter, that has no errors running facter. My guess is when ifconfig is executed for ;vdsmdummy; it's not using '2 /dev/null', but I can't identify where in the Facter code this is happening. I updated Facter to 1.7.5-rc2 and the error is still the same on the host with the ;vdsmdummy; bridge device. Thanks - Trey On Sunday, February 9, 2014 3:17:10 PM UTC-6, treydock wrote: I have an ovirt node that has Infiniband and I'm seeing two seperate errors when running facter. sh: vdsmdummy: command not found and Ifconfig uses the ioctl access method to get the full address information, which limits hardware addresses to 8 bytes. Because Infiniband address has 20 bytes, only the first 8 bytes are displayed correctly. Ifconfig is obsolete! For replacement check ip. I'm using the --trace option with facter but am not seeing any backtrace information to identify and submit a fix for these two issues. Installed packages on CentOS 6.5: facter.x86_64 1:1.7.4-1.el6 @puppetlabs-products puppet.noarch 3.4.2-1.el6 @puppetlabs-products The vdsmdummy is likely from the bridge created by VDSM: $ brctl show bridge name bridge id STP enabled interfaces ;vdsmdummy; 8000. no ipmi8000.003048bc981e no eth0.2 ovirtmgmt 8000.003048bc981e no eth0.1 public 8000.003048bc981f no eth1 So far I think the reason the vdsmdummy: command not found is the semi-colons are passed to the /sbin/ip command and appear like subcommands. The Infiniband issue seems to be STDERR being printed as a ifconfig 2/dev/null does not print that message. Thanks - Trey -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/80905d1a-2f20-44ce-9582-024e6a792f35%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] zpool resource fails with incorrect error
I'm working to expand / develop on the zpool built-in type, but the zpool command is failing and Puppet's returned stderr is not what I get if I copy/paste the command given by the debug output. # cat /etc/puppet/manifests/zpool_raidz2.pp zpool { 'tank': ensure = present, raidz = [ 'd01 d02 d03 d04', 'd05 d06 d07 d08' ], raid_parity = 'raidz2', pool= 'tank', log_mirror = 'd09 d10', force = true, } I've put the full trace/debug in pastebin [1]. You'll have to excuse the extra debug lines, as I'm trying to do a few things. * Add logged mirror support * Figure out and fix the inability to create striped RAIDZ sets * Add property for cache devices The main error is this... Error: /Stage[main]//Zpool[tank]/ensure: change from absent to present failed: Execution of '/sbin/zpool create -f tank raidz2 d01 d02 d03 d04 raidz2 d05 d06 d07 d08 log mirror d09 d10' returned 1: cannot open 'd01 d02 d03 d04': no such device in /dev must be a full path or shorthand device name However if I run that exact command, I receive no error. # /sbin/zpool create -f tank raidz2 d01 d02 d03 d04 raidz2 d05 d06 d07 d08 log mirror d09 d10 # echo $? 0 # zpool status pool: tank state: ONLINE scan: none requested config: NAMESTATE READ WRITE CKSUM tankONLINE 0 0 0 raidz2-0 ONLINE 0 0 0 d01 ONLINE 0 0 0 d02 ONLINE 0 0 0 d03 ONLINE 0 0 0 d04 ONLINE 0 0 0 raidz2-1 ONLINE 0 0 0 d05 ONLINE 0 0 0 d06 ONLINE 0 0 0 d07 ONLINE 0 0 0 d08 ONLINE 0 0 0 logs mirror-2 ONLINE 0 0 0 d09 ONLINE 0 0 0 d10 ONLINE 0 0 0 errors: No known data errors This is being done in a Vagrant VM as part of my puppet-zfsonlinux module , which I've uploaded to github [2]. I don't have much experience in custom types and providers so am unsure where to begin on debugging the errors when I can't reproduce them via command line. [1] - http://pastebin.com/Lcy6feyt [2] - https://github.com/treydock/puppet-zfsonlinux/tree/development_zpool_type -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] facter's zpool_version errors using zfsonlinux
Has anyone run into an issue with zfsonlinux = 0.6.1 failing to work with the Facter zpool_version fact? I get the following error Could not retrieve zfs_version: undefined method `captures' for nil:NilClass which a bug report [1] indicates was fixed. I'm curious if it's a real issue. I have a code change to contribute that has a seperate means of checking zpool_version using confine :kernel = Linux. Should this be a new bug or attached to the other recent bug [1] ? Ran into with puppet-3.1.1 and facter-1.7.0 I believe the underlying problem is that the zpool upgrade -v in zfsonlinux does not output the version number anymore. Using a basic dmesg | grep 'ZFS:' with the same captures line seems to work. I uploaded my module [2] with the proposed facter fact addition if someone would like to confirm this. I have only confirmed in vagrant tests, haven't pushed to my Puppet master yet, but I saw the symptoms on my live systems. Thanks - Trey [1] - http://projects.puppetlabs.com/issues/17794 [2] - https://github.com/treydock/puppet-zfsonlinux -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] puppetlabs-mysql module
You can supply values to override those defined in /etc/my.cnf by adding files to /etc/mysql/conf.d. The module makes the overrides possible with the default configuration in my.cnf, I believe the IncludeDir line. Using phone so difficult to reference. - Trey -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/D98HPPDdiLEJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Catalog compile times 40s - Puppet 2.7.18
On Sunday, December 9, 2012 1:41:34 PM UTC-6, treydock wrote: I am finding that the puppetlabs-apache module is somehow adding 30-60 seconds onto a host's catalog compile time when the puppetmaster has no other hosts contacting or generating catalogs. The Puppetmaster is setup to use Puppet-2.7.18 - Apache Passenger. RIght now only 2 hosts are even configured to use this new PM, the PM itself and a Foreman host. With neither hosts contacting the PM, and disabling the include apache and require apache::mod::dev in puppetlabs-passenger, I get Config retrieval: 2.45. Catalogs had hostnames replaced, puppetmaster.tld is the CNAME for Puppet master and puppetmaster-host.tld is the actual hostname. Catalog: http://pastebin.com/V29JmB8J # puppet agent --{summarize,test,debug,evaltrace,noop} | perl -pe 's/^/localtime().: /e' snip Sun Dec 9 13:05:35 2012: notice: Finished catalog run in 2.43 seconds Sun Dec 9 13:05:35 2012: Changes: Sun Dec 9 13:05:35 2012: Events: Sun Dec 9 13:05:35 2012: Total: 1 Sun Dec 9 13:05:35 2012: Noop: 1 Sun Dec 9 13:05:35 2012: Resources: Sun Dec 9 13:05:35 2012: Out of sync: 1 Sun Dec 9 13:05:35 2012: Total: 22 Sun Dec 9 13:05:35 2012: Skipped: 6 Sun Dec 9 13:05:35 2012: Time: Sun Dec 9 13:05:35 2012: Resources: 0.00 Sun Dec 9 13:05:35 2012:Filebucket: 0.00 Sun Dec 9 13:05:35 2012: Package: 0.00 Sun Dec 9 13:05:35 2012: File: 0.00 Sun Dec 9 13:05:35 2012: Firewall: 0.01 Sun Dec 9 13:05:35 2012: Exec: 0.14 Sun Dec 9 13:05:35 2012: Last run: 1355079935 Sun Dec 9 13:05:35 2012:Config retrieval: 2.45 Sun Dec 9 13:05:35 2012: Total: 2.61 Sun Dec 9 13:05:35 2012: Version: Sun Dec 9 13:05:35 2012:Config: 1355077701 Sun Dec 9 13:05:35 2012:Puppet: 2.7.18 Uncommenting include apache and require apache::mod::dev in puppetlabs-passenger about 40 seconds are added to the compile time. I went through disabled all modules and parameters, and found that enabling the passenger module alone with Apache included caused the huge delay. Catalog: http://pastebin.com/wwcKgX5b # puppet agent --{summarize,test,debug,evaltrace,noop} | perl -pe 's/^/localtime().: /e' snip Sun Dec 9 13:13:08 2012: notice: Finished catalog run in 2.23 seconds Sun Dec 9 13:13:08 2012: Changes: Sun Dec 9 13:13:08 2012: Events: Sun Dec 9 13:13:08 2012: Total: 4 Sun Dec 9 13:13:08 2012: Noop: 4 Sun Dec 9 13:13:08 2012: Resources: Sun Dec 9 13:13:08 2012: Out of sync: 4 Sun Dec 9 13:13:08 2012: Skipped: 6 Sun Dec 9 13:13:08 2012: Total: 80 Sun Dec 9 13:13:08 2012: Time: Sun Dec 9 13:13:08 2012:Filebucket: 0.00 Sun Dec 9 13:13:08 2012: Resources: 0.00 Sun Dec 9 13:13:08 2012: Package: 0.00 Sun Dec 9 13:13:08 2012: Firewall: 0.01 Sun Dec 9 13:13:08 2012: File: 0.01 Sun Dec 9 13:13:08 2012: A2mod: 0.03 Sun Dec 9 13:13:08 2012: Service: 0.07 Sun Dec 9 13:13:08 2012: Exec: 0.14 Sun Dec 9 13:13:08 2012: Last run: 1355080388 Sun Dec 9 13:13:08 2012:Config retrieval: 42.79 Sun Dec 9 13:13:08 2012: Total: 43.06 Sun Dec 9 13:13:08 2012: Version: Sun Dec 9 13:13:08 2012:Config: 1355080261 Sun Dec 9 13:13:08 2012:Puppet: 2.7.18 The install is via RPM. I'm using the Fedora SRPMs rebuilt for CentOS 6. The Puppet master has two environments, development and production with this as the puppet.conf # cat /etc/puppet/puppet.conf --- [main] server= puppetmaster.tld logdir= /var/log/puppet vardir= /var/lib/puppet ssldir= /var/lib/puppet/ssl rundir= /var/run/puppet factpath = $vardir/lib/facter pluginsync= true templatedir = $confdir/templates [agent] report = true environment = production preferred_serialization_format = yaml [master] modulepath= /etc/puppet/environments/$environment/modules:/etc/puppet/modules manifest = /etc/puppet/manifests/site.pp environment = production autosign = false ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY certname = puppetmaster.tld dns_alt_names = puppetmaster.tld,puppetmaster-host.tld report= true reports = store #reports = store, foreman [production] manifest = /etc/puppet/manifests/site.pp Has anyone run into this issue with puppetlabs-apache or know why my compile times are so long? I have
[Puppet Users] YAML as File resource template Error , can't convert Hash to String
Using exported resources I'm trying to have a host export a File resource generated from a yaml template, to another host. The host that gets the exported resource is throwing errors like this err: Failed to apply catalog: Parameter content failed: Munging failed for value {parameters={macaddress_p2p1=00:15:17:80:5A:3E, macaddress_p2p2=00:15:17:80:5A:3F, macaddress_eth0=00:1E:C9:55:12:C7, macaddress_eth1=00:1E:C9:55:12:C9, operatingsystem=CentOS, serialnumber=, interfaces=eth0,eth1,lo,p2p1,p2p2, fqdn=snip, ipaddress_p2p1=, ipaddress_p2p2=, uuid=, ipaddress_eth0=, ipaddress_eth1=snip, productname=, operatingsystemrelease=6.3}, name=snip} in class content: can't convert Hash into String Here is the parts of the module... class racktables::export ( $site, $yamls_dir = 'UNSET' ) inherits racktables::params { $yamls_dir_REAL = $yamls_dir ? { 'UNSET' = ${conf_dir}/${site}/yamls, default = $yamls_dir, } @@file { racktables_host_${::hostname}.yaml: content = template('racktables/host.yaml.erb'), path = ${yamls_dir_REAL}/${::hostname}.yaml, tag = host_yaml_for_${site}, } } define racktables::instance ( ... ) { snip File | tag == host_yaml_for_${name} | { require = File[$yaml_exports_REAL], } snip } Template... # cat templates/host.yaml.erb --- name: %= scope.lookupvar('::hostname') % parameters: interfaces: %= scope.lookupvar('::interfaces') % fqdn: %= scope.lookupvar('::fqdn') % operatingsystemrelease: %= scope.lookupvar('::operatingsystemrelease') % operatingsystem: %= scope.lookupvar('::operatingsystem') % productname: uuid: serialnumber: % scope.lookupvar('::interfaces').split(',').each do |interface| -% % unless interface.eql? lo -% ipaddress_%= interface %: %= scope.lookupvar(::ipaddress_#{interface}) % macaddress_%= interface %: %= scope.lookupvar(::macaddress_#{interface}) % % end -% % end -% Is there some catch to using a YAML file for the template content? Would it be better to use Ruby DSL for the racktables::export class and generate a hash - sort - to_yaml and have that be set as the content? Thanks - Trey -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/qsY2Ixye7BsJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Catalog compile times 40s - Puppet 2.7.18
I am finding that the puppetlabs-apache module is somehow adding 30-60 seconds onto a host's catalog compile time when the puppetmaster has no other hosts contacting or generating catalogs. The Puppetmaster is setup to use Puppet-2.7.18 - Apache Passenger. RIght now only 2 hosts are even configured to use this new PM, the PM itself and a Foreman host. With neither hosts contacting the PM, and disabling the include apache and require apache::mod::dev in puppetlabs-passenger, I get Config retrieval: 2.45. Catalogs had hostnames replaced, puppetmaster.tld is the CNAME for Puppet master and puppetmaster-host.tld is the actual hostname. Catalog: http://pastebin.com/V29JmB8J # puppet agent --{summarize,test,debug,evaltrace,noop} | perl -pe 's/^/localtime().: /e' snip Sun Dec 9 13:05:35 2012: notice: Finished catalog run in 2.43 seconds Sun Dec 9 13:05:35 2012: Changes: Sun Dec 9 13:05:35 2012: Events: Sun Dec 9 13:05:35 2012: Total: 1 Sun Dec 9 13:05:35 2012: Noop: 1 Sun Dec 9 13:05:35 2012: Resources: Sun Dec 9 13:05:35 2012: Out of sync: 1 Sun Dec 9 13:05:35 2012: Total: 22 Sun Dec 9 13:05:35 2012: Skipped: 6 Sun Dec 9 13:05:35 2012: Time: Sun Dec 9 13:05:35 2012: Resources: 0.00 Sun Dec 9 13:05:35 2012:Filebucket: 0.00 Sun Dec 9 13:05:35 2012: Package: 0.00 Sun Dec 9 13:05:35 2012: File: 0.00 Sun Dec 9 13:05:35 2012: Firewall: 0.01 Sun Dec 9 13:05:35 2012: Exec: 0.14 Sun Dec 9 13:05:35 2012: Last run: 1355079935 Sun Dec 9 13:05:35 2012:Config retrieval: 2.45 Sun Dec 9 13:05:35 2012: Total: 2.61 Sun Dec 9 13:05:35 2012: Version: Sun Dec 9 13:05:35 2012:Config: 1355077701 Sun Dec 9 13:05:35 2012:Puppet: 2.7.18 Uncommenting include apache and require apache::mod::dev in puppetlabs-passenger about 40 seconds are added to the compile time. I went through disabled all modules and parameters, and found that enabling the passenger module alone with Apache included caused the huge delay. Catalog: http://pastebin.com/wwcKgX5b # puppet agent --{summarize,test,debug,evaltrace,noop} | perl -pe 's/^/localtime().: /e' snip Sun Dec 9 13:13:08 2012: notice: Finished catalog run in 2.23 seconds Sun Dec 9 13:13:08 2012: Changes: Sun Dec 9 13:13:08 2012: Events: Sun Dec 9 13:13:08 2012: Total: 4 Sun Dec 9 13:13:08 2012: Noop: 4 Sun Dec 9 13:13:08 2012: Resources: Sun Dec 9 13:13:08 2012: Out of sync: 4 Sun Dec 9 13:13:08 2012: Skipped: 6 Sun Dec 9 13:13:08 2012: Total: 80 Sun Dec 9 13:13:08 2012: Time: Sun Dec 9 13:13:08 2012:Filebucket: 0.00 Sun Dec 9 13:13:08 2012: Resources: 0.00 Sun Dec 9 13:13:08 2012: Package: 0.00 Sun Dec 9 13:13:08 2012: Firewall: 0.01 Sun Dec 9 13:13:08 2012: File: 0.01 Sun Dec 9 13:13:08 2012: A2mod: 0.03 Sun Dec 9 13:13:08 2012: Service: 0.07 Sun Dec 9 13:13:08 2012: Exec: 0.14 Sun Dec 9 13:13:08 2012: Last run: 1355080388 Sun Dec 9 13:13:08 2012:Config retrieval: 42.79 Sun Dec 9 13:13:08 2012: Total: 43.06 Sun Dec 9 13:13:08 2012: Version: Sun Dec 9 13:13:08 2012:Config: 1355080261 Sun Dec 9 13:13:08 2012:Puppet: 2.7.18 The install is via RPM. I'm using the Fedora SRPMs rebuilt for CentOS 6. The Puppet master has two environments, development and production with this as the puppet.conf # cat /etc/puppet/puppet.conf --- [main] server= puppetmaster.tld logdir= /var/log/puppet vardir= /var/lib/puppet ssldir= /var/lib/puppet/ssl rundir= /var/run/puppet factpath = $vardir/lib/facter pluginsync= true templatedir = $confdir/templates [agent] report = true environment = production preferred_serialization_format = yaml [master] modulepath= /etc/puppet/environments/$environment/modules:/etc/puppet/modules manifest = /etc/puppet/manifests/site.pp environment = production autosign = false ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY certname = puppetmaster.tld dns_alt_names = puppetmaster.tld,puppetmaster-host.tld report= true reports = store #reports = store, foreman [production] manifest = /etc/puppet/manifests/site.pp Has anyone run into this issue with puppetlabs-apache or know why my compile times are so long? I have a Puppet 2.6.17 server (Also Apache+Passenger) that has one host, for example, with 524 resources , and only a 21.36 second catalog compile time. Thanks - Trey -- You
[Puppet Users] Re: Configuring hosts with data from other hosts
Ive struggled with the same problem of distributing variables and other generated data amongst hosts. For external resources Ive found a great use in configuring a BackupPC server. Each node builds their backup configuration file with tag 'backuppc_server_conf' and the server retrieves all the generated files with that tag. What I havent been unable to solve, is making each nodes hiera values accessable to each other. My hierarchy is $fqdn-common. The very crude workaround Ive used is in a module, query foreman for all fqdn's. Then pass that to a define that 'redefines' fqdn variable before calling hiera. Is there alternatively a way to query resources like all mysql::db types? I would like to just get all the mysql::db instances on a given node so other nodes could use that data. This could be another way to configure backuppc or generate monitoring checks. - Trey -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/5a1FTfRCFSsJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Lookup another node's hiera data - fqdn hierarchy
