[Puppet Users] Re: [Please help] - How to renew/fix certificate at puppetmaster level?

[treydock]

I believe you only have to restart the puppetmaster if you modified the 
private keys used directly by master or the certs or CA used by master. 
Modifying client certs should not require restarting the master service.

On Monday, October 18, 2021 at 5:21:38 PM UTC-4 puppet-bsd wrote:

> Following the instruction to create the certificate from scratch and 
> reissuing one of its agents (specially the smart proxy) it generates 
> certificate revoke. 
>
> In order to remote the revoked certificate, I had to restart the puppet 
> agent service and to sign it in master. Just to test the agent (in the 
> smart proxy ) works, the certificate gets revoked again.
>
> Do I have to stop the puppetmaster as well?
>
> On Saturday, October 16, 2021 at 11:47:17 AM UTC-4 treydock wrote:
>
>> If the key and the certificate don't match, you may have to regenerate 
>> your puppetserver's CA and start from scratch essentially. I'm not aware of 
>> a way to fix a mismatch without totally starting over from scratch.  If you 
>> want to start from scratch, you usually just delete 
>> /etc/puppetlabs/puppet/ssl on puppetserver (or move to like /tmp or 
>> something) and restart daemon and puppetserver should regenerate everything.
>>
>> On Friday, October 15, 2021 at 12:57:23 PM UTC-4 puppet-bsd wrote:
>>
>>> Performed the Verify steps. Seems the values are not equal. Is there any 
>>> steps in order to make the values equal?
>>>
>>>
>>> On Friday, October 15, 2021 at 9:34:11 AM UTC-4 treydock wrote:
>>>
>>>> My advise might not be the best but it's what worked for me when our 
>>>> master CA certificate expired.  These are my raw notes from when I had to 
>>>> renew our puppetserver certificate. The original certificate was likely 
>>>> Puppet 4 and expired when running Puppet 6.  I googled around and took 
>>>> some 
>>>> steps from various blog posts I found so most of this isn't my original 
>>>> ideas:
>>>>
>>>>  # Verify
>>>>  cd /etc/puppetlabs/puppet/ssl/ca
>>>>  ( openssl rsa -noout -modulus -in ca_key.pem  2> /dev/null | openssl 
>>>> md5 ; openssl x509 -noout -modulus -in ca_crt.pem  2> /dev/null | openssl 
>>>> md5 )
>>>>  
>>>>  # Generate new CSR
>>>>  openssl x509 -x509toreq -in ca_crt.pem -signkey ca_key.pem -out 
>>>> ca_csr.pem
>>>>  
>>>>  # Sign
>>>>  cat > extension.cnf << EOF
>>>>  [CA_extensions]
>>>>  basicConstraints = critical,CA:TRUE
>>>>  nsComment = "Puppet Ruby/OpenSSL Internal Certificate"
>>>>  keyUsage = critical,keyCertSign,cRLSign
>>>>  subjectKeyIdentifier = hash
>>>>  EOF
>>>>  cp ca_crt.pem ca_crt.pem.old
>>>>  openssl x509 -req -days 3650 -in ca_csr.pem -signkey ca_key.pem -out 
>>>> ca_crt.pem -extfile extension.cnf -extensions CA_extensions
>>>>  openssl x509 -in ca_crt.pem -noout -text|grep -A 3 Validity
>>>>  chown puppet: ./*
>>>>  cd /etc/puppetlabs/puppet/ssl
>>>>  cp -a ca/ca_crt.pem certs/ca.pem 
>>>>  
>>>>  # CLIENTS
>>>>  
>>>>  /opt/puppetlabs/bin/puppet resource file 
>>>> /etc/puppetlabs/puppet/ssl/certs/ca.pem ensure=absent
>>>>  /opt/puppetlabs/bin/puppet ssl download_cert
>>>>  systemctl restart choria-server
>>>>
>>>> For expired client certs, when that happens to me I will do "rm -rf 
>>>> /etc/puppetlabs/puppet/ssl" on the agent (never master) and then run 
>>>> Puppet 
>>>> which will request new cert then sign the cert and run Puppet again.  That 
>>>> process is rather tedious and not something I've automated really well but 
>>>> also not something I have had happen frequently as we don't tend to keep 
>>>> servers around for 5+ years.
>>>>
>>>> On Thursday, October 14, 2021 at 4:09:14 PM UTC-4 puppet-bsd wrote:
>>>>
>>>>>   Hi all,
>>>>>
>>>>> I'm new in puppet. 
>>>>>
>>>>> I'm currently using puppet 4.10
>>>>>
>>>>> Long story short, puppet certificates were expired and by this time, I 
>>>>> am renewing these certificates one node at the time (including the 
>>>>> puppetmaster). 
>>>>>
>>>>> Once the puppetmaster got "renewed" , I tried to create a node 
>>>>> successfully but its first run of pup

[Puppet Users] Re: [Please help] - How to renew/fix certificate at puppetmaster level?

[treydock]

If the key and the certificate don't match, you may have to regenerate your 
puppetserver's CA and start from scratch essentially. I'm not aware of a 
way to fix a mismatch without totally starting over from scratch.  If you 
want to start from scratch, you usually just delete 
/etc/puppetlabs/puppet/ssl on puppetserver (or move to like /tmp or 
something) and restart daemon and puppetserver should regenerate everything.

On Friday, October 15, 2021 at 12:57:23 PM UTC-4 puppet-bsd wrote:

> Performed the Verify steps. Seems the values are not equal. Is there any 
> steps in order to make the values equal?
>
>
> On Friday, October 15, 2021 at 9:34:11 AM UTC-4 treydock wrote:
>
>> My advise might not be the best but it's what worked for me when our 
>> master CA certificate expired.  These are my raw notes from when I had to 
>> renew our puppetserver certificate. The original certificate was likely 
>> Puppet 4 and expired when running Puppet 6.  I googled around and took some 
>> steps from various blog posts I found so most of this isn't my original 
>> ideas:
>>
>>  # Verify
>>  cd /etc/puppetlabs/puppet/ssl/ca
>>  ( openssl rsa -noout -modulus -in ca_key.pem  2> /dev/null | openssl md5 
>> ; openssl x509 -noout -modulus -in ca_crt.pem  2> /dev/null | openssl md5 )
>>  
>>  # Generate new CSR
>>  openssl x509 -x509toreq -in ca_crt.pem -signkey ca_key.pem -out 
>> ca_csr.pem
>>  
>>  # Sign
>>  cat > extension.cnf << EOF
>>  [CA_extensions]
>>  basicConstraints = critical,CA:TRUE
>>  nsComment = "Puppet Ruby/OpenSSL Internal Certificate"
>>  keyUsage = critical,keyCertSign,cRLSign
>>  subjectKeyIdentifier = hash
>>  EOF
>>  cp ca_crt.pem ca_crt.pem.old
>>  openssl x509 -req -days 3650 -in ca_csr.pem -signkey ca_key.pem -out 
>> ca_crt.pem -extfile extension.cnf -extensions CA_extensions
>>  openssl x509 -in ca_crt.pem -noout -text|grep -A 3 Validity
>>  chown puppet: ./*
>>  cd /etc/puppetlabs/puppet/ssl
>>  cp -a ca/ca_crt.pem certs/ca.pem 
>>  
>>  # CLIENTS
>>  
>>  /opt/puppetlabs/bin/puppet resource file 
>> /etc/puppetlabs/puppet/ssl/certs/ca.pem ensure=absent
>>  /opt/puppetlabs/bin/puppet ssl download_cert
>>  systemctl restart choria-server
>>
>> For expired client certs, when that happens to me I will do "rm -rf 
>> /etc/puppetlabs/puppet/ssl" on the agent (never master) and then run Puppet 
>> which will request new cert then sign the cert and run Puppet again.  That 
>> process is rather tedious and not something I've automated really well but 
>> also not something I have had happen frequently as we don't tend to keep 
>> servers around for 5+ years.
>>
>> On Thursday, October 14, 2021 at 4:09:14 PM UTC-4 puppet-bsd wrote:
>>
>>>   Hi all,
>>>
>>> I'm new in puppet. 
>>>
>>> I'm currently using puppet 4.10
>>>
>>> Long story short, puppet certificates were expired and by this time, I 
>>> am renewing these certificates one node at the time (including the 
>>> puppetmaster). 
>>>
>>> Once the puppetmaster got "renewed" , I tried to create a node 
>>> successfully but its first run of puppet agent -t got unsuccessful due to 
>>> its related smart proxy server certificate for revoked. Performed a 
>>> certificate renewal for the proxy and the new agent now runs fine.
>>>
>>> However, it always happens everytime I create a new node. In the past, I 
>>> don't have to renew proxy certificates. That means that there is 
>>> something/somewhere in puppetmaster that isn't caught up in terms of 
>>> certificates.
>>>
>>> One try I made is to regenerate a new CA certificate but seems it isn't 
>>> successful for the early described issue.
>>>
>>> Can anyone please point how to fix the certificate at the puppetmaster 
>>> level? 
>>>
>>>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/d826e9e4-64d3-46a1-83b4-46dabf4a411bn%40googlegroups.com.

[Puppet Users] Re: [Please help] - How to renew/fix certificate at puppetmaster level?

[treydock]

My advise might not be the best but it's what worked for me when our master 
CA certificate expired.  These are my raw notes from when I had to renew 
our puppetserver certificate. The original certificate was likely Puppet 4 
and expired when running Puppet 6.  I googled around and took some steps 
from various blog posts I found so most of this isn't my original ideas:

 # Verify
 cd /etc/puppetlabs/puppet/ssl/ca
 ( openssl rsa -noout -modulus -in ca_key.pem  2> /dev/null | openssl md5 ; 
openssl x509 -noout -modulus -in ca_crt.pem  2> /dev/null | openssl md5 )
 
 # Generate new CSR
 openssl x509 -x509toreq -in ca_crt.pem -signkey ca_key.pem -out ca_csr.pem
 
 # Sign
 cat > extension.cnf << EOF
 [CA_extensions]
 basicConstraints = critical,CA:TRUE
 nsComment = "Puppet Ruby/OpenSSL Internal Certificate"
 keyUsage = critical,keyCertSign,cRLSign
 subjectKeyIdentifier = hash
 EOF
 cp ca_crt.pem ca_crt.pem.old
 openssl x509 -req -days 3650 -in ca_csr.pem -signkey ca_key.pem -out 
ca_crt.pem -extfile extension.cnf -extensions CA_extensions
 openssl x509 -in ca_crt.pem -noout -text|grep -A 3 Validity
 chown puppet: ./*
 cd /etc/puppetlabs/puppet/ssl
 cp -a ca/ca_crt.pem certs/ca.pem 
 
 # CLIENTS
 
 /opt/puppetlabs/bin/puppet resource file 
/etc/puppetlabs/puppet/ssl/certs/ca.pem ensure=absent
 /opt/puppetlabs/bin/puppet ssl download_cert
 systemctl restart choria-server

For expired client certs, when that happens to me I will do "rm -rf 
/etc/puppetlabs/puppet/ssl" on the agent (never master) and then run Puppet 
which will request new cert then sign the cert and run Puppet again.  That 
process is rather tedious and not something I've automated really well but 
also not something I have had happen frequently as we don't tend to keep 
servers around for 5+ years.

On Thursday, October 14, 2021 at 4:09:14 PM UTC-4 puppet-bsd wrote:

>   Hi all,
>
> I'm new in puppet. 
>
> I'm currently using puppet 4.10
>
> Long story short, puppet certificates were expired and by this time, I am 
> renewing these certificates one node at the time (including the 
> puppetmaster). 
>
> Once the puppetmaster got "renewed" , I tried to create a node 
> successfully but its first run of puppet agent -t got unsuccessful due to 
> its related smart proxy server certificate for revoked. Performed a 
> certificate renewal for the proxy and the new agent now runs fine.
>
> However, it always happens everytime I create a new node. In the past, I 
> don't have to renew proxy certificates. That means that there is 
> something/somewhere in puppetmaster that isn't caught up in terms of 
> certificates.
>
> One try I made is to regenerate a new CA certificate but seems it isn't 
> successful for the early described issue.
>
> Can anyone please point how to fix the certificate at the puppetmaster 
> level? 
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/d9584c3c-b59d-4ebb-ab0a-bfa6e8af040en%40googlegroups.com.

[Puppet Users] Re: Puppet CA expiring and puppetserver cert expiring

[treydock]

I ran into this issue a few weeks ago, but only my CA cert was expired as 
my master certs were a few years newer than CA.  There are a couple blog 
articles I found (lost URLs) that pieced together these steps to renew CA 
cert. For clients you just have to remove then re-download the CA cert once 
those are renewed.  For renewing the master certs, it's same as client 
certs I believe where you delete the client cert from 
/etc/puppetlabs/puppet/ssl and then do something like "puppet cert clean 
..." to remove expired cert from CA and then rerun Puppet on client to 
generate new cert then sign it with "puppet cert sign ...". The commands to 
clean / sign are different for Puppet 6 as they go through puppetserver, so 
my pseudo examples maybe wrong as I haven't used Puppet 5 in a while.

# Verify
 cd /etc/puppetlabs/puppet/ssl/ca
 ( openssl rsa -noout -modulus -in ca_key.pem  2> /dev/null | openssl md5 ; 
openssl x509 -noout -modulus -in ca_crt.pem  2> /dev/null | openssl md5 )
 
 # Generate new CSR
 openssl x509 -x509toreq -in ca_crt.pem -signkey ca_key.pem -out ca_csr.pem
 
 # Sign
 cat > extension.cnf << EOF
 [CA_extensions]
 basicConstraints = critical,CA:TRUE
 nsComment = "Puppet Ruby/OpenSSL Internal Certificate"
 keyUsage = critical,keyCertSign,cRLSign
 subjectKeyIdentifier = hash
 EOF
 cp ca_crt.pem ca_crt.pem.old
 openssl x509 -req -days 3650 -in ca_csr.pem -signkey ca_key.pem -out 
ca_crt.pem -extfile extension.cnf -extensions CA_extensions
 openssl x509 -in ca_crt.pem -noout -text|grep -A 3 Validity
 chown puppet: ./*
 cd /etc/puppetlabs/puppet/ssl
 cp -a ca/ca_crt.pem certs/ca.pem 
 
 # CLIENTS
 
 /opt/puppetlabs/bin/puppet resource file 
/etc/puppetlabs/puppet/ssl/certs/ca.pem ensure=absent
 /opt/puppetlabs/bin/puppet ssl download_cert

On Monday, July 12, 2021 at 9:40:24 AM UTC-4 pkraw...@gmail.com wrote:

> Version:  Puppet 5.5
>
> We have an open source puppet environment which has been up for almost 5 
> years and certs are about to expire.  We are running 5.5.  I know it's an 
> older version but we are sunsetting puppet by year end.
>
> Setup:
> PuppetCA Server
> Pupper Master Server 1
> Puppet Master Server 2
> Puppet Master Server 3
> Puppet Master Server 4
> PuppetDB Server
>
> The 4 master serves are load balanced using an F5 and DNS name.
>
> I have read many different solutions for this issue and was wondering if 
> someone has a step-by-step process to renew not only the CA cert but also 
> the puppet master server certs.
>
> I'll be using certregen to deal with the CA certificate but I'm not sure 
> when I should clean the puppet master servers cert which also needs a 
> dns_alt_names parm (I believe that goes in the master section of 
> puppet.conf) and then run puppet agent -t command to create a new puppet 
> master server cert.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/6004a239-7177-4086-8a0a-03e7b8a7d75cn%40googlegroups.com.

[Puppet Users] Re: Puppet 5 ENC parameters and facts missing from PuppetDB 5 facts

[treydock]

In case anyone comes across this same problem, the issue was not with the 
fact the ENC parameters matched facts.  The issue was that I had a flat 
file fact in /etc/facter/facts.d/facts.txt that defined the hostgroup, 
which was populated during provisioning by the Foreman hostgroup value.  I 
also had a Ruby fact distributed by Puppet that defined hostgroup but for a 
subset of my systems using a confine to limit use to just masterless 
systems.  When the ruby fact was nil it the facts.txt would be ignored and 
the nil value used.  Based on debug output this appeared to be behavior in 
Facter and not Puppet.

- Trey

On Wednesday, November 8, 2017 at 3:36:26 PM UTC-5, treydock wrote:
>
> I just upgraded my Puppet masters and PuppetDB to latest Puppet 5 
> releases.  All other systems remain Puppet 3.8.6.  I've discovered that the 
> masters and puppetdb running puppet-agent 5.3.3 are no longer sending ENC 
> (Foreman) parameters as facts to PuppetDB [1].  What's really odd is one of 
> the parameters, hostgroup, is also put in /etc/facter/facts.d/facts.txt as 
> a static external fact.  The value is returned by "facter hostgroup".  This 
> value is no longer being sent to PuppetDB and this is only occurring for 
> agents running 5.3.3, my 3.8.6 agents are still sending their hostgroup 
> value as a fact to PuppetDB.  I also have custom ruby facts like 
> hostgroup_parent that are based on the value of hostgroup and these are 
> returned by facter but no longer exist in PuppetDB for puppet 5.x clients.  
> This hostgroup_parent is also returned by my ENC as a parameter.  It's as 
> if any facts that facter resolves and also exist in ENC as parameters are 
> omitted from uploads to PuppetDB.
>
> I ran puppet with debug on a 5.3.3 client and puppet is picking up the 
> external facts and resolving the values, so something else must be removing 
> the values before being sent to PuppetDB.
>
> Is this behavior intentional?  I don't want to rewrite all my hostgroup 
> based puppet code that queries from puppetdb if this is some kind of bug.
>
> Thanks,
> - Trey
>
> [1]:
>
> puppet-agent 5.3.3:
>
> # curl  --cacert /etc/puppetlabs/puppet/ssl/certs/ca.pem  --cert 
> /etc/puppetlabs/puppet/ssl/certs/$(hostname -f).pem  --key 
> /etc/puppetlabs/puppet/ssl/private_keys/$(hostname -f).pem  --tlsv1  -X GET 
> https://puppetdb.DOMAIN:8081/pdb/query/v4/facts  --data-urlencode 
> 'query=["and",["=", "certname", 
> "puppet0. DOMAIN"],["=","name","hostgroup"]]'
>
> []
>
> puppet 3.8.6:
>
> # curl  --cacert /etc/puppetlabs/puppet/ssl/certs/ca.pem  --cert 
> /etc/puppetlabs/puppet/ssl/certs/$(hostname -f).pem  --key 
> /etc/puppetlabs/puppet/ssl/private_keys/$(hostname -f).pem  --tlsv1  -X GET 
> https://puppetdb. DOMAIN:8081/pdb/query/v4/facts  --data-urlencode 
> 'query=["and",["=", "certname", "logs. DOMAIN"],["=","name","hostgroup"]]'
>
>
> [{"certname":"logs.DOMAIN","name":"hostgroup","value":"base/infrastructure","environment":"production"}]
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/730b556c-4b19-4638-aa3d-607eb9d557f8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Puppet 5 ENC parameters and facts missing from PuppetDB 5 facts

[treydock]

I just upgraded my Puppet masters and PuppetDB to latest Puppet 5 
releases.  All other systems remain Puppet 3.8.6.  I've discovered that the 
masters and puppetdb running puppet-agent 5.3.3 are no longer sending ENC 
(Foreman) parameters as facts to PuppetDB [1].  What's really odd is one of 
the parameters, hostgroup, is also put in /etc/facter/facts.d/facts.txt as 
a static external fact.  The value is returned by "facter hostgroup".  This 
value is no longer being sent to PuppetDB and this is only occurring for 
agents running 5.3.3, my 3.8.6 agents are still sending their hostgroup 
value as a fact to PuppetDB.  I also have custom ruby facts like 
hostgroup_parent that are based on the value of hostgroup and these are 
returned by facter but no longer exist in PuppetDB for puppet 5.x clients.  
This hostgroup_parent is also returned by my ENC as a parameter.  It's as 
if any facts that facter resolves and also exist in ENC as parameters are 
omitted from uploads to PuppetDB.

I ran puppet with debug on a 5.3.3 client and puppet is picking up the 
external facts and resolving the values, so something else must be removing 
the values before being sent to PuppetDB.

Is this behavior intentional?  I don't want to rewrite all my hostgroup 
based puppet code that queries from puppetdb if this is some kind of bug.

Thanks,
- Trey

[1]:

puppet-agent 5.3.3:

# curl  --cacert /etc/puppetlabs/puppet/ssl/certs/ca.pem  --cert 
/etc/puppetlabs/puppet/ssl/certs/$(hostname -f).pem  --key 
/etc/puppetlabs/puppet/ssl/private_keys/$(hostname -f).pem  --tlsv1  -X GET 
https://puppetdb.DOMAIN:8081/pdb/query/v4/facts  --data-urlencode 
'query=["and",["=", "certname", 
"puppet0. DOMAIN"],["=","name","hostgroup"]]'

[]

puppet 3.8.6:

# curl  --cacert /etc/puppetlabs/puppet/ssl/certs/ca.pem  --cert 
/etc/puppetlabs/puppet/ssl/certs/$(hostname -f).pem  --key 
/etc/puppetlabs/puppet/ssl/private_keys/$(hostname -f).pem  --tlsv1  -X GET 
https://puppetdb. DOMAIN:8081/pdb/query/v4/facts  --data-urlencode 
'query=["and",["=", "certname", "logs. DOMAIN"],["=","name","hostgroup"]]'

[{"certname":"logs.DOMAIN","name":"hostgroup","value":"base/infrastructure","environment":"production"}]

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/243ad315-1d91-452d-ae1d-7c47f6670e9f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] One master per environment, or one to rule them all?

[treydock]

I think a combination of the two makes sense, and that's what we do.  Our 
production masters have many environment to segregate systems.  We also have a 
test master with isolated CA, mcollective, PuppetDB and Foreman to test changes 
to those systems.

Our test environment uses a dedicated puppet environment that way we can use a 
single r10k managed control repo across all systems.  So things like roles and 
profiles and hiera data can be shared between prod and test puppet with 
separate changes managed in branches.

- Trey

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/93e60b28-e621-41ee-a400-8264da76abb4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: workarounds for ruby segfaults on puppet master

[treydock]

FWIW here's what I put in /etc/puppet/rack/config.ru that has resolved it 
for me:

ARGV  --confdir  /etc/puppet
ARGV  --vardir   /var/lib/puppet
*ARGV  --debug*
*ARGV  --trace*
*ARGV  --profile*
ARGV  --logdest  /var/log/puppet/puppetmaster.log

If I remove the lines the segfaults become a problem.  I'm now on Puppet 
3.6.2 and this is still an issue that requires the above work around.

I have a second Puppetmaster that's on EL7 and I don't have to add this 
workaround thankfully.  They serve the same clients and use the same 
modules as the masters are load balanced using round-robin DNS, so it's 
definitely an EL6 issue.

Just be sure if you use that work-around to update logrotate to clean out 
puppetmaster.log as that file will get very large very quickly.  The 
--logdest portion I used to keep the logs out of syslog and so they could 
be cleaned up more easily using logrotate.

- Trey

On Wednesday, November 19, 2014 11:02:00 AM UTC-6, Tim.Mooney wrote:


 All- 

 For those of you that are using puppet on RHEL 6.x (/CentOS/Oracle 
 Linux/Scientific Linux/etc.) and have experienced ruby segfaults on 
 your puppet master(s), what workaround or workarounds have you been 
 using? 

 We have been using puppet 3.4.2 (from Puppet Labs repos) for some time, 
 with a RHEL 6.x puppetmaster under mod_passenger.  RHEL 6.x currently 
 has ruby 1.8.7 patchlevel 374 as its default ruby version. 

 In the past couple weeks we've started to see a couple of different 
 clients that are triggering segfaults in ruby on the master during a 
 puppet agent run.  Examples include: 

 /usr/lib/ruby/site_ruby/1.8/puppet/util/profiler.rb:30: [BUG] Segmentation 
 fault ruby 1.8.7 (2013-06-27 patchlevel 374) [x86_64-linux] 

 /usr/lib/ruby/site_ruby/1.8/puppet/parser/type_loader.rb:110: [BUG] 
 Segmentation fault ruby 1.8.7 (2013-06-27 patchlevel 374) [x86_64-linux] 

 Web searches related to this issue turned up a thread from puppet-users 
 earlier this year started by treydock: 

  https://groups.google.com/forum/#!topic/puppet-users/qWN6j-eNiZ0 

 Unfortunately, I've tried a lot of the workarounds suggested in that 
 thread, and none of them seem to reliably avoid the problem. 

 - I tried back-porting the small patch from PUP-1592 to our 3.4.2 
puppet master.  No luck. 

 - Yesterday, I bit the bullet and upgraded our entire puppet 
infrastructure from 3.4.2 to 3.7.3.  We still see the same 
segfaults on the master, both under mod_passenger and when 
running the master in standalone mode for testing. 

 Since RHEL 6.x has alternate versions of some packages (including ruby) 
 available via its Software Collections Library (SCL), I'm tempted to 
 try switching our puppet master to use the ruby193-* packages from 
 SCL.  A minor downside is that I won't be able to use the Puppet Labs 
 packages 
 anymore, at least on the master. 

 The big concern I have relates to how advisable it is to use a different 
 version of ruby on the master vs. all of the clients?  Have other RHEL 
 users tried this, with any success? 

 Thanks, 

 Tim 
 -- 
 Tim Mooney tim.m...@ndsu.edu 
 javascript: 
 Enterprise Computing  Infrastructure  701-231-1076 
 (Voice) 
 Room 242-J6, Quentin Burdick Building  701-231-8541 (Fax) 
 North Dakota State University, Fargo, ND 58105-5164 


-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/c7c531ce-3598-471f-befa-51867c3abf89%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Puppet 3.6.2 package gem provider unable to update r10k gem

[treydock]

I have Puppet 3.6.2 on CentOS 7 server acting as Puppetmaster.  I had r10k 
1.2.1 installed and I changed my ensure to 1.3.4.  My other Puppetmaster 
running CentOS 6 had no problem with this (except for NOTICE output being 
printed as an error).  The CentOS 7 system fails with the following:

Debug: Executing '/usr/bin/gem install -v 1.3.4 --no-rdoc --no-ri r10k '
Error: Could not update: Execution of '/usr/bin/gem install -v 1.3.4 
--no-rdoc --no-ri r10k ' returned 1: ERROR:  Can't use --version w/ 
multiple gems. Use name:ver instead.
snip trace output
Error: /Stage[main]/R10k::Install/Package[r10k]/ensure: change from 
[1.2.1] to 1.3.4 failed: Could not update: Execution of '/usr/bin/gem 
install -v 1.3.4 --no-rdoc --no-ri r10k ' returned 1: ERROR:  Can't use 
--version w/ multiple gems. Use name:ver instead.

If I run that gem install command outside Puppet, on the same server, it 
works just fine.

