Re: [Puppet Users] Duplicate declaration

2018-09-07 Thread 'Dan White' via Puppet Users 
Separate the client base directory resource from the application directory 
resource. 

When declaring each application directory, add a “require” parameter with a 
value of the client base directory. 

"Sometimes I think the surest sign that intelligent life exists elsewhere in 
the universe is that none of it has tried to contact us."
Bill Waterson (Calvin & Hobbes)

> On Sep 7, 2018, at 5:05 PM, Ugo Bellavance  wrote:
> 
> Hi,
> 
> I have made a module, a long time ago, that allows me to create directories 
> and httpd config files.
> 
> My pattern is /var/www/dev/$devuser/$clientname/$appname/
> 
> It worked perfectly until I ended up having more than one $appname for the 
> same $clientname. Here's the error message I get:
> 
> Error: Could not retrieve catalog from remote server: Error 400 on SERVER: 
> Duplicate declaration: File[/var/www/dev/user1/client1] is already declared 
> in file /etc/puppet/modules/atqapache/manifests/vhost.pp:146; cannot 
> redeclare at /etc/puppet/modules/myapache/manifests/vhost.pp:146 on node 
> server1.example.com
> 
> The directive responsible for the creation of the folder is this one:
> 
> file { [ "$client_base", ]:
>   ensure  => 'directory',
>   owner   => "$owner",
>   group   => "$group",
>   mode=> 0744,
> }
> 
> This line defines the variable: 
> 
> $vhost_base = 
> "${atqapache::params::home}/$envstage/$client-${application}"
> 
> Here's my declaration:
> 
>   atqapache::vhost { 'client1-user1app1dev1' :
> client => 'client1',
> envstage   => 'dev',
> application=> 'app1',
> devuser=> 'user1',
>   }
> 
>   atqapache::vhost { 'client1-user1app2dev11' :
> client => 'clien1',
> envstage   => 'dev',
> application=> 'app2',
> devuser=> 'user1',
>   }
> 
> Does anyone know how I could modify my code so that I can have more than one 
> app per client?
> 
> Thanks,
> 
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/puppet-users/6a2b9af3-0fb9-4c38-b0a1-7245b2762d38%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/4F07EDE9-211A-4D02-855D-4FDE3E731732%40icloud.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Set default param value based on another param

2018-10-07 Thread 'Dan White' via Puppet Users 
I like Henrik’s solution better than mine.
I have been dealing with old versions of Puppet for too long.