On Saturday, July 21, 2012 9:57:13 PM UTC-5, Garrett Honeycutt wrote: On 7/21/12 4:13 AM, treydock wrote: I've begun using Hiera in combination with Foreman, primarily storing data that is best left in Array/Hash form. I'd like to be able to have a module, in this case BackupPC, query all the Hiera data for each node where the backup directories/databases are stored. Then use all that information on the BackupPC server to generate proper configuration files for each node's backups. Here's what I have so far... $ cat /etc/puppet/hiera.yaml --- :hierarchy: - %{fqdn} - common :backends: - yaml - puppet :yaml: :datadir: '/etc/puppet/hieradata' :puppet: :datasource: data An example of the BackupPC information in hiera $ cat /etc/puppet/hieradata/dc-ctrl.tamu.edu.yaml --- backuppc_db_dumps: foreman: backup_dir: '/usr/share/foreman' mysql: backup_dir: '/etc' I am currently using that data to create dump scripts on each node, and would like to re-use the same information to automatically configure the backup server to grab those locations. This attempt may work, but it doesn't 'feel' right to me by overriding the fqdn fact. /etc/puppet/modules/test $ cat manifests/hiera_lookup.pp class test::hiera_lookup { $nodes = foreman('fact_values', 'fact = fqdn') if $nodes { create_resources('test::hiera_lookup::get_data', $nodes) } } define test::hiera_lookup::get_data ( $fqdn ) { $data = hiera(backuppc_db_dumps, false) if $data { notify { $data: } } } Is there a better approach to override scope and grab what data from hiera that would normally not be available to a node? Thanks - Trey This would be a great place to use exported resources[1]. Each node could still use Hiera to determine if they should be backed up (or what should be backed up) and export a resource and the backup server could collect. [1] - http://docs.puppetlabs.com/guides/exported_resources.html -g -- Garrett Honeycutt 206.414.8658 http://puppetlabs.com Looking at some of online documentation I see no means to either export the hash variable pulled into the modules from hiera or to export the defines called with create_resources. Is there a way to do something like @@$backuppc_db_dumps = hiera('backuppc_db_dumps') ? Or possibly a way to export a custom define with all the parameters passed to it? Thanks - Trey -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/_mh8ipqsZ-EJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Lookup another node's hiera data - fqdn hierarchy
I've begun using Hiera in combination with Foreman, primarily storing data that is best left in Array/Hash form. I'd like to be able to have a module, in this case BackupPC, query all the Hiera data for each node where the backup directories/databases are stored. Then use all that information on the BackupPC server to generate proper configuration files for each node's backups. Here's what I have so far... $ cat /etc/puppet/hiera.yaml --- :hierarchy: - %{fqdn} - common :backends: - yaml - puppet :yaml: :datadir: '/etc/puppet/hieradata' :puppet: :datasource: data An example of the BackupPC information in hiera $ cat /etc/puppet/hieradata/dc-ctrl.tamu.edu.yaml --- backuppc_db_dumps: foreman: backup_dir: '/usr/share/foreman' mysql: backup_dir: '/etc' I am currently using that data to create dump scripts on each node, and would like to re-use the same information to automatically configure the backup server to grab those locations. This attempt may work, but it doesn't 'feel' right to me by overriding the fqdn fact. /etc/puppet/modules/test $ cat manifests/hiera_lookup.pp class test::hiera_lookup { $nodes = foreman('fact_values', 'fact = fqdn') if $nodes { create_resources('test::hiera_lookup::get_data', $nodes) } } define test::hiera_lookup::get_data ( $fqdn ) { $data = hiera(backuppc_db_dumps, false) if $data { notify { $data: } } } Is there a better approach to override scope and grab what data from hiera that would normally not be available to a node? Thanks - Trey -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/KPHH_bR-4wsJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Augeas fails to set BONDING_OPTS with return code false
I'm attempting to manage my network interfaces through a homebrew module that takes input from hiera, and then uses augeas to define each ifcfg-*. Example: /* Set manditory parameters */ augeas { eth_bond_${name} : context = /files/etc/sysconfig/network-scripts/ifcfg-${name}, changes = [ set DEVICE ${name}, set BONDING_OPTS '\mode=${mode} miimon=${miimon}\', set BOOTPROTO none, set USERCTL no, set ONBOOT yes, set MTU ${mtu}, set IPADDR ${ip}, set NETMARK ${netmask}, ], notify = Exec[if-refresh-${name}], } When I try and set something like BONDING_OPTS=mode=0 miimon=100 I get the following in Puppet debug: Augeas[eth_bond_bond0](provider=augeas): Opening augeas with root /, lens path , flags 0 debug: Augeas[eth_bond_bond0](provider=augeas): Augeas version 0.9.0 is installed debug: Augeas[eth_bond_bond0](provider=augeas): sending command 'set' with params [/files/etc/sysconfig/network-scripts/ifcfg-bond0/DEVICE, bond0] debug: Augeas[eth_bond_bond0](provider=augeas): sending command 'set' with params [/files/etc/sysconfig/network-scripts/ifcfg-bond0/BONDING_OPTS, mode=0 miimon=100] debug: Augeas[eth_bond_bond0](provider=augeas): sending command 'set' with params [/files/etc/sysconfig/network-scripts/ifcfg-bond0/BOOTPROTO, none] debug: Augeas[eth_bond_bond0](provider=augeas): sending command 'set' with params [/files/etc/sysconfig/network-scripts/ifcfg-bond0/USERCTL, no] debug: Augeas[eth_bond_bond0](provider=augeas): sending command 'set' with params [/files/etc/sysconfig/network-scripts/ifcfg-bond0/ONBOOT, yes] debug: Augeas[eth_bond_bond0](provider=augeas): sending command 'set' with params [/files/etc/sysconfig/network-scripts/ifcfg-bond0/MTU, 9344] debug: Augeas[eth_bond_bond0](provider=augeas): sending command 'set' with params [/files/etc/sysconfig/network-scripts/ifcfg-bond0/IPADDR, 192.168.1.100] debug: Augeas[eth_bond_bond0](provider=augeas): sending command 'set' with params [/files/etc/sysconfig/network-scripts/ifcfg-bond0/NETMARK, 255.0.0.0] debug: Augeas[eth_bond_bond0](provider=augeas): Closed the augeas connection err: /Stage[main]/Networking/Networking::Bond[bond0]/Augeas[eth_bond_bond0]/returns: change from need_to_run to 0 failed: Save failed with return code false notice: /Stage[main]/Networking/Networking::Bond[bond0]/Exec[if-refresh-bond0]: Dependency Augeas[eth_bond_bond0] has failures: true warning: /Stage[main]/Networking/Networking::Bond[bond0]/Exec[if-refresh-bond0]: Skipping because of failed dependencies I also can't seem to get that value saved using augtool either, here's what I get # cat ifcfg-bond0 BOOTPROTO=none ONBOOT=yes MTU=4000 IPADDR=192.168.1.100 NETMARK=255.0.0.0 DEVICE=bond0 # augtool augtool set /files/etc/sysconfig/network-scripts/ifcfg-bond0/BONDING_OPTS '\mode=0 miimon=100\' augtool save error: Failed to execute command error: saving failed (run 'print /augeas//error' for details) augtool print /augeas//error /augeas/files/etc/sysconfig/network-scripts/ifcfg-bond0/error = put_failed /augeas/files/etc/sysconfig/network-scripts/ifcfg-bond0/error/path = /files/etc/sysconfig/network-scripts/ifcfg-bond0 /augeas/files/etc/sysconfig/network-scripts/ifcfg-bond0/error/lens = /usr/share/augeas/lenses/dist/shellvars.aug:61.12-.77: /augeas/files/etc/sysconfig/network-scripts/ifcfg-bond0/error/message = Malformed child node 'BONDING_OPTS' Any ideas? The documentation on Puppet Augeas ( http://projects.puppetlabs.com/projects/1/wiki/Puppet_Augeas#ifcfg+BONDING_OPTS) has this exact example, so I figured there's something very obvious I'm overlooking that's keeping this from working. Currently affected host and Puppet master are 2.6.16, CentOS 6.2, augeas-0.9.0. Thanks - Trey -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/uI3T5XevDgsJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Augeas fails to set BONDING_OPTS with return code false
Wow...can we permanency delete this post? Haha, I've been staring at Puppet modules for a week straight, it's always a spelling error. Thanks! - Trey On Saturday, June 23, 2012 5:34:53 PM UTC-5, Christopher Wood wrote: netmark? On Sat, Jun 23, 2012 at 02:37:04PM -0700, treydock wrote: set NETMARK ${netmask}, -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/XFL2rqUwCNAJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] puppetlabs-corosync help using multiple primitive operations
Setting up a HA iSCSI / NFS target using this document, http://www.linbit.com/fileadmin/tech-guides/ha-iscsi.pdf, and I am unable to find a way to use the puppetlabs-corosync module to emulate this command crm(live)configure# primitive p_drbd_coraid23 ocf:linbit:drbd \ params drbd_resource=coraid23 \ op monitor interval=29 role=Master \ op monitor interval=31 role=Slave crm(live)configure# ms ms_drbd_coraid23 p_drbd_coraid23 \ meta master-max=1 master-node-max=1 \ clone-max=2 clone-node-max=1 notify=true I defined the cs_primitive type like this... cs_primitive { 'p_drbd_coraid23': ensure= present, primitive_class = 'ocf', primitive_type = 'drbd', provided_by = 'linbit', promotable = true, parameters = { 'drbd_resource' = 'coraid23' }, operations = { 'monitor' = { 'interval' = '29', 'role' = 'Master', }, 'monitor' = { 'interval' = '31', 'role' = 'Slave', } }, metadata= { 'master-max' = '1', 'master-node-max' = '1', 'clone-max' = '2', 'clone-node-max' = '1', 'notify' = 'true', }; What results is only 1 of the 2 operations being defined, and my guess is that this is because of logic like this... operations = {} operations['monitor'] = a operations['monitor'] = b puts operations['monitor'] = b Any suggestions? Thanks - Trey -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/umlivTZTkS0J. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] best practice for publishing modules that use Hiera?
I've begun moving some of my modules the using hiera lookups in place of parameters being defined in a host's node entry. For data such as that I figure I can document the format of what the module expects from the yaml files, but if I use hiera to replace the typical module::params, how do I include that in a published module? All the docs I've seen seem to show using paths for hieradata that are not specific to a module. What's the best way to publish a module that has things like package names defined through hiera? How would someone installing such a module make the hiera yaml files distributed with the module available to hiera lookups ? Thanks - Trey -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/1uZCT7-VeC4J. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Issue Installing Puppet on Red Hat6
rubygems-1.37 is correct for RHEL 6. rubygems is the gem program, ie package manager for ruby, it's not a subset or Ruby. Do you have EPEL enabled ? You'll need that to satisfy some gem dependencies. The package your missing is rubygem-rake. On Feb 10, 5:02 pm, jcbollinger john.bollin...@stjude.org wrote: On Feb 10, 11:35 am, Gmoney greg.caldwe...@gmail.com wrote: Tried all suggestions. The Red Hat Optional channel contains rubygems-1.37 ( not 1.8.7 ) , the ruby and ruby-libs are both 1,8.7, Guess I have to grab the source and build it myself, I can't seem to find rubygems-1.8.7 anywhere. Why do you assume that the version of the rubygems package available from one of RedHat's official channels is inappropriate for your RedHat installation? There is no particular reason to expect that the version number of the rubygems package will be the same as the version number of the ruby package. If there were, you would expect the former to be a subpackage of the latter, in which case it would be named ruby-gems. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] PE 2.0 - failure to find keytool
I've just installed Puppet Enterprise 2.0, and noticed the pe_mcollective module that is provided is failing. I've made no changes to the modules, this is a fresh install. The system is CentOS 6.0 x86_64 updated to CR. This is the error, --- #/opt/puppet/sbin/puppetd --test -v --debug debug: Exec[broker_cert_truststore](provider=posix): Executing 'sh -c 'umask 077; keytool -import -noprompt -trustcacerts -alias 'PuppetCA' - file /etc/puppetlabs/puppet/ssl/certs/ca.pem -keystore broker.ts - storepass puppet'' debug: Executing 'sh -c 'umask 077; keytool -import -noprompt - trustcacerts -alias 'PuppetCA' -file /etc/puppetlabs/puppet/ssl/certs/ ca.pem -keystore broker.ts -storepass puppet'' err: /Stage[main]/Pe_mcollective/Exec[broker_cert_truststore]/returns: change from notrun to 0 failed: sh: keytool: command not found notice: /Stage[main]/Pe_mcollective/File[/etc/puppetlabs/activemq/ broker.ts]: Dependency Exec[broker_cert_truststore] has failures: true warning: /Stage[main]/Pe_mcollective/File[/etc/puppetlabs/activemq/ broker.ts]: Skipping because of failed dependencies debug: Exec[broker_cert_keystore](provider=posix): Executing 'sh -c 'umask 077; keytool -importkeystore -deststorepass puppet -destkeypass puppet -destkeystore broker.ks -srckeystore broker.p12 -srcstorepass puppet -srcstoretype PKCS12 -alias cllapuppetmaster.tamu.edu'' debug: Executing 'sh -c 'umask 077; keytool -importkeystore - deststorepass puppet -destkeypass puppet -destkeystore broker.ks - srckeystore broker.p12 -srcstorepass puppet -srcstoretype PKCS12 - alias puppetmaster.tamu.edu'' err: /Stage[main]/Pe_mcollective/Exec[broker_cert_keystore]/returns: change from notrun to 0 failed: sh: keytool: command not found Here's the results of locating keytool, and my $PATH, # locate keytool /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/bin/keytool /usr/share/man/man1/keytool-java-1.6.0-openjdk.1.gz # which keytool /usr/bin/which: no keytool in (/usr/local/sbin:/usr/local/bin:/sbin:/ bin:/usr/sbin:/usr/bin:/root/bin) Do I need to update my PATH to include java's bin directory? Also while I'm testing PE, this server is managed by my Puppet server (2.6.12), and during the install the PATH didn't seem to put /opt/ puppet/... before the system directories, is that correct ? Should I have to add both /opt/puppet/bin and /opt/puppet/sbin to my PATH manually? -- # which puppetd /usr/sbin/puppetd # echo $PATH /usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin Thanks - Trey -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Help using puppetlabs-mysql