# /usr/bin/gem install -v 1.3.4 --no-rdoc --no-ri r10k
Fetching: r10k-1.3.4.gem (100%)
NOTICE
==

If you are upgrading from 1.1.0 and are using multiple sources, please read
this. (If not, feel free to continue with your regularly scheduled day.)

GH-48 (https://github.com/adrienthebo/r10k/issues/48) introduced the ability
for environments to be prefixed with the source name so that multiple 
sources
installed into the same directory would not overwrite each other. However
prefixing was automatically enabled and would break existing setups where
multiple sources were cloned into different directories.

Because this introduced a breaking change, SemVer dictates that the 
automatic
prefixing has to be rolled back. Prefixing can be enabled but always 
defaults
to off. If you are relying on this behavior you will need to update your 
r10k.yaml
to enable prefixing on a per-source basis.

Please see the issue (https://github.com/adrienthebo/r10k/issues/48) for 
more
information.
Successfully installed r10k-1.3.4
1 gem installed
# echo $?
0

- Trey

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/b3dbd100-1a14-4b79-a41b-a11950761355%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Exported resources applied on exporting host - EL7 only

[treydock]

I have noticed a very strange problem on CentOS 7 nodes where they are 
collecting and/or applying their exported resources.  I have a class called 
brazos::firewall that's used internally to export a firewall rule that is 
then collected by brazos::gw to allow specific systems through the 
gateway server's NAT.  Below are the actual classes.  I've found that on 
CentOS 6 systems, the resource is correctly exported (NOT applied by 
exporting host) and collected by the gw server.  On CentOS 7 systems the 
resource is exported, and also applied by the exporting host when it's not 
supposed to be.

All systems are running Puppet 3.6.2.  I have tested this issue using the 
Pupppetlabs yum repo version of Puppet as well as the EPEL7 version, both 
show this issue.

How can this behavior be debugged?

I have looked in /var/lib/puppet/state/classes.txt on the nodes incorrectly 
applying their exported resource and the brazos::gw class is not listed. 
 I have no idea WHY the Firewall resource is being applied when it should 
be exported.

I am using Hiera to assign classes and set parameters and Foreman to set 
the environment and provide various top-scope variables.  The only thing 
applied to EL7 systems that's different than EL6 systems in my Hiera 
configuration is the path to EPEL repos, paths to a few commands (like 
mco), and the Puppet version.  No separate classes are applied that differ 
from EL6 systems.

Thanks
- Trey


brazos::firewall:

class brazos::firewall (
  $allow_forward = false,
) inherits brazos::params {

  validate_bool($allow_forward)

  if $allow_forward {
@@firewall { 050 allow forward ${::fqdn}:
  ensure  = 'present',
  chain   = 'FORWARD',
  action  = 'accept',
  proto   = 'all',
  source  = $::fqdn,
  destination = '0.0.0.0/0',
  tag = 'allow_forward',
}
  }

}

brazos::gw:

class brazos::gw (
  $private_interface = 'UNSET',
  $private_subnet = '192.168.200.0/22',
  $ib_interface = 'ib0',
  $ib_subnet = '192.168.208.0/22',
  $public_interface = 'UNSET',
) inherits brazos::params {

snip

  Firewall | tag == 'allow_forward' |

snip

}

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/15ce31eb-07bd-4076-bc75-4f51f577162f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] apache module class order issue with ENC

[treydock]

I'm attempting to use puppetlabs-apache with all my classes defined via 
Foreman (1.5.1) with Puppet 3.4.3.  Servers are all CentOS 6.5.

With puppetlabs-apache-1.0.1 when I applied both the apache class and 
apache::mod::ssl class in Foreman I received this error on the server:

Error: Could not retrieve catalog from remote server: Error 400 on SERVER: 
undefined method `=' for :undef:Symbol at 
/etc/puppet/environments/production/modules/apache/manifests/mod/ssl.pp:36 
on node web01.brazos.tamu.edu
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run

I found the commit that changed how apache_version was handled and 
deployed that and then I get:

Error: Could not retrieve catalog from remote server: Error 400 on SERVER: 
Failed to parse template apache/mod/ssl.conf.erb:
  Filepath: /usr/lib/ruby/site_ruby/1.8/puppet/util/package.rb
  Line: 4
  Detail: private method `scan' called for nil:NilClass
 at 
/etc/puppet/environments/production/modules/apache/manifests/mod/ssl.pp:51 
on node web01.brazos.tamu.edu
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run

This time the @apache_version variable in the template is being passed 
the to versoncmp function, producing that error.

I don't know if this is a symptom of using an ENC, or a bug in the apache 
module, but the class parameters in apache::mod::ssl reference the apache 
class and despite the class being defined, the variables are all 'undef'.

I also ran into this same issue when I applied the apache::mod::wsgi class:

Error: Could not retrieve catalog from remote server: Error 400 on SERVER: 
Invalid relationship: File[wsgi.conf] { before = File[undef] }, because 
File[undef] doesn't seem to be in the catalog
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run

In that case the fix was easier, just add include ::apache to the top of 
the class.

Thanks
- Trey

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/f1d69f13-7a11-40cf-b5ab-0f33e8e6038f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] puppetlabs_spec_helper 0.5.x breaks puppet-lint's ignore_paths ?

[treydock]

Version 0.5.x of puppetlabs_spec_helper seems to make it impossible to add 
additional paths to be ignored using PuppetLint.configuration.ignore_paths. 
 If I pin my module to ~ 0.4.0 for puppetlabs_spec_helper, the 
ignore_paths defined in my Rakefile are respected.

Commit 4ca208bde329aa6861094ccefa07fc8338de6691 added 
PuppetLint.configuration.ignore_paths to the puppetlabs_spec_helper lint 
task, but wasn't till today that my modules began using 
puppetlabs_spec_helper 0.5.x.

An example of the Rakefile I use on dozens of Puppet modules, 
https://github.com/treydock/puppet-zfsonlinux/blob/master/Rakefile.  Is 
this user error on my part or an actual bug?  The problem I'm hitting is 
that the pkg directory is making the autoload tests fail because my 
PuppetLint.configuration.ignore_paths in the Rakefile are seemingly ignored.

Thanks
- Trey

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/6891176a-b735-43e4-9a6f-07a701e8199b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Exported Concat::Fragment not using concat_basedir

[treydock]

I am having a very odd issue when exporting Concat::Fragment resources. 
 They export just fine, but if the node that exported the resource tries to 
also realize that resource, the fragment loses the path defined by 
concat_basedir.

The export:

  @@concat::fragment { slurm.conf-nodelist_${::hostname}:
tag = 'slurm_nodelist',
target  = '/etc/slurm/slurm.conf',
content = template('slurm/slurm.conf/worker/slurm.conf.nodelist.erb'),
order   = 2,
  }

In the same class, the resource is realized:

  Concat::Fragment | tag == 'slurm_nodelist' |

That same collector is used by another class and it successfully realized 
the resource at 
'/var/lib/puppet/concat/_etc_slurm_slurm.conf/fragments/2_slurm.conf-nodelist_c0926b'.

The node that exported the resource is trying to create the fragment at 
'/_etc_slurm_slurm.conf/fragments/2_slurm.conf-nodelist_c0926b'.  This is 
the error I get

Error: Could not set 'present' on ensure: cannot generate tempfile 
`/_etc_slurm_slurm.conf/fragments/2_slurm.conf-nodelist_c0926b20140502-22071-9r3m7r-9'
 
at 
66:/etc/puppet/environments/production/modules/concat/manifests/fragment.pp
Error: Could not set 'present' on ensure: cannot generate tempfile 
`/_etc_slurm_slurm.conf/fragments/2_slurm.conf-nodelist_c0926b20140502-22071-9r3m7r-9'
 
at 
66:/etc/puppet/environments/production/modules/concat/manifests/fragment.pp
Wrapped exception:
cannot generate tempfile 
`/_etc_slurm_slurm.conf/fragments/2_slurm.conf-nodelist_c0926b20140502-22071-9r3m7r-9'
Error: 
/Stage[main]/Slurm::Worker::Config/Concat::Fragment[slurm.conf-nodelist_c0926b]/File[/_etc_slurm_slurm.conf/fragments/2_slurm.conf-nodelist_c0926b]/ensure:
 
change from absent to present failed: Could not set 'present' on ensure: 
cannot generate tempfile 
`/_etc_slurm_slurm.conf/fragments/2_slurm.conf-nodelist_c0926b20140502-22071-9r3m7r-9'
 
at 
66:/etc/puppet/environments/production/modules/concat/manifests/fragment.pp

The module I'm working on is at https://github.com/treydock/puppet-slurm.

As a temporary workaround I've done 'mkdir -p 
/_etc_slurm_slurm.conf/fragments' to allow the fragments to be created, as 
I'm still unsure if I want to use concat or file_line exports.

Working: 
https://github.com/treydock/puppet-slurm/blob/master/manifests/master/config.pp#L73

Failing: 
https://github.com/treydock/puppet-slurm/blob/master/manifests/worker/config.pp#L121

The node does have the concat_basedir fact present:

# facter -p concat_basedir
/var/lib/puppet/concat

Both systems are on Puppet 3.4.3.  I'm using PuppetDB 1.6.2 and 
puppetlabs-concat-1.0.2.

Thanks
- Trey

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/cae901ad-80cf-46b1-b984-2c3562ea000c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] puppet module permissions - librarian-puppet

[treydock]

I have noticed lately that on my development system (OS X) and my 
production Puppet master (CentOS 6.5) that when installing puppet modules 
using librarian-puppet the permissions of some modules and files is very 
restrictive to the point where the puppetmaster can't read the files.  Some 
modules end up with all files being 0400, while some end up 0644 and some 
0664.  The files read-only to user are unable to be accessed by the 
Passenger based Puppet master and the files that sometimes go from 0664 to 
0644 are creating a lot of noise in agent reports.

Is there a defacto standard for the appropriate permissions, especially 
for custom puppet providers/types/functions?  I've noticed that whatever 
the permissions end up being on the master is what they get set to on the 
clients.  I'm unsure if the permissions are being set by librarian-puppet, 
the puppet module command, or some other mechanism.  The permissions are 
always like this after a bundle exec librarian-puppet install.  I've 
since had to put a script in my librarian-puppet repo that executes a find 
and modifies permissions, which does not seem right.

Curious if anyone else has seen this or has suggestions for how to debug.

Thanks
- Trey

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/bc4f86d5-0c65-4ec6-bc98-43f437a611e6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Unable to use centos-510-x64 vagrant box with beaker-rspec

[treydock]

: urlopen error (-3, 'Temporary failure in name 
resolution')
Trying other mirror.
http://mirrors.sonic.net/centos/5.10/extras/x86_64/repodata/repomd.xml: 
[Errno 4] IOError: urlopen error (-3, 'Temporary failure in name 
resolution')
Trying other mirror.
http://yum.phx.singlehop.com/centos/5.10/extras/x86_64/repodata/repomd.xml: 
[Errno 4] IOError: urlopen error (-3, 'Temporary failure in name 
resolution')
Trying other mirror.
http://yum.singlehop.com/CentOS/5.10/extras/x86_64/repodata/repomd.xml: 
[Errno 4] IOError: urlopen error (-3, 'Temporary failure in name 
resolution')
Trying other mirror.
ftp://mirror.nandomedia.com/pub/CentOS/5.10/updates/x86_64/repodata/repomd.xml: 
[Errno 4] IOError: urlopen error (-2, 'Name or service not known')
Trying other mirror.
http://bay.uchicago.edu/centos/5.10/updates/x86_64/repodata/repomd.xml: 
[Errno 4] IOError: urlopen error (-3, 'Temporary failure in name 
resolution')
Trying other mirror.
http://centos.aol.com/5.10/updates/x86_64/repodata/repomd.xml: [Errno 4] 
IOError: urlopen error (-3, 'Temporary failure in name resolution')
Trying other mirror.
http://centos.mirrors.hoobly.com/5.10/updates/x86_64/repodata/repomd.xml: 
[Errno 4] IOError: urlopen error (-3, 'Temporary failure in name 
resolution')
Trying other mirror.
http://mirror.chpc.utah.edu/pub/centos/5.10/updates/x86_64/repodata/repomd.xml: 
[Errno 4] IOError: urlopen error (-3, 'Temporary failure in name 
resolution')
Trying other mirror.
http://mirror.cs.uwp.edu/pub/centos/5.10/updates/x86_64/repodata/repomd.xml: 
[Errno 4] IOError: urlopen error (-3, 'Temporary failure in name 
resolution')
Trying other mirror.
http://mirror.es.its.nyu.edu/centos/5.10/updates/x86_64/repodata/repomd.xml: 
[Errno 4] IOError: urlopen error (-3, 'Temporary failure in name 
resolution')
Trying other mirror.
http://mirror.oss.ou.edu/centos/5.10/updates/x86_64/repodata/repomd.xml: 
[Errno 4] IOError: urlopen error (-3, 'Temporary failure in name 
resolution')
Trying other mirror.
http://mirrors.advancedhosters.com/centos/5.10/updates/x86_64/repodata/repomd.xml:
 
[Errno 4] IOError: urlopen error (-3, 'Temporary failure in name 
resolution')
Trying other mirror.
http://mirrors.usc.edu/pub/linux/distributions/centos/5.10/updates/x86_64/repodata/repomd.xml:
 
[Errno 4] IOError: urlopen error (-3, 'Temporary failure in name 
resolution')
Trying other mirror.
Setting up Install Process
No package ntpdate available.
Nothing to do

centos-510-x64 executed in 4800.41 seconds

centos-510-x64 16:06:38$  rpm -ivh 
http://yum.puppetlabs.com/puppetlabs-release-el-5.noarch.rpm
error: skipping 
http://yum.puppetlabs.com/puppetlabs-release-el-5.noarch.rpm - transfer 
failed - Unknown or unexpected error
Retrieving http://yum.puppetlabs.com/puppetlabs-release-el-5.noarch.rpm

centos-510-x64 executed in 80.01 seconds
Exited: 1
/Users/treydock/.rvm/gems/ruby-1.8.7-p371@puppet_dev/gems/beaker-1.9.1/lib/beaker/host.rb:183:in
 
`exec': Host 'centos-510-x64' exited with 1 running: 
(Beaker::Host::CommandFailure)
  rpm -ivh http://yum.puppetlabs.com/puppetlabs-release-el-5.noarch.rpm
Last 10 lines of output were:
error: skipping 
http://yum.puppetlabs.com/puppetlabs-release-el-5.noarch.rpm - transfer 
failed - Unknown or unexpected error
Retrieving http://yum.puppetlabs.com/puppetlabs-release-el-5.noarch.rpm
from 
/Users/treydock/.rvm/gems/ruby-1.8.7-p371@puppet_dev/gems/beaker-1.9.1/lib/beaker/dsl/helpers.rb:85:in
 
`on'
from 
/Users/treydock/.rvm/gems/ruby-1.8.7-p371@puppet_dev/gems/beaker-1.9.1/lib/beaker/dsl/install_utils.rb:445:in
 
`install_puppet'
from 
/Users/treydock/.rvm/gems/ruby-1.8.7-p371@puppet_dev/gems/beaker-1.9.1/lib/beaker/dsl/install_utils.rb:442:in
 
`each'
from 
/Users/treydock/.rvm/gems/ruby-1.8.7-p371@puppet_dev/gems/beaker-1.9.1/lib/beaker/dsl/install_utils.rb:442:in
 
`install_puppet'
from 
/Users/treydock/puppet/modules/repo_centos/spec/spec_helper_acceptance.rb:6
from 
/Users/treydock/puppet/modules/repo_centos/spec/spec_helper_acceptance.rb:4:in 
`each'
from 
/Users/treydock/puppet/modules/repo_centos/spec/spec_helper_acceptance.rb:4
from 
/Users/treydock/puppet/modules/repo_centos/spec/acceptance/01_repo_centos_spec.rb:1:in
 
`require'
from 
/Users/treydock/puppet/modules/repo_centos/spec/acceptance/01_repo_centos_spec.rb:1
from 
/Users/treydock/.rvm/gems/ruby-1.8.7-p371@puppet_dev/gems/rspec-core-2.14.8/lib/rspec/core/configuration.rb:896:in
 
`load'
from 
/Users/treydock/.rvm/gems/ruby-1.8.7-p371@puppet_dev/gems/rspec-core-2.14.8/lib/rspec/core/configuration.rb:896:in
 
`load_spec_files'
from 
/Users/treydock/.rvm/gems/ruby-1.8.7-p371@puppet_dev/gems/rspec-core-2.14.8/lib/rspec/core/configuration.rb:896:in
 
`each'
from 
/Users/treydock/.rvm/gems/ruby-1.8.7-p371@puppet_dev/gems/rspec-core-2.14.8/lib/rspec/core/configuration.rb:896:in
 
`load_spec_files'
from 
/Users/treydock/.rvm/gems/ruby-1.8.7-p371@puppet_dev/gems/rspec-core-2.14.8/lib/rspec/core/command_line.rb:22:in
 
`run'
from 
/Users/treydock/.rvm/gems/ruby-1.8.7

[Puppet Users] beaker-rspec failing to test resources with should_not matcher

[treydock]

This MAY be a bug with serverspec or specinfra gems, but I was hoping 
someone here could help me identify the problem.  I wrote some tests that 
ensure file resources are removed and yumrepo resources are disabled.  I 
was using older beaker gem and recently updated to latest 1.9.1 to find 
that my should_not matchers all fail. 

  describe yumrepo('centos-scl') do
it { should exist }
it { should_not be_enabled }
  end

centos-65-x64 17:29:19$  yum repolist all -C | grep ^centos-scl | grep 
enabled

centos-65-x64 executed in 0.14 seconds
Exited: 1
  should not be enabled (FAILED - 4)
  should not be enabled (FAILED - 4)


  4) repo_centos class default parameters Yumrepo centos-scl should not 
be enabled
 Failure/Error: it { should_not be_enabled }
   yum repolist all -C | grep ^centos-scl | grep enabled
   expected Yumrepo centos-scl not to be enabled

The same false failure occurs for file with should_not be_file matcher.

describe file('/etc/yum.repos.d/CentOS-Base.repo') do
  it { should_not be_file }
end

  6) repo_centos class default parameters File 
/etc/yum.repos.d/CentOS-Base.repo should not be file
 Failure/Error: it { should_not be_file }
   test -f /etc/yum.repos.d/CentOS-Base.repo
   expected file? to return false, got 
#SpecInfra::CommandResult:0x10eff4498 @stderr=, @stdout=, 
@exit_signal=nil, @exit_status=1
 # ./spec/acceptance/01_repo_centos_spec.rb:56

The module I'm working on is at https://github.com/treydock/repo_centos.

Thanks
- Trey

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/5d9ef6d6-f753-42c4-bede-bb3c1544212e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Puppet under passenger constantly crashing

[treydock]

I recently moved from manually configured Puppetmaster under passenger to 
fully managed using theforeman/puppet module.  Now I am experiencing 
constant crashes (every few minutes) of the passenger process that runs the 
puppetmaster.

Host is CentOS 6.5 running Puppet 3.4.3.

This is the entry I see in /var/log/httpd/puppet_error_ssl.log:

[Tue Mar 25 16:25:26 2014] [error] [client 127.0.0.1] Premature end of 
script headers: production

This is the entry I see in /var/log/httpd/error_log

/usr/lib/ruby/site_ruby/1.8/puppet/parser/ast.rb:49: [BUG] rb_gc_mark(): 
unknown data type 0x20(0x2e6b230) non object
ruby 1.8.7 (2011-06-30 patchlevel 352) [x86_64-linux]

[ pid=28256 thr=139906534451168 file=ext/apache2/Hooks.cpp:841 
time=2014-03-25 16:25:26.86 ]: The backend application (process 32724) did 
not send a valid HTTP response; instead, it sent nothing at all. It is 
possible that it has crashed; please check whe.

/etc/httpd/conf.d/passenger.conf:

LoadModule passenger_module modules/mod_passenger.so
IfModule mod_passenger.c
   PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-3.0.19
   PassengerRuby /usr/bin/ruby
   PassengerTempDir /var/run/rubygem-passenger
/IfModule

/etc/httpd/conf.d/25-puppet.conf
# 
# Vhost template in module puppetlabs-apache
# Managed by Puppet
# 

VirtualHost *:8140
  ServerName puppet

  ## Vhost docroot
  DocumentRoot /etc/puppet/rack/public/

  ## Directories, there should at least be a declaration for 
/etc/puppet/rack/public/

  Directory /etc/puppet/rack/public/
AllowOverride None
Order allow,deny
Allow from all
PassengerEnabled On
  /Directory

  ## Load additional static includes

  ## Logging
  ErrorLog /var/log/httpd/puppet_error_ssl.log
  ServerSignature Off
  CustomLog /var/log/httpd/puppet_access_ssl.log combined

  ## SSL directives
  SSLEngine on
  SSLCertificateFile  /var/lib/puppet/ssl/certs/puppet.DOMAIN.pem
  SSLCertificateKeyFile   
/var/lib/puppet/ssl/private_keys/puppet.DOMAIN.pem
  SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem
  SSLCACertificatePath/etc/pki/tls/certs
  SSLCACertificateFile/var/lib/puppet/ssl/ca/ca_crt.pem
  SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem
  SSLProtocol -ALL +SSLv3 +TLSv1
  SSLCipherSuite  ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
  SSLVerifyClient optional
  SSLVerifyDepth  1
  SSLOptions +StdEnvVars +ExportCertData

  ## Request header rules
  ## as per 
http://httpd.apache.org/docs/2.2/mod/mod_headers.html#requestheader
  RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
  RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
  RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
  RequestHeader unset X-Forwarded-For

  ## Custom fragment

/VirtualHost

Any suggestions or means to work around this issue?

Thanks
- Trey

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/570ab513-d4e3-4c42-9481-c53ac49e2845%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: Puppet under passenger constantly crashing

[treydock]

As an update, I tried running 'puppet master --no-daemonize --debug' and am 
seeing a segmentation fault running outside of passenger/apache...

/usr/lib/ruby/site_ruby/1.8/puppet/parser/scope.rb:555: [BUG] Segmentation 
fault
ruby 1.8.7 (2011-06-30 patchlevel 352) [x86_64-linux]

another run

/usr/lib/ruby/1.8/pathname.rb:287: [BUG] rb_gc_mark(): unknown data type 
0x10(0x935ce90) non object
ruby 1.8.7 (2011-06-30 patchlevel 352) [x86_64-linux]

This only seems occur most frequently when I run puppet agent --test from 
the puppet master server.  Remote clients do not seem to crash puppet 
master as frequently.

On Tuesday, March 25, 2014 4:30:27 PM UTC-5, treydock wrote:

 I recently moved from manually configured Puppetmaster under passenger to 
 fully managed using theforeman/puppet module.  Now I am experiencing 
 constant crashes (every few minutes) of the passenger process that runs the 
 puppetmaster.

 Host is CentOS 6.5 running Puppet 3.4.3.

 This is the entry I see in /var/log/httpd/puppet_error_ssl.log:

 [Tue Mar 25 16:25:26 2014] [error] [client 127.0.0.1] Premature end of 
 script headers: production

 This is the entry I see in /var/log/httpd/error_log

 /usr/lib/ruby/site_ruby/1.8/puppet/parser/ast.rb:49: [BUG] rb_gc_mark(): 
 unknown data type 0x20(0x2e6b230) non object
 ruby 1.8.7 (2011-06-30 patchlevel 352) [x86_64-linux]

 [ pid=28256 thr=139906534451168 file=ext/apache2/Hooks.cpp:841 
 time=2014-03-25 16:25:26.86 ]: The backend application (process 32724) did 
 not send a valid HTTP response; instead, it sent nothing at all. It is 
 possible that it has crashed; please check whe.

 /etc/httpd/conf.d/passenger.conf:

 LoadModule passenger_module modules/mod_passenger.so
 IfModule mod_passenger.c
PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-3.0.19
PassengerRuby /usr/bin/ruby
PassengerTempDir /var/run/rubygem-passenger
 /IfModule

 /etc/httpd/conf.d/25-puppet.conf
 # 
 # Vhost template in module puppetlabs-apache
 # Managed by Puppet
 # 

 VirtualHost *:8140
   ServerName puppet

   ## Vhost docroot
   DocumentRoot /etc/puppet/rack/public/

   ## Directories, there should at least be a declaration for 
 /etc/puppet/rack/public/

   Directory /etc/puppet/rack/public/
 AllowOverride None
 Order allow,deny
 Allow from all
 PassengerEnabled On
   /Directory

   ## Load additional static includes

   ## Logging
   ErrorLog /var/log/httpd/puppet_error_ssl.log
   ServerSignature Off
   CustomLog /var/log/httpd/puppet_access_ssl.log combined

   ## SSL directives
   SSLEngine on
   SSLCertificateFile  /var/lib/puppet/ssl/certs/puppet.DOMAIN.pem
   SSLCertificateKeyFile   
 /var/lib/puppet/ssl/private_keys/puppet.DOMAIN.pem
   SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem
   SSLCACertificatePath/etc/pki/tls/certs
   SSLCACertificateFile/var/lib/puppet/ssl/ca/ca_crt.pem
   SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem
   SSLProtocol -ALL +SSLv3 +TLSv1
   SSLCipherSuite  ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
   SSLVerifyClient optional
   SSLVerifyDepth  1
   SSLOptions +StdEnvVars +ExportCertData

   ## Request header rules
   ## as per 
 http://httpd.apache.org/docs/2.2/mod/mod_headers.html#requestheader
   RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
   RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
   RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
   RequestHeader unset X-Forwarded-For

   ## Custom fragment

 /VirtualHost

 Any suggestions or means to work around this issue?

 Thanks
 - Trey


-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/f8163a17-abed-4735-9b90-49e62b9306ce%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] puppet certificate generate fails for mcollective client

[treydock]

Following the mcollective documentation [1] for adding clients to execute 
mco commands when using SSL I am getting an error executing the 'puppet 
certificate generate' command as my user account.  I feel like I'm missing 
something very obvious here.

$ puppet certificate generate treydock --ssldir 
~/.mcollective.d/credentials --ca-location remote --ca_server 
puppet.DOMAIN
Error: The certificate retrieved from the master does not match the agent's 
private key.
Certificate fingerprint: 
E3:EA:FA:AD:68:53:D8:AF:DB:63:C9:2A:89:CC:68:AA:4F:B2:35:F6:9F:8C:E0:3C:3F:56:D5:1F:41:45:0D:53
To fix this, remove the certificate from both the master and the agent and 
then start a puppet run, which will automatically regenerate a certficate.
On the master:
  puppet cert clean login3.DOMAIN
On the agent:
  rm -f /home/treydock/.mcollective.d/credentials/certs/login3.DOMAIN.pem
  puppet agent -t

Error: Try 'puppet help certificate generate' for usage

This happens from all my systems.