> On Oct 7, 2018, at 9:47 PM, Jody Des Roches  wrote:
> 
> Thank you Dan and Henrik for taking the time to help.  
> Henrik, your solution is what I am using in concert with common.yaml to add a 
> default to the base_dir value.
> 
> Mahalo!
> -Jody
> 
>> On Sun, Oct 7, 2018 at 5:35 AM Henrik Lindberg  
>> wrote:
>> If you are on a reasonably modern Puppet version you should do it like this:
>> 
>> class myclass(
>>String $base_dir,
>>Optional[String] $conf_dir = "${base_dir}/conf"
>> ) {
>> }
>> 
>> I tested it as well:
>> 
>>class myclass(
>>  String $base_dir,
>>  Optional[String] $conf_dir = "${base_dir}/conf"
>>) {
>>  notice "base_dir = ${base_dir}, conf_dir = ${conf_dir}"
>>}
>>class { myclass: base_dir => 'yay' }
>> 
>> With the result:
>> 
>>Notice: Scope(Class[Myclass]): base_dir = yay, conf_dir = yay/conf
>> 
>> And when executed like this:
>> 
>>class myclass(
>>  String $base_dir,
>>  Optional[String] $conf_dir = "${base_dir}/conf"
>>) {
>>  notice "base_dir = ${base_dir}, conf_dir = ${conf_dir}"
>>}
>>class { myclass: base_dir => 'yay', conf_dir => 'not yay' }
>> 
>> The result is:
>> 
>>Notice: Scope(Class[Myclass]): base_dir = yay, conf_dir = not_yay
>> 
>> Which I think is what you wanted.
>> 
>> If the logic you need for coming up with a default value is complex, it 
>> can be written as a function to which you present the input as 
>> arguments. The above could have been written:
>> 
>> function mymodule::conf_default(String $base) { "${base}/conf" }
>> class myclass(
>>String $base_dir,
>>Optional[String] $conf_dir = mymodule::conf_default($base_dir)
>> ) {
>> }
>> 
>> Which for the case you showed is total overkill, but good to know if
>> you need something more complex in another place in your code.
>> 
>> Hope this helps.
>> Best,
>> - henrik
>> 
>> 
>> 
>> > On 2018-10-06 18:15, 'Dan White' via Puppet Users wrote: > You need to do 
>> > like this:
>> > 
>> > class myClass (
>> > String $base_dir,
>> > Optional[String] $conf_dir,
>> > ) {
>> >  if $myClass::conf_dir == undef {
>> >$myClass::actual_conf_dir = "$myClass::base_dir/conf”
>> >  } else {
>> >  $myClass::actual_conf_dir = $myClass::conf_dir
>> >  }
>> > 
>> >  … and then use $myClass::actual_conf_dir in the template
>> > }
>> > 
>> >> On Oct 3, 2018, at 12:41 PM, Jody Des Roches  wrote:
>> >>
>> >> I'd like to set default values for parameters that will be passed to epp 
>> >> templates.  However, the default value is based on another parameter.  I 
>> >> understand that variables are immutable but this is a parameter that 
>> >> shouldn't be touched unless it wasn't set.
>> >>
>> >> Here is an example construct with a few of my syntax attempts.
>> >>
>> >> class myClass (
>> >> String $base_dir,
>> >> Optional[String] $conf_dir,
>> >> ) {
>> >> #Attempt 1: Failed
>> >> if $myClass::conf_dir == undef { $myClass::conf_dir = 
>> >> "$myClass::base_dir/conf" }
>> >>
>> >> #Attempt 2: Failed
>> >> if !$myClass::conf_dir { $myClass::conf_dir = "$myClass::base_dir/conf" }
>> >>
>> >> #Attempt 3: Failed
>> >> unless $myClass::conf_dir { $myClass::conf_dir = 
>> >> "$myClass::base_dir/conf" }
>> >> }
>> >>
>> >> -- 
>> >> You received this message because you are subscribed to the Google Groups 
>> >> "Puppet Users" group.
>> >> To unsubscribe from this group and stop receiving emails from it, send an 
>> >> email to puppet-users+unsubscr...@googlegroups.com.
>> >> To view this discussion on the web visit 
>> >> https://groups.google.com/d/msgid/puppet-users/8e2db8c1-7353-4360-adc5-00713e1c0214%40googlegroups.com.
>> >> For more options, visit https://groups.google.com/d/optout.
>> > 
>> 
>> 
>> -- 
>> 
>> Visit my Blog "Puppet on the Edge"
>

Re: [Puppet Users] Checking if a directory is a mount point

2018-11-06 Thread 'Dan White' via Puppet Users 
Try
$fact[‘mountpoints’]


> On Nov 6, 2018, at 6:06 PM, pbisbal via Puppet Users 
>  wrote:
> 
> I want to check to see of a directory is a mount point for a separate 
> partition. For example, I'd like to check to see if /tmp is a separate 
> partition or is just part of the root partition on a Linux system. What is 
> the best way to do this. I thought I could use the in operator to see if 
> '/tmp' exists in $fact['partitions']['mount'], but that doesn't seem to work. 
> For example, I tried this code, where /boot is definitely a separate 
> partition, but /tmp is not: 
> 
> class mount_points {
>   if '/tmp' in $facts['partitions']['mount'] {
> notify { '/tmp is a separate partition': }
>   }
>   else {
> notify { '/tmp is NOT a separate partition': }
>   }
>   if "/boot" in $facts['partitions']['mount'] {
> notify { '/boot is a separate partition': }
>   }
>   else {
> notify { '/boot is NOT a separate partition': }
>   }
> }
> 
> Unfortunately, when I run this, puppet says both directories are NOT separate 
> partitions. Is there something wrong with this syntax, or is this approach 
> entirely wrong? 
> 
> Prentice
> 
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/puppet-users/6d292a30-1ed0-4d60-93c8-80c65949c765%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/4D2DD1DA-6019-4B72-B093-0483D4B51440%40icloud.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Set default param value based on another param