On Nov 1, 6:50 pm, treydock treyd...@gmail.com wrote: On Oct 31, 3:09 pm, Dan Bode d...@puppetlabs.com wrote: On Mon, Oct 31, 2011 at 12:44 PM, treydock treyd...@gmail.com wrote: On Oct 31, 1:56 pm, treydock treyd...@gmail.com wrote: On Oct 31, 1:05 pm, Dan Bode d...@puppetlabs.com wrote: On Mon, Oct 31, 2011 at 10:55 AM, treydock treyd...@gmail.com wrote: On Oct 31, 12:26 pm, Dan Bode d...@puppetlabs.com wrote: you are running into a documentation issue. All of the configuration was moved to a new parameter called: config_hash. I can submit a patch On Mon, Oct 31, 2011 at 10:01 AM, treydock treyd...@gmail.com wrote: I'm working to begin managing MySQL with the puppetlabs-mysql provided module, but am not able to get very far with the README documentation. So far, simply trying to add the server module and define the root_password is failing like so, err: Could not retrieve catalog from remote server: Error 400 on SERVER: Invalid parameter root_password at /etc/puppet/manifests/ nodes.pp:882 on node puppetnode1.tld The definition looks like this, node 'puppetnode1.tld' { class { 'mysql::server': root_password = 'test' } should be changed to: class { 'mysql::server': config_hash = { root_password = 'test'} } database_user { 'treydock@localhost': password_hash = mysql_password('pass') } database_grant { 'treydock@localhost/*': privileges = ['ALL'], } mysql::db { 'zabbix': user = 'zabbix', password = 'zabbix', host = 'localhost', grant = ['ALL'], } } The database_user and _grant thus far haven't actually done anything. I'm assuming it's because mysql::server isn't working or being applied. There's likely something very obvious I'm missing. This is also my first time using parameterized classes. Thanks - Trey -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. Ah that was it! Thanks. Is there a way to similuate or run the equivilant of mysql_secure_installation within this module? I tried an initial attempt with the following...but once it's added to the mysql::server class it never seems to get called... what failed? How did you add it to the mysql::server class? class mysql::server::secure { database_user { '': ensure = absent, require = Service['mysqld']; root@${fqdn}: ensure = absent, require = Service['mysqld']; } database { test: ensure = absent, require = Service['mysqld']; } } Would the easier route be to just modify the mysql_secure_installation script to be more puppet friendly? Thanks - Trey -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. It didn't fail, it just simply did nothing. This is it's inclusion in mysql::server class mysql::server( $service_name = $mysql::params::service_name, $config_hash = {}, $package_name = 'mysql-server' ) inherits mysql::params { include mysql::server::secure # automatically create a class to deal with # configuration $hash = { mysql::config = $config_hash } I am doing it via Exec now anyways. Though I'd prefer to do it with the new type and provider - Trey Slightly different question...is there a way to pass / store the hash for the root password rather than the plain text password? Similar to how the puppet user resource works? I am not quite sure if mysql supports that. Could you open a ticket here:http://projects.puppetlabs.com/projects/modulesandexplain what the implementation would look like? thanks Thanks - Trey -- You received this message because you
[Puppet Users] Re: Help using puppetlabs-mysql
On Oct 31, 3:09 pm, Dan Bode d...@puppetlabs.com wrote: On Mon, Oct 31, 2011 at 12:44 PM, treydock treyd...@gmail.com wrote: On Oct 31, 1:56 pm, treydock treyd...@gmail.com wrote: On Oct 31, 1:05 pm, Dan Bode d...@puppetlabs.com wrote: On Mon, Oct 31, 2011 at 10:55 AM, treydock treyd...@gmail.com wrote: On Oct 31, 12:26 pm, Dan Bode d...@puppetlabs.com wrote: you are running into a documentation issue. All of the configuration was moved to a new parameter called: config_hash. I can submit a patch On Mon, Oct 31, 2011 at 10:01 AM, treydock treyd...@gmail.com wrote: I'm working to begin managing MySQL with the puppetlabs-mysql provided module, but am not able to get very far with the README documentation. So far, simply trying to add the server module and define the root_password is failing like so, err: Could not retrieve catalog from remote server: Error 400 on SERVER: Invalid parameter root_password at /etc/puppet/manifests/ nodes.pp:882 on node puppetnode1.tld The definition looks like this, node 'puppetnode1.tld' { class { 'mysql::server': root_password = 'test' } should be changed to: class { 'mysql::server': config_hash = { root_password = 'test'} } database_user { 'treydock@localhost': password_hash = mysql_password('pass') } database_grant { 'treydock@localhost/*': privileges = ['ALL'], } mysql::db { 'zabbix': user = 'zabbix', password = 'zabbix', host = 'localhost', grant = ['ALL'], } } The database_user and _grant thus far haven't actually done anything. I'm assuming it's because mysql::server isn't working or being applied. There's likely something very obvious I'm missing. This is also my first time using parameterized classes. Thanks - Trey -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. Ah that was it! Thanks. Is there a way to similuate or run the equivilant of mysql_secure_installation within this module? I tried an initial attempt with the following...but once it's added to the mysql::server class it never seems to get called... what failed? How did you add it to the mysql::server class? class mysql::server::secure { database_user { '': ensure = absent, require = Service['mysqld']; root@${fqdn}: ensure = absent, require = Service['mysqld']; } database { test: ensure = absent, require = Service['mysqld']; } } Would the easier route be to just modify the mysql_secure_installation script to be more puppet friendly? Thanks - Trey -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. It didn't fail, it just simply did nothing. This is it's inclusion in mysql::server class mysql::server( $service_name = $mysql::params::service_name, $config_hash = {}, $package_name = 'mysql-server' ) inherits mysql::params { include mysql::server::secure # automatically create a class to deal with # configuration $hash = { mysql::config = $config_hash } I am doing it via Exec now anyways. Though I'd prefer to do it with the new type and provider - Trey Slightly different question...is there a way to pass / store the hash for the root password rather than the plain text password? Similar to how the puppet user resource works? I am not quite sure if mysql supports that. Could you open a ticket here:http://projects.puppetlabs.com/projects/modulesand explain what the implementation would look like? thanks Thanks - Trey -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users
[Puppet Users] Help using puppetlabs-mysql
I'm working to begin managing MySQL with the puppetlabs-mysql provided module, but am not able to get very far with the README documentation. So far, simply trying to add the server module and define the root_password is failing like so, err: Could not retrieve catalog from remote server: Error 400 on SERVER: Invalid parameter root_password at /etc/puppet/manifests/ nodes.pp:882 on node puppetnode1.tld The definition looks like this, node 'puppetnode1.tld' { class { 'mysql::server': root_password = 'test' } database_user { 'treydock@localhost': password_hash = mysql_password('pass') } database_grant { 'treydock@localhost/*': privileges = ['ALL'], } mysql::db { 'zabbix': user= 'zabbix', password= 'zabbix', host= 'localhost', grant = ['ALL'], } } The database_user and _grant thus far haven't actually done anything. I'm assuming it's because mysql::server isn't working or being applied. There's likely something very obvious I'm missing. This is also my first time using parameterized classes. Thanks - Trey -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Help using puppetlabs-mysql
On Oct 31, 12:26 pm, Dan Bode d...@puppetlabs.com wrote: you are running into a documentation issue. All of the configuration was moved to a new parameter called: config_hash. I can submit a patch On Mon, Oct 31, 2011 at 10:01 AM, treydock treyd...@gmail.com wrote: I'm working to begin managing MySQL with the puppetlabs-mysql provided module, but am not able to get very far with the README documentation. So far, simply trying to add the server module and define the root_password is failing like so, err: Could not retrieve catalog from remote server: Error 400 on SERVER: Invalid parameter root_password at /etc/puppet/manifests/ nodes.pp:882 on node puppetnode1.tld The definition looks like this, node 'puppetnode1.tld' { class { 'mysql::server': root_password = 'test' } should be changed to: class { 'mysql::server': config_hash = { root_password = 'test'} } database_user { 'treydock@localhost': password_hash = mysql_password('pass') } database_grant { 'treydock@localhost/*': privileges = ['ALL'], } mysql::db { 'zabbix': user = 'zabbix', password = 'zabbix', host = 'localhost', grant = ['ALL'], } } The database_user and _grant thus far haven't actually done anything. I'm assuming it's because mysql::server isn't working or being applied. There's likely something very obvious I'm missing. This is also my first time using parameterized classes. Thanks - Trey -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. Ah that was it! Thanks. Is there a way to similuate or run the equivilant of mysql_secure_installation within this module? I tried an initial attempt with the following...but once it's added to the mysql::server class it never seems to get called... class mysql::server::secure { database_user { '': ensure= absent, require = Service['mysqld']; root@${fqdn}: ensure= absent, require = Service['mysqld']; } database { test: ensure = absent, require = Service['mysqld']; } } Would the easier route be to just modify the mysql_secure_installation script to be more puppet friendly? Thanks - Trey -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Help using puppetlabs-mysql
On Oct 31, 1:05 pm, Dan Bode d...@puppetlabs.com wrote: On Mon, Oct 31, 2011 at 10:55 AM, treydock treyd...@gmail.com wrote: On Oct 31, 12:26 pm, Dan Bode d...@puppetlabs.com wrote: you are running into a documentation issue. All of the configuration was moved to a new parameter called: config_hash. I can submit a patch On Mon, Oct 31, 2011 at 10:01 AM, treydock treyd...@gmail.com wrote: I'm working to begin managing MySQL with the puppetlabs-mysql provided module, but am not able to get very far with the README documentation. So far, simply trying to add the server module and define the root_password is failing like so, err: Could not retrieve catalog from remote server: Error 400 on SERVER: Invalid parameter root_password at /etc/puppet/manifests/ nodes.pp:882 on node puppetnode1.tld The definition looks like this, node 'puppetnode1.tld' { class { 'mysql::server': root_password = 'test' } should be changed to: class { 'mysql::server': config_hash = { root_password = 'test'} } database_user { 'treydock@localhost': password_hash = mysql_password('pass') } database_grant { 'treydock@localhost/*': privileges = ['ALL'], } mysql::db { 'zabbix': user = 'zabbix', password = 'zabbix', host = 'localhost', grant = ['ALL'], } } The database_user and _grant thus far haven't actually done anything. I'm assuming it's because mysql::server isn't working or being applied. There's likely something very obvious I'm missing. This is also my first time using parameterized classes. Thanks - Trey -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. Ah that was it! Thanks. Is there a way to similuate or run the equivilant of mysql_secure_installation within this module? I tried an initial attempt with the following...but once it's added to the mysql::server class it never seems to get called... what failed? How did you add it to the mysql::server class? class mysql::server::secure { database_user { '': ensure = absent, require = Service['mysqld']; root@${fqdn}: ensure = absent, require = Service['mysqld']; } database { test: ensure = absent, require = Service['mysqld']; } } Would the easier route be to just modify the mysql_secure_installation script to be more puppet friendly? Thanks - Trey -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. It didn't fail, it just simply did nothing. This is it's inclusion in mysql::server class mysql::server( $service_name = $mysql::params::service_name, $config_hash = {}, $package_name = 'mysql-server' ) inherits mysql::params { include mysql::server::secure # automatically create a class to deal with # configuration $hash = { mysql::config = $config_hash } I am doing it via Exec now anyways. Though I'd prefer to do it with the new type and provider - Trey -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Help using puppetlabs-mysql
On Oct 31, 1:56 pm, treydock treyd...@gmail.com wrote: On Oct 31, 1:05 pm, Dan Bode d...@puppetlabs.com wrote: On Mon, Oct 31, 2011 at 10:55 AM, treydock treyd...@gmail.com wrote: On Oct 31, 12:26 pm, Dan Bode d...@puppetlabs.com wrote: you are running into a documentation issue. All of the configuration was moved to a new parameter called: config_hash. I can submit a patch On Mon, Oct 31, 2011 at 10:01 AM, treydock treyd...@gmail.com wrote: I'm working to begin managing MySQL with the puppetlabs-mysql provided module, but am not able to get very far with the README documentation. So far, simply trying to add the server module and define the root_password is failing like so, err: Could not retrieve catalog from remote server: Error 400 on SERVER: Invalid parameter root_password at /etc/puppet/manifests/ nodes.pp:882 on node puppetnode1.tld The definition looks like this, node 'puppetnode1.tld' { class { 'mysql::server': root_password = 'test' } should be changed to: class { 'mysql::server': config_hash = { root_password = 'test'} } database_user { 'treydock@localhost': password_hash = mysql_password('pass') } database_grant { 'treydock@localhost/*': privileges = ['ALL'], } mysql::db { 'zabbix': user = 'zabbix', password = 'zabbix', host = 'localhost', grant = ['ALL'], } } The database_user and _grant thus far haven't actually done anything. I'm assuming it's because mysql::server isn't working or being applied. There's likely something very obvious I'm missing. This is also my first time using parameterized classes. Thanks - Trey -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. Ah that was it! Thanks. Is there a way to similuate or run the equivilant of mysql_secure_installation within this module? I tried an initial attempt with the following...but once it's added to the mysql::server class it never seems to get called... what failed? How did you add it to the mysql::server class? class mysql::server::secure { database_user { '': ensure = absent, require = Service['mysqld']; root@${fqdn}: ensure = absent, require = Service['mysqld']; } database { test: ensure = absent, require = Service['mysqld']; } } Would the easier route be to just modify the mysql_secure_installation script to be more puppet friendly? Thanks - Trey -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. It didn't fail, it just simply did nothing. This is it's inclusion in mysql::server class mysql::server( $service_name = $mysql::params::service_name, $config_hash = {}, $package_name = 'mysql-server' ) inherits mysql::params { include mysql::server::secure # automatically create a class to deal with # configuration $hash = { mysql::config = $config_hash } I am doing it via Exec now anyways. Though I'd prefer to do it with the new type and provider - Trey Slightly different question...is there a way to pass / store the hash for the root password rather than the plain text password? Similar to how the puppet user resource works? Thanks - Trey -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Official puppetlabs position on cron vs puppet as a service?
On Sep 24, 9:42 pm, Aaron Grewell aaron.grew...@gmail.com wrote: We had frequent inexplicable daemon crashes on Solaris, but not on RHEL5 (at least not yet) . Given known issues with memory leakage in older Ruby releases Cron seemed more likely to be reliable. We stuck a random wait in the Cron job to spread load on the master and so far it works well. On Sep 24, 2011 7:22 AM, treydock treyd...@gmail.com wrote: On Sep 23, 5:42 pm, Brian Gupta brian.gu...@brandorr.com wrote: Over the years many shops have come to start running puppet via cron to address memory leaks in earlier versions of Ruby, but the official position was that puppet was meant to be run as a continually running service. I am wondering if the official position has changed. On one hand many if not all of the early Ruby issues have been fixed, on the other, the addition of mcollective into the mix as a lightweight agent for triggering adhoc puppet runs, and other tasks somewhat lowers the requirements for puppet to be run as a service. (Or out of cron for that matter). I understand that in cases where old Ruby versions are for whatever reason mandated the answer may be different. Thanks, Brian -- http://aws.amazon.com/solutions/solution-providers/brandorr/ Could those memory leak problems cause the Puppet daemon to crash with no logs indicating why? I have about 20 systems all running CentOS 5 and 6, with Puppet 2.6.9, and I now have to have Zabbix run a /etc/ init.d/puppet start everytime the daemon crashes which is almost on a daily basis for every client. Would be interested to know of a known fix or if the only fix is the workaround of using Cron. Thanks - Trey -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. Could you share how you did the random wait? I may have to switch to a cron job with how often my daemons are crashing and having to be restarted by Zabbix. Thanks - Trey -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Official puppetlabs position on cron vs puppet as a service?