The host 'login3' puppet.conf (comments removed):

$ cat /etc/puppet/puppet.conf
[main]
logdir = /var/log/puppet
rundir = /var/run/puppet
ssldir = $vardir/ssl
privatekeydir = $ssldir/private_keys { group = service }
hostprivkey = $privatekeydir/$certname.pem { mode = 640 }
autosign   = $confdir/autosign.conf { mode = 664 }

[agent]
classfile = $vardir/classes.txt
localconfig = $vardir/localconfig
default_schedules = false

report= true
pluginsync= true
masterport= 8140
environment   = production
certname  = login3.brazos.tamu.edu
server= puppet.brazos.tamu.edu
listen= false
splay = false
runinterval   = 3600
noop  = true
show_diff = true
configtimeout = 120

Thanks
- Trey

[1] 
- 
http://docs.puppetlabs.com/mcollective/deploy/standard.html#managing-client-credentials

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/a31a3ff6-4907-4fd4-a496-b03869e8a151%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Facter errors with InfiniBand and VDSM

[treydock]

I have an ovirt node that has Infiniband and I'm seeing two seperate errors 
when running facter.

sh: vdsmdummy: command not found

and

Ifconfig uses the ioctl access method to get the full address information, 
which limits hardware addresses to 8 bytes.
Because Infiniband address has 20 bytes, only the first 8 bytes are 
displayed correctly.
Ifconfig is obsolete! For replacement check ip.

I'm using the --trace option with facter but am not seeing any backtrace 
information to identify and submit a fix for these two issues.

Installed packages on CentOS 6.5:

facter.x86_64   1:1.7.4-1.el6   @puppetlabs-products
puppet.noarch   3.4.2-1.el6 @puppetlabs-products

The vdsmdummy is likely from the bridge created by VDSM:

$ brctl show
bridge name bridge id   STP enabled interfaces
;vdsmdummy; 8000.   no
ipmi8000.003048bc981e   no  eth0.2
ovirtmgmt   8000.003048bc981e   no  eth0.1
public  8000.003048bc981f   no  eth1

So far I think the reason the vdsmdummy: command not found is the 
semi-colons are passed to the /sbin/ip command and appear like subcommands.

The Infiniband issue seems to be STDERR being printed as a ifconfig 
2/dev/null does not print that message.

Thanks
- Trey

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/64b3dc17-6e6f-472d-b280-da91158dcc49%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Re: Facter errors with InfiniBand and VDSM

[treydock]

After some debugging it seems it's the ;vdsmdummy; interface that's 
causing both problems.  I have a host with Infiniband, and the same version 
of Puppet and Facter, that has no errors running facter.  My guess is when 
ifconfig is executed for ;vdsmdummy; it's not using '2 /dev/null', but I 
can't identify where in the Facter code this is happening.

I updated Facter to 1.7.5-rc2 and the error is still the same on the host 
with the ;vdsmdummy; bridge device.

Thanks
- Trey

On Sunday, February 9, 2014 3:17:10 PM UTC-6, treydock wrote:

 I have an ovirt node that has Infiniband and I'm seeing two seperate 
 errors when running facter.

 sh: vdsmdummy: command not found

 and

 Ifconfig uses the ioctl access method to get the full address information, 
 which limits hardware addresses to 8 bytes.
 Because Infiniband address has 20 bytes, only the first 8 bytes are 
 displayed correctly.
 Ifconfig is obsolete! For replacement check ip.

 I'm using the --trace option with facter but am not seeing any backtrace 
 information to identify and submit a fix for these two issues.

 Installed packages on CentOS 6.5:

 facter.x86_64   1:1.7.4-1.el6   @puppetlabs-products
 puppet.noarch   3.4.2-1.el6 @puppetlabs-products

 The vdsmdummy is likely from the bridge created by VDSM:

 $ brctl show
 bridge name bridge id   STP enabled interfaces
 ;vdsmdummy; 8000.   no
 ipmi8000.003048bc981e   no  eth0.2
 ovirtmgmt   8000.003048bc981e   no  eth0.1
 public  8000.003048bc981f   no  eth1

 So far I think the reason the vdsmdummy: command not found is the 
 semi-colons are passed to the /sbin/ip command and appear like subcommands.

 The Infiniband issue seems to be STDERR being printed as a ifconfig 
 2/dev/null does not print that message.

 Thanks
 - Trey


-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/80905d1a-2f20-44ce-9582-024e6a792f35%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] zpool resource fails with incorrect error

[treydock]

I'm working to expand / develop on the zpool built-in type, but the zpool 
command is failing and Puppet's returned stderr is not what I get if I 
copy/paste the command given by the debug output.

# cat /etc/puppet/manifests/zpool_raidz2.pp
zpool { 'tank':
  ensure  = present,
  raidz   = [ 'd01 d02 d03 d04', 'd05 d06 d07 d08' ],
  raid_parity = 'raidz2',
  pool= 'tank',
  log_mirror  = 'd09 d10',
  force   = true,
}

I've put the full trace/debug in pastebin [1].

You'll have to excuse the extra debug lines, as I'm trying to do a few 
things.

* Add logged mirror support
* Figure out and fix the inability to create striped RAIDZ sets
* Add property for cache devices

The main error is this...

Error: /Stage[main]//Zpool[tank]/ensure: change from absent to present 
failed: Execution of '/sbin/zpool create -f tank raidz2 d01 d02 d03 d04 
raidz2 d05 d06 d07 d08 log mirror d09 d10' returned 1: cannot open 'd01 d02 
d03 d04': no such device in /dev
must be a full path or shorthand device name

However if I run that exact command, I receive no error.

# /sbin/zpool create -f tank raidz2 d01 d02 d03 d04 raidz2 d05 d06 d07 d08 
log mirror d09 d10
# echo $?
0
# zpool status
  pool: tank
 state: ONLINE
  scan: none requested
config:

NAMESTATE READ WRITE CKSUM
tankONLINE   0 0 0
  raidz2-0  ONLINE   0 0 0
d01 ONLINE   0 0 0
d02 ONLINE   0 0 0
d03 ONLINE   0 0 0
d04 ONLINE   0 0 0
  raidz2-1  ONLINE   0 0 0
d05 ONLINE   0 0 0
d06 ONLINE   0 0 0
d07 ONLINE   0 0 0
d08 ONLINE   0 0 0
logs
  mirror-2  ONLINE   0 0 0
d09 ONLINE   0 0 0
d10 ONLINE   0 0 0

errors: No known data errors

This is being done in a Vagrant VM as part of my puppet-zfsonlinux module , 
which I've uploaded to github [2].  I don't have much experience in custom 
types and providers so am unsure where to begin on debugging the errors 
when I can't reproduce them via command line.

[1] - http://pastebin.com/Lcy6feyt
[2] 
- https://github.com/treydock/puppet-zfsonlinux/tree/development_zpool_type

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] facter's zpool_version errors using zfsonlinux

[treydock]

Has anyone run into an issue with zfsonlinux = 0.6.1 failing to work with 
the Facter zpool_version fact?  I get the following error Could not 
retrieve zfs_version: undefined method `captures' for nil:NilClass which a 
bug report [1] indicates was fixed.  I'm curious if it's a real issue.  I 
have a code change to contribute that has a seperate means of checking 
zpool_version using confine :kernel = Linux.  Should this be a new bug 
or attached to the other recent bug [1] ?

Ran into with puppet-3.1.1 and facter-1.7.0

I believe the underlying problem is that the zpool upgrade -v in 
zfsonlinux does not output the version number anymore.  Using a basic 
dmesg | grep 'ZFS:' with the same captures line seems to work.  I 
uploaded my module [2] with the proposed facter fact addition if someone 
would like to confirm this.  I have only confirmed in vagrant tests, 
haven't pushed to my Puppet master yet, but I saw the symptoms on my live 
systems.

Thanks
- Trey

[1] - http://projects.puppetlabs.com/issues/17794
[2] - https://github.com/treydock/puppet-zfsonlinux

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] puppetlabs-mysql module

[treydock]

You can supply values to override those defined in /etc/my.cnf by adding files 
to /etc/mysql/conf.d.  The module makes the overrides possible with the default 
configuration in my.cnf, I believe the IncludeDir line.  Using phone so 
difficult to reference. 

- Trey

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/D98HPPDdiLEJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Catalog compile times 40s - Puppet 2.7.18

[treydock]

On Sunday, December 9, 2012 1:41:34 PM UTC-6, treydock wrote:

 I am finding that the puppetlabs-apache module is somehow adding 30-60 
 seconds onto a host's catalog compile time when the puppetmaster has no 
 other hosts contacting or generating catalogs.  The Puppetmaster is setup 
 to use Puppet-2.7.18 - Apache  Passenger.  RIght now only 2 hosts are even 
 configured to use this new PM, the PM itself and a Foreman host.  With 
 neither hosts contacting the PM, and disabling the include apache and 
 require apache::mod::dev in puppetlabs-passenger, I get Config 
 retrieval: 2.45.

 Catalogs had hostnames replaced, puppetmaster.tld is the CNAME for Puppet 
 master and puppetmaster-host.tld is the actual hostname.

 Catalog: http://pastebin.com/V29JmB8J
 # puppet agent --{summarize,test,debug,evaltrace,noop} | perl -pe 
 's/^/localtime().: /e'
 snip
 Sun Dec  9 13:05:35 2012: notice: Finished catalog run in 2.43 seconds
 Sun Dec  9 13:05:35 2012: Changes:
 Sun Dec  9 13:05:35 2012: Events:
 Sun Dec  9 13:05:35 2012: Total: 1
 Sun Dec  9 13:05:35 2012:  Noop: 1
 Sun Dec  9 13:05:35 2012: Resources:
 Sun Dec  9 13:05:35 2012:   Out of sync: 1
 Sun Dec  9 13:05:35 2012: Total: 22
 Sun Dec  9 13:05:35 2012:   Skipped: 6
 Sun Dec  9 13:05:35 2012: Time:
 Sun Dec  9 13:05:35 2012: Resources: 0.00
 Sun Dec  9 13:05:35 2012:Filebucket: 0.00
 Sun Dec  9 13:05:35 2012:   Package: 0.00
 Sun Dec  9 13:05:35 2012:  File: 0.00
 Sun Dec  9 13:05:35 2012:  Firewall: 0.01
 Sun Dec  9 13:05:35 2012:  Exec: 0.14
 Sun Dec  9 13:05:35 2012:  Last run: 1355079935
 Sun Dec  9 13:05:35 2012:Config retrieval: 2.45
 Sun Dec  9 13:05:35 2012: Total: 2.61
 Sun Dec  9 13:05:35 2012: Version:
 Sun Dec  9 13:05:35 2012:Config: 1355077701
 Sun Dec  9 13:05:35 2012:Puppet: 2.7.18

 Uncommenting include apache and require apache::mod::dev in 
 puppetlabs-passenger about 40 seconds are added to the compile time.  I 
 went through disabled all modules and parameters, and found that enabling 
 the passenger module alone with Apache included caused the huge delay.

 Catalog: http://pastebin.com/wwcKgX5b
 # puppet agent --{summarize,test,debug,evaltrace,noop} | perl -pe 
 's/^/localtime().: /e'
 snip
 Sun Dec  9 13:13:08 2012: notice: Finished catalog run in 2.23 seconds
 Sun Dec  9 13:13:08 2012: Changes:
 Sun Dec  9 13:13:08 2012: Events:
 Sun Dec  9 13:13:08 2012: Total: 4
 Sun Dec  9 13:13:08 2012:  Noop: 4
 Sun Dec  9 13:13:08 2012: Resources:
 Sun Dec  9 13:13:08 2012:   Out of sync: 4
 Sun Dec  9 13:13:08 2012:   Skipped: 6
 Sun Dec  9 13:13:08 2012: Total: 80
 Sun Dec  9 13:13:08 2012: Time:
 Sun Dec  9 13:13:08 2012:Filebucket: 0.00
 Sun Dec  9 13:13:08 2012: Resources: 0.00
 Sun Dec  9 13:13:08 2012:   Package: 0.00
 Sun Dec  9 13:13:08 2012:  Firewall: 0.01
 Sun Dec  9 13:13:08 2012:  File: 0.01
 Sun Dec  9 13:13:08 2012: A2mod: 0.03
 Sun Dec  9 13:13:08 2012:   Service: 0.07
 Sun Dec  9 13:13:08 2012:  Exec: 0.14
 Sun Dec  9 13:13:08 2012:  Last run: 1355080388
 Sun Dec  9 13:13:08 2012:Config retrieval: 42.79
 Sun Dec  9 13:13:08 2012: Total: 43.06
 Sun Dec  9 13:13:08 2012: Version:
 Sun Dec  9 13:13:08 2012:Config: 1355080261
 Sun Dec  9 13:13:08 2012:Puppet: 2.7.18


 The install is via RPM.  I'm using the Fedora SRPMs rebuilt for CentOS 6. 
  The Puppet master has two environments, development and production with 
 this as the puppet.conf

 # cat /etc/puppet/puppet.conf
 ---
 [main]
 server= puppetmaster.tld
 logdir= /var/log/puppet
 vardir= /var/lib/puppet
 ssldir= /var/lib/puppet/ssl
 rundir= /var/run/puppet
 factpath  = $vardir/lib/facter
 pluginsync= true
 templatedir   = $confdir/templates


 [agent]
 report  = true
 environment = production
 preferred_serialization_format  = yaml

 [master]
 modulepath= 
 /etc/puppet/environments/$environment/modules:/etc/puppet/modules
 manifest  = /etc/puppet/manifests/site.pp
 environment   = production
 autosign  = false
 ssl_client_header = SSL_CLIENT_S_DN
 ssl_client_verify_header  = SSL_CLIENT_VERIFY
 certname  = puppetmaster.tld
 dns_alt_names = puppetmaster.tld,puppetmaster-host.tld
 report= true
 reports   = store
 #reports   = store, foreman

 [production]
 manifest  = /etc/puppet/manifests/site.pp


 Has anyone run into this issue with puppetlabs-apache or know why my 
 compile times are so long?  I have

[Puppet Users] YAML as File resource template Error , can't convert Hash to String

[treydock]

Using exported resources I'm trying to have a host export a File resource 
generated from a yaml template, to another host.  The host that gets the 
exported resource is throwing errors like this

err: Failed to apply catalog: Parameter content failed: Munging failed for 
value {parameters={macaddress_p2p1=00:15:17:80:5A:3E, 
macaddress_p2p2=00:15:17:80:5A:3F, 
macaddress_eth0=00:1E:C9:55:12:C7, 
macaddress_eth1=00:1E:C9:55:12:C9, operatingsystem=CentOS, 
serialnumber=, interfaces=eth0,eth1,lo,p2p1,p2p2, 
fqdn=snip, ipaddress_p2p1=, ipaddress_p2p2=, uuid=, 
ipaddress_eth0=, ipaddress_eth1=snip, productname=, 
operatingsystemrelease=6.3}, name=snip} in class content: can't 
convert Hash into String

Here is the parts of the module...

class racktables::export (
  $site,
  $yamls_dir  = 'UNSET'
) inherits racktables::params {

  $yamls_dir_REAL = $yamls_dir ? {
'UNSET'   = ${conf_dir}/${site}/yamls,
default   = $yamls_dir,
  }

  @@file { racktables_host_${::hostname}.yaml:
content   = template('racktables/host.yaml.erb'),
path  = ${yamls_dir_REAL}/${::hostname}.yaml,
tag   = host_yaml_for_${site},
  }

}

define racktables::instance (
...
) {
snip

  File | tag == host_yaml_for_${name} | {
require   = File[$yaml_exports_REAL],
  }

snip
}

Template...

# cat templates/host.yaml.erb
--- 
name: %= scope.lookupvar('::hostname') %
parameters: 
  interfaces: %= scope.lookupvar('::interfaces') %
  fqdn: %= scope.lookupvar('::fqdn') %
  operatingsystemrelease: %= scope.lookupvar('::operatingsystemrelease') 
%
  operatingsystem: %= scope.lookupvar('::operatingsystem') %
  productname: 
  uuid: 
  serialnumber: 
% scope.lookupvar('::interfaces').split(',').each do |interface| -%
% unless interface.eql? lo -%
  ipaddress_%= interface %: %= 
scope.lookupvar(::ipaddress_#{interface}) %
  macaddress_%= interface %: %= 
scope.lookupvar(::macaddress_#{interface}) %
% end -%
% end -%


Is there some catch to using a YAML file for the template content?  Would 
it be better to use Ruby DSL for the racktables::export class and generate 
a hash - sort - to_yaml and have that be set as the content?

Thanks
- Trey

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/qsY2Ixye7BsJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Catalog compile times 40s - Puppet 2.7.18

[treydock]

I am finding that the puppetlabs-apache module is somehow adding 30-60 
seconds onto a host's catalog compile time when the puppetmaster has no 
other hosts contacting or generating catalogs.  The Puppetmaster is setup 
to use Puppet-2.7.18 - Apache  Passenger.  RIght now only 2 hosts are even 
configured to use this new PM, the PM itself and a Foreman host.  With 
neither hosts contacting the PM, and disabling the include apache and 
require apache::mod::dev in puppetlabs-passenger, I get Config 
retrieval: 2.45.

Catalogs had hostnames replaced, puppetmaster.tld is the CNAME for Puppet 
master and puppetmaster-host.tld is the actual hostname.

Catalog: http://pastebin.com/V29JmB8J
# puppet agent --{summarize,test,debug,evaltrace,noop} | perl -pe 
's/^/localtime().: /e'
snip
Sun Dec  9 13:05:35 2012: notice: Finished catalog run in 2.43 seconds
Sun Dec  9 13:05:35 2012: Changes:
Sun Dec  9 13:05:35 2012: Events:
Sun Dec  9 13:05:35 2012: Total: 1
Sun Dec  9 13:05:35 2012:  Noop: 1
Sun Dec  9 13:05:35 2012: Resources:
Sun Dec  9 13:05:35 2012:   Out of sync: 1
Sun Dec  9 13:05:35 2012: Total: 22
Sun Dec  9 13:05:35 2012:   Skipped: 6
Sun Dec  9 13:05:35 2012: Time:
Sun Dec  9 13:05:35 2012: Resources: 0.00
Sun Dec  9 13:05:35 2012:Filebucket: 0.00
Sun Dec  9 13:05:35 2012:   Package: 0.00
Sun Dec  9 13:05:35 2012:  File: 0.00
Sun Dec  9 13:05:35 2012:  Firewall: 0.01
Sun Dec  9 13:05:35 2012:  Exec: 0.14
Sun Dec  9 13:05:35 2012:  Last run: 1355079935
Sun Dec  9 13:05:35 2012:Config retrieval: 2.45
Sun Dec  9 13:05:35 2012: Total: 2.61
Sun Dec  9 13:05:35 2012: Version:
Sun Dec  9 13:05:35 2012:Config: 1355077701
Sun Dec  9 13:05:35 2012:Puppet: 2.7.18

Uncommenting include apache and require apache::mod::dev in 
puppetlabs-passenger about 40 seconds are added to the compile time.  I 
went through disabled all modules and parameters, and found that enabling 
the passenger module alone with Apache included caused the huge delay.

Catalog: http://pastebin.com/wwcKgX5b
# puppet agent --{summarize,test,debug,evaltrace,noop} | perl -pe 
's/^/localtime().: /e'
snip
Sun Dec  9 13:13:08 2012: notice: Finished catalog run in 2.23 seconds
Sun Dec  9 13:13:08 2012: Changes:
Sun Dec  9 13:13:08 2012: Events:
Sun Dec  9 13:13:08 2012: Total: 4
Sun Dec  9 13:13:08 2012:  Noop: 4
Sun Dec  9 13:13:08 2012: Resources:
Sun Dec  9 13:13:08 2012:   Out of sync: 4
Sun Dec  9 13:13:08 2012:   Skipped: 6
Sun Dec  9 13:13:08 2012: Total: 80
Sun Dec  9 13:13:08 2012: Time:
Sun Dec  9 13:13:08 2012:Filebucket: 0.00
Sun Dec  9 13:13:08 2012: Resources: 0.00
Sun Dec  9 13:13:08 2012:   Package: 0.00
Sun Dec  9 13:13:08 2012:  Firewall: 0.01
Sun Dec  9 13:13:08 2012:  File: 0.01
Sun Dec  9 13:13:08 2012: A2mod: 0.03
Sun Dec  9 13:13:08 2012:   Service: 0.07
Sun Dec  9 13:13:08 2012:  Exec: 0.14
Sun Dec  9 13:13:08 2012:  Last run: 1355080388
Sun Dec  9 13:13:08 2012:Config retrieval: 42.79
Sun Dec  9 13:13:08 2012: Total: 43.06
Sun Dec  9 13:13:08 2012: Version:
Sun Dec  9 13:13:08 2012:Config: 1355080261
Sun Dec  9 13:13:08 2012:Puppet: 2.7.18


The install is via RPM.  I'm using the Fedora SRPMs rebuilt for CentOS 6. 
 The Puppet master has two environments, development and production with 
this as the puppet.conf

# cat /etc/puppet/puppet.conf
---
[main]
server= puppetmaster.tld
logdir= /var/log/puppet
vardir= /var/lib/puppet
ssldir= /var/lib/puppet/ssl
rundir= /var/run/puppet
factpath  = $vardir/lib/facter
pluginsync= true
templatedir   = $confdir/templates


[agent]
report  = true
environment = production
preferred_serialization_format  = yaml

[master]
modulepath= 
/etc/puppet/environments/$environment/modules:/etc/puppet/modules
manifest  = /etc/puppet/manifests/site.pp
environment   = production
autosign  = false
ssl_client_header = SSL_CLIENT_S_DN
ssl_client_verify_header  = SSL_CLIENT_VERIFY
certname  = puppetmaster.tld
dns_alt_names = puppetmaster.tld,puppetmaster-host.tld
report= true
reports   = store
#reports   = store, foreman

[production]
manifest  = /etc/puppet/manifests/site.pp


Has anyone run into this issue with puppetlabs-apache or know why my 
compile times are so long?  I have a Puppet 2.6.17 server (Also 
Apache+Passenger) that has one host, for example, with 524 resources , and 
only a 21.36 second catalog compile time.

Thanks
- Trey

-- 
You 

[Puppet Users] Re: Configuring hosts with data from other hosts

[treydock]

Ive struggled with the same problem of distributing variables and other 
generated data amongst hosts.

For external resources Ive found a great use in configuring a BackupPC server.  
Each node builds their backup configuration file with tag 
'backuppc_server_conf' and the server retrieves all the generated files with 
that tag.

What I havent been unable to solve, is making each nodes hiera values 
accessable to each other.  My hierarchy is $fqdn-common.  The very crude 
workaround Ive used is in a module, query foreman for all fqdn's.  Then pass 
that to a define that 'redefines' fqdn variable before calling hiera.

Is there alternatively a way to query resources like all mysql::db types?  I 
would like to just get all the mysql::db instances on a given node so other 
nodes could use that data.  This could be another way to configure backuppc or 
generate monitoring checks.

- Trey

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/5a1FTfRCFSsJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Lookup another node's hiera data - fqdn hierarchy

[treydock]

On Saturday, July 21, 2012 9:57:13 PM UTC-5, Garrett Honeycutt wrote:

 On 7/21/12 4:13 AM, treydock wrote: 
  I've begun using Hiera in combination with Foreman, primarily storing 
  data that is best left in Array/Hash form.  I'd like to be able to have 
  a module, in this case BackupPC, query all the Hiera data for each node 
  where the backup directories/databases are stored.  Then use all that 
  information on the BackupPC server to generate proper configuration 
  files for each node's backups.  Here's what I have so far... 
  
  $ cat /etc/puppet/hiera.yaml 
  --- 
  :hierarchy: 
- %{fqdn} 
- common 
  :backends: 
- yaml 
- puppet 
  :yaml: 
:datadir: '/etc/puppet/hieradata' 
  :puppet: 
:datasource: data 
  
  
  An example of the BackupPC information in hiera 
  $ cat /etc/puppet/hieradata/dc-ctrl.tamu.edu.yaml 
  --- 
  backuppc_db_dumps: 
foreman: 
  backup_dir: '/usr/share/foreman' 
mysql: 
  backup_dir: '/etc' 
  
  I am currently using that data to create dump scripts on each node, and 
  would like to re-use the same information to automatically configure the 
  backup server to grab those locations. 
  
  This attempt may work, but it doesn't 'feel' right to me by overriding 
  the fqdn fact. 
  
  /etc/puppet/modules/test  $ cat manifests/hiera_lookup.pp 
  class test::hiera_lookup { 
$nodes = foreman('fact_values', 'fact = fqdn') 
  
if $nodes { 
  create_resources('test::hiera_lookup::get_data', $nodes) 
} 
  } 
  
  define test::hiera_lookup::get_data ( 
$fqdn 
  ) { 
  
   $data = hiera(backuppc_db_dumps, false) 
  
if $data { notify { $data: } } 
  
  } 
  
  Is there a better approach to override scope and grab what data from 
  hiera that would normally not be available to a node? 
  
  Thanks 
  - Trey 

 This would be a great place to use exported resources[1]. Each node 
 could still use Hiera to determine if they should be backed up (or what 
 should be backed up) and export a resource and the backup server could 
 collect. 

 [1] - http://docs.puppetlabs.com/guides/exported_resources.html 

 -g 

 -- 
 Garrett Honeycutt 

 206.414.8658 
 http://puppetlabs.com 



Looking at some of online documentation I see no means to either export the 
hash variable pulled into the modules from hiera or to export the defines 
called with create_resources.

Is there a way to do something like @@$backuppc_db_dumps = 
hiera('backuppc_db_dumps') ?  Or possibly a way to export a custom define 
with all the parameters passed to it?

Thanks
- Trey 

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/_mh8ipqsZ-EJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Lookup another node's hiera data - fqdn hierarchy

[treydock]

I've begun using Hiera in combination with Foreman, primarily storing data 
that is best left in Array/Hash form.  I'd like to be able to have a 
module, in this case BackupPC, query all the Hiera data for each node where 
the backup directories/databases are stored.  Then use all that information 
on the BackupPC server to generate proper configuration files for each 
node's backups.  Here's what I have so far...

$ cat /etc/puppet/hiera.yaml 
---
:hierarchy:
  - %{fqdn}
  - common
:backends:
  - yaml
  - puppet
:yaml:
  :datadir: '/etc/puppet/hieradata'
:puppet:
  :datasource: data


An example of the BackupPC information in hiera
$ cat /etc/puppet/hieradata/dc-ctrl.tamu.edu.yaml 
---
backuppc_db_dumps:
  foreman:
backup_dir: '/usr/share/foreman'
  mysql:
backup_dir: '/etc'

I am currently using that data to create dump scripts on each node, and 
would like to re-use the same information to automatically configure the 
backup server to grab those locations.

This attempt may work, but it doesn't 'feel' right to me by overriding the 
fqdn fact.

/etc/puppet/modules/test  $ cat manifests/hiera_lookup.pp 
class test::hiera_lookup {
  $nodes = foreman('fact_values', 'fact = fqdn')

  if $nodes {
create_resources('test::hiera_lookup::get_data', $nodes)
  }
}

define test::hiera_lookup::get_data (
  $fqdn
) {

 $data = hiera(backuppc_db_dumps, false)

  if $data { notify { $data: } }

}

Is there a better approach to override scope and grab what data from hiera 
that would normally not be available to a node?