2018-10-06 Thread 'Dan White' via Puppet Users 
You need to do like this:

class myClass (
String $base_dir,
Optional[String] $conf_dir,
) {
if $myClass::conf_dir == undef {
  $myClass::actual_conf_dir = "$myClass::base_dir/conf” 
} else {
$myClass::actual_conf_dir = $myClass::conf_dir
}

… and then use $myClass::actual_conf_dir in the template
}

> On Oct 3, 2018, at 12:41 PM, Jody Des Roches  wrote:
> 
> I'd like to set default values for parameters that will be passed to epp 
> templates.  However, the default value is based on another parameter.  I 
> understand that variables are immutable but this is a parameter that 
> shouldn't be touched unless it wasn't set.
> 
> Here is an example construct with a few of my syntax attempts.
> 
> class myClass (
> String $base_dir,
> Optional[String] $conf_dir,
> ) {
> #Attempt 1: Failed
> if $myClass::conf_dir == undef { $myClass::conf_dir = 
> "$myClass::base_dir/conf" }
> 
> #Attempt 2: Failed
> if !$myClass::conf_dir { $myClass::conf_dir = "$myClass::base_dir/conf" }
> 
> #Attempt 3: Failed
> unless $myClass::conf_dir { $myClass::conf_dir = "$myClass::base_dir/conf" }
> }
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/puppet-users/8e2db8c1-7353-4360-adc5-00713e1c0214%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/15795E9D-F2CE-4AE1-91B8-9BD3E78CDD3A%40icloud.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Hiera and precedence

2019-01-17 Thread 'Dan White' via Puppet Users 
I think you have it bass-ackwards 
https://puppet.com/docs/puppet/5.0/hiera_hierarchy.html

"Sometimes I think the surest sign that intelligent life exists elsewhere in 
the universe is that none of it has tried to contact us."
Bill Waterson (Calvin & Hobbes)

> On Jan 17, 2019, at 12:40 PM, Peter Berghold  wrote:
> 
> I'm having a revertment to my noob days with respect to how hiera works.  
> (Version 3 for now) 
> 
> If I have the hierarchy of 
> 
> - common
> - nodes/"%{fqdn}"
> - datacenter/"%{fdatacenter}"
> 
> if in common.yaml I have "module::parms::server: server1" and in 
> nodes/myclient.yaml I have "module::parms::server: server2" and in 
> datacenter/NYCA.yaml (and the host presents NYCA as its datacenter) I have 
> "module::parms::server: server3" which value will be presented for host 
> myclient? 
> 
> I could have sworn I read the lower down the list of hierarchy a value was it 
> would override the one above it. I just read this morning that hiera stops at 
> the first value it finds which is a bit of a problem for what I'm trying to 
> accomplish.
> 
> 
> 
> -- 
> 
> Peter L. Berghold   salty.cowd...@gmail.com
> http://science-fiction.berghold.net
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/puppet-users/CAArvnv0%2BApOXSmMJfTVOpLAH4%2Bx7uZ5dSa84mibO_%2BDr2yMD%2BQ%40mail.gmail.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/417DD705-5A11-433D-B11F-63203A264EF6%40icloud.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] LDAP ? User type provider documentation ? Hiera Back End ?

2019-08-13 Thread 'Dan White' via Puppet Users 
Is there any current documentation about how to create user resources with an 
ldap provider ?

A working hiera ldap backend would also be nice to have.

—-
"Sometimes I think the surest sign that intelligent life exists elsewhere in 
the universe is that none of it has tried to contact us."
Bill Waterson (Calvin & Hobbes)

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/A5B1BEC4-5DAA-4169-8D5D-0257DBAF830D%40icloud.com.