On Sep 23, 5:42 pm, Brian Gupta brian.gu...@brandorr.com wrote: Over the years many shops have come to start running puppet via cron to address memory leaks in earlier versions of Ruby, but the official position was that puppet was meant to be run as a continually running service. I am wondering if the official position has changed. On one hand many if not all of the early Ruby issues have been fixed, on the other, the addition of mcollective into the mix as a lightweight agent for triggering adhoc puppet runs, and other tasks somewhat lowers the requirements for puppet to be run as a service. (Or out of cron for that matter). I understand that in cases where old Ruby versions are for whatever reason mandated the answer may be different. Thanks, Brian -- http://aws.amazon.com/solutions/solution-providers/brandorr/ Could those memory leak problems cause the Puppet daemon to crash with no logs indicating why? I have about 20 systems all running CentOS 5 and 6, with Puppet 2.6.9, and I now have to have Zabbix run a /etc/ init.d/puppet start everytime the daemon crashes which is almost on a daily basis for every client. Would be interested to know of a known fix or if the only fix is the workaround of using Cron. Thanks - Trey -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Puppet installation and configuration (Master and Client)
On Sep 19, 1:40 pm, Jo Rhett jrh...@netconsonance.com wrote: On Sep 19, 2011, at 11:23 AM, Mr. E. wrote: I need latest documentation on how to install and configure Puppet master and Puppet client in CentOS environment. The CentOS version is 5.4 and Puppet version is 0.22.4. Puppet 0.22.4 is quite old. Why don't you enable epel-testing repo and get 2.6.6 from there? There is nothing unique about CentOS, fwiw. Any puppet installation instructions will apply to CentOS. I'm having problem with configuring between the Puppet master and Puppet client. The Puppet master is not seeing the CA certificate of the Puppet client. If you phrased that accurately, you're somewhere off the reservation. The puppet master *IS* the CA for the client's certificate in normal configuration. I suspect you phrased that wrong. Certificate problems are very common FAQ. Lots of pages about this. If you really can't find the answer online, post the exact error you are seeing. -- Jo Rhett Net Consonance : consonant endings by net philanthropy, open source and other randomness You can also enable the Puppetlabs yum repo. For CentOS 5 look here, http://yum.puppetlabs.com/el/5/products/. I have a brief writeup on how to build Puppet RPMs, and also have a link to download the 2.6.9 RPM which is the same as the one in that repo. Here, http://itscblog.tamu.edu/creating-your-own-puppet-rpms-part-1/ . - Trey -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Organizational best practices / examples
On Sep 1, 4:47 am, Daniel Maher dma...@milestonelab.com wrote: On 09/01/2011 04:32 AM, col yte wrote: Hi folks, I was curious if anyone would be willing to share how they organize their puppet implementation. Perhaps something similar to what you'll find athttps://fedoraproject.org/wiki/Infrastructure/Puppet. People should have this sort of stuff documented, appreciate anything anyone would be willing to share. Hello, In our environment we've made a concious decision to maintain modules/ in as generic a fashion as possible. Basically, the way it works is that before we commit to modules/ we ask, would we be comfortable sharing this on Github? It's a surprisingly good strategy. :) I realise this is only a small element of what you're asking for, but I am also curious to know if anybody else out there has any sort of simple rules that can applied in order to preserve sanity. -- Daniel Maher makin' plans now to live on Mars 'cuz I got Earth on lock. A bit late to respond, but thought I'd offer what has worked for me. I too have adopted the idea would I be comfortable sharing this on github with most of my modules. The other thing I try to do is make each module its own git repo that's a submodule for the entire puppet module directory. I'm still working on the best workflow for that situation, but the benefit is it allows me to easily publish individual modules. Also one thing I've made use of is Mediawiki and the Semantic Mediawiki extension to effectively document my modules. It's also served well for documenting all my servers. Here are two examples... Standard Mediawiki usage (slightly out-of-date) https://cllaprojectwiki.tamu.edu/wiki/Puppetmaster_Configuration An example of how to use the Semantic extension to allow for a very neat way to organize data... https://cllaprojectwiki.tamu.edu/wiki/Puppet_Module_Overview I've found the use of Semantic mediawiki to be extremely helpful. For my server documentation each server gets it's own page and all the properties per page can easily build reports or tables (like the above link). Same goes for Puppet modules. You can have properties like node_parameters or requires_module and build tables / reports on that information. - Trey -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Slightly OT: Puppet + OpenQRM
On Sep 7, 1:10 am, Ohad Levy ohadl...@gmail.com wrote: On Tue, Sep 6, 2011 at 6:44 PM, treydock treyd...@gmail.com wrote: I've recently been looking to move my KVM management (currently via Puppet and virt-manager) to something web-based and robust (ie Cloud), and came across OpenQRM. Looking at the features list it mentions puppet Class/Machine management. Has anyone that uses Puppet extensively given this a try? I'd like to get input on how this works. The only ENC or GUI interface I've used with Puppet is Foreman (which is awesome btw), but this peaked my interest. Thus far I've tried Cloudstack (a few months ago) and Convirt, both were great, but not what I needed. BTW not sure if you saw it, but foreman supports libvirt/kvm out of the box, and we are working on adding additional actualization management support such as rhevm (once released -- in the upcoming weeks), vmware and ec2. if you have any improvement suggestions, or why foreman was not good enough, would love to hear that.. thanks, Ohad Any input on experiences with OpenQRM as it relates to Puppet would be great, thanks. - Trey -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group athttp://groups.google.com/group/puppet-users?hl=en. I actually plan to use Foreman to handle provision / configuration. From some videos I've seen around the net I'll likely use Foreman to provision new systems on KVM as well. Something like OpenQRM is for things like console access, pool management, snapshots, migrations so on. Really this move to GUI management is more for the continuity of my projects in my absence or to allow someone not familiar with Puppet and KVM command line management to assist me in day-to-day operations. Plus my bosses' boss is hung up on having a Cloud and a nice shinny web interface(s) will help sell my proposed open-source cloud rather than my counter-part's Microsoft cloud. Some people just don't appreciate command-line. Thank - Trey -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Slightly OT: Puppet + OpenQRM
I've recently been looking to move my KVM management (currently via Puppet and virt-manager) to something web-based and robust (ie Cloud), and came across OpenQRM. Looking at the features list it mentions puppet Class/Machine management. Has anyone that uses Puppet extensively given this a try? I'd like to get input on how this works. The only ENC or GUI interface I've used with Puppet is Foreman (which is awesome btw), but this peaked my interest. Thus far I've tried Cloudstack (a few months ago) and Convirt, both were great, but not what I needed. Any input on experiences with OpenQRM as it relates to Puppet would be great, thanks. - Trey -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: File resource owner not found, only during automatic puppet runs
On Sep 1, 8:03 am, jcbollinger john.bollin...@stjude.org wrote: On Aug 31, 8:09 pm, treydock treyd...@gmail.com wrote: I have a file resource defined to be owned by a group that is accessible via samba/winbind (AD based group), but every time Puppet runs automatically (every 30 min) the run fails with this error , (sensitive information removed) (/Stage[main]//Node[node1.tld]/Apache::Vhost[vhost1]/File[/var/www/ vhost1/html]) Could not evaluate: Could not find group org-www at /etc/ puppet/modules/apache/manifests/definitions/vhost.pp:52 When I manually run puppetd --test --debug -v there is no failure. Also the group is visible on the system and all works just fine. It only fails during the automatic Puppet runs. I also have another host, with an almost identical setup , assigning AD based groups to file resources, and it doesn't have this problem. Using Puppet 2.6.9, on CentOS 6. It looks like the Puppet agent is unable to connect to the domain to retrieve group information. In all likelihood this is an issue with the environment in which the agent runs or the user (root) as whom it runs, perhaps in conjunction with winbind configuration specifics. You could try to duplicate it from the command line by doing something like 'env -i PATH=/bin:/sbin:/usr/bin:/usr/sbin puppetd --test -- debug -v' to ensure that it runs with a minimal environment. Not being familiar with the details of using samba/winbind as a user and group resolution service, I'm not sure what specifically to recommend you check in that area. Duplicating the problem from the command line should give you a leg up, though. John Thanks for the suggestion. I run puppet manually as you suggested, and still no errors. Even stranger is sometime last night the errors stopped occurring. From the time I activated the samba module, till last night it failed like clockwork, every 30 minutes. Now the automatic puppet runs seem to be working just fine. My understanding of the internals of how Winbind/Samba store and cache AD account information is a bit lacking, but could this be that it just took time for the groups/users to get cached? Authentication and all other functions relying on these groups worked just fine from the beginnining. Here are some of the relavent lines from my smb.conf... winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes winbind nested groups = Yes winbind expand groups = 3 winbind separator = + Thanks - Trey -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] File resource owner not found, only during automatic puppet runs
I have a file resource defined to be owned by a group that is accessible via samba/winbind (AD based group), but every time Puppet runs automatically (every 30 min) the run fails with this error , (sensitive information removed) (/Stage[main]//Node[node1.tld]/Apache::Vhost[vhost1]/File[/var/www/ vhost1/html]) Could not evaluate: Could not find group org-www at /etc/ puppet/modules/apache/manifests/definitions/vhost.pp:52 When I manually run puppetd --test --debug -v there is no failure. Also the group is visible on the system and all works just fine. It only fails during the automatic Puppet runs. I also have another host, with an almost identical setup , assigning AD based groups to file resources, and it doesn't have this problem. Using Puppet 2.6.9, on CentOS 6. Thanks - Trey -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Custom function error Unknown function...
I've written my first attempt at a custom puppet function, and it passes all the suggested test's from the Puppet documentation, but when called from a test module it doesn't seem to be found. Successful tests... irb(main):001:0 require 'puppet' = true irb(main):002:0 require '/etc/puppet/modules/string2hash/ .git/ lib/ irb(main):002:0 require '/etc/puppet/modules/string2hash/lib/puppet/ parser/functions/string2hash.rb' = true irb(main):003:0 Puppet::Parser::Functions.function(:string2hash) = function_string2hash ruby -rpuppet lib/puppet/parser/functions/string2hash.rb returns no errors When I try and test the functions ability to even return a correct value, I get this, $ puppet --debug -vvv test.pp Unknown function string2hash at /etc/puppet/modules/test/test.pp:3 This is test.pp... --- $hash_string = {\general\:{\dump_dir\:\/backups/misc-sqldumps\, \databases\:\mysql\,\backup_dir\:\/etc\},\anth\:{\dump_dir \:\/backups/anth-sqldumps\,\databases\:\ anth_main anth_students anth_td anth_intranet\,\backup_dir\:\/var/www/anthropology.tamu.edu \}} $val = string2hash($hash_string) notice($val) This is my function, at /etc/puppet/modules/string2hash/lib/puppet/ parser/functions/string2hash.rb - #!/usr/bin/ruby module Puppet::Parser::Functions newfunction(:string2hash, :type = :rvalue) do |args| raise ArgumentError, (string2hash(): wrong number of arguments (#{args.length}; must be 1)) if args.length != 1 raise ArgumentError, (string2hash(): wrong type of argument (#{args[0].kind_of}; must be string)) if args[0].kind_of? String require 'json' begin return JSON.parse(args[0]) rescue Exception = exc raise TypeError, string2hash(): error converting string to hash end end end I use numerous community functions that work without any type of includes , and can't seem to figure out why mine is 'unknown' when puppet clearly sees it. I've restarted both the puppet and puppetmaster daemon repeatedly. Thanks - Trey -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Using back-ported create_resources in 2.6.x
Does anyone have some examples of using this create_resources function, https://github.com/puppetlabs/puppetlabs-create_resources, ? Based on the README example I can't figure out exactly how to change from using defines to using this function. Maybe I misunderstand the purpose of create_resources...is it to replace defines, or is it to allow ENCs (for example) to use a define? Below is an example of a define I use for apache virtual hosts. From the example on the functions readme, does class webserver::instances use the information in $instances? So if I wanted to create files / directories from the information in $instances, would that be done in class webserver::instances or else where? Here's the example... node 'webserver' { apache::vhost { 'drupal-multisite1': domain = 'com', docroot = '/var/www/example2.com/html', options = 'None', override= 'All', protocol= 'http'; 'drupal-multisite2': domain = 'com', docroot = '/var/www/example2.com/html', create_docroot = false, options = 'None', override= 'All', protocol= 'http'; } } define apache::vhost ( $protocol='http', $cname=$name, $domain=false, $server_alias=www.$cname.$domain, $alias_list=false, $docroot=false, $create_docroot=true, $docroot_owner=false, $docroot_group=false, $docroot_mode=false, $options=false, $sendfile=true, $override='None', $order='allow,deny', $allowfrom='all', $denyfrom=false, $source=false ) { host{ ${name}.$domain: ensure = present, host_aliases= [ $name ], ip = $ipaddress_eth0, } if $create_docroot != false { file { $docroot: ensure = directory, owner = $docroot_owner ? { false = undef, default = $docroot_owner, }, group = $docroot_group ? { false = undef, default = $docroot_group, }, mode= $docroot_mode ? { false = undef, default = $docroot_mode, }, require = Package['httpd']; } } file { /etc/httpd/conf.d/$cname.conf: ensure = present, owner = 'root', group = 'root', mode= 644, content = $source ? { false = template('apache/ virtualhost_conf.erb'), default = $source, }, require = Package['httpd'], notify = Exec['reload-apache'], } } Thanks - Trey -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Using back-ported create_resources in 2.6.x
Ah ok! That makes more sense now. Thanks - Trey On Aug 17, 12:59 pm, Nan Liu n...@puppetlabs.com wrote: On Wed, Aug 17, 2011 at 10:27 AM, treydock treyd...@gmail.com wrote: Does anyone have some examples of using this create_resources function,https://github.com/puppetlabs/puppetlabs-create_resources, ? Based on the README example I can't figure out exactly how to change from using defines to using this function. Maybe I misunderstand the purpose of create_resources...is it to replace defines, or is it to allow ENCs (for example) to use a define? The purpose of create resources is not to replace define, but rather to declare resource from a hash. This is typically used to work around ENC limitation of class only so you can provide a hash to generate resources for a node. Below is an example of a define I use for apache virtual hosts. From the example on the functions readme, does class webserver::instances use the information in $instances? So if I wanted to create files / directories from the information in $instances, would that be done in class webserver::instances or else where? Here's the example... node 'webserver' { apache::vhost { 'drupal-multisite1': domain = 'com', docroot = '/var/www/example2.com/html', options = 'None', override = 'All', protocol = 'http'; 'drupal-multisite2': domain = 'com', docroot = '/var/www/example2.com/html', create_docroot = false, options = 'None', override = 'All', protocol = 'http'; } } So if you use create resource, instead of the section above would be: $vhost = { 'drupal-multisite1' = { domain = 'com', ... } } create_resource (apache::vhost, $vhost) It would not change your existing define apache::vhost. Thanks, Nan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Using back-ported create_resources in 2.6.x
On Aug 17, 12:59 pm, Nan Liu n...@puppetlabs.com wrote: On Wed, Aug 17, 2011 at 10:27 AM, treydock treyd...@gmail.com wrote: Does anyone have some examples of using this create_resources function,https://github.com/puppetlabs/puppetlabs-create_resources, ? Based on the README example I can't figure out exactly how to change from using defines to using this function. Maybe I misunderstand the purpose of create_resources...is it to replace defines, or is it to allow ENCs (for example) to use a define? The purpose of create resources is not to replace define, but rather to declare resource from a hash. This is typically used to work around ENC limitation of class only so you can provide a hash to generate resources for a node. Below is an example of a define I use for apache virtual hosts. From the example on the functions readme, does class webserver::instances use the information in $instances? So if I wanted to create files / directories from the information in $instances, would that be done in class webserver::instances or else where? Here's the example... node 'webserver' { apache::vhost { 'drupal-multisite1': domain = 'com', docroot = '/var/www/example2.com/html', options = 'None', override = 'All', protocol = 'http'; 'drupal-multisite2': domain = 'com', docroot = '/var/www/example2.com/html', create_docroot = false, options = 'None', override = 'All', protocol = 'http'; } } So if you use create resource, instead of the section above would be: $vhost = { 'drupal-multisite1' = { domain = 'com', ... } } create_resource (apache::vhost, $vhost) It would not change your existing define apache::vhost. Thanks, Nan Having a bit of trouble now...and the error I'm getting is of no help. Here's my parameter in node definition $redmine_instances = { 'default' = { docroot = '/var/www/rails/redmine', db = 'redmine', db_user = 'redmine', db_pass = '', }, } create_resources('redmine::instance', $redmine_instances) And the defines this is going to... define redmine::instance ( $instances = {} ) { file { $instances[docroot]: ensure = directory, owner = 'apache', } file {$instances[docroot]/config/database.yml: content = production: adapter: mysql database: $instances[db] host: localhost username: $instances[db_user] password: $instances[db_pass] encoding: utf8 , } } That's a trimmed down example, but the error I get is # puppetd --test --debug -v --noop debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/ dscl does not exist debug: Puppet::Type::User::ProviderPw: file pw does not exist debug: Puppet::Type::User::ProviderLdap: true value when expecting false debug: Puppet::Type::User::ProviderUser_role_add: file roleadd does not exist debug: Puppet::Type::File::ProviderMicrosoft_windows: feature microsoft_windows is missing debug: Failed to load library 'ldap' for feature 'ldap' debug: /File[/var/lib/puppet/clientbucket]: Autorequiring File[/var/ lib/puppet] debug: /File[/var/lib/puppet/facts]: Autorequiring File[/var/lib/ puppet] debug: /File[/var/lib/puppet/state/state.yaml]: Autorequiring File[/ var/lib/puppet/state] debug: /File[/var/lib/puppet/ssl/certs/client.tld.pem]: Autorequiring File[/var/lib/puppet/ssl/certs] debug: /File[/var/lib/puppet/client_data]: Autorequiring File[/var/lib/ puppet] debug: /File[/var/lib/puppet/ssl/certs/ca.pem]: Autorequiring File[/ var/lib/puppet/ssl/certs] debug: /File[/etc/puppet/puppet.conf]: Autorequiring File[/etc/puppet] debug: /File[/var/lib/puppet/state/last_run_report.yaml]: Autorequiring File[/var/lib/puppet/state] debug: /File[/var/lib/puppet/ssl]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/ssl/certs]: Autorequiring File[/var/lib/ puppet/ssl] debug: /File[/etc/puppet/namespaceauth.conf]: Autorequiring File[/etc/ puppet] debug: /File[/var/lib/puppet/ssl/private_keys]: Autorequiring File[/ var/lib/puppet/ssl] debug: /File[/var/lib/puppet/ssl/certificate_requests]: Autorequiring File[/var/lib/puppet/ssl] debug: /File[/var/lib/puppet/ssl/private_keys/client.tld.pem]: Autorequiring File[/var/lib/puppet/ssl/private_keys] debug: /File[/var/lib/puppet/state/last_run_summary.yaml]: Autorequiring File[/var/lib/puppet/state] debug: /File[/var/lib/puppet/ssl/crl.pem]: Autorequiring File[/var/lib/ puppet/ssl] debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/classes.txt]: Autorequiring File[/var/lib/ puppet] debug: /File[/var/lib/puppet/client_yaml]: Autorequiring File[/var/lib/ puppet] debug: /File[/var/lib/puppet/ssl/private