Thanks
- Trey

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/KPHH_bR-4wsJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Augeas fails to set BONDING_OPTS with return code false

[treydock]

I'm attempting to manage my network interfaces through a homebrew module 
that takes input from hiera, and then uses augeas to define each ifcfg-*.

Example:
  /* Set manditory parameters */
  augeas { eth_bond_${name} :
context = /files/etc/sysconfig/network-scripts/ifcfg-${name},
changes = [
  set DEVICE ${name},
  set BONDING_OPTS '\mode=${mode} miimon=${miimon}\',
  set BOOTPROTO none,
  set USERCTL no,
  set ONBOOT yes,
  set MTU ${mtu},
  set IPADDR ${ip},
  set NETMARK ${netmask},
],  
notify  = Exec[if-refresh-${name}],
  }


When I try and set something like BONDING_OPTS=mode=0 miimon=100 I get 
the following in Puppet

debug: Augeas[eth_bond_bond0](provider=augeas): Opening augeas with root /, 
lens path , flags 0
debug: Augeas[eth_bond_bond0](provider=augeas): Augeas version 0.9.0 is 
installed
debug: Augeas[eth_bond_bond0](provider=augeas): sending command 'set' with 
params [/files/etc/sysconfig/network-scripts/ifcfg-bond0/DEVICE, bond0]
debug: Augeas[eth_bond_bond0](provider=augeas): sending command 'set' with 
params [/files/etc/sysconfig/network-scripts/ifcfg-bond0/BONDING_OPTS, 
mode=0 miimon=100]
debug: Augeas[eth_bond_bond0](provider=augeas): sending command 'set' with 
params [/files/etc/sysconfig/network-scripts/ifcfg-bond0/BOOTPROTO, 
none]
debug: Augeas[eth_bond_bond0](provider=augeas): sending command 'set' with 
params [/files/etc/sysconfig/network-scripts/ifcfg-bond0/USERCTL, no]
debug: Augeas[eth_bond_bond0](provider=augeas): sending command 'set' with 
params [/files/etc/sysconfig/network-scripts/ifcfg-bond0/ONBOOT, yes]
debug: Augeas[eth_bond_bond0](provider=augeas): sending command 'set' with 
params [/files/etc/sysconfig/network-scripts/ifcfg-bond0/MTU, 9344]
debug: Augeas[eth_bond_bond0](provider=augeas): sending command 'set' with 
params [/files/etc/sysconfig/network-scripts/ifcfg-bond0/IPADDR, 
192.168.1.100]
debug: Augeas[eth_bond_bond0](provider=augeas): sending command 'set' with 
params [/files/etc/sysconfig/network-scripts/ifcfg-bond0/NETMARK, 
255.0.0.0]
debug: Augeas[eth_bond_bond0](provider=augeas): Closed the augeas connection
err: 
/Stage[main]/Networking/Networking::Bond[bond0]/Augeas[eth_bond_bond0]/returns: 
change from need_to_run to 0 failed: Save failed with return code false
notice: 
/Stage[main]/Networking/Networking::Bond[bond0]/Exec[if-refresh-bond0]: 
Dependency Augeas[eth_bond_bond0] has failures: true
warning: 
/Stage[main]/Networking/Networking::Bond[bond0]/Exec[if-refresh-bond0]: 
Skipping because of failed dependencies


I also can't seem to get that value saved using augtool either, here's what 
I get

# cat ifcfg-bond0 
BOOTPROTO=none
ONBOOT=yes
MTU=4000
IPADDR=192.168.1.100
NETMARK=255.0.0.0
DEVICE=bond0

# augtool 
augtool set /files/etc/sysconfig/network-scripts/ifcfg-bond0/BONDING_OPTS 
'\mode=0 miimon=100\'
augtool save
error: Failed to execute command
error: saving failed (run 'print /augeas//error' for details)
augtool print /augeas//error
/augeas/files/etc/sysconfig/network-scripts/ifcfg-bond0/error = put_failed
/augeas/files/etc/sysconfig/network-scripts/ifcfg-bond0/error/path = 
/files/etc/sysconfig/network-scripts/ifcfg-bond0
/augeas/files/etc/sysconfig/network-scripts/ifcfg-bond0/error/lens = 
/usr/share/augeas/lenses/dist/shellvars.aug:61.12-.77:
/augeas/files/etc/sysconfig/network-scripts/ifcfg-bond0/error/message = 
Malformed child node 'BONDING_OPTS'

Any ideas?  The documentation on Puppet Augeas (
http://projects.puppetlabs.com/projects/1/wiki/Puppet_Augeas#ifcfg+BONDING_OPTS)
 
has this exact example, so I figured there's something very obvious I'm 
overlooking that's keeping this from working.

Currently affected host and Puppet master are 2.6.16, CentOS 6.2, 
augeas-0.9.0.

Thanks
- Trey

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/uI3T5XevDgsJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Augeas fails to set BONDING_OPTS with return code false

[treydock]

Wow...can we permanency delete this post? Haha, I've been staring at Puppet 
modules for a week straight, it's always a spelling error.

Thanks!
- Trey

On Saturday, June 23, 2012 5:34:53 PM UTC-5, Christopher Wood wrote:

 netmark? 

 On Sat, Jun 23, 2012 at 02:37:04PM -0700, treydock wrote: 

   set NETMARK ${netmask}, 


-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/XFL2rqUwCNAJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] puppetlabs-corosync help using multiple primitive operations

[treydock]

Setting up a HA iSCSI / NFS target using this document, 
http://www.linbit.com/fileadmin/tech-guides/ha-iscsi.pdf, and I am unable 
to find a way to use the puppetlabs-corosync module to emulate this command

crm(live)configure# primitive p_drbd_coraid23 ocf:linbit:drbd \
 params drbd_resource=coraid23 \
 op monitor interval=29 role=Master \
 op monitor interval=31 role=Slave
crm(live)configure# ms ms_drbd_coraid23 p_drbd_coraid23 \
 meta master-max=1 master-node-max=1 \ 
 clone-max=2 clone-node-max=1 notify=true

I defined the cs_primitive type like this...


  cs_primitive {
'p_drbd_coraid23':
  ensure= present,
  primitive_class = 'ocf',
  primitive_type  = 'drbd',
  provided_by = 'linbit',
  promotable  = true,
  parameters  = {
'drbd_resource' = 'coraid23'
  },
  operations  = {
'monitor' = {
  'interval'  = '29',
  'role'  = 'Master',
},
'monitor' = {
  'interval'  = '31',
  'role'  = 'Slave',
}
  },
  metadata= {
'master-max'  = '1',
'master-node-max' = '1',
'clone-max'   = '2',
'clone-node-max'  = '1',
'notify'  = 'true',
  };


What results is only 1 of the 2 operations being defined, and my guess is 
that this is because of logic like this...

operations = {}
operations['monitor'] = a
operations['monitor'] = b

puts operations['monitor']
= b

Any suggestions? 

Thanks
- Trey

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/umlivTZTkS0J.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] best practice for publishing modules that use Hiera?

[treydock]

I've begun moving some of my modules the using hiera lookups in place of 
parameters being defined in a host's node entry.  For data such as that I 
figure I can document the format of what the module expects from the yaml 
files, but if I use hiera to replace the typical module::params, how do I 
include that in a published module?  All the docs I've seen seem to show 
using paths for hieradata that are not specific to a module.  What's the 
best way to publish a module that has things like package names defined 
through hiera?  How would someone installing such a module make the hiera 
yaml files distributed with the module available to hiera lookups ?

Thanks
- Trey

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/1uZCT7-VeC4J.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Issue Installing Puppet on Red Hat6

[treydock]

rubygems-1.37 is correct for RHEL 6.  rubygems is the gem program,
ie package manager for ruby, it's not a subset or Ruby.  Do you have
EPEL enabled ?  You'll need that to satisfy some gem dependencies.
The package your missing is rubygem-rake.

On Feb 10, 5:02 pm, jcbollinger john.bollin...@stjude.org wrote:
 On Feb 10, 11:35 am, Gmoney greg.caldwe...@gmail.com wrote:

  Tried all suggestions. The Red Hat Optional channel contains
  rubygems-1.37 ( not 1.8.7 ) , the ruby and ruby-libs are both 1,8.7,
  Guess I have to grab the source and build it myself, I can't seem to
  find rubygems-1.8.7 anywhere.

 Why do you assume that the version of the rubygems package available
 from one of RedHat's official channels is inappropriate for your
 RedHat installation?  There is no particular reason to expect that the
 version number of the rubygems package will be the same as the version
 number of the ruby package.  If there were, you would expect the
 former to be a subpackage of the latter, in which case it would be
 named ruby-gems.

 John

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] PE 2.0 - failure to find keytool

[treydock]

I've just installed Puppet Enterprise 2.0, and noticed the
pe_mcollective module that is provided is failing.  I've made no
changes to the modules, this is a fresh install.  The system is CentOS
6.0  x86_64 updated to CR.

This is the error,
---
#/opt/puppet/sbin/puppetd --test -v --debug

debug: Exec[broker_cert_truststore](provider=posix): Executing 'sh -c
'umask 077; keytool -import -noprompt -trustcacerts -alias 'PuppetCA' -
file /etc/puppetlabs/puppet/ssl/certs/ca.pem -keystore broker.ts -
storepass puppet''
debug: Executing 'sh -c 'umask 077; keytool -import -noprompt -
trustcacerts -alias 'PuppetCA' -file /etc/puppetlabs/puppet/ssl/certs/
ca.pem -keystore broker.ts -storepass puppet''
err: /Stage[main]/Pe_mcollective/Exec[broker_cert_truststore]/returns:
change from notrun to 0 failed: sh: keytool: command not found

notice: /Stage[main]/Pe_mcollective/File[/etc/puppetlabs/activemq/
broker.ts]: Dependency Exec[broker_cert_truststore] has failures: true
warning: /Stage[main]/Pe_mcollective/File[/etc/puppetlabs/activemq/
broker.ts]: Skipping because of failed dependencies
debug: Exec[broker_cert_keystore](provider=posix): Executing 'sh -c
'umask 077; keytool -importkeystore -deststorepass puppet -destkeypass
puppet -destkeystore broker.ks -srckeystore broker.p12 -srcstorepass
puppet -srcstoretype PKCS12 -alias cllapuppetmaster.tamu.edu''
debug: Executing 'sh -c 'umask 077; keytool -importkeystore -
deststorepass puppet -destkeypass puppet -destkeystore broker.ks -
srckeystore broker.p12 -srcstorepass puppet -srcstoretype PKCS12 -
alias puppetmaster.tamu.edu''
err: /Stage[main]/Pe_mcollective/Exec[broker_cert_keystore]/returns:
change from notrun to 0 failed: sh: keytool: command not found


Here's the results of locating keytool, and my $PATH,


# locate keytool
/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/bin/keytool
/usr/share/man/man1/keytool-java-1.6.0-openjdk.1.gz

# which keytool
/usr/bin/which: no keytool in (/usr/local/sbin:/usr/local/bin:/sbin:/
bin:/usr/sbin:/usr/bin:/root/bin)

Do I need to update my PATH to include java's bin directory?

Also while I'm testing PE, this server is managed by my Puppet server
(2.6.12), and during the install the PATH didn't seem to put /opt/
puppet/... before the system directories, is that correct ?  Should I
have to add both /opt/puppet/bin and /opt/puppet/sbin to my PATH
manually?
--
# which puppetd
/usr/sbin/puppetd

# echo $PATH
/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin


Thanks
- Trey

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Help using puppetlabs-mysql

[treydock]

On Nov 1, 6:50 pm, treydock treyd...@gmail.com wrote:
 On Oct 31, 3:09 pm, Dan Bode d...@puppetlabs.com wrote:









  On Mon, Oct 31, 2011 at 12:44 PM, treydock treyd...@gmail.com wrote:

   On Oct 31, 1:56 pm, treydock treyd...@gmail.com wrote:
On Oct 31, 1:05 pm, Dan Bode d...@puppetlabs.com wrote:

 On Mon, Oct 31, 2011 at 10:55 AM, treydock treyd...@gmail.com wrote:

  On Oct 31, 12:26 pm, Dan Bode d...@puppetlabs.com wrote:
   you are running into a documentation issue. All of the
   configuration was
   moved to a new parameter called: config_hash. I can submit a patch

   On Mon, Oct 31, 2011 at 10:01 AM, treydock treyd...@gmail.com
   wrote:
I'm working to begin managing MySQL with the puppetlabs-mysql
   provided
module, but am not able to get very far with the README
   documentation.

So far, simply trying to add the server module and define the
root_password is failing like so,

err: Could not retrieve catalog from remote server: Error 400 on
SERVER: Invalid parameter root_password at 
/etc/puppet/manifests/
nodes.pp:882 on node puppetnode1.tld

The definition looks like this,

node 'puppetnode1.tld' {

   class { 'mysql::server':
       root_password   = 'test'
   }

   should be changed to:

    class { 'mysql::server':
          config_hash = { root_password   = 'test'}
      }

   database_user { 'treydock@localhost':
       password_hash   = mysql_password('pass')
   }

      database_grant { 'treydock@localhost/*':

       privileges  = ['ALL'],
   }

   mysql::db { 'zabbix':
       user        = 'zabbix',
       password    = 'zabbix',
       host        = 'localhost',
       grant       = ['ALL'],
   }

}

The database_user and _grant thus far haven't actually done
   anything.
I'm assuming it's because mysql::server isn't working or being
applied.

There's likely something very obvious I'm missing.  This is also
   my
first time using parameterized classes.

Thanks
- Trey

--
You received this message because you are subscribed to the
   Google
  Groups
Puppet Users group.
To post to this group, send email to
   puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
   http://groups.google.com/group/puppet-users?hl=en.

  Ah that was it!  Thanks.

  Is there a way to similuate or run the equivilant of
  mysql_secure_installation within this module?  I tried an initial
  attempt with the following...but once it's added to the 
  mysql::server
  class it never seems to get called...

 what failed? How did you add it to the mysql::server class?

  class mysql::server::secure {

     database_user {
         '':
             ensure        = absent,
             require       = Service['mysqld'];

         root@${fqdn}:
             ensure        = absent,
             require       = Service['mysqld'];
     }

     database {
         test:
             ensure  = absent,
             require = Service['mysqld'];
     }

  }

  Would the easier route be to just modify the
   mysql_secure_installation
  script to be more puppet friendly?

  Thanks
  - Trey

  --
  You received this message because you are subscribed to the Google
   Groups
  Puppet Users group.
  To post to this group, send email to puppet-users@googlegroups.com.
  To unsubscribe from this group, send email to
  puppet-users+unsubscr...@googlegroups.com.
  For more options, visit this group at
 http://groups.google.com/group/puppet-users?hl=en.

It didn't fail, it just simply did nothing.

This is it's inclusion in mysql::server

class mysql::server(
  $service_name = $mysql::params::service_name,
  $config_hash  = {},
  $package_name = 'mysql-server'
) inherits mysql::params {

    include mysql::server::secure

  # automatically create a class to deal with
  # configuration
  $hash = {
    mysql::config = $config_hash
  }

I am doing it via Exec now anyways.  Though I'd prefer to do it with
the new type and provider

- Trey

   Slightly different question...is there a way to pass / store the hash
   for the root password rather than the plain text password?  Similar to
   how the puppet user resource works?

  I am not quite sure if mysql supports that. Could you open a ticket 
  here:http://projects.puppetlabs.com/projects/modulesandexplain what the
  implementation would look like?

  thanks

   Thanks
   - Trey

   --
   You received this message because you

[Puppet Users] Re: Help using puppetlabs-mysql

[treydock]

On Oct 31, 3:09 pm, Dan Bode d...@puppetlabs.com wrote:
 On Mon, Oct 31, 2011 at 12:44 PM, treydock treyd...@gmail.com wrote:

  On Oct 31, 1:56 pm, treydock treyd...@gmail.com wrote:
   On Oct 31, 1:05 pm, Dan Bode d...@puppetlabs.com wrote:

On Mon, Oct 31, 2011 at 10:55 AM, treydock treyd...@gmail.com wrote:

 On Oct 31, 12:26 pm, Dan Bode d...@puppetlabs.com wrote:
  you are running into a documentation issue. All of the
  configuration was
  moved to a new parameter called: config_hash. I can submit a patch

  On Mon, Oct 31, 2011 at 10:01 AM, treydock treyd...@gmail.com
  wrote:
   I'm working to begin managing MySQL with the puppetlabs-mysql
  provided
   module, but am not able to get very far with the README
  documentation.

   So far, simply trying to add the server module and define the
   root_password is failing like so,

   err: Could not retrieve catalog from remote server: Error 400 on
   SERVER: Invalid parameter root_password at /etc/puppet/manifests/
   nodes.pp:882 on node puppetnode1.tld

   The definition looks like this,

   node 'puppetnode1.tld' {

      class { 'mysql::server':
          root_password   = 'test'
      }

  should be changed to:

   class { 'mysql::server':
         config_hash = { root_password   = 'test'}
     }

      database_user { 'treydock@localhost':
          password_hash   = mysql_password('pass')
      }

     database_grant { 'treydock@localhost/*':

          privileges  = ['ALL'],
      }

      mysql::db { 'zabbix':
          user        = 'zabbix',
          password    = 'zabbix',
          host        = 'localhost',
          grant       = ['ALL'],
      }

   }

   The database_user and _grant thus far haven't actually done
  anything.
   I'm assuming it's because mysql::server isn't working or being
   applied.

   There's likely something very obvious I'm missing.  This is also
  my
   first time using parameterized classes.

   Thanks
   - Trey

   --
   You received this message because you are subscribed to the
  Google
 Groups
   Puppet Users group.
   To post to this group, send email to
  puppet-users@googlegroups.com.
   To unsubscribe from this group, send email to
   puppet-users+unsubscr...@googlegroups.com.
   For more options, visit this group at
  http://groups.google.com/group/puppet-users?hl=en.

 Ah that was it!  Thanks.

 Is there a way to similuate or run the equivilant of
 mysql_secure_installation within this module?  I tried an initial
 attempt with the following...but once it's added to the mysql::server
 class it never seems to get called...

what failed? How did you add it to the mysql::server class?

 class mysql::server::secure {

    database_user {
        '':
            ensure        = absent,
            require       = Service['mysqld'];

        root@${fqdn}:
            ensure        = absent,
            require       = Service['mysqld'];
    }

    database {
        test:
            ensure  = absent,
            require = Service['mysqld'];
    }

 }

 Would the easier route be to just modify the
  mysql_secure_installation
 script to be more puppet friendly?

 Thanks
 - Trey

 --
 You received this message because you are subscribed to the Google
  Groups
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

   It didn't fail, it just simply did nothing.

   This is it's inclusion in mysql::server

   class mysql::server(
     $service_name = $mysql::params::service_name,
     $config_hash  = {},
     $package_name = 'mysql-server'
   ) inherits mysql::params {

       include mysql::server::secure

     # automatically create a class to deal with
     # configuration
     $hash = {
       mysql::config = $config_hash
     }

   I am doing it via Exec now anyways.  Though I'd prefer to do it with
   the new type and provider

   - Trey

  Slightly different question...is there a way to pass / store the hash
  for the root password rather than the plain text password?  Similar to
  how the puppet user resource works?

 I am not quite sure if mysql supports that. Could you open a ticket 
 here:http://projects.puppetlabs.com/projects/modulesand explain what the
 implementation would look like?

 thanks







  Thanks
  - Trey

  --
  You received this message because you are subscribed to the Google Groups
  Puppet Users group.
  To post to this group, send email to puppet-users@googlegroups.com.
  To unsubscribe from this group, send email to
  puppet-users

[Puppet Users] Help using puppetlabs-mysql

[treydock]

I'm working to begin managing MySQL with the puppetlabs-mysql provided
module, but am not able to get very far with the README documentation.

So far, simply trying to add the server module and define the
root_password is failing like so,


err: Could not retrieve catalog from remote server: Error 400 on
SERVER: Invalid parameter root_password at /etc/puppet/manifests/
nodes.pp:882 on node puppetnode1.tld

The definition looks like this,


node 'puppetnode1.tld' {

class { 'mysql::server':
root_password   = 'test'
}

database_user { 'treydock@localhost':
password_hash   = mysql_password('pass')
}
database_grant { 'treydock@localhost/*':
privileges  = ['ALL'],
}

mysql::db { 'zabbix':
user= 'zabbix',
password= 'zabbix',
host= 'localhost',
grant   = ['ALL'],
}

}

The database_user and _grant thus far haven't actually done anything.
I'm assuming it's because mysql::server isn't working or being
applied.

There's likely something very obvious I'm missing.  This is also my
first time using parameterized classes.

Thanks
- Trey

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Help using puppetlabs-mysql

[treydock]

On Oct 31, 12:26 pm, Dan Bode d...@puppetlabs.com wrote:
 you are running into a documentation issue. All of the configuration was
 moved to a new parameter called: config_hash. I can submit a patch









 On Mon, Oct 31, 2011 at 10:01 AM, treydock treyd...@gmail.com wrote:
  I'm working to begin managing MySQL with the puppetlabs-mysql provided
  module, but am not able to get very far with the README documentation.

  So far, simply trying to add the server module and define the
  root_password is failing like so,

  err: Could not retrieve catalog from remote server: Error 400 on
  SERVER: Invalid parameter root_password at /etc/puppet/manifests/
  nodes.pp:882 on node puppetnode1.tld

  The definition looks like this,

  node 'puppetnode1.tld' {

     class { 'mysql::server':
         root_password   = 'test'
     }

 should be changed to:

  class { 'mysql::server':
        config_hash = { root_password   = 'test'}
    }

     database_user { 'treydock@localhost':
         password_hash   = mysql_password('pass')
     }

    database_grant { 'treydock@localhost/*':







         privileges  = ['ALL'],
     }

     mysql::db { 'zabbix':
         user        = 'zabbix',
         password    = 'zabbix',
         host        = 'localhost',
         grant       = ['ALL'],
     }

  }

  The database_user and _grant thus far haven't actually done anything.
  I'm assuming it's because mysql::server isn't working or being
  applied.

  There's likely something very obvious I'm missing.  This is also my
  first time using parameterized classes.

  Thanks
  - Trey

  --
  You received this message because you are subscribed to the Google Groups
  Puppet Users group.
  To post to this group, send email to puppet-users@googlegroups.com.
  To unsubscribe from this group, send email to
  puppet-users+unsubscr...@googlegroups.com.
  For more options, visit this group at
 http://groups.google.com/group/puppet-users?hl=en.

Ah that was it!  Thanks.

Is there a way to similuate or run the equivilant of
mysql_secure_installation within this module?  I tried an initial
attempt with the following...but once it's added to the mysql::server
class it never seems to get called...


class mysql::server::secure {

database_user {
'':
ensure= absent,
require   = Service['mysqld'];

root@${fqdn}:
ensure= absent,
require   = Service['mysqld'];
}

database {
test:
ensure  = absent,
require = Service['mysqld'];
}

}

Would the easier route be to just modify the mysql_secure_installation
script to be more puppet friendly?

Thanks
- Trey

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Help using puppetlabs-mysql

[treydock]

On Oct 31, 1:05 pm, Dan Bode d...@puppetlabs.com wrote:
 On Mon, Oct 31, 2011 at 10:55 AM, treydock treyd...@gmail.com wrote:

  On Oct 31, 12:26 pm, Dan Bode d...@puppetlabs.com wrote:
   you are running into a documentation issue. All of the configuration was
   moved to a new parameter called: config_hash. I can submit a patch

   On Mon, Oct 31, 2011 at 10:01 AM, treydock treyd...@gmail.com wrote:
I'm working to begin managing MySQL with the puppetlabs-mysql provided
module, but am not able to get very far with the README documentation.

So far, simply trying to add the server module and define the
root_password is failing like so,

err: Could not retrieve catalog from remote server: Error 400 on
SERVER: Invalid parameter root_password at /etc/puppet/manifests/
nodes.pp:882 on node puppetnode1.tld

The definition looks like this,

node 'puppetnode1.tld' {

   class { 'mysql::server':
       root_password   = 'test'
   }

   should be changed to:

    class { 'mysql::server':
          config_hash = { root_password   = 'test'}
      }

   database_user { 'treydock@localhost':
       password_hash   = mysql_password('pass')
   }

      database_grant { 'treydock@localhost/*':

       privileges  = ['ALL'],
   }

   mysql::db { 'zabbix':
       user        = 'zabbix',
       password    = 'zabbix',
       host        = 'localhost',
       grant       = ['ALL'],
   }

}

The database_user and _grant thus far haven't actually done anything.
I'm assuming it's because mysql::server isn't working or being
applied.

There's likely something very obvious I'm missing.  This is also my
first time using parameterized classes.

Thanks
- Trey

--
You received this message because you are subscribed to the Google
  Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
   http://groups.google.com/group/puppet-users?hl=en.

  Ah that was it!  Thanks.

  Is there a way to similuate or run the equivilant of
  mysql_secure_installation within this module?  I tried an initial
  attempt with the following...but once it's added to the mysql::server
  class it never seems to get called...

 what failed? How did you add it to the mysql::server class?









  class mysql::server::secure {

     database_user {
         '':
             ensure        = absent,
             require       = Service['mysqld'];

         root@${fqdn}:
             ensure        = absent,
             require       = Service['mysqld'];
     }

     database {
         test:
             ensure  = absent,
             require = Service['mysqld'];
     }

  }

  Would the easier route be to just modify the mysql_secure_installation
  script to be more puppet friendly?

  Thanks
  - Trey

  --
  You received this message because you are subscribed to the Google Groups
  Puppet Users group.
  To post to this group, send email to puppet-users@googlegroups.com.
  To unsubscribe from this group, send email to
  puppet-users+unsubscr...@googlegroups.com.
  For more options, visit this group at
 http://groups.google.com/group/puppet-users?hl=en.

It didn't fail, it just simply did nothing.

This is it's inclusion in mysql::server


class mysql::server(
  $service_name = $mysql::params::service_name,
  $config_hash  = {},
  $package_name = 'mysql-server'
) inherits mysql::params {

include mysql::server::secure

  # automatically create a class to deal with
  # configuration
  $hash = {
mysql::config = $config_hash
  }


I am doing it via Exec now anyways.  Though I'd prefer to do it with
the new type and provider

- Trey

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Help using puppetlabs-mysql

[treydock]

On Oct 31, 1:56 pm, treydock treyd...@gmail.com wrote:
 On Oct 31, 1:05 pm, Dan Bode d...@puppetlabs.com wrote:









  On Mon, Oct 31, 2011 at 10:55 AM, treydock treyd...@gmail.com wrote:

   On Oct 31, 12:26 pm, Dan Bode d...@puppetlabs.com wrote:
you are running into a documentation issue. All of the configuration was
moved to a new parameter called: config_hash. I can submit a patch

On Mon, Oct 31, 2011 at 10:01 AM, treydock treyd...@gmail.com wrote:
 I'm working to begin managing MySQL with the puppetlabs-mysql provided
 module, but am not able to get very far with the README documentation.