Re: [Puppet Users] LDAP ? User type provider documentation ? Hiera Back End ?

2019-08-13 Thread 'Dan White' via Puppet Users 
> On Aug 13, 2019, at 9:30 PM, Garrett Honeycutt  
> wrote:
> 
>> On 8/13/19 6:10 PM, 'Dan White' via Puppet Users wrote:
>> On Aug 13, 2019, at 9:04 PM, 'Dan White' via Puppet Users
>> mailto:puppet-users@googlegroups.com>>
>> wrote:
>> 
>>> Is there any current documentation about how to create user resources
>>> with an ldap provider ?
>> 
>> Let me be a bit more specific on this question.  I am looking for the
>> setup details to allow Puppet to get the user information from ldap.  I
>> am guessing this is a “read-only” thing and that the user must exist in
>> ldap before Puppet can use it.
> 
> Hi Dan,
> 
> Surprised by this idea and curious about your use case. Puppet is better
> for modeling resources on a system as opposed to data in an external
> database, which is what users are in LDAP. Normally you would use Puppet
> to manage local users as well as the setup necessary for nsswitch,
> sssd/nscd and pam so the system can resolve users and groups from LDAP.
> 
> Best regards,
> -g
> 
> -- 
> Garrett Honeycutt
> Tailored Automation
> https://tailoredautomation.io

Hi, Garret

The use case is simple.
Centralized credentials in LDAP.
Minimal local accounts other than system and service users and a non-root admin 
login with sudo permissions as an emergency back door. 

We also have lots of appliances, applications, and network devices that can use 
LDAP or RADIUS for authentication. I found multiple references for a FreeRADIUS 
service with the credentials in LDAP. 

I see the PE documentation about connecting to an external directory service, 
but it looks like that is only for PE console users and not for Puppet managed 
node user accounts. 

If I set up the system as you describe with sssd/nsswitch/pam for users defined 
in LDAP, can I then just create appropriate user resources with “provider => 
ldap” and expect the login to be created on the node server ?  Or is it like 
with FreeIPA where you just log in with the LDAP credentials and your home 
directory is created the first time ?

—-
"Sometimes I think the surest sign that intelligent life exists elsewhere in 
the universe is that none of it has tried to contact us."
Bill Waterson (Calvin & Hobbes)


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/B780B986-9561-4272-912E-F7173026612C%40icloud.com.

Re: [Puppet Users] LDAP ? User type provider documentation ? Hiera Back End ?

2019-08-13 Thread 'Dan White' via Puppet Users 
> On Aug 13, 2019, at 9:04 PM, 'Dan White' via Puppet Users 
>  wrote:
> 
> Is there any current documentation about how to create user resources with an 
> ldap provider ?

Let me be a bit more specific on this question.  I am looking for the setup 
details to allow Puppet to get the user information from ldap.  I am guessing 
this is a “read-only” thing and that the user must exist in ldap before Puppet 
can use it.

—-
"Sometimes I think the surest sign that intelligent life exists elsewhere in 
the universe is that none of it has tried to contact us."
Bill Waterson (Calvin & Hobbes)

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/F74722AC-1F84-4C4C-8F3B-BF130616144B%40icloud.com.

Re: [Puppet Users] LDAP ? User type provider documentation ? Hiera Back End ?

2019-08-14 Thread 'Dan White' via Puppet Users 

On August 14, 2019 at 5:15 AM, Martin Alfke  wrote:

Hi Dan,

On 14. Aug 2019, at 04:12, 'Dan White' via Puppet Users 
 wrote:

On Aug 13, 2019, at 9:30 PM, Garrett Honeycutt  
wrote:

On 8/13/19 6:10 PM, 'Dan White' via Puppet Users wrote:
On Aug 13, 2019, at 9:04 PM, 'Dan White' via Puppet Users
mailto:puppet-users@googlegroups.com>>
wrote:

Is there any current documentation about how to create user resources
with an ldap provider ?