[Puppet Users] Service resource throws error for ups but service starts
I have a puppet module to manage Network UPS Tools, but am having trouble getting Puppet to be able to start the ups service without error. What's strange is the service starts just fine, but Puppet returns an error. Here's the service resource I defined... package { 'nut-client':ensure = installed, } service { 'ups': ensure = running, enable = true, hasrestart = true, require = Package['nut-client'], } The error when I run puppet is as follows... debug: Service[ups](provider=redhat): Executing '/sbin/service ups start' err: /Stage[main]/Nut::Slave/Service[ups]/ensure: change from stopped to running failed: Could not start Service[ups]: Execution of '/sbin/ service ups start' returned 1: at /etc/puppet/modules/nut/manifests/ classes/slave.pp:12 I do not know if this is the fault of a bad return code in the init script...here's the init script used... ### BEGIN INIT INFO # Provides: ups # Required-Start: $syslog $network $named # Required-Stop: $local_fs # Default-Stop: 0 1 6 # Short-Description: Starts the Network UPS tools # Description: Network UPS Tools is a collection of programs which provide a common \ # interface for monitoring and administering UPS hardware. ### END INIT INFO # Source function library. if [ -f /etc/init.d/functions ]; then . /etc/init.d/functions elif [ -f /etc/rc.d/init.d/functions ]; then . /etc/rc.d/init.d/functions else exit 0 fi # Get config. if [ -f /etc/sysconfig/ups ]; then . /etc/sysconfig/ups else SERVER=no fi start() { if [ $SERVER = yes ]; then echo -n $Starting UPS driver controller: daemon /sbin/upsdrvctl start /dev/null 21 success || failure RETVAL=$? echo prog=upsd echo -n $Starting $prog: daemon /usr/sbin/upsd $UPSD_OPTIONS /dev/null 21 success || failure if [ $RETVAL = 0 ]; then RETVAL=$? fi echo echo -n $Starting UPS monitor (master): daemon /usr/sbin/upsmon /dev/null 21 success || failure if [ $RETVAL = 0 ]; then RETVAL=$? fi echo else echo -n $Starting UPS monitor (slave): daemon /usr/sbin/upsmon /dev/null 21 success || failure echo fi [ $RETVAL = 0 ] touch /var/lock/subsys/ups } stop() { echo -n $Stopping UPS monitor: killproc upsmon echo if [ $SERVER = yes ]; then prog=upsd echo -n $Stopping $prog: killproc upsd /dev/null 21 success || failure RETVAL=$? echo echo -n $Shutting down upsdrvctl: /sbin/upsdrvctl stop /dev/null 21 success || failure if [ $RETVAL = 0 ]; then RETVAL=$? fi echo fi [ $RETVAL = 0 ] rm -f /var/lock/subsys/ups } restart() { stop start } reload() { # FIXME: upsd and upsmon always return 0 # = can't tell if reload was successful if [ $SERVER = yes ]; then action Reloading upsd: /usr/sbin/upsd -c reload RETVAL=$? fi action Reloading upsmon: /usr/sbin/upsmon -c reload if [ $RETVAL = 0 ]; then RETVAL=$? fi } # See how we are called. case $1 in start) start ;; stop) stop ;; restart) restart ;; try-restart) [ -f /var/lock/subsys/ups ] restart || : ;; reload) reload ;; force-reload) restart ;; status) if [ $SERVER = yes ]; then status upsd fi status upsmon ;; *) echo $Usage: $0 {start|stop|restart|try-restart|reload|force-reload| status} RETVAL=3 esac exit $RETVAL Thanks - Trey -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Passing hash as parameters to manifest
I have a module for backuppc, and am trying to pass a hash to a define to create a single script and the necessary directories. What I can't seem to figure out how to do is have this hash's values be used to create files / directories and also populate a template. Here's the hash... $backuppc_db_dumps = { redmine = { 'backup_dir'= '/var/www/rails/redmine', 'databases' = 'redmine', 'dump_dir' = '/backups/misc-sqldumps', }, general = { 'backup_dir'= '/etc', 'databases' = 'mysql', 'dump_dir' = '/backups/misc-sqldumps', }, } I have successfully used that to with a template to generate a script, but am unsure how to pass those values to a define in order to ensure the dump_dir exists. After the above variable I added backuppc::sqldump { $backuppc_db_dumps: } Here's the define ... define backuppc::sqldump () { file { $name[dump_dir]: ensure = directory, owner = 'root', group = 'root', mode= '0770', } } Is this something that's even possible? The error I get doesn't make any sense to me... err: Could not retrieve catalog from remote server: Error 400 on SERVER: Invalid tag generaldump_dir/backups/misc- sqldumpsdatabasesmysqlbackup_dir/etcredminedump_dir/backups/redmine- sqldumpsdatabasesredminebackup_dir/var/www/rails/redmine at /etc/ puppet/modules/backuppc/manifests/definitions/sqldump.pp:9 on node Thanks - Trey -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Passing hash as parameters to manifest
Looking up the use of create_resources which is mentioned in the bug you linked, looks like it's available only in 2.7.x. I'm currently running 2.6.9, but may be worth upgrading for. I tried you suggestion, but get this error... err: Could not retrieve catalog from remote server: Error 400 on SERVER: Invalid tag dump_dir/backups/redmine- sqldumpsdatabasesredminebackup_dir/var/www/rails/redmine at /etc/ puppet/modules/backuppc/manifests/definitions/sqldump.pp:11 on node ... Also I am not sure what you mean by functions that get an array of first level hash keys. Thanks - Trey On Aug 11, 5:59 pm, Nan Liu n...@puppetlabs.com wrote: On Thu, Aug 11, 2011 at 4:00 PM, treydock treyd...@gmail.com wrote: I have a module for backuppc, and am trying to pass a hash to a define to create a single script and the necessary directories. What I can't seem to figure out how to do is have this hash's values be used to create files / directories and also populate a template. Here's the hash... $backuppc_db_dumps = { redmine = { 'backup_dir' = '/var/www/rails/redmine', 'databases' = 'redmine', 'dump_dir' = '/backups/misc-sqldumps', }, general = { 'backup_dir' = '/etc', 'databases' = 'mysql', 'dump_dir' = '/backups/misc-sqldumps', }, } I have successfully used that to with a template to generate a script, but am unsure how to pass those values to a define in order to ensure the dump_dir exists. After the above variable I added backuppc::sqldump { $backuppc_db_dumps: } You are passing a hash as the resource title, a resource title is either a string or array of string. Here's the define ... define backuppc::sqldump () { file { $name[dump_dir]: ensure = directory, owner = 'root', group = 'root', mode = '0770', } } Is this something that's even possible? The error I get doesn't make any sense to me... Not in the current form, what you are looking for is probably best described here:http://projects.puppetlabs.com/issues/8670 However a small change should allow this to work. (disclaimer, untested, but I've done something similar). define backuppc::sqldump ($var) { $value = $var[$name] file { $value[dump_dir]: ensure = directory, owner = 'root', group = 'root', mode = '0770', } } backuppc::sqldump { ['redmine', 'general']: var =$backuppc_db_dumps, } If you have a functions that gets an array of the first level hash keys, you can use that instead of specifying redmine, general. HTH, Nan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Config files based on rpm version
To get the version you'll likely have to use facts, but once you have the facts you can use something like the following... file { /etc/pam.d/system-auth-ac: source = $operatingsystemrelease ? { /5.(\d)/ = puppet:///modules/kerberize/system-auth-ac, /6.(\d)/ = puppet:///modules/kerberize/system-auth-ac.centos6, }, That example points to a different configuration file based on the OS release number (this example is for CentOS). So the first condition is true if 5.x and the second for anything 6.0 and so on. Should be similar once you have your custom fact made. - Trey On Aug 6, 2:08 am, carl carlla...@gmail.com wrote: Hi, I have a few virtuozzo servers that are running different versions. Some are running 4.0 and some are running 4.6. I am having a hard time figuring out how to set the configuration file based on the rpm version that is currently installed. Is there a tutorial or page that has an example of something like this? Thanks -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Managing sudo via puppet using #includedir
Is anyone having success with #includedir option in sudo? I have a module that uses a definition to create files in /etc/sudoers.d/ which is referenced in the main suders file as #includedir /etc/sudoers, but these entries are not getting referenced when sudo is used. I'm running CentOS 5 and 6, which which sudo-1.7.2p1 and sudo-1.7.2p2 respectively. Here's a weird symptom the problem I'm having... # visudo -c -f /etc/sudoers.d/zabbix-puppet /etc/sudoers.d/zabbix-puppet: syntax error near line 0 parse error in /etc/sudoers.d/zabbix-puppet near line 0 (((NOTE: I made absolutely no changes , just did :q))) # visudo -f /etc/sudoers.d/zabbix-puppet /etc/sudoers.d/zabbix-puppet: syntax error near line 0 # visudo -c -f /etc/sudoers.d/zabbix-puppet /etc/sudoers.d/zabbix-puppet: parsed OK This is my sudoers file... ## Sudoers allows particular users to run various commands as ## the root user, without needing the root password. ## ## Examples are provided at the bottom of the file for collections ## of related commands, which can then be delegated out to particular ## users or groups. ## ## This file must be edited with the 'visudo' command. ## Host Aliases ## Groups of machines. You may prefer to use hostnames (perhaps using ## wildcards for entire domains) or IP addresses instead. # Host_Alias FILESERVERS = fs1, fs2 # Host_Alias MAILSERVERS = smtp, smtp2 ## User Aliases ## These aren't often necessary, as you can use regular groups ## (ie, from files, LDAP, NIS, etc) in this file - just use %groupname ## rather than USERALIAS # User_Alias ADMINS = jsmith, mikem ## Command Aliases ## These are groups of related commands... ## Networking # Cmnd_Alias NETWORKING = /sbin/route, /sbin/ifconfig, /bin/ping, / sbin/dhclient, /usr/bin/net, /sbin/iptables, /usr/bin/rfcomm, /usr/bin/ wvdial, /sbin/iwconfig, /sbin/mii-tool ## Installation and management of software # Cmnd_Alias SOFTWARE = /bin/rpm, /usr/bin/up2date, /usr/bin/yum ## Services # Cmnd_Alias SERVICES = /sbin/service, /sbin/chkconfig ## Updating the locate database # Cmnd_Alias LOCATE = /usr/bin/updatedb ## Storage # Cmnd_Alias STORAGE = /sbin/fdisk, /sbin/sfdisk, /sbin/parted, /sbin/ partprobe, /bin/mount, /bin/umount ## Delegating permissions # Cmnd_Alias DELEGATING = /usr/sbin/visudo, /bin/chown, /bin/chmod, / bin/chgrp ## Processes # Cmnd_Alias PROCESSES = /bin/nice, /bin/kill, /usr/bin/kill, /usr/bin/ killall ## Drivers # Cmnd_Alias DRIVERS = /sbin/modprobe # Defaults specification # # Disable ssh hostname sudo cmd, because it will show the password in clear. # You have to run ssh -t hostname sudo cmd. # ## Defaultsrequiretty # # Preserving HOME has security implications since many programs # use it when searching for configuration files. # Defaultsalways_set_home Defaultsenv_reset Defaultsenv_keep = COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS Defaultsenv_keep += MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE Defaultsenv_keep += LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES Defaultsenv_keep += LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE Defaultsenv_keep += LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY # # Adding HOME to env_keep may enable a user to run unrestricted # commands via sudo. # # Defaults env_keep += HOME # Defaultssecure_path = /sbin:/bin:/usr/sbin:/usr/bin ## Next comes the main part: which users can run what software on ## which machines (the sudoers file can be shared between multiple ## systems). ## Syntax: ## ## userMACHINE=COMMANDS ## ## The COMMANDS section may have other options added to it. ## ## Allow root to run any commands anywhere rootALL=(ALL) ALL ## Allows members of the 'sys' group to run networking, software, ## service management apps and more. # %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS ## Allows people in group wheel to run all commands %wheel ALL=(ALL) ALL ## Same thing without a password # %wheelALL=(ALL) NOPASSWD: ALL ## Allows members of the users group to mount and unmount the ## cdrom as root # %users ALL=/sbin/mount /mnt/cdrom, /sbin/umount /mnt/cdrom ## Allows members of the users group to shutdown this system # %users localhost=/sbin/shutdown -h now #includedir /etc/sudoers.d And this is the /etc/sudoers.d/zabbix-puppet zabbix ALL=NOPASSWD: /var/lib/zabbix/bin/start_puppet What's so strange is if I take that exact line, and put it in /etc/ sudoers , it works just fine. So I know the syntax and such is correct, however it doesn't get called via #includedir. Thanks - Trey -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at
[Puppet Users] Re: Managing sudo via puppet using #includedir
From the sudoer docs it mentioned making the files in /etc/sudoers.d be 440, but what about the folder? Here's the perms on /etc/sudoers.d drwxr-xr-x 2 root root 4096 Jul 26 19:16 . drwxr-xr-x. 64 root root 4096 Jul 26 19:16 .. -r--r- 1 root root 53 Jul 26 19:16 zabbix-puppet - Trey On Aug 1, 3:47 pm, Len Rugen lenru...@gmail.com wrote: It's working here for RHEL 5 6. Check the owner and perms of sudoers.d, that's probably not your problem, but it's the only one we've had. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Managing sudo via puppet using #includedir
Ok , so this was actually two problems... The first , can't have quotes around the folder location in #includedir... Second is the way I was populating those files... Here's the sudo module definition... define sudo::directive ( $ensure=present, $content=, $source= ) { # sudo skipping file names that contain a . $dname = regsubst($name, '\.', '-', 'G') file {/etc/sudoers.d/${dname}: ensure = $ensure, owner = root, group = root, mode= 0440, content = $content ? { = undef, default = $content, }, source = $source ? { = undef, default = $source, }, require = Package[sudo], } } The content method doesn't work, or at least not in the way I've implemented it... So this doesn't work... sudo::directive { zabbix-puppet: ensure = present, content = zabbix ALL=NOPASSWD: /var/lib/zabbix/bin/ start_puppet, #source = puppet:///files/zabbix_sudocmd, } And this works... sudo::directive { zabbix-puppet: ensure = present, #content = zabbix ALL=NOPASSWD: /var/lib/zabbix/bin/ start_puppet, source = puppet:///files/zabbix_sudocmd, } The file zabbix_sudocmd contains the same text as the Content line, however it seems to not add a necessary new line character, as this is the debug output from puppet when I change from source to content... debug: /Stage[main]/Role_zabbix_client/Sudo::Directive[zabbix-puppet]/ File[/etc/sudoers.d/zabbix-puppet]/content: Executing 'diff -u /etc/ sudoers.d/zabbix-puppet /tmp/puppet-file20110801-18801-1wfv1td-0' --- /etc/sudoers.d/zabbix-puppet2011-08-01 18:45:16.248138294 -0500 +++ /tmp/puppet-file20110801-18801-1wfv1td-02011-08-01 18:53:53.566133754 -0500 @@ -1 +1 @@ -zabbix ALL=NOPASSWD: /var/lib/zabbix/bin/start_puppet +zabbix ALL=NOPASSWD: /var/lib/zabbix/bin/start_puppet \ No newline at end of file debug: file_bucket_file supports formats: b64_zlib_yaml marshal pson raw yaml; using yaml info: /Stage[main]/Role_zabbix_client/Sudo::Directive[zabbix-puppet]/ File[/etc/sudoers.d/zabbix-puppet]: Filebucketed /etc/sudoers.d/zabbix- puppet to main with sum 2ecb3670db9e458970153bf00d64b325 notice: /Stage[main]/Role_zabbix_client/Sudo::Directive[zabbix-puppet]/ File[/etc/sudoers.d/zabbix-puppet]/content: content changed '{md5} 2ecb3670db9e458970153bf00d64b325' to '{md5} 348da8bc5d9eacaf6334b092d95001eb' Notice the No newline at end of file... I can use content if I add a \n to the end of the line, which doesn't seem like it should be necessary, but it works. Thanks!! - Trey On Aug 1, 6:35 pm, vagn scott vagnsc...@gmail.com wrote: On 08/01/2011 01:41 PM, treydock wrote: #includedir /etc/sudoers.d Maybe without the quotation marks? -- vagn -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Import existing classes to puppet-dashboard
Is there currently a way to import existing puppet modules and classes into the puppet-dashboard? If not , will defining them in puppet-dashboard make the nodes aware of modules already created in puppet? I found this issue opened on the subject, http://projects.puppetlabs.com/issues/3503, but did not see anything mentioning this in the 1.2rc1 release notes. Thanks - Trey -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Puppet 2.7.x and Facter 1.6 packages for Redhat/CentOS 5
I've begun using the spec file provided in the puppet and facter sources to build my own RPMs. So far to make the provided work with 2.7.1, I've made these changes... The addition of ruby-shadow requirement and the namespace-auth.conf are not necessary. I added ruby-shadow to force it always installed and the namespace-auth.conf may no longer be necessary with 2.7.1, but was for as far up as 2.6.8. $ diff -u puppet.spec.orig puppet.spec --- puppet.spec.orig2011-07-16 12:51:01.0 -0500 +++ puppet.spec 2011-07-11 17:19:20.0 -0500 @@ -5,8 +5,8 @@ %global confdir conf/redhat Name: puppet -Version:2.6.0 +Version:2.7.1 Release:1%{?dist} Summary:A network tool for managing many disparate systems License:Apache 2.0 URL:http://puppetlabs.com @@ -25,6 +25,8 @@ Requires: ruby(abi) = 1.8 Requires: ruby-shadow %endif +Requires: ruby-shadow # Pull in ruby selinux bindings where available %if 0%{?fedora} = 12 || 0%{?rhel} = 6 @@ -105,6 +107,9 @@ install -Dp -m0644 conf/auth.conf %{buildroot}%{_sysconfdir}/puppet/ auth.conf install -Dp -m0644 %{confdir}/logrotate %{buildroot}%{_sysconfdir}/ logrotate.d/puppet +# Create empty namespaceauth.conf file +touch %{buildroot}%{_sysconfdir}/puppet/namespaceauth.conf + # We need something for these ghosted files, otherwise rpmbuild # will complain loudly. They won't be included in the binary packages touch %{buildroot}%{_sysconfdir}/puppet/puppetmasterd.conf @@ -130,7 +135,7 @@ %files %defattr(-, root, root, 0755) -%doc CHANGELOG COPYING LICENSE README README.queueing examples +%doc CHANGELOG README.md %{_bindir}/pi %{_bindir}/puppet %{_bindir}/ralsh @@ -144,6 +149,7 @@ %config(noreplace) %{_sysconfdir}/sysconfig/puppet %config(noreplace) %{_sysconfdir}/puppet/puppet.conf %config(noreplace) %{_sysconfdir}/puppet/auth.conf +%config(noreplace) %{_sysconfdir}/puppet/namespaceauth.conf %ghost %config(noreplace,missingok) %{_sysconfdir}/puppet/ puppetca.conf %ghost %config(noreplace,missingok) %{_sysconfdir}/puppet/ puppetd.conf %config(noreplace) %{_sysconfdir}/logrotate.d/puppet @@ -163,6 +169,7 @@ %{_mandir}/man8/puppetd.8.gz %{_mandir}/man8/ralsh.8.gz %{_mandir}/man8/puppetdoc.8.gz +%{_mandir}/man8/puppet-* %files server %defattr(-, root, root, 0755) Michael would you be the person to contact about assisting with maintaining the puppet RPMs for puppet? I could also probably contribute a few other packages - Trey On Jul 14, 7:25 pm, Michael Stahnke stah...@puppetlabs.com wrote: I have builds of facter 1.6 and puppet 2.7.2 for EL 5 and 6 available http://stahnma.fedorapeople.org/puppetlabs/ I'm working on Fedora 14/15 builds currently also. These also are not currently signed, and there is no stahnma-repo rpm or anything like that. I'm basically just trying scratch an itch a few people have. This won't be a permanent location. We are working on updating and official puppet labs repository as well. Mike -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Puppet 2.7.x and Facter 1.6 packages for Redhat/CentOS 5