 So far, simply trying to add the server module and define the
 root_password is failing like so,

 err: Could not retrieve catalog from remote server: Error 400 on
 SERVER: Invalid parameter root_password at /etc/puppet/manifests/
 nodes.pp:882 on node puppetnode1.tld

 The definition looks like this,

 node 'puppetnode1.tld' {

    class { 'mysql::server':
        root_password   = 'test'
    }

should be changed to:

 class { 'mysql::server':
       config_hash = { root_password   = 'test'}
   }

    database_user { 'treydock@localhost':
        password_hash   = mysql_password('pass')
    }

   database_grant { 'treydock@localhost/*':

        privileges  = ['ALL'],
    }

    mysql::db { 'zabbix':
        user        = 'zabbix',
        password    = 'zabbix',
        host        = 'localhost',
        grant       = ['ALL'],
    }

 }

 The database_user and _grant thus far haven't actually done anything.
 I'm assuming it's because mysql::server isn't working or being
 applied.

 There's likely something very obvious I'm missing.  This is also my
 first time using parameterized classes.

 Thanks
 - Trey

 --
 You received this message because you are subscribed to the Google
   Groups
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

   Ah that was it!  Thanks.

   Is there a way to similuate or run the equivilant of
   mysql_secure_installation within this module?  I tried an initial
   attempt with the following...but once it's added to the mysql::server
   class it never seems to get called...

  what failed? How did you add it to the mysql::server class?

   class mysql::server::secure {

      database_user {
          '':
              ensure        = absent,
              require       = Service['mysqld'];

          root@${fqdn}:
              ensure        = absent,
              require       = Service['mysqld'];
      }

      database {
          test:
              ensure  = absent,
              require = Service['mysqld'];
      }

   }

   Would the easier route be to just modify the mysql_secure_installation
   script to be more puppet friendly?

   Thanks
   - Trey

   --
   You received this message because you are subscribed to the Google Groups
   Puppet Users group.
   To post to this group, send email to puppet-users@googlegroups.com.
   To unsubscribe from this group, send email to
   puppet-users+unsubscr...@googlegroups.com.
   For more options, visit this group at
  http://groups.google.com/group/puppet-users?hl=en.

 It didn't fail, it just simply did nothing.

 This is it's inclusion in mysql::server

 class mysql::server(
   $service_name = $mysql::params::service_name,
   $config_hash  = {},
   $package_name = 'mysql-server'
 ) inherits mysql::params {

     include mysql::server::secure

   # automatically create a class to deal with
   # configuration
   $hash = {
     mysql::config = $config_hash
   }

 I am doing it via Exec now anyways.  Though I'd prefer to do it with
 the new type and provider

 - Trey

Slightly different question...is there a way to pass / store the hash
for the root password rather than the plain text password?  Similar to
how the puppet user resource works?

Thanks
- Trey

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Official puppetlabs position on cron vs puppet as a service?

[treydock]

On Sep 24, 9:42 pm, Aaron Grewell aaron.grew...@gmail.com wrote:
 We had frequent inexplicable daemon crashes on Solaris, but not on RHEL5 (at
 least not yet) .   Given known issues with memory leakage in older Ruby
 releases Cron seemed more likely to be reliable.   We stuck a random wait in
 the Cron job to spread load on the master and so far it works well.
 On Sep 24, 2011 7:22 AM, treydock treyd...@gmail.com wrote:









  On Sep 23, 5:42 pm, Brian Gupta brian.gu...@brandorr.com wrote:
  Over the years many shops have come to start running puppet via cron to
  address memory leaks in earlier versions of Ruby, but the official
 position
  was that puppet was meant to be run as a continually running service.

  I am wondering if the official position has changed. On one hand many if
 not
  all of the early Ruby issues have been fixed, on the other, the addition
 of
  mcollective into the mix as a lightweight agent for triggering adhoc
 puppet
  runs, and other tasks somewhat lowers the requirements for puppet to be
 run
  as a service. (Or out of cron for that matter).

  I understand that in cases where old Ruby versions are for whatever
 reason
  mandated the answer may be different.

  Thanks,
  Brian

  --
  http://aws.amazon.com/solutions/solution-providers/brandorr/

  Could those memory leak problems cause the Puppet daemon to crash with
  no logs indicating why? I have about 20 systems all running CentOS 5
  and 6, with Puppet 2.6.9, and I now have to have Zabbix run a /etc/
  init.d/puppet start everytime the daemon crashes which is almost on a
  daily basis for every client. Would be interested to know of a known
  fix or if the only fix is the workaround of using Cron.

  Thanks
  - Trey

  --
  You received this message because you are subscribed to the Google Groups

 Puppet Users group. To post to this group, send email to 
 puppet-users@googlegroups.com.
  To unsubscribe from this group, send email to

 puppet-users+unsubscr...@googlegroups.com. For more options, visit this 
 group at

 http://groups.google.com/group/puppet-users?hl=en.









Could you share how you did the random wait?  I may have to switch to
a cron job with how often my daemons are crashing and having to be
restarted by Zabbix.

Thanks
 - Trey

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Official puppetlabs position on cron vs puppet as a service?

[treydock]

On Sep 23, 5:42 pm, Brian Gupta brian.gu...@brandorr.com wrote:
 Over the years many shops have come to start running puppet via cron to
 address memory leaks in earlier versions of Ruby, but the official position
 was that puppet was meant to be run as a continually running service.

 I am wondering if the official position has changed. On one hand many if not
 all of the early Ruby issues have been fixed, on the other, the addition of
 mcollective into the mix as a lightweight agent for triggering adhoc puppet
 runs, and other tasks somewhat lowers the requirements for puppet to be run
 as a service. (Or out of cron for that matter).

 I understand that in cases where old Ruby versions are for whatever reason
 mandated the answer may be different.

 Thanks,
 Brian

 --
 http://aws.amazon.com/solutions/solution-providers/brandorr/

Could those memory leak problems cause the Puppet daemon to crash with
no logs indicating why?  I have about 20 systems all running CentOS 5
and 6, with Puppet 2.6.9, and I now have to have Zabbix run a /etc/
init.d/puppet start everytime the daemon crashes which is almost on a
daily basis for every client.  Would be interested to know of a known
fix or if the only fix is the workaround of using Cron.

Thanks
- Trey

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Puppet installation and configuration (Master and Client)

[treydock]

On Sep 19, 1:40 pm, Jo Rhett jrh...@netconsonance.com wrote:
 On Sep 19, 2011, at 11:23 AM, Mr. E. wrote:

  I need latest documentation on how to install and configure Puppet
  master and Puppet client in CentOS environment.  The CentOS version is
  5.4 and Puppet version is 0.22.4.  

 Puppet 0.22.4 is quite old.  Why don't you enable epel-testing repo and get 
 2.6.6 from there?  There is nothing unique about CentOS, fwiw. Any puppet 
 installation instructions will apply to CentOS.

  I'm having problem with configuring
  between the Puppet master and Puppet client.  The Puppet master is not
  seeing the CA certificate of the Puppet client.

 If you phrased that accurately, you're somewhere off the reservation.  The 
 puppet master *IS* the CA for the client's certificate in normal 
 configuration.  I suspect you phrased that wrong.

 Certificate problems are very common FAQ.  Lots of pages about this. If you 
 really can't find the answer online, post the exact error you are seeing.

 --
 Jo Rhett
 Net Consonance : consonant endings by net philanthropy, open source and other 
 randomness

You can also enable the Puppetlabs yum repo.  For CentOS 5 look here,
http://yum.puppetlabs.com/el/5/products/.

I have a brief writeup on how to build Puppet RPMs, and also have a
link to download the 2.6.9 RPM which is the same as the one in that
repo.  Here, http://itscblog.tamu.edu/creating-your-own-puppet-rpms-part-1/
.

- Trey

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Organizational best practices / examples

[treydock]

On Sep 1, 4:47 am, Daniel Maher dma...@milestonelab.com wrote:
 On 09/01/2011 04:32 AM, col yte wrote:

  Hi folks,

  I was curious if anyone would be willing to share how they organize
  their puppet implementation. Perhaps something similar to what you'll
  find athttps://fedoraproject.org/wiki/Infrastructure/Puppet.

  People should have this sort of stuff documented, appreciate anything
  anyone would be willing to share.

 Hello,

 In our environment we've made a concious decision to maintain modules/
 in as generic a fashion as possible.  Basically, the way it works is
 that before we commit to modules/ we ask, would we be comfortable
 sharing this on Github?  It's a surprisingly good strategy. :)

 I realise this is only a small element of what you're asking for, but I
 am also curious to know if anybody else out there has any sort of
 simple rules that can applied in order to preserve sanity.

 --
 Daniel Maher
 makin' plans now to live on Mars 'cuz I got Earth on lock.

A bit late to respond, but thought I'd offer what has worked for me.
I too have adopted the idea would I be comfortable sharing this on
github with most of my modules.  The other thing I try to do is make
each module its own git repo that's a submodule for the entire puppet
module directory.  I'm still working on the best workflow for that
situation, but the benefit is it allows me to easily publish
individual modules.

Also one thing I've made use of is Mediawiki and the Semantic
Mediawiki extension to effectively document my modules.  It's also
served well for documenting all my servers.

Here are two examples...

Standard Mediawiki usage (slightly out-of-date)
https://cllaprojectwiki.tamu.edu/wiki/Puppetmaster_Configuration

An example of how to use the Semantic extension to allow for a very
neat way to organize data...
https://cllaprojectwiki.tamu.edu/wiki/Puppet_Module_Overview

I've found the use of Semantic mediawiki to be extremely helpful.  For
my server documentation each server gets it's own page and all the
properties per page can easily build reports or tables (like the above
link).  Same goes for Puppet modules.  You can have properties like
node_parameters or requires_module and build tables / reports on
that information.

- Trey

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Slightly OT: Puppet + OpenQRM

[treydock]

On Sep 7, 1:10 am, Ohad Levy ohadl...@gmail.com wrote:
 On Tue, Sep 6, 2011 at 6:44 PM, treydock treyd...@gmail.com wrote:
  I've recently been looking to move my KVM management (currently via
  Puppet and virt-manager) to something web-based and robust (ie
  Cloud), and came across OpenQRM.  Looking at the features list it
  mentions puppet Class/Machine management.  Has anyone that uses
  Puppet extensively given this a try?  I'd like to get input on how
  this works.  The only ENC or GUI interface I've used with Puppet is
  Foreman (which is awesome btw), but this peaked my interest.  Thus far
  I've tried Cloudstack (a few months ago) and Convirt, both were great,
  but not what I needed.

 BTW not sure if you saw it, but foreman supports libvirt/kvm out of
 the box, and we are working on adding additional actualization
 management support such as rhevm (once released -- in the upcoming
 weeks), vmware and ec2.

 if you have any improvement suggestions, or why foreman was not good
 enough, would love to hear that..

 thanks,

 Ohad









  Any input on experiences with OpenQRM as it relates to Puppet would be
  great, thanks.

  - Trey

  --
  You received this message because you are subscribed to the Google Groups 
  Puppet Users group.
  To post to this group, send email to puppet-users@googlegroups.com.
  To unsubscribe from this group, send email to 
  puppet-users+unsubscr...@googlegroups.com.
  For more options, visit this group 
  athttp://groups.google.com/group/puppet-users?hl=en.

I actually plan to use Foreman to handle provision / configuration.
From some videos I've seen around the net I'll likely use Foreman to
provision new systems on KVM as well.  Something like OpenQRM is for
things like console access, pool management, snapshots, migrations so
on.  Really this move to GUI management is more for the continuity of
my projects in my absence or to allow someone not familiar with Puppet
and KVM command line management to assist me in day-to-day
operations.  Plus my bosses' boss is hung up on having a Cloud and a
nice shinny web interface(s) will help sell my proposed open-source
cloud rather than my counter-part's Microsoft cloud.  Some people just
don't appreciate command-line.

Thank
- Trey

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Slightly OT: Puppet + OpenQRM

[treydock]

I've recently been looking to move my KVM management (currently via
Puppet and virt-manager) to something web-based and robust (ie
Cloud), and came across OpenQRM.  Looking at the features list it
mentions puppet Class/Machine management.  Has anyone that uses
Puppet extensively given this a try?  I'd like to get input on how
this works.  The only ENC or GUI interface I've used with Puppet is
Foreman (which is awesome btw), but this peaked my interest.  Thus far
I've tried Cloudstack (a few months ago) and Convirt, both were great,
but not what I needed.

Any input on experiences with OpenQRM as it relates to Puppet would be
great, thanks.

- Trey

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: File resource owner not found, only during automatic puppet runs

[treydock]

On Sep 1, 8:03 am, jcbollinger john.bollin...@stjude.org wrote:
 On Aug 31, 8:09 pm, treydock treyd...@gmail.com wrote:

  I have a file resource defined to be owned by a group that is
  accessible via samba/winbind (AD based group), but every time Puppet
  runs automatically (every 30 min) the run fails with this error ,
  (sensitive information removed)

  (/Stage[main]//Node[node1.tld]/Apache::Vhost[vhost1]/File[/var/www/
  vhost1/html]) Could not evaluate: Could not find group org-www at /etc/
  puppet/modules/apache/manifests/definitions/vhost.pp:52

  When I manually run puppetd --test --debug -v there is no failure.
  Also the group is visible on the system and all works just fine.  It
  only fails during the automatic Puppet runs.  I also have another
  host, with an almost identical setup , assigning AD based groups to
  file resources, and it doesn't have this problem.  Using Puppet 2.6.9,
  on CentOS 6.

 It looks like the Puppet agent is unable to connect to the domain to
 retrieve group information.  In all likelihood this is an issue with
 the environment in which the agent runs or the user (root) as whom it
 runs, perhaps in conjunction with winbind configuration specifics.
 You could try to duplicate it from the command line by doing something
 like 'env -i PATH=/bin:/sbin:/usr/bin:/usr/sbin puppetd --test --
 debug -v' to ensure that it runs with a minimal environment.

 Not being familiar with the details of using samba/winbind as a user
 and group resolution service, I'm not sure what specifically to
 recommend you check in that area.  Duplicating the problem from the
 command line should give you a leg up, though.

 John

Thanks for the suggestion.  I run puppet manually as you suggested,
and still no errors.  Even stranger is sometime last night the errors
stopped occurring.  From the time I activated the samba module, till
last night it failed like clockwork, every 30 minutes.  Now the
automatic puppet runs seem to be working just fine.

My understanding of the internals of how Winbind/Samba store and cache
AD account information is a bit lacking, but could this be that it
just took time for the groups/users to get cached?  Authentication and
all other functions relying on these groups worked just fine from the
beginnining.

Here are some of the relavent lines from my smb.conf...


winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind nested groups = Yes
winbind expand groups = 3
winbind separator = +

Thanks
- Trey

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] File resource owner not found, only during automatic puppet runs

[treydock]

I have a file resource defined to be owned by a group that is
accessible via samba/winbind (AD based group), but every time Puppet
runs automatically (every 30 min) the run fails with this error ,
(sensitive information removed)

(/Stage[main]//Node[node1.tld]/Apache::Vhost[vhost1]/File[/var/www/
vhost1/html]) Could not evaluate: Could not find group org-www at /etc/
puppet/modules/apache/manifests/definitions/vhost.pp:52

When I manually run puppetd --test --debug -v there is no failure.
Also the group is visible on the system and all works just fine.  It
only fails during the automatic Puppet runs.  I also have another
host, with an almost identical setup , assigning AD based groups to
file resources, and it doesn't have this problem.  Using Puppet 2.6.9,
on CentOS 6.

Thanks
- Trey

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Custom function error Unknown function...

[treydock]

I've written my first attempt at a custom puppet function, and it
passes all the suggested test's from the Puppet documentation, but
when called from a test module it doesn't seem to be found.

Successful tests...

irb(main):001:0 require 'puppet'
= true
irb(main):002:0 require '/etc/puppet/modules/string2hash/
.git/ lib/
irb(main):002:0 require '/etc/puppet/modules/string2hash/lib/puppet/
parser/functions/string2hash.rb'
= true
irb(main):003:0 Puppet::Parser::Functions.function(:string2hash)
= function_string2hash


ruby -rpuppet lib/puppet/parser/functions/string2hash.rb returns no
errors

When I try and test the functions ability to even return a correct
value, I get this,

$ puppet --debug -vvv test.pp
Unknown function string2hash at /etc/puppet/modules/test/test.pp:3

This is test.pp...
---
$hash_string = {\general\:{\dump_dir\:\/backups/misc-sqldumps\,
\databases\:\mysql\,\backup_dir\:\/etc\},\anth\:{\dump_dir
\:\/backups/anth-sqldumps\,\databases\:\ anth_main anth_students
anth_td anth_intranet\,\backup_dir\:\/var/www/anthropology.tamu.edu
\}}

$val = string2hash($hash_string)

notice($val)


This is my function, at /etc/puppet/modules/string2hash/lib/puppet/
parser/functions/string2hash.rb
-
#!/usr/bin/ruby

module Puppet::Parser::Functions
newfunction(:string2hash, :type = :rvalue) do |args|
raise ArgumentError, (string2hash(): wrong number of
arguments (#{args.length}; must be 1)) if args.length != 1
raise ArgumentError, (string2hash(): wrong type of
argument (#{args[0].kind_of}; must be string)) if args[0].kind_of?
String

require 'json'

begin
return JSON.parse(args[0])
rescue Exception = exc
raise TypeError, string2hash(): error
converting string to hash
end

end
end


I use numerous community functions that work without any type of
includes , and can't seem to figure out why mine is 'unknown' when
puppet clearly sees it.  I've restarted both the puppet and
puppetmaster daemon repeatedly.

Thanks
- Trey

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Using back-ported create_resources in 2.6.x

[treydock]

Does anyone have some examples of using this create_resources
function, https://github.com/puppetlabs/puppetlabs-create_resources,
?  Based on the README example I can't figure out exactly how to
change from using defines to using this function.  Maybe I
misunderstand the purpose of create_resources...is it to replace
defines, or is it to allow ENCs (for example) to use a define?

Below is an example of a define I use for apache virtual hosts.  From
the example on the functions readme, does class webserver::instances
use the information in $instances?  So if I wanted to create files /
directories from the information in $instances, would that be done in
class webserver::instances or else where?

Here's the example...

node 'webserver' {
apache::vhost {
'drupal-multisite1':
domain  = 'com',
docroot = '/var/www/example2.com/html',
options = 'None',
override= 'All',
protocol= 'http';

'drupal-multisite2':
domain  = 'com',
docroot = '/var/www/example2.com/html',
create_docroot  = false,
options = 'None',
override= 'All',
protocol= 'http';
}
}



define apache::vhost (
$protocol='http',
$cname=$name,
$domain=false,
$server_alias=www.$cname.$domain,
$alias_list=false,
$docroot=false,
$create_docroot=true,
$docroot_owner=false,
$docroot_group=false,
$docroot_mode=false,
$options=false,
$sendfile=true,
$override='None',
$order='allow,deny',
$allowfrom='all',
$denyfrom=false,
$source=false
) {

host{ ${name}.$domain:
ensure  = present,
host_aliases= [ $name ],
ip  = $ipaddress_eth0,
}


if $create_docroot != false {
file {
$docroot:
ensure  = directory,
owner   = $docroot_owner ? {
false   = undef,
default = $docroot_owner,
},
group   = $docroot_group ? {
false   = undef,
default = $docroot_group,
},
mode= $docroot_mode ? {
false   = undef,
default = $docroot_mode,
},
require = Package['httpd'];
}
}


file { /etc/httpd/conf.d/$cname.conf:
ensure  = present,
owner   = 'root',
group   = 'root',
mode= 644,
content = $source ? {
false   = template('apache/
virtualhost_conf.erb'),
default = $source,
},
require = Package['httpd'],
notify  = Exec['reload-apache'],
}

}



Thanks
- Trey

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Using back-ported create_resources in 2.6.x

[treydock]

Ah ok! That makes more sense now.

Thanks
- Trey

On Aug 17, 12:59 pm, Nan Liu n...@puppetlabs.com wrote:
 On Wed, Aug 17, 2011 at 10:27 AM, treydock treyd...@gmail.com wrote:
  Does anyone have some examples of using this create_resources
  function,https://github.com/puppetlabs/puppetlabs-create_resources,
  ?  Based on the README example I can't figure out exactly how to
  change from using defines to using this function.  Maybe I
  misunderstand the purpose of create_resources...is it to replace
  defines, or is it to allow ENCs (for example) to use a define?

 The purpose of create resources is not to replace define, but rather
 to declare resource from a hash. This is typically used to work around
 ENC limitation of class only so you can provide a hash to generate
 resources for a node.









  Below is an example of a define I use for apache virtual hosts.  From
  the example on the functions readme, does class webserver::instances
  use the information in $instances?  So if I wanted to create files /
  directories from the information in $instances, would that be done in
  class webserver::instances or else where?

  Here's the example...

  node 'webserver' {
     apache::vhost {
         'drupal-multisite1':
             domain          = 'com',
             docroot         = '/var/www/example2.com/html',
             options         = 'None',
             override        = 'All',
             protocol        = 'http';

         'drupal-multisite2':
             domain          = 'com',
             docroot         = '/var/www/example2.com/html',
             create_docroot  = false,
             options         = 'None',
             override        = 'All',
             protocol        = 'http';
     }
  }

 So if you use create resource, instead of the section above would be:

 $vhost = { 'drupal-multisite1' = { domain = 'com', ... } }

 create_resource (apache::vhost, $vhost)

 It would not change your existing define apache::vhost.

 Thanks,

 Nan

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Using back-ported create_resources in 2.6.x

[treydock]

On Aug 17, 12:59 pm, Nan Liu n...@puppetlabs.com wrote:
 On Wed, Aug 17, 2011 at 10:27 AM, treydock treyd...@gmail.com wrote:
  Does anyone have some examples of using this create_resources
  function,https://github.com/puppetlabs/puppetlabs-create_resources,
  ?  Based on the README example I can't figure out exactly how to
  change from using defines to using this function.  Maybe I
  misunderstand the purpose of create_resources...is it to replace
  defines, or is it to allow ENCs (for example) to use a define?

 The purpose of create resources is not to replace define, but rather
 to declare resource from a hash. This is typically used to work around
 ENC limitation of class only so you can provide a hash to generate
 resources for a node.









  Below is an example of a define I use for apache virtual hosts.  From
  the example on the functions readme, does class webserver::instances
  use the information in $instances?  So if I wanted to create files /
  directories from the information in $instances, would that be done in
  class webserver::instances or else where?

  Here's the example...

  node 'webserver' {
     apache::vhost {
         'drupal-multisite1':
             domain          = 'com',
             docroot         = '/var/www/example2.com/html',
             options         = 'None',
             override        = 'All',
             protocol        = 'http';

         'drupal-multisite2':
             domain          = 'com',
             docroot         = '/var/www/example2.com/html',
             create_docroot  = false,
             options         = 'None',
             override        = 'All',
             protocol        = 'http';
     }
  }

 So if you use create resource, instead of the section above would be:

 $vhost = { 'drupal-multisite1' = { domain = 'com', ... } }

 create_resource (apache::vhost, $vhost)

 It would not change your existing define apache::vhost.

 Thanks,

 Nan

Having a bit of trouble now...and the error I'm getting is of no help.

Here's my parameter in node definition


$redmine_instances = {
'default' = {
docroot = '/var/www/rails/redmine',
db  = 'redmine',
db_user = 'redmine',
db_pass = '',
},
}
create_resources('redmine::instance', $redmine_instances)

And the defines this is going to...


define redmine::instance (
$instances = {}
) {
file { $instances[docroot]:
ensure  = directory,
owner   = 'apache',
}


file {$instances[docroot]/config/database.yml:
content = production:
  adapter: mysql
  database: $instances[db]
  host: localhost
  username: $instances[db_user]
  password: $instances[db_pass]
  encoding: utf8
,
}
}


That's a trimmed down example, but the error I get is 



# puppetd --test --debug -v --noop
debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/
dscl does not exist
debug: Puppet::Type::User::ProviderPw: file pw does not exist
debug: Puppet::Type::User::ProviderLdap: true value when expecting
false
debug: Puppet::Type::User::ProviderUser_role_add: file roleadd does
not exist
debug: Puppet::Type::File::ProviderMicrosoft_windows: feature
microsoft_windows is missing
debug: Failed to load library 'ldap' for feature 'ldap'
debug: /File[/var/lib/puppet/clientbucket]: Autorequiring File[/var/
lib/puppet]
debug: /File[/var/lib/puppet/facts]: Autorequiring File[/var/lib/
puppet]
debug: /File[/var/lib/puppet/state/state.yaml]: Autorequiring File[/
var/lib/puppet/state]
debug: /File[/var/lib/puppet/ssl/certs/client.tld.pem]: Autorequiring
File[/var/lib/puppet/ssl/certs]
debug: /File[/var/lib/puppet/client_data]: Autorequiring File[/var/lib/
puppet]
debug: /File[/var/lib/puppet/ssl/certs/ca.pem]: Autorequiring File[/
var/lib/puppet/ssl/certs]
debug: /File[/etc/puppet/puppet.conf]: Autorequiring File[/etc/puppet]
debug: /File[/var/lib/puppet/state/last_run_report.yaml]:
Autorequiring File[/var/lib/puppet/state]
debug: /File[/var/lib/puppet/ssl]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/ssl/certs]: Autorequiring File[/var/lib/
puppet/ssl]
debug: /File[/etc/puppet/namespaceauth.conf]: Autorequiring File[/etc/
puppet]
debug: /File[/var/lib/puppet/ssl/private_keys]: Autorequiring File[/
var/lib/puppet/ssl]
debug: /File[/var/lib/puppet/ssl/certificate_requests]: Autorequiring
File[/var/lib/puppet/ssl]
debug: /File[/var/lib/puppet/ssl/private_keys/client.tld.pem]:
Autorequiring File[/var/lib/puppet/ssl/private_keys]
debug: /File[/var/lib/puppet/state/last_run_summary.yaml]:
Autorequiring File[/var/lib/puppet/state]
debug: /File[/var/lib/puppet/ssl/crl.pem]: Autorequiring File[/var/lib/
puppet/ssl]
debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/classes.txt]: Autorequiring File[/var/lib/
puppet]
debug: /File[/var/lib/puppet/client_yaml]: Autorequiring File[/var/lib/
puppet]
debug: /File[/var/lib/puppet/ssl/private

[Puppet Users] Service resource throws error for ups but service starts

[treydock]

I have a puppet module to manage Network UPS Tools, but am having
trouble getting Puppet to be able to start the ups service without
error.  What's strange is the service starts just fine, but Puppet
returns an error.