I've begun using the spec file provided in the puppet and facter sources to build my own RPMs. So far to make the provided work with 2.7.1, I've made these changes... The addition of ruby-shadow requirement and the namespace-auth.conf are not necessary. I added ruby-shadow to force it always installed and the namespace-auth.conf may no longer be necessary with 2.7.1, but was for as far up as 2.6.8. $ diff -u puppet.spec.orig puppet.spec --- puppet.spec.orig2011-07-16 12:51:01.0 -0500 +++ puppet.spec 2011-07-11 17:19:20.0 -0500 @@ -5,8 +5,8 @@ %global confdir conf/redhat Name: puppet -Version:2.6.0 +Version:2.7.1 Release:1%{?dist} Summary:A network tool for managing many disparate systems License:Apache 2.0 URL:http://puppetlabs.com @@ -25,6 +25,8 @@ Requires: ruby(abi) = 1.8 Requires: ruby-shadow %endif +Requires: ruby-shadow # Pull in ruby selinux bindings where available %if 0%{?fedora} = 12 || 0%{?rhel} = 6 @@ -105,6 +107,9 @@ install -Dp -m0644 conf/auth.conf %{buildroot}%{_sysconfdir}/puppet/ auth.conf install -Dp -m0644 %{confdir}/logrotate %{buildroot}%{_sysconfdir}/ logrotate.d/puppet +# Create empty namespaceauth.conf file +touch %{buildroot}%{_sysconfdir}/puppet/namespaceauth.conf + # We need something for these ghosted files, otherwise rpmbuild # will complain loudly. They won't be included in the binary packages touch %{buildroot}%{_sysconfdir}/puppet/puppetmasterd.conf @@ -130,7 +135,7 @@ %files %defattr(-, root, root, 0755) -%doc CHANGELOG COPYING LICENSE README README.queueing examples +%doc CHANGELOG README.md %{_bindir}/pi %{_bindir}/puppet %{_bindir}/ralsh @@ -144,6 +149,7 @@ %config(noreplace) %{_sysconfdir}/sysconfig/puppet %config(noreplace) %{_sysconfdir}/puppet/puppet.conf %config(noreplace) %{_sysconfdir}/puppet/auth.conf +%config(noreplace) %{_sysconfdir}/puppet/namespaceauth.conf %ghost %config(noreplace,missingok) %{_sysconfdir}/puppet/ puppetca.conf %ghost %config(noreplace,missingok) %{_sysconfdir}/puppet/ puppetd.conf %config(noreplace) %{_sysconfdir}/logrotate.d/puppet @@ -163,6 +169,7 @@ %{_mandir}/man8/puppetd.8.gz %{_mandir}/man8/ralsh.8.gz %{_mandir}/man8/puppetdoc.8.gz +%{_mandir}/man8/puppet-* %files server %defattr(-, root, root, 0755) Who would be the person to contact about assisting with maintaining the puppet RPMs for EPEL or whoever else provides a public puppet RPM? - Trey On Jul 14, 7:25 pm, Michael Stahnke stah...@puppetlabs.com wrote: I have builds of facter 1.6 and puppet 2.7.2 for EL 5 and 6 available http://stahnma.fedorapeople.org/puppetlabs/ I'm working on Fedora 14/15 builds currently also. These also are not currently signed, and there is no stahnma-repo rpm or anything like that. I'm basically just trying scratch an itch a few people have. This won't be a permanent location. We are working on updating and official puppet labs repository as well. Mike -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Seemingly random failures after 2.7.1 upgrade
I think the way I posted the contents of the modules may have been misleading, as I do actually have each class in it's own file so kvm::host class has it's own host.pp file. So far I've actually noticed this problem only on my modules that make use of the autoloading, so each class in it's own *.pp file. Not all my modules suffer from this, but that's one common thing among the ones that do fail. I'm in the process of moving my other modules to that layout as they currently have all classes in init.pp, but interestingly enough none of those modules have had random failures. - Trey On Jul 13, 1:29 am, Peter Meier peter.me...@immerda.ch wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Is using an empty class in init.pp problematic ? All of these modules worked just fine before going from 2.6.8 to 2.7.1. I have no idea, whether this is the problem. But why do you do: # manifests/init.pp import classes/*.pp class kvm { } # manifests/classes/host.pp class kvm::host { ? Why not just have one file manifests/host.pp that contains the kvm::host class? Everything else is not really necessary. Puppet has quite a powerfull autoloading feature of classes and I think it can be seen as a general best practice to have one class in a file in its corresponding path on the filesystem. With your current way you would need a global import kvm, so that the init.pp class is actually parsed, so that the files in classes/ are imported. If this is not the case and the kvm::host class is not in a file that can be found by the autoloader it won't find the class. This becomes even trickier as other hosts can now interfere which classes are available while compiling the next hosts classes, as an import statement might only have been executed if Host A is compiled and only this would then make these imported classes that Host B requires available. Actually, I remember that the autoloader should also look into init.pp for the kvm::host class. But it's possible that something like that might have changed in 2.7. But I don't know it. Due to these two reasones (magic availability of classes, possible changes in how classes become available in 2.7) I would generally recommend to *not* use import statements and instead use puppet's autoloading feature. They're rather hard to debug. ~pete -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla -http://enigmail.mozdev.org/ iEYEARECAAYFAk4dOygACgkQbwltcAfKi39akACcCwslVzxzrTy3/H0r7kGyi4dB M4gAn1LHtc/LGk7OtbVfDolhm5cXwm/p =lWHm -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Running puppet client on OS X
That's what I was thinking would be the case, but since the puppetmaster files are also installed in OS X, that must by why a puppet user is required. So is there a way to do a client only install of Puppet in OS X? On Jul 12, 1:47 am, Patrick kc7...@gmail.com wrote: On Jul 11, 2011, at 7:51 PM, treydock wrote: What is the preferred method for running the puppet client in OS X? So far all methods I've tried seem to default to running the client as the root user. Should this be changed to run as a puppet user? Should I explicitly define puppet as the user in puppet.conf? As a test I ran puppetd --test --debug -v and successfully had it check my puppetmaster while the OS X directories (/etc/puppet, /var/ lib/puppet/*) were owned by root, and it still worked. Usually the puppet client is run as root because this allows it to change things in the system. For instance, you can't install packages or change most files in /etc if you are not root. You can run the puppet client as a non-root user. It's just not as common. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Seemingly random failures after 2.7.1 upgrade
I recently upgraded my Puppetmaster to 2.7.1, and am now having what seem to be random puppet run failures on almost all my nodes. All nodes except the actual puppetmaster are running 2.6.8. Right now I will get alerted about a failure, then log into that system and do a manual run, which will succeed. Then maybe a few hours later another run will fail, and nothing has changed on the puppetmaster. So far two modules seem to be the most frequent failures. Here's the error from puppet-dashboard on a 2.6.8 client err Could not retrieve catalog from remote server: Error 400 on SERVER: Could not find class zabbix::agent for puppetclient0.domain at /etc/puppet/manifests/nodes.pp:177 on node puppetclient0.domain Puppet 2011-07-12 05:04 CDT err Could not retrieve catalog; skipping runPuppet 2011-07-12 05:04 CDT notice Using cached catalog That module is a bit large to paste in here, but it can be viewed at https://github.com/treydock/puppet-zabbix. The other failures are on similarly designed modules and I've also noticed that one very basic modules seem to be failing randomly on two clients, both are 2.6.8 err Could not retrieve catalog from remote server: Error 400 on SERVER: Could not find class kvm::host for puppetclient1.domain at / etc/puppet/manifests/roles.pp:35 on node puppetclient1.domain Puppet 2011-07-12 05:08 CDT err Could not retrieve catalog; skipping runPuppet 2011-07-12 05:08 CDT notice Using cached catalog -- Here's the module... # manifests/init.pp import classes/*.pp class kvm { } # manifests/classes/host.pp class kvm::host { package {'libvirt': ensure = installed, } service { 'libvirtd': enable = true, ensure = running, require = Package['libvirt']; } logrotate::file { 'libvirtd': log = '/var/log/libvirt/qemu/*.log', interval= 'weekly', rotation= '52', archive = 'true', minsize = '100k', options = [ 'missingok', 'notifempty', 'sharedscripts', 'dateext', 'copytruncate' ], } } Is using an empty class in init.pp problematic ? All of these modules worked just fine before going from 2.6.8 to 2.7.1. Thanks - Trey -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Running puppet client on OS X
What is the preferred method for running the puppet client in OS X? So far all methods I've tried seem to default to running the client as the root user. Should this be changed to run as a puppet user? Should I explicitly define puppet as the user in puppet.conf? As a test I ran puppetd --test --debug -v and successfully had it check my puppetmaster while the OS X directories (/etc/puppet, /var/ lib/puppet/*) were owned by root, and it still worked. Additionally, is the puppetmasterd process / configuration necessary to run only the client on OS X? Using Puppet's provided spec file for CentOS I can create a client only RPM, but can not seem to do this from source or using the provided shell script in conf/osx. Thanks - Trey -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: How to define a hash table and loop over them in a definition?
Here's an example of how I have done this, and also a good way to test the idea... I created test.pp with these contents...you can also specify the $apparray else where, for example in the node definition $apparray = { app1 = { 'path' = '/test/path1', 'command' = 'cmd1' }, app2 = { 'path' = '/test/path2', 'command' = 'cmd2' }, } file { /etc/puppet/output: content = template(/etc/puppet/test.erb) } Then create the template file that the hash is used in, test.erb, this is where you loop through your values % apparray.each do |key,value| -% Key: %= key % Path: %= value['path'] % Command: %= value['command'] % % end -% Then to generate the output file you run ... # puppet test.pp notice: /Stage[main]//File[/etc/puppet/output]/content: content changed '{md5}c473dbf9c2539d14a3042f81ab2edafd' to '{md5} 9568aa118a031c5621c65c36bbe34bfe' notice: Finished catalog run in 0.03 seconds The output file should look something like this Key: app1 Path: /test/path1 Command: cmd1 Key: app2 Path: /test/path2 Command: cmd2 - Trey On Jun 29, 8:16 pm, Haitao Jiang jianghai...@gmail.com wrote: This may have been asked before, if so, please excuse me and point me to the right direction. What I want to do is to define a hash table with multiple key-value pairs. I would like to pass this variable to a file template and generate a result file with all the mappings listed. Based on what I read, I need to do it in a definition. But does Puppet supports loop over a hash? Any help would be highly appreciated. I am using Puppet 2.6.8 Thanks -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Module variables missing during some puppet runs
Thanks John, the if has_variable was the key and allowed me to remove the default variable definition. If anyone is interested I posted an explanation and link to the source here, http://itscblog.tamu.edu/managing-zabbix-agents-with-puppet/. Thanks - Trey On Jun 6, 8:38 am, jcbollinger john.bollin...@stjude.org wrote: On Jun 3, 11:58 am,treydocktreyd...@gmail.com wrote: I am getting the following error on about every other manual run of puppet... (hostnames removed) err: Could not retrieve catalog from remote server: Error 400 on SERVER: Failed to parse template zabbix/userparameter_mysql_conf.erb: Could not find value for 'zabbix_mysql_user_parameters' at /etc/puppet/ modules/zabbix/manifests/classes/mysql.pp:7 on node puppetclient.domain If runs sometimes succeed and sometimes fail for the same node then you probably have a missing dependency somewhere. If there were exactly one missing dependency involved then the first-order estimate would be that half your runs would fail. If I then do another puppet run, I do not receive the error. It seems that just about every other manual run during testing of new module changes has this happen. This is occuring on ALL my puppet clients that are using the zabbix::mysql module. All systems running Puppet-2.6.8. Below is the full debug log and my zabbix module. The $zabbix_mysql_user_parameters variable is optional...right now only one node has it defined explicitly, like so: $zabbix_mysql_user_parameters = { item1 = { 'name' = 'mediawiki.usercount[*]', 'command' = 'mysql -B -s -e SELECT count(*) FROM user $1'}, } This is the mysql class for zabbix where the empty variable is defined so that if no node has it defined it shouldn't fail... $zabbix_mysql_user_parameters = [] class zabbix::mysql inherits zabbix::agent { file { $zabbix_userparameter_config_dir/userparameter_mysql.conf: content = template(zabbix/ userparameter_mysql_conf.erb), group = zabbix, owner = zabbix, mode = 600, require = Package[zabbix-agent]; $zabbix_user_home_dir/.my.cnf: source = puppet:///modules/zabbix/.my.cnf, group = zabbix, owner = zabbix, mode = 600, require = [ Package[zabbix-agent], File[$zabbix_user_home_dir] ]; } } The variable definition is at top level in the class's file? And you're relying on that to provide a default definition of the variable? Ew. Now you have dynamic scoping thrown in. But that ought to be parse-order dependent, so although it could explain some nodes succeeding but others failing, I don't think it explains individual nodes flopping back and forth between success and failure. Here's the variables usage in the template... % zabbix_mysql_user_parameters.each do |key, value_hash| -% UserParameter=%= value_hash['name'] %,HOME=%= zabbix_user_home_dir % %= value_hash['command'] % % end -% Would the solution be to make the template call use this instead?? % if has_variable?(zabbix_mysql_user_parameters) -% % zabbix_mysql_user_parameters.each do |key, value_hash| -% UserParameter=%= value_hash['name'] %,HOME=%= zabbix_user_home_dir % %= value_hash['command'] % % end -% % end -% Maybe. Does the node that has a customized value for the variable ever fail? Does it always get the userparameter_mysql.conf template filled correctly? If so then yes, your template change should do the trick, and you could then also remove the default variable definition (which isn't reliably working anyway). Otherwise, probably not. That solution would likely make the errors disappear, but it wouldn't fix the actual problem. Chances are that nodes with customized $zabbix_mysql_user_parameters would flip flop. In that case, the solution would probably require figuring out what dependency is needed and putting it in. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: New Puppet report processors...
I don't have any lines like that no. Could the daemon line for puppetmaster be effecting this? Is the -- reports option necessary since my puppet.conf has that specified? PUPPETMASTER_EXTRA_OPTS=--reports puppet_dashboard --debug Other than that and my puppet.conf I haven't found any further configurations I've implemented effecting use of reports Thanks - Trey On Jun 8, 10:57 am, James Turnbull ja...@puppetlabs.com wrote: treydock wrote: My [master] has : report = true reports = http, store, xmpp pluginsync = true The [agent] includes: report = true listen = true pluginsync = true The second agent I tested with also has the same configuration as the above [agent] Correct, the xmpp.yaml has all that information. What I was asking about the remote client not having mail.yaml is I enabled pluginsync on the remove client to see if the results would differ and it failed stating the mail.yaml was missing (locally on the client). But if the repots = xmpp is only defined for [master] then should I not include pluginsync = true on the clients? So you don't have anything like the line: Sending status for name.of.host to XMMP user jabber.user in your Puppet master syslog. Regards James -- James Turnbull Puppet Labs 1-503-734-8571 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: New Puppet report processors...
That did it! I'm now getting messages over Jabber upon failure!! Is the debug output you refered to earlier, Sending status for name.of.host to XMMP user jabber.user something I would see from Puppet or the Jabber server? I have yet to see similar output, but the IM is now working. Also now that I have this working I tried switching the settings in xmpp.yaml, but am still getting messages on the account from old settings. Is there a cache or location I need to clear for puppet to use the new xmpp.yaml settings? Thanks - Trey On Jun 8, 3:43 pm, James Turnbull ja...@puppetlabs.com wrote: treydock wrote: I don't have any lines like that no. Could the daemon line for puppetmaster be effecting this? Is the -- reports option necessary since my puppet.conf has that specified? PUPPETMASTER_EXTRA_OPTS=--reports puppet_dashboard --debug Other than that and my puppet.conf I haven't found any further configurations I've implemented effecting use of reports Specifying --reports on the command line in PUPPETMASTER_EXTRA_OPTS I am pretty sure will override the puppet.conf configuration rather than add to it. I'd take it out of there and put it into puppet.conf on the master. Regards James Turnbull -- James Turnbull Puppet Labs 1-503-734-8571 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: New Puppet report processors...
Scratch my last question, had to restart puppetmaster. Thanks again for your help and these plugins - Trey On Jun 8, 5:01 pm, treydock treyd...@gmail.com wrote: That did it! I'm now getting messages over Jabber upon failure!! Is the debug output you refered to earlier, Sending status for name.of.host to XMMP user jabber.user something I would see from Puppet or the Jabber server? I have yet to see similar output, but the IM is now working. Also now that I have this working I tried switching the settings in xmpp.yaml, but am still getting messages on the account from old settings. Is there a cache or location I need to clear for puppet to use the new xmpp.yaml settings? Thanks - Trey On Jun 8, 3:43 pm, James Turnbull ja...@puppetlabs.com wrote: treydock wrote: I don't have any lines like that no. Could the daemon line for puppetmaster be effecting this? Is the -- reports option necessary since my puppet.conf has that specified? PUPPETMASTER_EXTRA_OPTS=--reports puppet_dashboard --debug Other than that and my puppet.conf I haven't found any further configurations I've implemented effecting use of reports Specifying --reports on the command line in PUPPETMASTER_EXTRA_OPTS I am pretty sure will override the puppet.conf configuration rather than add to it. I'd take it out of there and put it into puppet.conf on the master. Regards James Turnbull -- James Turnbull Puppet Labs 1-503-734-8571 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: New Puppet report processors...