Here's the service resource I defined...


package { 'nut-client':ensure  = installed,
}

service { 'ups':
ensure  = running,
enable  = true,
hasrestart  = true,
require = Package['nut-client'],
}


The error when I run puppet is as follows...


debug: Service[ups](provider=redhat): Executing '/sbin/service ups
start'
err: /Stage[main]/Nut::Slave/Service[ups]/ensure: change from stopped
to running failed: Could not start Service[ups]: Execution of '/sbin/
service ups start' returned 1:  at /etc/puppet/modules/nut/manifests/
classes/slave.pp:12

I do not know if this is the fault of a bad return code in the init
script...here's the init script used...


### BEGIN INIT INFO
# Provides: ups
# Required-Start: $syslog $network $named
# Required-Stop: $local_fs
# Default-Stop: 0 1 6
# Short-Description: Starts the Network UPS tools
# Description: Network UPS Tools is a collection of programs which
provide a common \
#   interface for monitoring and administering UPS hardware.
### END INIT INFO

# Source function library.
if [ -f /etc/init.d/functions ]; then
. /etc/init.d/functions
elif [ -f /etc/rc.d/init.d/functions ]; then
. /etc/rc.d/init.d/functions
else
exit 0
fi

# Get config.
if [ -f /etc/sysconfig/ups ]; then
. /etc/sysconfig/ups
else
SERVER=no
fi

start() {
if [ $SERVER = yes ]; then
echo -n $Starting UPS driver controller: 
daemon /sbin/upsdrvctl start  /dev/null 21  success || 
failure
RETVAL=$?
echo

prog=upsd
echo -n $Starting $prog: 
daemon /usr/sbin/upsd $UPSD_OPTIONS  /dev/null 21  success 
||
failure
if [ $RETVAL = 0 ]; then
RETVAL=$?
fi
echo

echo -n $Starting UPS monitor (master): 
daemon /usr/sbin/upsmon  /dev/null 21  success || failure
if [ $RETVAL = 0 ]; then
RETVAL=$?
fi
echo
else
echo -n $Starting UPS monitor (slave): 
daemon /usr/sbin/upsmon  /dev/null 21  success || failure
echo
fi

[ $RETVAL = 0 ]  touch /var/lock/subsys/ups
}

stop() {
echo -n $Stopping UPS monitor: 
killproc upsmon
echo

if [ $SERVER = yes ]; then
prog=upsd
echo -n $Stopping $prog: 
killproc upsd  /dev/null 21  success || failure
RETVAL=$?
echo

echo -n $Shutting down upsdrvctl: 
/sbin/upsdrvctl stop  /dev/null 21  success || failure
if [ $RETVAL = 0 ]; then
RETVAL=$?
fi
echo
fi
[ $RETVAL = 0 ]  rm -f /var/lock/subsys/ups
}

restart() {
stop
start
}

reload() {
# FIXME: upsd and upsmon always return 0
# = can't tell if reload was successful
if [ $SERVER = yes ]; then
action Reloading upsd: /usr/sbin/upsd -c reload
RETVAL=$?
fi
action Reloading upsmon: /usr/sbin/upsmon -c reload
if [ $RETVAL = 0 ]; then
RETVAL=$?
fi
}

# See how we are called.
case $1 in
start)
start ;;

stop)
stop ;;

restart)
restart ;;

try-restart)
[ -f /var/lock/subsys/ups ]  restart || :
;;

reload)
reload ;;

force-reload)
restart ;;

status)
if [ $SERVER = yes ]; then
status upsd
fi
status upsmon
;;

*)
echo $Usage: $0 
{start|stop|restart|try-restart|reload|force-reload|
status}
RETVAL=3
esac

exit $RETVAL


Thanks
- Trey

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Passing hash as parameters to manifest

[treydock]

I have a module for backuppc, and am trying to pass a hash to a define
to create a single script and the necessary directories.  What I can't
seem to figure out how to do is have this hash's values be used to
create files / directories and also populate a template.

Here's the hash...


$backuppc_db_dumps =  {
redmine = {
'backup_dir'= '/var/www/rails/redmine',
'databases' = 'redmine',
'dump_dir'  = '/backups/misc-sqldumps',
},
general = {
'backup_dir'= '/etc',
'databases' = 'mysql',
'dump_dir'  = '/backups/misc-sqldumps',
},
}


I have successfully used that to with a template to generate a script,
but am unsure how to pass those values to a define in order to ensure
the dump_dir exists.

After the above variable I added

backuppc::sqldump { $backuppc_db_dumps: }

Here's the define ...

define backuppc::sqldump () {

file {
$name[dump_dir]:
ensure  = directory,
owner   = 'root',
group   = 'root',
mode= '0770',
}
}

Is this something that's even possible?  The error I get doesn't make
any sense to me...

err: Could not retrieve catalog from remote server: Error 400 on
SERVER: Invalid tag generaldump_dir/backups/misc-
sqldumpsdatabasesmysqlbackup_dir/etcredminedump_dir/backups/redmine-
sqldumpsdatabasesredminebackup_dir/var/www/rails/redmine at /etc/
puppet/modules/backuppc/manifests/definitions/sqldump.pp:9 on node

Thanks
- Trey

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Passing hash as parameters to manifest

[treydock]

Looking up the use of create_resources which is mentioned in the bug
you linked, looks like it's available only in 2.7.x.  I'm currently
running 2.6.9, but may be worth upgrading for.

I tried you suggestion, but get this error...

err: Could not retrieve catalog from remote server: Error 400 on
SERVER: Invalid tag dump_dir/backups/redmine-
sqldumpsdatabasesredminebackup_dir/var/www/rails/redmine at /etc/
puppet/modules/backuppc/manifests/definitions/sqldump.pp:11 on
node ...


Also I am not sure what you mean by functions that get an array of
first level hash keys.

Thanks
- Trey

On Aug 11, 5:59 pm, Nan Liu n...@puppetlabs.com wrote:
 On Thu, Aug 11, 2011 at 4:00 PM, treydock treyd...@gmail.com wrote:
  I have a module for backuppc, and am trying to pass a hash to a define
  to create a single script and the necessary directories.  What I can't
  seem to figure out how to do is have this hash's values be used to
  create files / directories and also populate a template.

  Here's the hash...

     $backuppc_db_dumps =  {
         redmine = {
                 'backup_dir'    = '/var/www/rails/redmine',
                 'databases'     = 'redmine',
                 'dump_dir'      = '/backups/misc-sqldumps',
         },
         general = {
                 'backup_dir'    = '/etc',
                 'databases'     = 'mysql',
                 'dump_dir'      = '/backups/misc-sqldumps',
         },
     }

  I have successfully used that to with a template to generate a script,
  but am unsure how to pass those values to a define in order to ensure
  the dump_dir exists.

  After the above variable I added

  backuppc::sqldump { $backuppc_db_dumps: }

 You are passing a hash as the resource title, a resource title is
 either a string or array of string.

  Here's the define ...

  define backuppc::sqldump () {

     file {
         $name[dump_dir]:
             ensure  = directory,
             owner   = 'root',
             group   = 'root',
             mode    = '0770',
     }
  }

  Is this something that's even possible?  The error I get doesn't make
  any sense to me...

 Not in the current form, what you are looking for is probably best
 described here:http://projects.puppetlabs.com/issues/8670

 However a small change should allow this to work. (disclaimer,
 untested, but I've done something similar).

 define backuppc::sqldump ($var) {
    $value = $var[$name]
     file {
         $value[dump_dir]:
             ensure  = directory,
             owner   = 'root',
             group   = 'root',
             mode    = '0770',
     }

 }

 backuppc::sqldump { ['redmine', 'general']:
   var =$backuppc_db_dumps,

 }

 If you have a functions that gets an array of the first level hash
 keys, you can use that instead of specifying redmine, general.

 HTH,

 Nan

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Config files based on rpm version

[treydock]

To get the version you'll likely have to use facts, but once you have
the facts you can use something like the following...

file {
/etc/pam.d/system-auth-ac:
source  = $operatingsystemrelease ? {
/5.(\d)/ =
puppet:///modules/kerberize/system-auth-ac,
/6.(\d)/ =
puppet:///modules/kerberize/system-auth-ac.centos6,
},

That example points to a different configuration file based on the OS
release number (this example is for CentOS).  So the first condition
is true if 5.x and the second for anything 6.0 and so on.  Should be
similar once you have your custom fact made.

- Trey

On Aug 6, 2:08 am, carl carlla...@gmail.com wrote:
 Hi,
 I have a few virtuozzo servers that are running different versions.
 Some are running 4.0 and some are running 4.6. I am having a hard time
 figuring out how to set the configuration file based on the rpm
 version that is currently installed. Is there a tutorial or page that
 has an example of something like this?

 Thanks

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Managing sudo via puppet using #includedir

[treydock]

Is anyone having success with #includedir option in sudo?  I have a
module that uses a definition to create files in /etc/sudoers.d/ which
is referenced in the main suders file as #includedir /etc/sudoers,
but these entries are not getting referenced when sudo is used.

I'm running CentOS 5 and 6, which which sudo-1.7.2p1 and sudo-1.7.2p2
respectively.

Here's a weird symptom the problem I'm having...

# visudo -c -f /etc/sudoers.d/zabbix-puppet
 /etc/sudoers.d/zabbix-puppet: syntax error near line 0 
parse error in /etc/sudoers.d/zabbix-puppet near line 0

(((NOTE: I made absolutely no changes , just did :q)))
# visudo -f /etc/sudoers.d/zabbix-puppet
 /etc/sudoers.d/zabbix-puppet: syntax error near line 0 


# visudo -c -f /etc/sudoers.d/zabbix-puppet
/etc/sudoers.d/zabbix-puppet: parsed OK

This is my sudoers file...



## Sudoers allows particular users to run various commands as
## the root user, without needing the root password.
##
## Examples are provided at the bottom of the file for collections
## of related commands, which can then be delegated out to particular
## users or groups.
##
## This file must be edited with the 'visudo' command.

## Host Aliases
## Groups of machines. You may prefer to use hostnames (perhaps using
## wildcards for entire domains) or IP addresses instead.
# Host_Alias FILESERVERS = fs1, fs2
# Host_Alias MAILSERVERS = smtp, smtp2

## User Aliases
## These aren't often necessary, as you can use regular groups
## (ie, from files, LDAP, NIS, etc) in this file - just use
%groupname
## rather than USERALIAS
# User_Alias ADMINS = jsmith, mikem


## Command Aliases
## These are groups of related commands...

## Networking
# Cmnd_Alias NETWORKING = /sbin/route, /sbin/ifconfig, /bin/ping, /
sbin/dhclient, /usr/bin/net, /sbin/iptables, /usr/bin/rfcomm, /usr/bin/
wvdial, /sbin/iwconfig, /sbin/mii-tool

## Installation and management of software
# Cmnd_Alias SOFTWARE = /bin/rpm, /usr/bin/up2date, /usr/bin/yum

## Services
# Cmnd_Alias SERVICES = /sbin/service, /sbin/chkconfig

## Updating the locate database
# Cmnd_Alias LOCATE = /usr/bin/updatedb

## Storage
# Cmnd_Alias STORAGE = /sbin/fdisk, /sbin/sfdisk, /sbin/parted, /sbin/
partprobe, /bin/mount, /bin/umount

## Delegating permissions
# Cmnd_Alias DELEGATING = /usr/sbin/visudo, /bin/chown, /bin/chmod, /
bin/chgrp

## Processes
# Cmnd_Alias PROCESSES = /bin/nice, /bin/kill, /usr/bin/kill, /usr/bin/
killall

## Drivers
# Cmnd_Alias DRIVERS = /sbin/modprobe

# Defaults specification

#
# Disable ssh hostname sudo cmd, because it will show the password
in clear.
# You have to run ssh -t hostname sudo cmd.
#
## Defaultsrequiretty

#
# Preserving HOME has security implications since many programs
# use it when searching for configuration files.
#
Defaultsalways_set_home

Defaultsenv_reset
Defaultsenv_keep =  COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC
KDEDIR LS_COLORS
Defaultsenv_keep += MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS
LC_CTYPE
Defaultsenv_keep += LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT
LC_MESSAGES
Defaultsenv_keep += LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER
LC_TELEPHONE
Defaultsenv_keep += LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET
XAUTHORITY

#
# Adding HOME to env_keep may enable a user to run unrestricted
# commands via sudo.
#
# Defaults   env_keep += HOME

# Defaultssecure_path = /sbin:/bin:/usr/sbin:/usr/bin


## Next comes the main part: which users can run what software on
## which machines (the sudoers file can be shared between multiple
## systems).
## Syntax:
##
##  userMACHINE=COMMANDS
##
## The COMMANDS section may have other options added to it.
##
## Allow root to run any commands anywhere
rootALL=(ALL)   ALL



## Allows members of the 'sys' group to run networking, software,
## service management apps and more.
# %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING,
PROCESSES, LOCATE, DRIVERS

## Allows people in group wheel to run all commands
%wheel  ALL=(ALL)   ALL

## Same thing without a password
# %wheelALL=(ALL)   NOPASSWD: ALL

## Allows members of the users group to mount and unmount the
## cdrom as root
# %users  ALL=/sbin/mount /mnt/cdrom, /sbin/umount /mnt/cdrom

## Allows members of the users group to shutdown this system
# %users  localhost=/sbin/shutdown -h now

#includedir /etc/sudoers.d


And this is the /etc/sudoers.d/zabbix-puppet

zabbix ALL=NOPASSWD: /var/lib/zabbix/bin/start_puppet

What's so strange is if I take that exact line, and put it in /etc/
sudoers , it works just fine.  So I know the syntax and such is
correct, however it doesn't get called via #includedir.

Thanks
- Trey

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 

[Puppet Users] Re: Managing sudo via puppet using #includedir

[treydock]

From the sudoer docs it mentioned making the files in /etc/sudoers.d
be 440, but what about the folder?  Here's the perms on /etc/sudoers.d

drwxr-xr-x   2 root root 4096 Jul 26 19:16 .
drwxr-xr-x. 64 root root 4096 Jul 26 19:16 ..
-r--r-   1 root root   53 Jul 26 19:16 zabbix-puppet

- Trey

On Aug 1, 3:47 pm, Len Rugen lenru...@gmail.com wrote:
 It's working here for RHEL 5  6.  Check the owner and perms of sudoers.d,
 that's probably not your problem, but it's the only one we've had.

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Managing sudo via puppet using #includedir

[treydock]

Ok , so this was actually two problems...

The first , can't have quotes around the folder location in
#includedir...

Second is the way I was populating those files...

Here's the sudo module definition...

define sudo::directive (
  $ensure=present,
  $content=,
  $source=
) {

  # sudo skipping file names that contain a .
  $dname = regsubst($name, '\.', '-', 'G')

file {/etc/sudoers.d/${dname}:
  ensure  = $ensure,
  owner   = root,
  group   = root,
  mode= 0440,
  content = $content ? {
  = undef,
default = $content,
  },
  source  = $source ? {
  = undef,
default = $source,
  },
  require = Package[sudo],
}

}

The content method doesn't work, or at least not in the way I've
implemented it...

So this doesn't work...

sudo::directive { zabbix-puppet:
ensure  = present,
content = zabbix ALL=NOPASSWD: /var/lib/zabbix/bin/
start_puppet,
#source  = puppet:///files/zabbix_sudocmd,
}


And this works...

sudo::directive { zabbix-puppet:
ensure  = present,
#content = zabbix ALL=NOPASSWD: /var/lib/zabbix/bin/
start_puppet,
source  = puppet:///files/zabbix_sudocmd,
}


The file zabbix_sudocmd contains the same text as the Content
line, however it seems to not add a necessary new line character, as
this is the debug output from puppet when I change from source to
content...

debug: /Stage[main]/Role_zabbix_client/Sudo::Directive[zabbix-puppet]/
File[/etc/sudoers.d/zabbix-puppet]/content: Executing 'diff -u /etc/
sudoers.d/zabbix-puppet /tmp/puppet-file20110801-18801-1wfv1td-0'
--- /etc/sudoers.d/zabbix-puppet2011-08-01 18:45:16.248138294 -0500
+++ /tmp/puppet-file20110801-18801-1wfv1td-02011-08-01
18:53:53.566133754 -0500
@@ -1 +1 @@
-zabbix ALL=NOPASSWD: /var/lib/zabbix/bin/start_puppet
+zabbix ALL=NOPASSWD: /var/lib/zabbix/bin/start_puppet
\ No newline at end of file
debug: file_bucket_file supports formats: b64_zlib_yaml marshal pson
raw yaml; using yaml
info: /Stage[main]/Role_zabbix_client/Sudo::Directive[zabbix-puppet]/
File[/etc/sudoers.d/zabbix-puppet]: Filebucketed /etc/sudoers.d/zabbix-
puppet to main with sum 2ecb3670db9e458970153bf00d64b325
notice: /Stage[main]/Role_zabbix_client/Sudo::Directive[zabbix-puppet]/
File[/etc/sudoers.d/zabbix-puppet]/content: content changed '{md5}
2ecb3670db9e458970153bf00d64b325' to '{md5}
348da8bc5d9eacaf6334b092d95001eb'


Notice the No newline at end of file...

I can use content if I add a \n to the end of the line, which
doesn't seem like it should be necessary, but it works.

Thanks!!
- Trey


On Aug 1, 6:35 pm, vagn scott vagnsc...@gmail.com wrote:
 On 08/01/2011 01:41 PM, treydock wrote:

  #includedir /etc/sudoers.d

 Maybe without the quotation marks?

 --
 vagn

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Import existing classes to puppet-dashboard

[treydock]

Is there currently a way to import existing puppet modules and classes
into the puppet-dashboard?

If not , will defining them in puppet-dashboard make the nodes aware
of modules already created in puppet?

I found this issue opened on the subject, 
http://projects.puppetlabs.com/issues/3503,
but did not see anything mentioning this in the 1.2rc1 release notes.

Thanks
- Trey

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Puppet 2.7.x and Facter 1.6 packages for Redhat/CentOS 5

[treydock]

I've begun using the spec file provided in the puppet and facter
sources to build my own RPMs.  So far to make the provided work with
2.7.1, I've made these changes...

The addition of ruby-shadow requirement and the namespace-auth.conf
are not necessary.  I added ruby-shadow to force it always installed
and the namespace-auth.conf may no longer be necessary with 2.7.1, but
was for as far up as 2.6.8.

$ diff -u puppet.spec.orig
puppet.spec
--- puppet.spec.orig2011-07-16 12:51:01.0 -0500
+++ puppet.spec 2011-07-11 17:19:20.0 -0500
@@ -5,8 +5,8 @@
 %global confdir conf/redhat

 Name:   puppet
-Version:2.6.0
+Version:2.7.1
 Release:1%{?dist}
 Summary:A network tool for managing many disparate systems
 License:Apache 2.0
 URL:http://puppetlabs.com
@@ -25,6 +25,8 @@
 Requires:   ruby(abi) = 1.8
 Requires:   ruby-shadow
 %endif
+Requires:   ruby-shadow

 # Pull in ruby selinux bindings where available
 %if 0%{?fedora} = 12 || 0%{?rhel} = 6
@@ -105,6 +107,9 @@
 install -Dp -m0644 conf/auth.conf %{buildroot}%{_sysconfdir}/puppet/
auth.conf
 install -Dp -m0644 %{confdir}/logrotate %{buildroot}%{_sysconfdir}/
logrotate.d/puppet

+# Create empty namespaceauth.conf file
+touch %{buildroot}%{_sysconfdir}/puppet/namespaceauth.conf
+
 # We need something for these ghosted files, otherwise rpmbuild
 # will complain loudly. They won't be included in the binary packages
 touch %{buildroot}%{_sysconfdir}/puppet/puppetmasterd.conf
@@ -130,7 +135,7 @@

 %files
 %defattr(-, root, root, 0755)
-%doc CHANGELOG COPYING LICENSE README README.queueing examples
+%doc CHANGELOG README.md
 %{_bindir}/pi
 %{_bindir}/puppet
 %{_bindir}/ralsh
@@ -144,6 +149,7 @@
 %config(noreplace) %{_sysconfdir}/sysconfig/puppet
 %config(noreplace) %{_sysconfdir}/puppet/puppet.conf
 %config(noreplace) %{_sysconfdir}/puppet/auth.conf
+%config(noreplace) %{_sysconfdir}/puppet/namespaceauth.conf
 %ghost %config(noreplace,missingok) %{_sysconfdir}/puppet/
puppetca.conf
 %ghost %config(noreplace,missingok) %{_sysconfdir}/puppet/
puppetd.conf
 %config(noreplace) %{_sysconfdir}/logrotate.d/puppet
@@ -163,6 +169,7 @@
 %{_mandir}/man8/puppetd.8.gz
 %{_mandir}/man8/ralsh.8.gz
 %{_mandir}/man8/puppetdoc.8.gz
+%{_mandir}/man8/puppet-*

 %files server
 %defattr(-, root, root, 0755)

Michael would you be the person to contact about assisting with
maintaining the puppet RPMs for puppet?  I could also probably
contribute a few other packages

 - Trey

On Jul 14, 7:25 pm, Michael Stahnke stah...@puppetlabs.com wrote:
 I have builds of facter 1.6 and puppet 2.7.2 for EL 5 and 6  available

 http://stahnma.fedorapeople.org/puppetlabs/

 I'm working on Fedora 14/15 builds currently also.

 These also are not currently signed, and there is no stahnma-repo rpm
 or anything like that.  I'm basically just trying scratch an itch a
 few people have.

 This won't be a permanent location.  We are working on updating and
 official puppet labs repository as well.

 Mike

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Puppet 2.7.x and Facter 1.6 packages for Redhat/CentOS 5

[treydock]

I've begun using the spec file provided in the puppet and facter
sources to build my own RPMs.  So far to make the provided work with
2.7.1, I've made these changes...
The addition of ruby-shadow requirement and the namespace-auth.conf
are not necessary.  I added ruby-shadow to force it always installed
and the namespace-auth.conf may no longer be necessary with 2.7.1,
but
was for as far up as 2.6.8.
$ diff -u puppet.spec.orig
puppet.spec
--- puppet.spec.orig2011-07-16 12:51:01.0 -0500
+++ puppet.spec 2011-07-11 17:19:20.0 -0500
@@ -5,8 +5,8 @@
 %global confdir conf/redhat
 Name:   puppet
-Version:2.6.0
+Version:2.7.1
 Release:1%{?dist}
 Summary:A network tool for managing many disparate systems
 License:Apache 2.0
 URL:http://puppetlabs.com
@@ -25,6 +25,8 @@
 Requires:   ruby(abi) = 1.8
 Requires:   ruby-shadow
 %endif
+Requires:   ruby-shadow
 # Pull in ruby selinux bindings where available
 %if 0%{?fedora} = 12 || 0%{?rhel} = 6
@@ -105,6 +107,9 @@
 install -Dp -m0644 conf/auth.conf %{buildroot}%{_sysconfdir}/puppet/
auth.conf
 install -Dp -m0644 %{confdir}/logrotate %{buildroot}%{_sysconfdir}/
logrotate.d/puppet
+# Create empty namespaceauth.conf file
+touch %{buildroot}%{_sysconfdir}/puppet/namespaceauth.conf
+
 # We need something for these ghosted files, otherwise rpmbuild
 # will complain loudly. They won't be included in the binary
packages
 touch %{buildroot}%{_sysconfdir}/puppet/puppetmasterd.conf
@@ -130,7 +135,7 @@
 %files
 %defattr(-, root, root, 0755)
-%doc CHANGELOG COPYING LICENSE README README.queueing examples
+%doc CHANGELOG README.md
 %{_bindir}/pi
 %{_bindir}/puppet
 %{_bindir}/ralsh
@@ -144,6 +149,7 @@
 %config(noreplace) %{_sysconfdir}/sysconfig/puppet
 %config(noreplace) %{_sysconfdir}/puppet/puppet.conf
 %config(noreplace) %{_sysconfdir}/puppet/auth.conf
+%config(noreplace) %{_sysconfdir}/puppet/namespaceauth.conf
 %ghost %config(noreplace,missingok) %{_sysconfdir}/puppet/
puppetca.conf
 %ghost %config(noreplace,missingok) %{_sysconfdir}/puppet/
puppetd.conf
 %config(noreplace) %{_sysconfdir}/logrotate.d/puppet
@@ -163,6 +169,7 @@
 %{_mandir}/man8/puppetd.8.gz
 %{_mandir}/man8/ralsh.8.gz
 %{_mandir}/man8/puppetdoc.8.gz
+%{_mandir}/man8/puppet-*
 %files server
 %defattr(-, root, root, 0755)

Who would be the person to contact about assisting with maintaining
the puppet RPMs for EPEL or whoever else provides a public puppet
RPM?

- Trey

On Jul 14, 7:25 pm, Michael Stahnke stah...@puppetlabs.com wrote:
 I have builds of facter 1.6 and puppet 2.7.2 for EL 5 and 6  available

 http://stahnma.fedorapeople.org/puppetlabs/

 I'm working on Fedora 14/15 builds currently also.

 These also are not currently signed, and there is no stahnma-repo rpm
 or anything like that.  I'm basically just trying scratch an itch a
 few people have.

 This won't be a permanent location.  We are working on updating and
 official puppet labs repository as well.

 Mike

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Seemingly random failures after 2.7.1 upgrade

[treydock]

I think the way I posted the contents of the modules may have been
misleading, as I do actually have each class in it's own file so
kvm::host class has it's own host.pp file.  So far I've actually
noticed this problem only on my modules that make use of the
autoloading, so each class in it's own *.pp file.  Not all my modules
suffer from this, but that's one common thing among the ones that do
fail.  I'm in the process of moving my other modules to that layout as
they currently have all classes in init.pp, but interestingly enough
none of those modules have had random failures.

- Trey


On Jul 13, 1:29 am, Peter Meier peter.me...@immerda.ch wrote:
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1

  Is using an empty class in init.pp problematic ?  All of these modules
  worked just fine before going from 2.6.8 to 2.7.1.

 I have no idea, whether this is the problem. But why do you do:

  # manifests/init.pp
  import classes/*.pp

  class kvm {
  }

  # manifests/classes/host.pp
  class kvm::host {

 ?

 Why not just have one file manifests/host.pp that contains the kvm::host
 class? Everything else is not really necessary.

 Puppet has quite a powerfull autoloading feature of classes and I think
 it can be seen as a general best practice to have one class in a file in
 its corresponding path on the filesystem.

 With your current way you would need a global import kvm, so that the
 init.pp class is actually parsed, so that the files in classes/ are
 imported.
 If this is not the case and the kvm::host class is not in a file that
 can be found by the autoloader it won't find the class.

 This becomes even trickier as other hosts can now interfere which
 classes are available while compiling the next hosts classes, as an
 import statement might only have been executed if Host A is compiled and
 only this would then make these imported classes that Host B requires
 available.

 Actually, I remember that the autoloader should also look into init.pp
 for the kvm::host class. But it's possible that something like that
 might have changed in 2.7. But I don't know it.