%250Ac7thlI2Lobidi65ly718uTIW7RAiU0FLRXRZbYih1XY1jgvv%252BDrYnJS2oXfF %250AI9coup0ikJnZ7BY%252FJoouju8X1%252BNng5nDjnU %252F7zHecrk5bxvEO96JFWVS3uVG %250ApdXzhgIcMqXPKZPOoXAUzxdjrYHujt3xoTR2873PGnvLs7ultDqa%252Fb45XUSl %250AmYQz %252BwiPcteY5atFhuDU0lYbY9KLpdgZKQvrr7%252BeGKCIqlwchajqZ9rfbuZU %250Asv5FLByE039stnpekDIE7xUZCH2YqGCdITDNIlCPBa4aC9U8YJjnwPjUtE%252FC %250AU%252B1qCV84VTUuqHj1fShQQk%252BiFAX%252FWf4X7FAcVf89cwN %252Bv3SBZxkA%252FkdbqNMZ %250AjR8f56vM6jlUNw2wa3kHZgDTU4zDeuNz3v0gkB71imnnVXPqreqsXxW1fwXx %250AL6q%252FLx2E2LlQMX525zcFuMQk %252FWEG1mJGuxnhL3UQWspPo4YqEUVjsarDhOmF%250AzoEjlZU2ef5WI %252BHzolr6oiohvH7af%252BM%252BBtXHRKpEkuWkLyJZaXKt5mxLkT40%250A %252BXdX%252Fz9R%252BVTtH6bcS7p%252Fb%252Fnq9lMP3D %252F1wHc6Br3rdTXDeuCztiX9%252FtxaH6Tw%250AshP6hm0HQ32T9e5Tc9tXdtO7I %252BfBNCHrxkOKokeA5cP%252BrC3jvrk%252BaWhzRgfM %250A6numHR2ZwDf1mcnY3KHnN5h %252BxIx2Xd5kr4tp5zobyl2YzGMOrYceF44aUb47%250AQykNikOxyw %252FCWRtMCvsyE4qZVVLRGq8kpW3dLX%252B2FMuOUsU %252FtPojf2d2%252BTl7%250A2pXr %252FsMOLP52RSMpYVaVtk20kdW4ygiWQzwupe6JK9G4XaxLqAyvRNJ7qCiu%250AYr %252FtbPSpYKz2rO1cpJ3FXZyekY%252BHWDqT0VyJ7MlIEc2k0btfTHgTvMU %252BFMb6%250AIdns3dHkEJBcmKbl48iJWec0vuq6gW5Haz %252Fjb9aRa9uasM1M05r6k6RrMUwy %250AXzQaJukSg5sV0Ml1z2ynRy2oEpoMND84zfcMlzxmgWCnhj9v77dizoo2KaKd %250A5k7jK78s8djTFpf5YTUNokUv1S6DIDkd522l0d9aS4aFo51BDuZwnT36Mo70%250Aadze6pNwhKc7MxaWEXtOznrg4%252Bstv4xGflzcZGcQnZLHtEPkxaqUtpO47UTD %250Asz%252FenVDOG8O%252B620H2x7U0NSl%252FC%252BHcGz89Tdq1Ul%252B %250Afacts_format=b64_zlib_yaml [2011-06-07 02:24:19] DEBUG close: 10.1.0.1:39742 Thanks - Trey On Jun 6, 11:12 pm, James Turnbull ja...@puppetlabs.com wrote: treydock wrote: The report processor was synced to /var/lib/puppet/lib/reports/ . I enabled puppetmaster to run in debug mode but haven't seen anything mentioning reports when I run test runs. I purposly misspelled a module for the puppetmaster and run puppetd --test, but no reports except those in puppet-dashboard. I could be looking in the wrong place. Here's the debug output of the failed puppet run...(hostname replaced) Can I get the master log please. That's where the report is triggered. Regards James -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: New Puppet report processors...
Excuse the dumb question, but what file is the default location or what configuration variable defines that location? I've noticed the bulk of puppetmaster logs go either in /var/log/ puppet/masterhttp.log (previous message) or /var/log/message (syslog I'm assuming). Or is there a different place I should be looking? Thanks - Trey On Jun 7, 9:29 am, James Turnbull ja...@puppetlabs.com wrote: treydock wrote: This is the output from master.log during the failed puppet run. Sorry I meant the output from the master daemon puppetmasterd or puppet master. Thanks James -- James Turnbull Puppet Labs 1-503-734-8571 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Issue with change from absent to present failed...no such file or directory
Ah that did the trick...now a new error. I tried simplifying the module from camptocamp, https://github.com/camptocamp/puppet-dhcp, but a lot of it's usage I don't understand, and as such my simplification just broke it. I've got it much farther now...near the end of puppet run I get this error... err: Could not run Puppet configuration client: Parameter source failed: Could not understand source false: private method `gsub' called for false:FalseClass at /etc/puppet/modules/common/manifests/ definitions/concatfilepart.pp:51 This is the first time to use the puppet-common, https://github.com/camptocamp/puppet-common, module and that seems to be what's generating the error. Below is the updated config and debug output...The node I'm testing on has include fog_server === manifests/init.pp === import classes/*.pp import definitions/*.pp class dhcp { include dhcp::server } === manifests/classes/server.pp === class dhcp::server { include dhcp::params package {dhcp: ensure = present, } service {dhcpd: ensure = running, enable = true, require = Package[dhcp], } file {${dhcp::params::dhcp_config_dir}/subnets: ensure = directory, source = 'puppet:///dhcp/empty', recurse = true, purge = true, owner = 'root', group = 'root', mode= '755', notify = Service['dhcpd'], require = Package['dhcp'], } common::concatfilepart {00.dhcp.server.base: file= ${dhcp::params::dhcp_config_dir}/dhcpd.conf, ensure = present, require = Package[dhcp], notify = Service[dhcpd], } file {/etc/dhcpd.conf: content = template(dhcp/dhcpd_conf.erb), ensure = present, require = Package[dhcp], notify = Service[dhcpd], } } === manifests/classes/params.pp === /* = Class: dhcp::params Do NOT include this class - it won't do anything. Set variables for names and paths */ class dhcp::params { case $operatingsystem { CentOS: { $dhcp_config_dir = $operatingsystemrelease? { 5.6 = /etc/dhcp, } } } } === manifests/definitions/subnet.pp === define dhcp::subnet ( $name=false, $netmask=false, $range_start=false, $range_end=false, $router=false, $domain_name=false, $dns_servers=false, $pxe_opts=false) { include dhcp::params common::concatfilepart {dhcp.${name}: file = ${dhcp::params::dhcp_config_dir}/dhcpd.conf, ensure = $ensure, content = include \${dhcp::params::dhcp_config_dir}/subnets/ ${name}.conf\;\n, } file {${dhcp::params::dhcp_config_dir}/subnets/${name}.conf: ensure = present, owner = 'root', group = 'root', content = template(dhcp/subnet_conf.erb), notify = Service[dhcpd], } } === manifests/roles.pp === class role_dhcp_server { $my_role = dhcp_server $dhcpd_domain_name = tamu.edu $dhcpd_dns_servers = 0.0.0.0, 0.0.0.0 $dhcpd_authoritative = true $dhcpd_ddns_update = interim $dhcpd_opts = [ 'allow booting', 'allow bootp', 'use-host-decl- names on', 'ignore client-updates;' ] include dhcp } class fog_server { include role_dhcp_server dhcp::subnet { 10.1.0.1: name= '10.1.0.1', netmask = '255.255.255.0', range_start = '10.1.0.10', range_end = '10.1.0.254', router = '10.1.0.1', domain_name = 'tamu.edu', dns_servers = 0.0.0.0, 0.0.0.0, pxe_opts= [ 'filename pxelinux.0;' ], } } Thanks - Trey On Jun 7, 11:14 am, Jamison Fryman jami...@puppetlabs.com wrote: Trey, It looks like the module is attempting to create a file resource in /etc/subnets, versus your intended directory of $dhcp_config_dir/subnets. Puppet is creating an error because the directory /etc/subnets does not exist, and puppet will not automatically create the directory if it is not managed. I'm not sure if this is your intended behavior after looking at your code. Try this instead: In your custom resource block dhcp::subnet, change the file resource from /etc/subnets/$name.conf to ${dhcp_config_dir}/subnets/${name}.conf. This might be the behavior you're looking for. -jamison -- Jamison Fryman jami...@puppetlabs.com ph +1.615.669.2048 | twitter jfryman | gtalk: jami...@puppetlabs.com On Jun 7, 2011, at 8:40 AM, Trey Dockendorf wrote: I'm working on a DHCP module, modeled after thishttps://github.com/camptocamp/puppet-dhcp. Mine is just a much simpler
[Puppet Users] Re: New Puppet report processors...
I'm doing this incorrectly here is my /etc/sysconfig/puppetmaster PUPPETMASTER_EXTRA_OPTS=--reports puppet_dashboard --debug Also I induced a failed puppet run on a remote client and noticed that it failed to import the xmpp report plugins because the xmpp.yaml file wasn't readable. I fixed by copying the server's copy to the client's /etc/puppet directory. Does that file have to be pushed to all clients? Could that file configuration be sent to all clients from the puppet-xmpp module or should I create another module for that , something like plugins ? Thanks! - Trey On Jun 7, 3:42 pm, James Turnbull ja...@puppetlabs.com wrote: treydock wrote: Excuse the dumb question, but what file is the default location or what configuration variable defines that location? I've noticed the bulk of puppetmaster logs go either in /var/log/ puppet/masterhttp.log (previous message) or /var/log/message (syslog I'm assuming). Or is there a different place I should be looking? On the Puppet master it defaults to syslog - so it'll end up in /var/log/messages. Regards James -- James Turnbull Puppet Labs 1-503-734-8571 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: New Puppet report processors...
My [master] has : report = true reports = http, store, xmpp pluginsync = true The [agent] includes: report = true listen = true pluginsync = true The second agent I tested with also has the same configuration as the above [agent] Correct, the xmpp.yaml has all that information. What I was asking about the remote client not having mail.yaml is I enabled pluginsync on the remove client to see if the results would differ and it failed stating the mail.yaml was missing (locally on the client). But if the repots = xmpp is only defined for [master] then should I not include pluginsync = true on the clients? Thanks - Trey On Jun 7, 7:32 pm, James Turnbull ja...@puppetlabs.com wrote: treydock wrote: Ok I restarted puppetmaster daemon and then broke a module to create a failed puppet run on the same host as the master...and here's /var/log/ messages from that Can I confirm you have: [master] report = true reports = xmpp [agent] report = true In your puppet.conf on the master and the [agent] block on the client? You mentioned an issue with the xmpp.yaml file? That should have you Jabber jid, password, target etc and be located in /etc/puppet on the master - not sync'ed with the module. Regards James Turnbull -- James Turnbull Puppet Labs 1-503-734-8571 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: New Puppet report processors...
for puppetmaster.domain debug: Using cached certificate_revocation_list for ca debug: file_metadata supports formats: b64_zlib_yaml marshal pson raw yaml; using pson debug: Finishing transaction 23786215024480 info: Loading facts in mysql info: Loading facts in mysql info: Loading facts in mysql info: Loading facts in mysql debug: catalog supports formats: b64_zlib_yaml dot marshal pson raw yaml; using pson err: Could not retrieve catalog from remote server: Error 400 on SERVER: Could not find class backuppc::clien at /etc/puppet/manifests/ nodes.pp:14 on node puppetmaster.domain warning: Not using cache on failed catalog err: Could not retrieve catalog; skipping run debug: Using cached certificate for ca debug: Using cached certificate for puppetmaster.domain debug: Using cached certificate_revocation_list for ca debug: Value of 'preferred_serialization_format' (pson) is invalid for report, using default (b64_zlib_yaml) debug: report supports formats: b64_zlib_yaml marshal raw yaml; using b64_zlib_yaml Thanks - Trey On Jun 5, 12:02 pm, James Turnbull ja...@puppetlabs.com wrote: treydock wrote: These will be most useful!! Thank you. How can I test that these are functioning? I have setup the XMPP as well as modified that to send emails. However when I purposely cause a puppet run to fail I do not receive either email or jabber message. Is the report processor xmpp.rb pluginsync'ed on your Puppet master? Is there any log out on the Puppet master when you run in --debug mode? Regards James Turnbull -- James Turnbull Puppet Labs 1-503-734-8571 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: New Puppet report processors...
These will be most useful!! Thank you. How can I test that these are functioning? I have setup the XMPP as well as modified that to send emails. However when I purposely cause a puppet run to fail I do not receive either email or jabber message. Thanks - Trey On May 31, 10:09 am, James Turnbull ja...@puppetlabs.com wrote: Hi all On my TODO list for about a year now has been a tutorial on how easy it is to write Puppet report processors and how much more you can do with them than just email/log/store Puppet report data. Rather than write a whole tutorial I decided to create a whole series of examples of report processors that should: a) Provide some immediate solutions that you can deploy right now, and b) Provide good examples of things you can do with report processing that you can take, fork and modify. All of them are released under the Apache 2.0 license. In that spirit I've created ten new report processors: 1. Reports failed runs to an IRC channel -https://github.com/jamtur01/puppet-irc 2. Reports failed runs and logs to PagerDuty -https://github.com/jamtur01/puppet-pagerduty 3. Reports failed runs to Jabber/XMPP -https://github.com/jamtur01/puppet-xmpp 4. Reports failed runs to Twitter -https://github.com/jamtur01/puppet-twitter 5. Reports failed runs and logs to Campfire -https://github.com/jamtur01/puppet-campfire 6. Reports failed runs to Twilio -https://github.com/jamtur01/puppet-twilio 7. Reports failed runs to Boxcar -https://github.com/jamtur01/puppet-boxcar 8. Reports failed runs to HipChat -https://github.com/jamtur01/puppet-hipchat 9. Sends metrics to a Ganglia server via gmetric -https://github.com/jamtur01/puppet-ganglia 10. Reports failed runs to Growl -https://github.com/jamtur01/puppet-growl Comments, feedback, testing and ideas for other integrations all welcomed. Regards James -- James Turnbull Puppet Labs 1-503-734-8571 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Module variables missing during some puppet runs
I am getting the following error on about every other manual run of puppet... (hostnames removed) err: Could not retrieve catalog from remote server: Error 400 on SERVER: Failed to parse template zabbix/userparameter_mysql_conf.erb: Could not find value for 'zabbix_mysql_user_parameters' at /etc/puppet/ modules/zabbix/manifests/classes/mysql.pp:7 on node puppetclient.domain If I then do another puppet run, I do not receive the error. It seems that just about every other manual run during testing of new module changes has this happen. This is occuring on ALL my puppet clients that are using the zabbix::mysql module. All systems running Puppet-2.6.8. Below is the full debug log and my zabbix module. The $zabbix_mysql_user_parameters variable is optional...right now only one node has it defined explicitly, like so: $zabbix_mysql_user_parameters = { item1 = { 'name' = 'mediawiki.usercount[*]', 'command' = 'mysql -B -s -e SELECT count(*) FROM user $1'}, } This is the mysql class for zabbix where the empty variable is defined so that if no node has it defined it shouldn't fail... $zabbix_mysql_user_parameters = [] class zabbix::mysql inherits zabbix::agent { file { $zabbix_userparameter_config_dir/userparameter_mysql.conf: content = template(zabbix/ userparameter_mysql_conf.erb), group = zabbix, owner = zabbix, mode= 600, require = Package[zabbix-agent]; $zabbix_user_home_dir/.my.cnf: source = puppet:///modules/zabbix/.my.cnf, group = zabbix, owner = zabbix, mode= 600, require = [ Package[zabbix-agent], File[$zabbix_user_home_dir] ]; } } Here's the variables usage in the template... % zabbix_mysql_user_parameters.each do |key, value_hash| -% UserParameter=%= value_hash['name'] %,HOME=%= zabbix_user_home_dir % %= value_hash['command'] % % end -% Would the solution be to make the template call use this instead?? % if has_variable?(zabbix_mysql_user_parameters) -% % zabbix_mysql_user_parameters.each do |key, value_hash| -% UserParameter=%= value_hash['name'] %,HOME=%= zabbix_user_home_dir % %= value_hash['command'] % % end -% % end -% Thanks! - Trey -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Server side filebucket issue
Wow I can't believe that's all that was keeping me from having my filebucket work in the same manner described by LawrleC. The primary reason I want to use filebucket is to view changes in Puppet-dashboard. Now that my filebucket works I only have 1/2 the files viewable in puppet-dashboard. In dashboard the original shows up when I click the MD5 sum, however the new version gives me We're sorry, but something went wrong. We've been notified about this issue and we'll take a look at it shortly. which I'm guessing is because the file doesn't exist. I looked in the actual filebucket, and only the original exists. Is there a way to enable Puppet-dashboard or Puppet to also show the new version of a file? Thanks - Trey On Jun 3, 9:05 am, Peter Meier peter.me...@immerda.ch wrote: filebucket { puppet: server = puppetmaster-cbr.it.csiro.au } you need to add path = false, as you're hitting a long outstanding bug. [1] ~pete [1]http://projects.puppetlabs.com/issues/5362 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Cross-module dependencies
I don't have that directory. However I came across this module https://github.com/camptocamp/puppet-sudo which among many things enlightened me to the new feature in sudo-1.7.2+ of using includedir and /etc/sudoers.d that you mentioned. Everything I am using is defined there except now my backuppc_client module has this... sudo::directive { backuppc: ensure = present, source = puppet:///modules/backuppc_client/ backuppc_sudocmd, } The backuppc_sudocmd file contains the sudo lines. Thanks! - Trey On May 24, 11:00 pm, Patrick kc7...@gmail.com wrote: On May 24, 2011, at 7:58 PM, treydock wrote: I have a similar problem I can't seem to solve...here's what I'm trying to do. I have two modules, backuppc_client and sudo. Right now I have a node variable that I assign to each node that is used in the sudo module's template to add the necessary entry. For example ---manifests/node.pp node 'client1' { $backuppc_sudocmd = backupuser ALL=NOPASSWD: /usr/bin/rsync include baseclass include backuppc_client::base } ---modules/sudo/templates/sudoers.erb has... % if has_variable?(backuppc_sudocmd) then % %= backuppc_sudocmd % % end % Is there a way for the sudo module to find out or be aware if a client has the include backuppc_client in their definition? Basically I'd like the backuppc_client module's to alter the contents of sudoers file which I can't imagine how to do as sudoers is defined by the sudo module which is part of baseclass and applied to all systems. First, do you have a /etc/sudoers.d/ directory? That would make things much easier. If not, you might want to look into puppet_concat which allows you to build fragments that can be templated to build your file. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Puppetmaster leaving files open with too many files open error