 Due to these two reasones (magic availability of classes, possible
 changes in how classes become available in 2.7) I would generally
 recommend to *not* use import statements and instead use puppet's
 autoloading feature. They're rather hard to debug.

 ~pete
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1.4.11 (GNU/Linux)
 Comment: Using GnuPG with Mozilla -http://enigmail.mozdev.org/

 iEYEARECAAYFAk4dOygACgkQbwltcAfKi39akACcCwslVzxzrTy3/H0r7kGyi4dB
 M4gAn1LHtc/LGk7OtbVfDolhm5cXwm/p
 =lWHm
 -END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Running puppet client on OS X

[treydock]

That's what I was thinking would be the case, but since the
puppetmaster files are also installed in OS X, that must by why a
puppet user is required.  So is there a way to do a client only
install of Puppet in OS X?


On Jul 12, 1:47 am, Patrick kc7...@gmail.com wrote:
 On Jul 11, 2011, at 7:51 PM, treydock wrote:

  What is the preferred method for running the puppet client in OS X?
  So far all methods I've tried seem to default to running the client as
  the root user.  Should this be changed to run as a puppet user?

  Should I explicitly define puppet as the user in puppet.conf?

  As a test I ran puppetd --test --debug -v and successfully had it
  check my puppetmaster while the OS X directories (/etc/puppet, /var/
  lib/puppet/*) were owned by root, and it still worked.

 Usually the puppet client is run as root because this allows it to change 
 things in the system.  For instance, you can't install packages or change 
 most files in /etc if you are not root.

 You can run the puppet client as a non-root user.  It's just not as common.

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Seemingly random failures after 2.7.1 upgrade

[treydock]

I recently upgraded my Puppetmaster to 2.7.1, and am now having what
seem to be random puppet run failures on almost all my nodes.  All
nodes except the actual puppetmaster are running 2.6.8.  Right now I
will get alerted about a failure, then log into that system and do a
manual run, which will succeed.  Then maybe a few hours later another
run will fail, and nothing has changed on the puppetmaster.

So far two modules seem to be the most frequent failures.  Here's the
error from puppet-dashboard on a 2.6.8 client

err Could not retrieve catalog from remote server: Error 400 on
SERVER: Could not find class zabbix::agent for puppetclient0.domain
at /etc/puppet/manifests/nodes.pp:177 on node puppetclient0.domain
Puppet  2011-07-12 05:04 CDT
err Could not retrieve catalog; skipping runPuppet  
2011-07-12 05:04
CDT
notice  Using cached catalog

That module is a bit large to paste in here, but it can be viewed at
https://github.com/treydock/puppet-zabbix.

The other failures are on similarly designed modules and I've also
noticed that one very basic modules seem to be failing randomly on two
clients, both are 2.6.8


err Could not retrieve catalog from remote server: Error 400 on
SERVER: Could not find class kvm::host for puppetclient1.domain at /
etc/puppet/manifests/roles.pp:35 on node puppetclient1.domain   Puppet
2011-07-12 05:08 CDT
err Could not retrieve catalog; skipping runPuppet  
2011-07-12 05:08
CDT
notice  Using cached catalog

--

Here's the module...

# manifests/init.pp
import classes/*.pp

class kvm {
}


# manifests/classes/host.pp
class kvm::host {

package {'libvirt':
ensure = installed,
}

service {
'libvirtd':
enable  = true,
ensure  = running,
require = Package['libvirt'];
}

logrotate::file { 'libvirtd':
log = '/var/log/libvirt/qemu/*.log',
interval= 'weekly',
rotation= '52',
archive = 'true',
minsize = '100k',
options = [ 'missingok', 'notifempty', 'sharedscripts',
'dateext', 'copytruncate' ],
}

}


Is using an empty class in init.pp problematic ?  All of these modules
worked just fine before going from 2.6.8 to 2.7.1.


Thanks
- Trey

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Running puppet client on OS X

[treydock]

What is the preferred method for running the puppet client in OS X?
So far all methods I've tried seem to default to running the client as
the root user.  Should this be changed to run as a puppet user?

Should I explicitly define puppet as the user in puppet.conf?

As a test I ran puppetd --test --debug -v and successfully had it
check my puppetmaster while the OS X directories (/etc/puppet, /var/
lib/puppet/*) were owned by root, and it still worked.

Additionally, is the puppetmasterd process / configuration necessary
to run only the client on OS X?  Using Puppet's provided spec file for
CentOS I can create a client only RPM, but can not seem to do this
from source or using the provided shell script in conf/osx.

Thanks
- Trey

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: How to define a hash table and loop over them in a definition?

[treydock]

Here's an example of how I have done this, and also a good way to test
the idea...

I created test.pp with these contents...you can also specify the
$apparray else where, for example in the node definition

$apparray =  {
app1 = { 'path' = '/test/path1', 'command' = 'cmd1' },
app2 = { 'path' = '/test/path2', 'command' = 'cmd2' },
}

file { /etc/puppet/output:
content = template(/etc/puppet/test.erb)
}


Then create the template file that the hash is used in, test.erb, this
is where you loop through your values

% apparray.each do |key,value| -%

Key: %= key %
Path: %= value['path'] %
Command: %= value['command'] %

% end -%


Then to generate the output file you run ...

# puppet test.pp
notice: /Stage[main]//File[/etc/puppet/output]/content: content
changed '{md5}c473dbf9c2539d14a3042f81ab2edafd' to '{md5}
9568aa118a031c5621c65c36bbe34bfe'
notice: Finished catalog run in 0.03 seconds

The output file should look something like this


Key: app1
Path: /test/path1
Command: cmd1


Key: app2
Path: /test/path2
Command: cmd2



- Trey


On Jun 29, 8:16 pm, Haitao Jiang jianghai...@gmail.com wrote:
 This may have been asked before, if so, please excuse me and point me
 to the right direction.

 What I want to do is to define a hash table with multiple key-value
 pairs. I would like to pass this variable to a file template and
 generate a result file with all the mappings listed. Based on what I
 read, I need to do it in a definition. But does Puppet supports loop
 over a hash?

 Any help would be highly appreciated. I am using Puppet 2.6.8

 Thanks

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Module variables missing during some puppet runs

[treydock]

Thanks John, the if has_variable was the key and allowed me to
remove the default variable definition.

If anyone is interested I posted an explanation and link to the source
here,  http://itscblog.tamu.edu/managing-zabbix-agents-with-puppet/.

Thanks
- Trey

On Jun 6, 8:38 am, jcbollinger john.bollin...@stjude.org wrote:
 On Jun 3, 11:58 am,treydocktreyd...@gmail.com wrote:

  I am getting the following error on about every other manual run of
  puppet... (hostnames removed)

  err: Could not retrieve catalog from remote server: Error 400 on
  SERVER: Failed to parse template zabbix/userparameter_mysql_conf.erb:
  Could not find value for 'zabbix_mysql_user_parameters' at /etc/puppet/
  modules/zabbix/manifests/classes/mysql.pp:7 on node
  puppetclient.domain

 If runs sometimes succeed and sometimes fail for the same node then
 you probably have a missing dependency somewhere.  If there were
 exactly one missing dependency involved then the first-order estimate
 would be that half your runs would fail.









  If I then do another puppet run, I do not receive the error.  It seems
  that just about every other manual run during testing of new module
  changes has this happen.  This is occuring on ALL my puppet clients
  that are using the zabbix::mysql module.  All systems running
  Puppet-2.6.8.  Below is the full debug log and my zabbix module.

  The $zabbix_mysql_user_parameters variable is optional...right now
  only one node has it defined explicitly, like so:

      $zabbix_mysql_user_parameters =  {
          item1 = { 'name' = 'mediawiki.usercount[*]', 'command' =
  'mysql -B -s -e SELECT count(*) FROM user $1'},
      }

  This is the mysql class for zabbix where the empty variable is defined
  so that if no node has it defined it shouldn't fail...

  $zabbix_mysql_user_parameters = []

  class zabbix::mysql inherits zabbix::agent {

      file {
          $zabbix_userparameter_config_dir/userparameter_mysql.conf:
              content = template(zabbix/
  userparameter_mysql_conf.erb),
              group   = zabbix,
              owner   = zabbix,
              mode    = 600,
              require = Package[zabbix-agent];

          $zabbix_user_home_dir/.my.cnf:
              source  = puppet:///modules/zabbix/.my.cnf,
              group   = zabbix,
              owner   = zabbix,
              mode    = 600,
              require = [ Package[zabbix-agent],
  File[$zabbix_user_home_dir] ];
      }

  }

 The variable definition is at top level in the class's file?  And
 you're relying on that to provide a default definition of the
 variable?  Ew.  Now you have dynamic scoping thrown in.  But that
 ought to be parse-order dependent, so although it could explain some
 nodes succeeding but others failing, I don't think it explains
 individual nodes flopping back and forth between success and failure.

  Here's the variables usage in the template...
  % zabbix_mysql_user_parameters.each do |key, value_hash| -%
  UserParameter=%= value_hash['name'] %,HOME=%= zabbix_user_home_dir
  % %= value_hash['command'] %
  % end -%

  Would the solution be to make the template call use this instead??

  % if has_variable?(zabbix_mysql_user_parameters) -%
  % zabbix_mysql_user_parameters.each do |key, value_hash| -%
  UserParameter=%= value_hash['name'] %,HOME=%= zabbix_user_home_dir
  % %= value_hash['command'] %
  % end -%
  % end -%

 Maybe.  Does the node that has a customized value for the variable
 ever fail?  Does it always get the userparameter_mysql.conf template
 filled correctly?  If so then yes, your template change should do the
 trick, and you could then also remove the default variable definition
 (which isn't reliably working anyway).

 Otherwise, probably not.  That solution would likely make the errors
 disappear, but it wouldn't fix the actual problem.  Chances are that
 nodes with customized $zabbix_mysql_user_parameters would flip flop.
 In that case, the solution would probably require figuring out what
 dependency is needed and putting it in.

 John

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: New Puppet report processors...

[treydock]

I don't have any lines like that no.

Could the daemon line for puppetmaster be effecting this?  Is the --
reports option necessary since my puppet.conf has that specified?

PUPPETMASTER_EXTRA_OPTS=--reports puppet_dashboard --debug

Other than that and my puppet.conf I haven't found any further
configurations I've implemented effecting use of reports

Thanks
- Trey

On Jun 8, 10:57 am, James Turnbull ja...@puppetlabs.com wrote:
 treydock wrote:
  My [master] has :

      report = true
      reports = http, store, xmpp
      pluginsync = true

  The [agent] includes:
     report = true
     listen = true
     pluginsync = true

  The second agent I tested with also has the same configuration as the
  above [agent]

  Correct, the xmpp.yaml has all that information.  What I was asking
  about the remote client not having mail.yaml is I enabled pluginsync
  on the remove client to see if the results would differ and it failed
  stating the mail.yaml was missing (locally on the client).  But if the
  repots = xmpp is only defined for [master] then should I not include
  pluginsync = true on the clients?

 So you don't have anything like the line:

 Sending status for name.of.host to XMMP user jabber.user

 in your Puppet master syslog.

 Regards

 James

 --
 James Turnbull
 Puppet Labs
 1-503-734-8571

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: New Puppet report processors...

[treydock]

That did it!  I'm now getting messages over Jabber upon failure!!

Is the debug output you refered to earlier, Sending status for
name.of.host to XMMP user jabber.user something I would see from
Puppet or the Jabber server?  I have yet to see similar output, but
the IM is now working.

Also now that I have this working I tried switching the settings in
xmpp.yaml, but am still getting messages on the account from old
settings.  Is there a cache or location I need to clear for puppet to
use the new xmpp.yaml settings?

Thanks
- Trey

On Jun 8, 3:43 pm, James Turnbull ja...@puppetlabs.com wrote:
 treydock wrote:
  I don't have any lines like that no.

  Could the daemon line for puppetmaster be effecting this?  Is the --
  reports option necessary since my puppet.conf has that specified?

  PUPPETMASTER_EXTRA_OPTS=--reports puppet_dashboard --debug

  Other than that and my puppet.conf I haven't found any further
  configurations I've implemented effecting use of reports

 Specifying --reports on the command line in PUPPETMASTER_EXTRA_OPTS I am
 pretty sure will override the puppet.conf configuration rather than add
 to it.  I'd take it out of there and put it into puppet.conf on the master.

 Regards

 James Turnbull

 --
 James Turnbull
 Puppet Labs
 1-503-734-8571

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: New Puppet report processors...

[treydock]

Scratch my last question, had to restart puppetmaster.

Thanks again for your help and these plugins

- Trey

On Jun 8, 5:01 pm, treydock treyd...@gmail.com wrote:
 That did it!  I'm now getting messages over Jabber upon failure!!

 Is the debug output you refered to earlier, Sending status for
 name.of.host to XMMP user jabber.user something I would see from
 Puppet or the Jabber server?  I have yet to see similar output, but
 the IM is now working.

 Also now that I have this working I tried switching the settings in
 xmpp.yaml, but am still getting messages on the account from old
 settings.  Is there a cache or location I need to clear for puppet to
 use the new xmpp.yaml settings?

 Thanks
 - Trey

 On Jun 8, 3:43 pm, James Turnbull ja...@puppetlabs.com wrote:







  treydock wrote:
   I don't have any lines like that no.

   Could the daemon line for puppetmaster be effecting this?  Is the --
   reports option necessary since my puppet.conf has that specified?

   PUPPETMASTER_EXTRA_OPTS=--reports puppet_dashboard --debug

   Other than that and my puppet.conf I haven't found any further
   configurations I've implemented effecting use of reports

  Specifying --reports on the command line in PUPPETMASTER_EXTRA_OPTS I am
  pretty sure will override the puppet.conf configuration rather than add
  to it.  I'd take it out of there and put it into puppet.conf on the master.

  Regards

  James Turnbull

  --
  James Turnbull
  Puppet Labs
  1-503-734-8571

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: New Puppet report processors...

[treydock]

%250Ac7thlI2Lobidi65ly718uTIW7RAiU0FLRXRZbYih1XY1jgvv%252BDrYnJS2oXfF
%250AI9coup0ikJnZ7BY%252FJoouju8X1%252BNng5nDjnU
%252F7zHecrk5bxvEO96JFWVS3uVG
%250ApdXzhgIcMqXPKZPOoXAUzxdjrYHujt3xoTR2873PGnvLs7ultDqa%252Fb45XUSl
%250AmYQz
%252BwiPcteY5atFhuDU0lYbY9KLpdgZKQvrr7%252BeGKCIqlwchajqZ9rfbuZU
%250Asv5FLByE039stnpekDIE7xUZCH2YqGCdITDNIlCPBa4aC9U8YJjnwPjUtE%252FC
%250AU%252B1qCV84VTUuqHj1fShQQk%252BiFAX%252FWf4X7FAcVf89cwN
%252Bv3SBZxkA%252FkdbqNMZ
%250AjR8f56vM6jlUNw2wa3kHZgDTU4zDeuNz3v0gkB71imnnVXPqreqsXxW1fwXx
%250AL6q%252FLx2E2LlQMX525zcFuMQk
%252FWEG1mJGuxnhL3UQWspPo4YqEUVjsarDhOmF%250AzoEjlZU2ef5WI
%252BHzolr6oiohvH7af%252BM%252BBtXHRKpEkuWkLyJZaXKt5mxLkT40%250A
%252BXdX%252Fz9R%252BVTtH6bcS7p%252Fb%252Fnq9lMP3D
%252F1wHc6Br3rdTXDeuCztiX9%252FtxaH6Tw%250AshP6hm0HQ32T9e5Tc9tXdtO7I
%252BfBNCHrxkOKokeA5cP%252BrC3jvrk%252BaWhzRgfM
%250A6numHR2ZwDf1mcnY3KHnN5h
%252BxIx2Xd5kr4tp5zobyl2YzGMOrYceF44aUb47%250AQykNikOxyw
%252FCWRtMCvsyE4qZVVLRGq8kpW3dLX%252B2FMuOUsU
%252FtPojf2d2%252BTl7%250A2pXr
%252FsMOLP52RSMpYVaVtk20kdW4ygiWQzwupe6JK9G4XaxLqAyvRNJ7qCiu%250AYr
%252FtbPSpYKz2rO1cpJ3FXZyekY%252BHWDqT0VyJ7MlIEc2k0btfTHgTvMU
%252BFMb6%250AIdns3dHkEJBcmKbl48iJWec0vuq6gW5Haz
%252Fjb9aRa9uasM1M05r6k6RrMUwy
%250AXzQaJukSg5sV0Ml1z2ynRy2oEpoMND84zfcMlzxmgWCnhj9v77dizoo2KaKd
%250A5k7jK78s8djTFpf5YTUNokUv1S6DIDkd522l0d9aS4aFo51BDuZwnT36Mo70%250Aadze6pNwhKc7MxaWEXtOznrg4%252Bstv4xGflzcZGcQnZLHtEPkxaqUtpO47UTD
%250Asz%252FenVDOG8O%252B620H2x7U0NSl%252FC%252BHcGz89Tdq1Ul%252B
%250Afacts_format=b64_zlib_yaml
[2011-06-07 02:24:19] DEBUG close: 10.1.0.1:39742


Thanks
 - Trey

On Jun 6, 11:12 pm, James Turnbull ja...@puppetlabs.com wrote:
 treydock wrote:
  The report processor was synced to /var/lib/puppet/lib/reports/ .  I
  enabled puppetmaster to run in debug mode but haven't seen anything
  mentioning reports when I run test runs.  I purposly misspelled a
  module for the puppetmaster and run puppetd --test, but no reports
  except those in puppet-dashboard.  I could be looking in the wrong
  place.  Here's the debug output of the failed puppet run...(hostname
  replaced)

 Can I get the master log please. That's where the report is triggered.

 Regards

 James

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: New Puppet report processors...

[treydock]

Excuse the dumb question, but what file is the default location or
what configuration variable defines that location?

I've noticed the bulk of puppetmaster logs go either in /var/log/
puppet/masterhttp.log (previous message) or /var/log/message (syslog
I'm assuming).  Or is there a different place I should be looking?

Thanks
- Trey

On Jun 7, 9:29 am, James Turnbull ja...@puppetlabs.com wrote:
 treydock wrote:
  This is the output from master.log during the failed puppet run.

 Sorry I meant the output from the master daemon puppetmasterd or puppet
 master.

 Thanks

 James

 --
 James Turnbull
 Puppet Labs
 1-503-734-8571

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Issue with change from absent to present failed...no such file or directory

[treydock]

Ah that did the trick...now a new error.  I tried simplifying the
module from camptocamp, https://github.com/camptocamp/puppet-dhcp, but
a lot of it's usage I don't understand, and as such my
simplification just broke it.  I've got it much farther now...near
the end of puppet run I get this error...

err: Could not run Puppet configuration client: Parameter source
failed: Could not understand source false: private method `gsub'
called for false:FalseClass at /etc/puppet/modules/common/manifests/
definitions/concatfilepart.pp:51


This is the first time to use the puppet-common, 
https://github.com/camptocamp/puppet-common,
module and that seems to be what's generating the error.  Below is the
updated config and debug output...The node I'm testing on has include
fog_server


=== manifests/init.pp ===
import classes/*.pp
import definitions/*.pp

class dhcp {
include dhcp::server
}

=== manifests/classes/server.pp  ===
class dhcp::server {
include dhcp::params

package {dhcp:
ensure = present,
}

service {dhcpd:
ensure  = running,
enable  = true,
require = Package[dhcp],
}

file {${dhcp::params::dhcp_config_dir}/subnets:
ensure  = directory,
source  = 'puppet:///dhcp/empty',
recurse = true,
purge   = true,
owner   = 'root',
group   = 'root',
mode= '755',
notify  = Service['dhcpd'],
require = Package['dhcp'],
}

common::concatfilepart {00.dhcp.server.base:
file= ${dhcp::params::dhcp_config_dir}/dhcpd.conf,
ensure  = present,
require = Package[dhcp],
notify  = Service[dhcpd],
}

file {/etc/dhcpd.conf:
content = template(dhcp/dhcpd_conf.erb),
ensure  = present,
require = Package[dhcp],
notify  = Service[dhcpd],
}

}


=== manifests/classes/params.pp ===
/*

= Class: dhcp::params
Do NOT include this class - it won't do anything.
Set variables for names and paths

*/
class dhcp::params {

case $operatingsystem {
CentOS: {
$dhcp_config_dir = $operatingsystemrelease? {
5.6 = /etc/dhcp,
}
}
}
}


===  manifests/definitions/subnet.pp ===
define dhcp::subnet (
$name=false,
$netmask=false,
$range_start=false,
$range_end=false,
$router=false,
$domain_name=false,
$dns_servers=false,
$pxe_opts=false) {

include dhcp::params

common::concatfilepart {dhcp.${name}:
file = ${dhcp::params::dhcp_config_dir}/dhcpd.conf,
ensure = $ensure,
content = include \${dhcp::params::dhcp_config_dir}/subnets/
${name}.conf\;\n,
}

file {${dhcp::params::dhcp_config_dir}/subnets/${name}.conf:
ensure  = present,
owner   = 'root',
group   = 'root',
content = template(dhcp/subnet_conf.erb),
notify  = Service[dhcpd],
}
}

=== manifests/roles.pp ===

class role_dhcp_server {
$my_role = dhcp_server

$dhcpd_domain_name = tamu.edu
$dhcpd_dns_servers = 0.0.0.0, 0.0.0.0
$dhcpd_authoritative = true
$dhcpd_ddns_update = interim
$dhcpd_opts = [ 'allow booting', 'allow bootp', 'use-host-decl-
names on', 'ignore client-updates;' ]

include dhcp

}

class fog_server {
include role_dhcp_server

dhcp::subnet { 10.1.0.1:
name= '10.1.0.1',
netmask = '255.255.255.0',
range_start = '10.1.0.10',
range_end   = '10.1.0.254',
router  = '10.1.0.1',
domain_name = 'tamu.edu',
dns_servers = 0.0.0.0, 0.0.0.0,
pxe_opts= [ 'filename pxelinux.0;' ],
}
}


Thanks
- Trey

On Jun 7, 11:14 am, Jamison Fryman jami...@puppetlabs.com wrote:
 Trey,

 It looks like the module is attempting to create a file resource in 
 /etc/subnets, versus your intended directory of $dhcp_config_dir/subnets. 
 Puppet is creating an error because the directory /etc/subnets does not 
 exist, and puppet will not automatically create the directory if it is not 
 managed. I'm not sure if this is your intended behavior after looking at your 
 code.

 Try this instead: In your custom resource block dhcp::subnet, change the file 
 resource from /etc/subnets/$name.conf to 
 ${dhcp_config_dir}/subnets/${name}.conf. This might be the behavior you're 
 looking for.

 -jamison

 --
 Jamison Fryman
 jami...@puppetlabs.com
 ph +1.615.669.2048 | twitter jfryman | gtalk: jami...@puppetlabs.com

 On Jun 7, 2011, at 8:40 AM, Trey Dockendorf wrote:







  I'm working on a DHCP module, modeled after 
  thishttps://github.com/camptocamp/puppet-dhcp.  Mine is just a much simpler 
  

[Puppet Users] Re: New Puppet report processors...

[treydock]

 I'm doing this
incorrectly here is my /etc/sysconfig/puppetmaster

PUPPETMASTER_EXTRA_OPTS=--reports puppet_dashboard --debug


Also I induced a failed puppet run on a remote client and noticed that
it failed to import the xmpp report plugins because the xmpp.yaml file
wasn't readable.  I fixed by copying the server's copy to the
client's /etc/puppet directory.  Does that file have to be pushed to
all clients?  Could that file configuration be sent to all clients
from the puppet-xmpp module or should I create another module for
that , something like plugins ?

Thanks!
- Trey

On Jun 7, 3:42 pm, James Turnbull ja...@puppetlabs.com wrote:
 treydock wrote:
  Excuse the dumb question, but what file is the default location or
  what configuration variable defines that location?

  I've noticed the bulk of puppetmaster logs go either in /var/log/
  puppet/masterhttp.log (previous message) or /var/log/message (syslog
  I'm assuming).  Or is there a different place I should be looking?

 On the Puppet master it defaults to syslog - so it'll end up in
 /var/log/messages.

 Regards

 James

 --
 James Turnbull
 Puppet Labs
 1-503-734-8571

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: New Puppet report processors...

[treydock]

My [master] has :

report = true
reports = http, store, xmpp
pluginsync = true

The [agent] includes:
   report = true
   listen = true
   pluginsync = true


The second agent I tested with also has the same configuration as the
above [agent]

Correct, the xmpp.yaml has all that information.  What I was asking
about the remote client not having mail.yaml is I enabled pluginsync
on the remove client to see if the results would differ and it failed
stating the mail.yaml was missing (locally on the client).  But if the
repots = xmpp is only defined for [master] then should I not include
pluginsync = true on the clients?


Thanks
- Trey

On Jun 7, 7:32 pm, James Turnbull ja...@puppetlabs.com wrote:
 treydock wrote:
  Ok I restarted puppetmaster daemon and then broke a module to create a
  failed puppet run on the same host as the master...and here's /var/log/
  messages from that

 Can I confirm you have:

 [master]
 report = true
 reports = xmpp

 [agent]
 report = true

 In your puppet.conf on the master and the [agent] block on the client?

 You mentioned an issue with the xmpp.yaml file?  That should have you
 Jabber jid, password, target etc and be located in /etc/puppet on the
 master - not sync'ed with the module.

 Regards

 James Turnbull

 --
 James Turnbull
 Puppet Labs
 1-503-734-8571

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: New Puppet report processors...

[treydock]

 for puppetmaster.domain
debug: Using cached certificate_revocation_list for ca
debug: file_metadata supports formats: b64_zlib_yaml marshal pson raw
yaml; using pson
debug: Finishing transaction 23786215024480
info: Loading facts in mysql
info: Loading facts in mysql
info: Loading facts in mysql
info: Loading facts in mysql
debug: catalog supports formats: b64_zlib_yaml dot marshal pson raw
yaml; using pson
err: Could not retrieve catalog from remote server: Error 400 on
SERVER: Could not find class backuppc::clien at /etc/puppet/manifests/
nodes.pp:14 on node puppetmaster.domain
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run
debug: Using cached certificate for ca
debug: Using cached certificate for puppetmaster.domain
debug: Using cached certificate_revocation_list for ca
debug: Value of 'preferred_serialization_format' (pson) is invalid for
report, using default (b64_zlib_yaml)
debug: report supports formats: b64_zlib_yaml marshal raw yaml; using
b64_zlib_yaml


Thanks
- Trey

On Jun 5, 12:02 pm, James Turnbull ja...@puppetlabs.com wrote:
 treydock wrote:
  These will be most useful!!  Thank you.

  How can I test that these are functioning?  I have setup the XMPP as
  well as modified that to send emails.  However when I purposely cause
  a puppet run to fail I do not receive either email or jabber message.

 Is the report processor xmpp.rb pluginsync'ed on your Puppet master?