I don't know how helpful this would be but for now I think I found a workaround of sorts for my small environment. I commented out the following in my puppet.conf... facts_terminus = inventory_active_record dbadapter = mysql dbname = puppet_inv dbuser = puppet_inv dbpassword = cabb0ac9ed925867f93587ccfb147ebf15dec8a3 dbserver = localhost dbsocket = /var/lib/mysql/mysql.sock I got rid of all that and after 2 days of puppetmaster running I only see a few entries when doing lsof | grep puppetmas rather than 100s. I'm also not doing stored configs but I think those lines above were still the problem as it was puppet interfacing with MySQL. What potential benefit would be lost from not using MySQL for facts_terminus ? - Trey On May 24, 7:17 pm, Todd Zullinger t...@pobox.com wrote: Nathan Clemons wrote: http://projects.puppetlabs.com/issues/3238is the issue I was thinking of, but 3693 is probably a duplicate of that. These bugs have been open a really long time. Outside of lowering the MySQL timeout value, are there any workarounds for this problem? I can't really understand how Zynga can be managing as many hosts via Puppet as they do without being affected by a bug like this, unless they're not using stored configs (which would surprise me). Sadly, I don't know of any decent workarounds. I ended up rolling a rails-2.3.5 for EL-5 in the production instances I wanted to use storedconfigs. I would love to see a workaround or a patch for either the activerecord or puppet packages. I know that either way this can be fixed will get into EPEL shortly, as it's a very annoying bug that was introduced with the update from 0.24 to 0.25. -- Todd OpenPGP - KeyID: 0xBEAF0CE3 | URL:www.pobox.com/~tmz/pgp ~~ I figure that if God actually does exist, He's big enough to understand an honest difference of opinion. -- Isaac Asimov application_pgp-signature_part 1KViewDownload -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Cross-module dependencies
I have a similar problem I can't seem to solve...here's what I'm trying to do. I have two modules, backuppc_client and sudo. Right now I have a node variable that I assign to each node that is used in the sudo module's template to add the necessary entry. For example ---manifests/node.pp node 'client1' { $backuppc_sudocmd = backupuser ALL=NOPASSWD: /usr/bin/rsync include baseclass include backuppc_client::base } ---modules/sudo/templates/sudoers.erb has... % if has_variable?(backuppc_sudocmd) then % %= backuppc_sudocmd % % end % Is there a way for the sudo module to find out or be aware if a client has the include backuppc_client in their definition? Basically I'd like the backuppc_client module's to alter the contents of sudoers file which I can't imagine how to do as sudoers is defined by the sudo module which is part of baseclass and applied to all systems. Thanks - Trey On May 23, 10:11 am, Nigel Kersten ni...@puppetlabs.com wrote: On Sun, May 22, 2011 at 11:06 PM, Matthew Macdonald-Wallace li...@truthisfreedom.org.uk wrote: Hi all, I've got modules for NGINX and PHP-FPM which are working fine, the issue I'm running into is that quite often NGinx will start before php-fpm is even installed. I'm wondering if there's a way in the nginx module to Require the PHP-FPM service is started as a dependency of the nginx service, something like the following: There's also the 'require' function which does an include and sets up Class - Class relationships. class nginx { service { 'nginx': require = Service['php-fpm::php-fpm'], running = true; } } Is this possible in puppet 0.25 on CentOS? Thanks in advance, Matt -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Nigel Kersten Product, Puppet Labs @nigelkersten -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Puppetmaster leaving files open with too many files open error
What is the current issue number? The only one I could find that mentions the same problem is this , http://projects.puppetlabs.com/issues/7203. Would any changes to my current puppet.conf (see below) make this problem no longer an issue? I'm not suing storeconfig, and not really sure if I need to be doing anything as far as saving the inventory information. My setup is very basic, but right now can't run for more than 2 or 3 days without having to restart the puppetmaster service. [master] certname=puppetmaster reports = http, store # Configure Inventory Service facts_terminus = inventory_active_record dbadapter = mysql dbname = puppet_inv dbuser = puppet_inv dbpassword = cabb0ac9ed925867f93587ccfb147ebf15dec8a3 dbserver = localhost dbsocket = /var/lib/mysql/mysql.sock Thanks - Trey On May 21, 6:08 am, Nathan Clemons nat...@livemocha.com wrote: I'm pretty sure there is an open bug on this, I was looking around on this the other day. It's related to using stored configs and Puppet/ruby not closing the connections to the database servers. -- Nathan Clemonshttp://www.livemocha.com The worlds largest online language learning community On Fri, May 20, 2011 at 10:01 PM, treydock treyd...@gmail.com wrote: Every few days I have to restart the puppetmaster process due to this error Could not read YAML data for node Too many open files. I have 9 clients being controlled by Puppet and each one of those will generate the same error once this happens. Running 'lsof' during this time shows me 100's of entries like this puppetmas 10443 puppet 14u unix 0x810014c7e180 17057251 socket. The only way to remedy this is by restarting the puppetmaster process. Once I restart the puppet master process it seems that a new lsof entry is created and stays present for every client check. All clients and puppetmaster are running 2.6.8 on CentOS 5.6 x64. Any ideas? If more output and debug info is needed please let me know. Also if switching to a mysql data store could get rid of this then that would work as I was planning on it eventually. Thanks - Trey -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Puppetmaster leaving files open with too many files open error
Every few days I have to restart the puppetmaster process due to this error Could not read YAML data for node Too many open files. I have 9 clients being controlled by Puppet and each one of those will generate the same error once this happens. Running 'lsof' during this time shows me 100's of entries like this puppetmas 10443 puppet 14u unix 0x810014c7e18017057251 socket. The only way to remedy this is by restarting the puppetmaster process. Once I restart the puppet master process it seems that a new lsof entry is created and stays present for every client check. All clients and puppetmaster are running 2.6.8 on CentOS 5.6 x64. Any ideas? If more output and debug info is needed please let me know. Also if switching to a mysql data store could get rid of this then that would work as I was planning on it eventually. Thanks - Trey -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Puppet Master System Requirements
I'm on the extremely small scale end from what has been previously described, but this could prove useful to those who want to manage a small number of hosts and are curious how little they need to run Puppet. I've just begun using Puppet, and so only have 10 hosts right now, but here's what I'm running... CentOS 5.6 x64 VMware ESXi virtual machine - 512MB RAM - 1 x 2.33GHz CPU - Paravirtual Roles are... - Puppetmaster - puppet-dashboard w/ mysql apache + passanger - local yum repo over http - OSSEC server. - Trey According to zabbix my system averages about .20 CPU load over 15 minute average. I occassionally peak 1.0 but that's typically when I'm running puppet manually very rapidly during testing. Memory usage is about 70% on average. On May 11, 12:41 am, Matthew Marlowe m...@deploylinux.net wrote: Keep in mind that there are many ways to run puppet. We manage ~100 nodes with just a single puppet master running within a gentoo VM w/ only single cpu core and 2GB ram. Catalog compile times average under 0.6 seconds. This is also w/ web brick. The puppet master VM also serves as a master nfs server and gentoo build server. Thats a lot of stuff on a single small VM, but it works perfectly for us because: a) our default puppet run interval is 4hrs (if something goes wrong w/ one of our manifests or the server, we'll probably notice it and stop it before too many servers get updated - for our purposes, we don't see any benefit to using an interval less than 4hrs. 4hrs is certainly sufficient for most common security updates and we also do not want to have normal updates impacting production performance during peak business hours - so 25% of servers updating every hour is perfect for us. ). b) Many of our servers, mostly the gentoo ones, only execute puppet when puppetrun is invoked either manually by systems administrators for the specific nodes they are reconfiguring or automatically as part of a nightly update systems maintenance cron job). Basically, puppet is extremely flexible w/ hardware, and it is likely your own preferences and production requirements will dictate the hardware needed rather than puppet itself. On Tuesday, May 10, 2011 06:04:22 am Panaman wrote: I've been messing around with Puppet on a VM on my personal desktop. It looks descent. I was wondering what kind of load this thing would have managing about 400 nodes. Does this thing require a beefy server? Matt -- Matthew Marlowe / 858-400-7430 / DeployLinux Consulting, Inc Professional Linux Hosting and Systems Administration Services www.deploylinux.net * m...@deploylinux.net 'MattM' @ irc.freenode.net -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Cannot dry run puppet on the puppetmaster
For some reason I am unable to run dry runs of the puppet client on my puppetmaster server. Running puppetd with the --test, --noop and verbose / debug flags results in nothing for about a minute or two then this output... $ time puppetd --test --noop -v err: Could not retrieve catalog from remote server: execution expired warning: Not using cache on failed catalog err: Could not retrieve catalog; skipping run err: Could not run Puppet configuration client: execution expired real4m2.971s user0m0.803s sys 0m2.115s There's nothing else in the logs besides that output. Not really sure how to debug this. All my other puppet clients function just fine. Thanks - Trey -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Cannot dry run puppet on the puppetmaster
Here's the output using debug option. $ puppetd --debug -v --test --noop debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/ dscl does not exist debug: Failed to load library 'ldap' for feature 'ldap' debug: Puppet::Type::User::ProviderLdap: feature ldap is missing debug: Puppet::Type::User::ProviderUser_role_add: file rolemod does not exist debug: Puppet::Type::User::ProviderPw: file pw does not exist debug: Puppet::Type::File::ProviderMicrosoft_windows: feature microsoft_windows is missing debug: /File[/var/lib/puppet/ssl/private_keys]: Autorequiring File[/ var/lib/puppet/ssl] debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/ puppet] debug: /File[/var/lib/puppet/ssl]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/state/last_run_summary.yaml]: Autorequiring File[/var/lib/puppet/state] debug: /File[/var/lib/puppet/classes.txt]: Autorequiring File[/var/lib/ puppet] debug: /File[/var/lib/puppet/ssl/crl.pem]: Autorequiring File[/var/lib/ puppet/ssl] debug: /File[/var/lib/puppet/facts]: Autorequiring File[/var/lib/ puppet] debug: /File[/var/lib/puppet/ssl/public_keys]: Autorequiring File[/var/ lib/puppet/ssl] debug: /File[/var/lib/puppet/ssl/certs]: Autorequiring File[/var/lib/ puppet/ssl] debug: /File[/var/lib/puppet/client_yaml]: Autorequiring File[/var/lib/ puppet] debug: /File[/var/lib/puppet/state/state.yaml]: Autorequiring File[/ var/lib/puppet/state] debug: /File[/var/lib/puppet/client_data]: Autorequiring File[/var/lib/ puppet] debug: /File[/var/lib/puppet/ssl/certs/ca.pem]: Autorequiring File[/ var/lib/puppet/ssl/certs] debug: /File[/var/lib/puppet/ssl/certs/host.pem]: Autorequiring File[/ var/lib/puppet/ssl/certs] debug: /File[/var/lib/puppet/ssl/public_keys/host.pem]: Autorequiring File[/var/lib/puppet/ssl/public_keys] debug: /File[/var/lib/puppet/ssl/private_keys/host.pem]: Autorequiring File[/var/lib/puppet/ssl/private_keys] debug: /File[/var/run/puppet/agent.pid]: Autorequiring File[/var/run/ puppet] debug: /File[/etc/puppet/puppet.conf]: Autorequiring File[/etc/puppet] debug: /File[/var/lib/puppet/state/last_run_report.yaml]: Autorequiring File[/var/lib/puppet/state] debug: /File[/var/lib/puppet/state/graphs]: Autorequiring File[/var/ lib/puppet/state] debug: /File[/var/lib/puppet/ssl/private]: Autorequiring File[/var/lib/ puppet/ssl] debug: /File[/var/lib/puppet/clientbucket]: Autorequiring File[/var/ lib/puppet] debug: /File[/var/lib/puppet/ssl/certificate_requests]: Autorequiring File[/var/lib/puppet/ssl] debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet] debug: Finishing transaction 23490701527140 debug: /File[/var/lib/puppet/ssl/private_keys/host.pem]: Autorequiring File[/var/lib/puppet/ssl/private_keys] debug: /File[/var/lib/puppet/ssl/certificate_requests]: Autorequiring File[/var/lib/puppet/ssl] debug: /File[/var/lib/puppet/ssl/certs/ca.pem]: Autorequiring File[/ var/lib/puppet/ssl/certs] debug: /File[/var/lib/puppet/ssl/certs/host.pem]: Autorequiring File[/ var/lib/puppet/ssl/certs] debug: /File[/var/lib/puppet/ssl/public_keys/host.pem]: Autorequiring File[/var/lib/puppet/ssl/public_keys] debug: /File[/var/lib/puppet/facts]: Autorequiring File[/var/lib/ puppet] debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/ssl/crl.pem]: Autorequiring File[/var/lib/ puppet/ssl] debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/ puppet] debug: /File[/var/lib/puppet/ssl/private]: Autorequiring File[/var/lib/ puppet/ssl] debug: /File[/var/lib/puppet/ssl]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/ssl/private_keys]: Autorequiring File[/ var/lib/puppet/ssl] debug: /File[/var/lib/puppet/ssl/certs]: Autorequiring File[/var/lib/ puppet/ssl] debug: /File[/var/lib/puppet/ssl/public_keys]: Autorequiring File[/var/ lib/puppet/ssl] debug: Finishing transaction 23490701689280 debug: Using cached certificate for ca debug: Using cached certificate for host debug: Finishing transaction 23490701176540 debug: Loaded state in 0.00 seconds debug: Using cached certificate for ca debug: Using cached certificate for host debug: Using cached certificate_revocation_list for ca debug: catalog supports formats: b64_zlib_yaml dot marshal pson raw yaml; using pson err: Could not retrieve catalog from remote server: execution expired warning: Not using cache on failed catalog err: Could not retrieve catalog; skipping run debug: Using cached certificate for ca debug: Using cached certificate for itscantitheft.tamu.edu debug: Using cached certificate_revocation_list for ca debug: Value of 'preferred_serialization_format' (pson) is invalid for report, using default (b64_zlib_yaml) debug: report supports formats: b64_zlib_yaml marshal raw yaml; using b64_zlib_yaml err: Could not run Puppet configuration client: execution expired Thanks - Trey On May 7, 7:35 pm, Patrick kc7...@gmail.com wrote: On May 7, 2011, at 12:13 AM,treydockwrote: For some reason I am unable
[Puppet Users] Re: Disabling optional services
I ran into this same challenge just a few days ago. I run mostly CentOS and syslogd is installed by default, but I prefer to run rsyslog. Here's a post, http://itscblog.tamu.edu/managing-syslog-and-log-forwarding-with-puppet/ ,I just did on my blog that has the recipes I used for syslog management. Hope that helps - Trey On May 5, 2:18 pm, Chris Phillips ch...@untrepid.com wrote: Howdy, Can someone enlighten me as to how I can disable a service *IF* it is installed? I want to ensure rsyslog is installed and running, which requires syslogd to not be running, but the only way I can see to enforce this in Puppet is to remove the sysklogd package, which I'd rather not do, I'd rather just disable the service if it's there, but can't see how. Pointers appreciated Thanks Chris -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Puppet-dashboard not linking to filebucket or diffs
In my puppet-dashboard when a change is made to files and it shows the MD5 sums I am never presented a link to view the file or any diffs of those files. I assume that the text between '[' and ']' is supposed to be the link but it's just plain text. This is when viewing individual reports in Puppet-dashboard. I can expand the line under Events where that change is recorded. Here's an example... notice content changed '{md5}7a8ec7feb2846a2cffd246b67d3d7842' to '{md5}a6175c11d9055942d7970258422b7cdd' /Stage[main]/Sudo/File[/etc/ sudoers]/content/etc/puppet/modules/sudo/manifests/init.pp 12 2011-05-03 10:29 CDT Nothing in the report is a linked field to allow me to few either filebucket contents or a diff. I do not know where to begin in troubleshooting this as I am seeing absolutely no errors in any log files. I'm running puppet, and puppetmaster 2.6.8 and dashboard 1.1.0. The dashboard is hosted on an Apache server using Passenger. If there are some debugging or troubleshooting steps that may help narrow this down please let me know. Thanks - Trey -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Can puppet client make immediate pull after a file's content change by user?
It's not ideal but this could very easily be achieved by with Zabbix. With Zabbix you can have a check, running for example every 30 seconds, that runs a checksum on a specific file. Then a trigger that is activated if the last known checksum varies from the current checksum, here's an example from one of the default templates, {Template - Linux Servers:vfs.file.cksum[/etc/passwd].diff(0)}0. Then create an action for that trigger. Actions can initiate remote commands, which you specify to be a manual run of puppet. This can get extremely resource intensive, and really isn't ideal. In my environment I personally don't use Zabbix for this but rather OSSEC to get email notifications upon changes of key files. - Trey On Apr 7, 1:10 am, John Chris Richards john.chris.richa...@gmail.com wrote: Hi Nan First of all thanks for your answer Are you trying to trigger a puppet run when a particular file changes? Yes, this is what I exactly want to do. For example, if a user changes /etc/hosts file (via vim for instance), it will be corrupted until the next run. What if I don't want to wait until the next run? Thanks again. 2011/4/7 Nan Liu n...@puppetlabs.com On Wed, Apr 6, 2011 at 2:50 PM, John Chris Richards john.chris.richa...@gmail.com wrote: Hi all Firstly, I am new in configuration management and all I know about watching files is that client checks a file's check sum every t hour and if a change has occurred then it gets the file from the server. I wonder that if a user changes a file, does the puppet client wait end of the time (t) or is there way to say client if a change occurs in a specific file then make an immediate pull? I mean, I don't want to wait until the time is up. Is there a way to make this in puppet? Puppet agent runs periodically to enforce the catalog, it can replace the file if it detects any changes, but it doesn't monitor the file to trigger runs. I suppose you can run puppet continuously (not recommended), but perhaps if you give some insight on what you are trying to accomplish would give us a better idea how to achieve it with puppet. Are you trying to trigger a puppet run when a particular file changes? Are you trying to monitor several files? Thanks, Nan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.