 Is there any log out on the Puppet master when you run in --debug mode?

 Regards

 James Turnbull

 --
 James Turnbull
 Puppet Labs
 1-503-734-8571

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: New Puppet report processors...

[treydock]

These will be most useful!!  Thank you.

How can I test that these are functioning?  I have setup the XMPP as
well as modified that to send emails.  However when I purposely cause
a puppet run to fail I do not receive either email or jabber message.

Thanks
- Trey

On May 31, 10:09 am, James Turnbull ja...@puppetlabs.com wrote:
 Hi all

 On my TODO list for about a year now has been a tutorial on how easy it
 is to write Puppet report processors and how much more you can do with
 them than just email/log/store Puppet report data.  Rather than write a
 whole tutorial I decided to create a whole series of examples of report
 processors that should:

 a) Provide some immediate solutions that you can deploy right now, and

 b) Provide good examples of things you can do with report processing
 that you can take, fork and modify.

 All of them are released under the Apache 2.0 license.

 In that spirit I've created ten new report processors:

 1. Reports failed runs to an IRC channel 
 -https://github.com/jamtur01/puppet-irc

 2. Reports failed runs and logs to PagerDuty 
 -https://github.com/jamtur01/puppet-pagerduty

 3. Reports failed runs to Jabber/XMPP -https://github.com/jamtur01/puppet-xmpp

 4. Reports failed runs to Twitter -https://github.com/jamtur01/puppet-twitter

 5. Reports failed runs and logs to Campfire 
 -https://github.com/jamtur01/puppet-campfire

 6. Reports failed runs to Twilio -https://github.com/jamtur01/puppet-twilio

 7. Reports failed runs to Boxcar -https://github.com/jamtur01/puppet-boxcar

 8. Reports failed runs to HipChat -https://github.com/jamtur01/puppet-hipchat

 9. Sends metrics to a Ganglia server via gmetric 
 -https://github.com/jamtur01/puppet-ganglia

 10. Reports failed runs to Growl -https://github.com/jamtur01/puppet-growl

 Comments, feedback, testing and ideas for other integrations all welcomed.

 Regards

 James

 --
 James Turnbull
 Puppet Labs
 1-503-734-8571

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Module variables missing during some puppet runs

[treydock]

I am getting the following error on about every other manual run of
puppet... (hostnames removed)


err: Could not retrieve catalog from remote server: Error 400 on
SERVER: Failed to parse template zabbix/userparameter_mysql_conf.erb:
Could not find value for 'zabbix_mysql_user_parameters' at /etc/puppet/
modules/zabbix/manifests/classes/mysql.pp:7 on node
puppetclient.domain

If I then do another puppet run, I do not receive the error.  It seems
that just about every other manual run during testing of new module
changes has this happen.  This is occuring on ALL my puppet clients
that are using the zabbix::mysql module.  All systems running
Puppet-2.6.8.  Below is the full debug log and my zabbix module.

The $zabbix_mysql_user_parameters variable is optional...right now
only one node has it defined explicitly, like so:

$zabbix_mysql_user_parameters =  {
item1 = { 'name' = 'mediawiki.usercount[*]', 'command' =
'mysql -B -s -e SELECT count(*) FROM user $1'},
}

This is the mysql class for zabbix where the empty variable is defined
so that if no node has it defined it shouldn't fail...


$zabbix_mysql_user_parameters = []

class zabbix::mysql inherits zabbix::agent {

file {
$zabbix_userparameter_config_dir/userparameter_mysql.conf:
content = template(zabbix/
userparameter_mysql_conf.erb),
group   = zabbix,
owner   = zabbix,
mode= 600,
require = Package[zabbix-agent];

$zabbix_user_home_dir/.my.cnf:
source  = puppet:///modules/zabbix/.my.cnf,
group   = zabbix,
owner   = zabbix,
mode= 600,
require = [ Package[zabbix-agent],
File[$zabbix_user_home_dir] ];
}

}


Here's the variables usage in the template...
% zabbix_mysql_user_parameters.each do |key, value_hash| -%
UserParameter=%= value_hash['name'] %,HOME=%= zabbix_user_home_dir
% %= value_hash['command'] %
% end -%


Would the solution be to make the template call use this instead??

% if has_variable?(zabbix_mysql_user_parameters) -%
% zabbix_mysql_user_parameters.each do |key, value_hash| -%
UserParameter=%= value_hash['name'] %,HOME=%= zabbix_user_home_dir
% %= value_hash['command'] %
% end -%
% end -%

Thanks!

- Trey

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Server side filebucket issue

[treydock]

Wow I can't believe that's all that was keeping me from having my
filebucket work in the same manner described by LawrleC.

The primary reason I want to use filebucket is to view changes in
Puppet-dashboard.  Now that my filebucket works I only have 1/2 the
files viewable in puppet-dashboard.

In dashboard the original shows up when I click the MD5 sum, however
the new version gives me We're sorry, but something went wrong.
We've been notified about this issue and we'll take a look at it
shortly.  which I'm guessing is because the file doesn't exist.  I
looked in the actual filebucket, and only the original exists.  Is
there a way to enable Puppet-dashboard or Puppet to also show the new
version of a file?

Thanks
- Trey

On Jun 3, 9:05 am, Peter Meier peter.me...@immerda.ch wrote:
  filebucket { puppet:
          server = puppetmaster-cbr.it.csiro.au
  }

 you need to add path = false, as you're hitting a long outstanding bug. [1]

 ~pete

 [1]http://projects.puppetlabs.com/issues/5362

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Cross-module dependencies

[treydock]

I don't have that directory.  However I came across this module
https://github.com/camptocamp/puppet-sudo which among many things
enlightened me to the new feature in sudo-1.7.2+ of using includedir
and /etc/sudoers.d that you mentioned.  Everything I am using is
defined there except now my backuppc_client module has this...

sudo::directive { backuppc:
ensure  = present,
source  = puppet:///modules/backuppc_client/
backuppc_sudocmd,
}

The backuppc_sudocmd file contains the sudo lines.

Thanks!
- Trey

On May 24, 11:00 pm, Patrick kc7...@gmail.com wrote:
 On May 24, 2011, at 7:58 PM, treydock wrote:









  I have a similar problem I can't seem to solve...here's what I'm
  trying to do.

  I have two modules, backuppc_client and sudo.  Right now I have a node
  variable that I assign to each node that is used in the sudo module's
  template to add the necessary entry.  For example

  ---manifests/node.pp
  node 'client1' {
         $backuppc_sudocmd = backupuser ALL=NOPASSWD: /usr/bin/rsync

         include baseclass
         include backuppc_client::base
  }

  ---modules/sudo/templates/sudoers.erb has...

  % if has_variable?(backuppc_sudocmd) then %
  %= backuppc_sudocmd %
  % end %

  Is there a way for the sudo module to find out or be aware if a client
  has the include backuppc_client in their definition?  Basically I'd
  like the backuppc_client module's to alter the contents of sudoers
  file which I can't imagine how to do as sudoers is defined by the sudo
  module which is part of baseclass and applied to all systems.

 First, do you have a /etc/sudoers.d/ directory?  That would make things 
 much easier.  

 If not, you might want to look into puppet_concat which allows you to build 
 fragments that can be templated to build your file.

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Puppetmaster leaving files open with too many files open error

[treydock]

I don't know how helpful this would be but for now I think I found a
workaround of sorts for my small environment.

I commented out the following in my puppet.conf...

facts_terminus = inventory_active_record
dbadapter = mysql
dbname = puppet_inv
dbuser = puppet_inv
dbpassword = cabb0ac9ed925867f93587ccfb147ebf15dec8a3
dbserver = localhost
dbsocket = /var/lib/mysql/mysql.sock

I got rid of all that and after 2 days of puppetmaster running I only
see a few entries when doing lsof | grep puppetmas rather than 100s.

I'm also not doing stored configs but I think those lines above were
still the problem as it was puppet interfacing with MySQL.

What potential benefit would be lost from not using MySQL for
facts_terminus ?

- Trey

On May 24, 7:17 pm, Todd Zullinger t...@pobox.com wrote:
 Nathan Clemons wrote:
 http://projects.puppetlabs.com/issues/3238is the issue I was
  thinking of, but 3693 is probably a duplicate of that.

  These bugs have been open a really long time. Outside of lowering
  the MySQL timeout value, are there any workarounds for this problem?
  I can't really understand how Zynga can be managing as many hosts
  via Puppet as they do without being affected by a bug like this,
  unless they're not using stored configs (which would surprise me).

 Sadly, I don't know of any decent workarounds. I ended up rolling a
 rails-2.3.5 for EL-5 in the production instances I wanted to use
 storedconfigs.  I would love to see a workaround or a patch for either
 the activerecord or puppet packages.  I know that either way this can
 be fixed will get into EPEL shortly, as it's a very annoying bug that
 was introduced with the update from 0.24 to 0.25.

 --
 Todd        OpenPGP - KeyID: 0xBEAF0CE3 | URL:www.pobox.com/~tmz/pgp
 ~~
 I figure that if God actually does exist, He's big enough to
 understand an honest difference of opinion.
     -- Isaac Asimov

  application_pgp-signature_part
  1KViewDownload

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Cross-module dependencies

[treydock]

I have a similar problem I can't seem to solve...here's what I'm
trying to do.

I have two modules, backuppc_client and sudo.  Right now I have a node
variable that I assign to each node that is used in the sudo module's
template to add the necessary entry.  For example

---manifests/node.pp
node 'client1' {
$backuppc_sudocmd = backupuser ALL=NOPASSWD: /usr/bin/rsync

include baseclass
include backuppc_client::base
}

---modules/sudo/templates/sudoers.erb has...

% if has_variable?(backuppc_sudocmd) then %
%= backuppc_sudocmd %
% end %


Is there a way for the sudo module to find out or be aware if a client
has the include backuppc_client in their definition?  Basically I'd
like the backuppc_client module's to alter the contents of sudoers
file which I can't imagine how to do as sudoers is defined by the sudo
module which is part of baseclass and applied to all systems.

Thanks
- Trey

On May 23, 10:11 am, Nigel Kersten ni...@puppetlabs.com wrote:
 On Sun, May 22, 2011 at 11:06 PM, Matthew Macdonald-Wallace 

 li...@truthisfreedom.org.uk wrote:
  Hi all,

  I've got modules for NGINX and PHP-FPM which are working fine, the issue
  I'm running into is that quite often NGinx will start before php-fpm is
  even installed.

  I'm wondering if there's a way in the nginx module to Require the
  PHP-FPM service is started as a dependency of the nginx service,
  something like the following:

 There's also the 'require' function which does an include and sets up Class
 - Class relationships.











  class nginx {

         service { 'nginx':
                 require = Service['php-fpm::php-fpm'],
                 running = true;
         }
  }

  Is this possible in puppet 0.25 on CentOS?

  Thanks in advance,

  Matt

  --
  You received this message because you are subscribed to the Google Groups
  Puppet Users group.
  To post to this group, send email to puppet-users@googlegroups.com.
  To unsubscribe from this group, send email to
  puppet-users+unsubscr...@googlegroups.com.
  For more options, visit this group at
 http://groups.google.com/group/puppet-users?hl=en.

 --
 Nigel Kersten
 Product, Puppet Labs
 @nigelkersten

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Puppetmaster leaving files open with too many files open error

[treydock]

What is the current issue number?  The only one I could find that
mentions the same problem is this , http://projects.puppetlabs.com/issues/7203.

Would any changes to my current puppet.conf (see below) make this
problem no longer an issue?  I'm not suing storeconfig, and not really
sure if I need to be doing anything as far as saving the inventory
information.  My setup is very basic, but right now can't run for more
than 2 or 3 days without having to restart the puppetmaster service.

[master]
certname=puppetmaster
reports = http, store

# Configure Inventory Service
facts_terminus = inventory_active_record
dbadapter = mysql
dbname = puppet_inv
dbuser = puppet_inv
dbpassword = cabb0ac9ed925867f93587ccfb147ebf15dec8a3
dbserver = localhost
dbsocket = /var/lib/mysql/mysql.sock


Thanks
- Trey

On May 21, 6:08 am, Nathan Clemons nat...@livemocha.com wrote:
 I'm pretty sure there is an open bug on this, I was looking around on this
 the other day. It's related to using stored configs and Puppet/ruby not
 closing the connections to the database servers.

 --
 Nathan Clemonshttp://www.livemocha.com
 The worlds largest online language learning community







 On Fri, May 20, 2011 at 10:01 PM, treydock treyd...@gmail.com wrote:
  Every few days I have to restart the puppetmaster process due to this
  error

  Could not read YAML data for node  Too many open files.

  I have 9 clients being controlled by Puppet and each one of those will
  generate the same error once this happens.  Running 'lsof' during this
  time shows me 100's of entries like this

  puppetmas 10443           puppet   14u     unix
  0x810014c7e180            17057251 socket.

  The only way to remedy this is by restarting the puppetmaster
  process.  Once I restart the puppet master process it seems that a new
  lsof entry is created and stays present for every client check.

  All clients and puppetmaster are running 2.6.8 on CentOS 5.6 x64.  Any
  ideas?  If more output and debug info is needed please let me know.
  Also if switching to a mysql data store could get rid of this then
  that would work as I was planning on it eventually.

  Thanks
  - Trey

  --
  You received this message because you are subscribed to the Google Groups
  Puppet Users group.
  To post to this group, send email to puppet-users@googlegroups.com.
  To unsubscribe from this group, send email to
  puppet-users+unsubscr...@googlegroups.com.
  For more options, visit this group at
 http://groups.google.com/group/puppet-users?hl=en.

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Puppetmaster leaving files open with too many files open error

[treydock]

Every few days I have to restart the puppetmaster process due to this
error

Could not read YAML data for node  Too many open files.

I have 9 clients being controlled by Puppet and each one of those will
generate the same error once this happens.  Running 'lsof' during this
time shows me 100's of entries like this

puppetmas 10443   puppet   14u unix
0x810014c7e18017057251 socket.

The only way to remedy this is by restarting the puppetmaster
process.  Once I restart the puppet master process it seems that a new
lsof entry is created and stays present for every client check.

All clients and puppetmaster are running 2.6.8 on CentOS 5.6 x64.  Any
ideas?  If more output and debug info is needed please let me know.
Also if switching to a mysql data store could get rid of this then
that would work as I was planning on it eventually.

Thanks
- Trey

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Puppet Master System Requirements

[treydock]

I'm on the extremely small scale end from what has been previously
described, but this could prove useful to those who want to manage a
small number of hosts and are curious how little they need to run
Puppet.  I've just begun using Puppet, and so only have 10 hosts right
now, but here's what I'm running...

CentOS 5.6 x64 VMware ESXi virtual machine
- 512MB RAM
- 1 x 2.33GHz CPU
- Paravirtual

Roles are...
- Puppetmaster
- puppet-dashboard w/ mysql  apache + passanger
- local yum repo over http
- OSSEC server.

- Trey

According to zabbix my system averages about .20 CPU load over 15
minute average.  I occassionally peak 1.0 but that's typically when
I'm running puppet manually very rapidly during testing.  Memory usage
is about 70% on average.

On May 11, 12:41 am, Matthew Marlowe m...@deploylinux.net wrote:
 Keep in mind that there are many ways to run puppet.

 We manage ~100 nodes with just a single puppet master running within a gentoo
 VM w/ only single cpu core and 2GB ram.  Catalog compile times average under
 0.6 seconds.   This is also w/ web brick.  The puppet master VM also serves as
 a master nfs server and  gentoo build server.

 Thats a lot of stuff on a single small VM, but it works perfectly for us
 because:
 a) our default puppet run interval is 4hrs (if something goes wrong w/ one of
 our manifests or the server, we'll probably notice it and stop it before too
 many servers get updated - for our purposes, we don't see any benefit to using
 an interval less than 4hrs.  4hrs is certainly sufficient for most common
 security updates and we also do not want to have normal updates impacting
 production performance during peak business hours - so 25% of servers updating
 every hour is perfect for us. ).
 b) Many of our servers, mostly the gentoo ones, only execute puppet when
 puppetrun is invoked either manually by systems administrators for the
 specific nodes they are reconfiguring or automatically as part of a nightly
 update systems maintenance cron job).

 Basically, puppet is extremely flexible w/ hardware, and it is likely your own
 preferences and production requirements will dictate the hardware needed
 rather than puppet itself.

 On Tuesday, May 10, 2011 06:04:22 am Panaman wrote:

  I've been messing around with Puppet on a VM on my personal desktop.
  It looks descent. I was wondering what kind of load this thing would
  have managing about 400 nodes.
  Does this thing require a beefy server?

 Matt
 --
 Matthew Marlowe    /  858-400-7430  /    DeployLinux Consulting, Inc
   Professional Linux Hosting and Systems Administration Services
              www.deploylinux.net  *   m...@deploylinux.net
                              'MattM' @ irc.freenode.net

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Cannot dry run puppet on the puppetmaster

[treydock]

For some reason I am unable to run dry runs of the puppet client on
my puppetmaster server.  Running puppetd with the --test, --noop and
verbose / debug flags results in nothing for about a minute or two
then this output...

$ time puppetd --test --noop -v
err: Could not retrieve catalog from remote server: execution expired
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run
err: Could not run Puppet configuration client: execution expired

real4m2.971s
user0m0.803s
sys 0m2.115s


There's nothing else in the logs besides that output.  Not really sure
how to debug this.  All my other puppet clients function just fine.

Thanks
- Trey

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Cannot dry run puppet on the puppetmaster

[treydock]

Here's the output using debug option.

$ puppetd --debug -v --test --noop
debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/
dscl does not exist
debug: Failed to load library 'ldap' for feature 'ldap'
debug: Puppet::Type::User::ProviderLdap: feature ldap is missing
debug: Puppet::Type::User::ProviderUser_role_add: file rolemod does
not exist
debug: Puppet::Type::User::ProviderPw: file pw does not exist
debug: Puppet::Type::File::ProviderMicrosoft_windows: feature
microsoft_windows is missing
debug: /File[/var/lib/puppet/ssl/private_keys]: Autorequiring File[/
var/lib/puppet/ssl]
debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/
puppet]
debug: /File[/var/lib/puppet/ssl]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/state/last_run_summary.yaml]:
Autorequiring File[/var/lib/puppet/state]
debug: /File[/var/lib/puppet/classes.txt]: Autorequiring File[/var/lib/
puppet]
debug: /File[/var/lib/puppet/ssl/crl.pem]: Autorequiring File[/var/lib/
puppet/ssl]
debug: /File[/var/lib/puppet/facts]: Autorequiring File[/var/lib/
puppet]
debug: /File[/var/lib/puppet/ssl/public_keys]: Autorequiring File[/var/
lib/puppet/ssl]
debug: /File[/var/lib/puppet/ssl/certs]: Autorequiring File[/var/lib/
puppet/ssl]
debug: /File[/var/lib/puppet/client_yaml]: Autorequiring File[/var/lib/
puppet]
debug: /File[/var/lib/puppet/state/state.yaml]: Autorequiring File[/
var/lib/puppet/state]
debug: /File[/var/lib/puppet/client_data]: Autorequiring File[/var/lib/
puppet]
debug: /File[/var/lib/puppet/ssl/certs/ca.pem]: Autorequiring File[/
var/lib/puppet/ssl/certs]
debug: /File[/var/lib/puppet/ssl/certs/host.pem]: Autorequiring File[/
var/lib/puppet/ssl/certs]
debug: /File[/var/lib/puppet/ssl/public_keys/host.pem]: Autorequiring
File[/var/lib/puppet/ssl/public_keys]
debug: /File[/var/lib/puppet/ssl/private_keys/host.pem]: Autorequiring
File[/var/lib/puppet/ssl/private_keys]
debug: /File[/var/run/puppet/agent.pid]: Autorequiring File[/var/run/
puppet]
debug: /File[/etc/puppet/puppet.conf]: Autorequiring File[/etc/puppet]
debug: /File[/var/lib/puppet/state/last_run_report.yaml]:
Autorequiring File[/var/lib/puppet/state]
debug: /File[/var/lib/puppet/state/graphs]: Autorequiring File[/var/
lib/puppet/state]
debug: /File[/var/lib/puppet/ssl/private]: Autorequiring File[/var/lib/
puppet/ssl]
debug: /File[/var/lib/puppet/clientbucket]: Autorequiring File[/var/
lib/puppet]
debug: /File[/var/lib/puppet/ssl/certificate_requests]: Autorequiring
File[/var/lib/puppet/ssl]
debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet]
debug: Finishing transaction 23490701527140
debug: /File[/var/lib/puppet/ssl/private_keys/host.pem]: Autorequiring
File[/var/lib/puppet/ssl/private_keys]
debug: /File[/var/lib/puppet/ssl/certificate_requests]: Autorequiring
File[/var/lib/puppet/ssl]
debug: /File[/var/lib/puppet/ssl/certs/ca.pem]: Autorequiring File[/
var/lib/puppet/ssl/certs]
debug: /File[/var/lib/puppet/ssl/certs/host.pem]: Autorequiring File[/
var/lib/puppet/ssl/certs]
debug: /File[/var/lib/puppet/ssl/public_keys/host.pem]: Autorequiring
File[/var/lib/puppet/ssl/public_keys]
debug: /File[/var/lib/puppet/facts]: Autorequiring File[/var/lib/
puppet]
debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/ssl/crl.pem]: Autorequiring File[/var/lib/
puppet/ssl]
debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/
puppet]
debug: /File[/var/lib/puppet/ssl/private]: Autorequiring File[/var/lib/
puppet/ssl]
debug: /File[/var/lib/puppet/ssl]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/ssl/private_keys]: Autorequiring File[/
var/lib/puppet/ssl]
debug: /File[/var/lib/puppet/ssl/certs]: Autorequiring File[/var/lib/
puppet/ssl]
debug: /File[/var/lib/puppet/ssl/public_keys]: Autorequiring File[/var/
lib/puppet/ssl]
debug: Finishing transaction 23490701689280
debug: Using cached certificate for ca
debug: Using cached certificate for host
debug: Finishing transaction 23490701176540
debug: Loaded state in 0.00 seconds
debug: Using cached certificate for ca
debug: Using cached certificate for host
debug: Using cached certificate_revocation_list for ca
debug: catalog supports formats: b64_zlib_yaml dot marshal pson raw
yaml; using pson
err: Could not retrieve catalog from remote server: execution expired
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run
debug: Using cached certificate for ca
debug: Using cached certificate for itscantitheft.tamu.edu
debug: Using cached certificate_revocation_list for ca
debug: Value of 'preferred_serialization_format' (pson) is invalid for
report, using default (b64_zlib_yaml)
debug: report supports formats: b64_zlib_yaml marshal raw yaml; using
b64_zlib_yaml
err: Could not run Puppet configuration client: execution expired


Thanks
- Trey

On May 7, 7:35 pm, Patrick kc7...@gmail.com wrote:
 On May 7, 2011, at 12:13 AM,treydockwrote:









  For some reason I am unable 

[Puppet Users] Re: Disabling optional services

[treydock]

I ran into this same challenge just a few days ago.  I run mostly
CentOS and syslogd is installed by default, but I prefer to run
rsyslog.  Here's a post, 
http://itscblog.tamu.edu/managing-syslog-and-log-forwarding-with-puppet/
,I just did on my blog that has the recipes I used for syslog
management.  Hope that helps

- Trey

On May 5, 2:18 pm, Chris Phillips ch...@untrepid.com wrote:
 Howdy,

 Can someone enlighten me as to how I can disable a service *IF* it is
 installed? I want to ensure rsyslog is installed and running, which requires
 syslogd to not be running, but the only way I can see to enforce this in
 Puppet is to remove the sysklogd package, which I'd rather not do, I'd
 rather just disable the service if it's there, but can't see how.

 Pointers appreciated

 Thanks

 Chris

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Puppet-dashboard not linking to filebucket or diffs

[treydock]

In my puppet-dashboard when a change is made to files and it shows the
MD5 sums I am never presented a link to view the file or any diffs of
those files.  I assume that the text between '[' and ']' is supposed
to be the link but it's just plain text.  This is when viewing
individual reports in Puppet-dashboard.  I can expand the line under
Events where that change is recorded.

Here's an example...

notice  content changed '{md5}7a8ec7feb2846a2cffd246b67d3d7842' to
'{md5}a6175c11d9055942d7970258422b7cdd' /Stage[main]/Sudo/File[/etc/
sudoers]/content/etc/puppet/modules/sudo/manifests/init.pp  12
2011-05-03 10:29 CDT

Nothing in the report is a linked field to allow me to few either
filebucket contents or a diff.  I do not know where to begin in
troubleshooting this as I am seeing absolutely no errors in any log
files.  I'm running puppet, and puppetmaster 2.6.8 and dashboard
1.1.0.  The dashboard is hosted on an Apache server using Passenger.
If there are some debugging or troubleshooting steps that may help
narrow this down please let me know.

Thanks
- Trey

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Can puppet client make immediate pull after a file's content change by user?

[treydock]

It's not ideal but this could very easily be achieved by with Zabbix.
With Zabbix you can have a check, running for example every 30
seconds, that runs a checksum on a specific file.  Then a trigger that
is activated if the last known checksum varies from the current
checksum, here's an example from one of the default templates,
{Template - Linux Servers:vfs.file.cksum[/etc/passwd].diff(0)}0.
Then create an action for that trigger.  Actions can initiate remote
commands, which you specify to be a manual run of puppet.  This can
get extremely resource intensive, and really isn't ideal.

In my environment I personally don't use Zabbix for this but rather
OSSEC to get email notifications upon changes of key files.

- Trey

On Apr 7, 1:10 am, John Chris Richards john.chris.richa...@gmail.com
wrote:
 Hi Nan

 First of all thanks for your answer

  Are you trying to trigger a puppet run when a particular file changes?

 Yes, this is what I exactly want to do. For example, if a user changes
 /etc/hosts file (via vim for instance), it will be corrupted until the next
 run. What if I don't want to wait until the next run?

 Thanks again.

 2011/4/7 Nan Liu n...@puppetlabs.com







  On Wed, Apr 6, 2011 at 2:50 PM, John Chris Richards
  john.chris.richa...@gmail.com wrote:
   Hi all

   Firstly, I am new in configuration management and all I know about
   watching files is that client checks a file's check sum every t hour
   and if a change has occurred then it gets the file from the server.

   I wonder that if a user changes a file, does the puppet client wait
   end of the time (t) or is there way to say client if a change occurs
   in a specific file then make an immediate pull? I mean, I don't want
   to wait until the time is up. Is there a way to make this in puppet?

  Puppet agent runs periodically to enforce the catalog, it can replace
  the file if it detects any changes, but it doesn't monitor the file to
  trigger runs. I suppose you can run puppet continuously (not
  recommended), but perhaps if you give some insight on what you are
  trying to accomplish would give us a better idea how to achieve it
  with puppet. Are you trying to trigger a puppet run when a particular
  file changes? Are you trying to monitor several files?

  Thanks,

  Nan

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.