Let me be a bit more specific on this question. I am looking for the
setup details to allow Puppet to get the user information from ldap. I
am guessing this is a “read-only” thing and that the user must exist in
ldap before Puppet can use it.

Hi Dan,

Surprised by this idea and curious about your use case. Puppet is better
for modeling resources on a system as opposed to data in an external
database, which is what users are in LDAP. Normally you would use Puppet
to manage local users as well as the setup necessary for nsswitch,
sssd/nscd and pam so the system can resolve users and groups from LDAP.

Best regards,
-g

--
Garrett Honeycutt
Tailored Automation
https://tailoredautomation.io

Hi, Garret

The use case is simple.
Centralized credentials in LDAP.
Minimal local accounts other than system and service users and a non-root admin 
login with sudo permissions as an emergency back door.

We also have lots of appliances, applications, and network devices that can use 
LDAP or RADIUS for authentication. I found multiple references for a FreeRADIUS 
service with the credentials in LDAP.

I see the PE documentation about connecting to an external directory service, 
but it looks like that is only for PE console users and not for Puppet managed 
node user accounts.

Yes. PE external directory refers to PE console logins only.


If I set up the system as you describe with sssd/nsswitch/pam for users defined in 
LDAP, can I then just create appropriate user resources with “provider => ldap” 
and expect the login to be created on the node server ? Or is it like with FreeIPA 
where you just log in with the LDAP credentials and your home directory is created 
the first time ?

You can use the provider ldap to manage users in ldap:
https://puppet.com/docs/puppet/6.6/types/user.html#user-provider-ldap

"This provider requires that you have valid values for all of the LDAP-related 
settings in puppet.conf, including ldapbase. You will almost definitely need settings for 
ldapuser and ldappassword in order for your clients to write to LDAP."

I would try to use that config on a single system with write access to your 
ldap master.

Any other system should just be configured to make use of pam_ldap/sssd using a 
module from puppet forge:
e.g. https://forge.puppet.com/sgnl05/sssd

hth,
Martin

?? Write to LDAP ??  What would it be writing ?  Like I said above: 
I am guessing this is a “read-only” thing and that the user must exist in ldap 
before Puppet can use it.

Dan White | d_e_wh...@icloud.com

“Sometimes I think the surest sign that intelligent life exists elsewhere in the 
universe is that none of it has tried to contact us.”  (Bill Waterson: Calvin & 
Hobbes)

 

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/cd134b63-1911-466a-a3ef-47729f0cacab%40me.com.

Re: [Puppet Users] LDAP ? User type provider documentation ? Hiera Back End ?

2019-08-14 Thread 'Dan White' via Puppet Users 

On August 14, 2019 at 9:01 AM, jcbollinger  wrote:
Why would you not want to write to the data store backing your User resources?  
If you cannot write, then you cannot manage resources -- neither create new 
ones nor modify existing ones nor remove unwanted ones.  These things are what 
User resources are for.  Without being able to write, the most you could do is 
use dependencies on User resources to cause other resources not to be applied 
in the event that a User configuration does not match your expectation.

If you simply want to configure systems to authenticate users against an LDAP 
directory and draw their information from there, then User resources are the 
wrong approach.  For Linux, at least, you may want to look into configuring 
systems for LDAP itself, or for SSSD.  You will probably want to manage 
nsswitch.conf, too.  There are available modules for all these things.  If 
you're looking to manage system-level access control, too, then you probably 
still want to come from that direction.

In my own house, for example, I authenticate Linux users against institutional 
Active Directory with use of SSSD (the managed machines are domain-joined).  I 
manage which users are permitted to log in to which machines through SSSD 
configuration, not User resources.  That approach can work for other data 
sources, too -- in particular, SSSD supposedly can work (directly) with LDAP 
directories, though I've never configured it that way.


John

Hi, John

Your response makes perfect sense.  I am planning to use FreeIPA/Red Hat 
Identity Manager which uses SSSD to do everything you describe for your house.

I want to be able to manage aspects of the user home directories for hardening 
purposes - permissions, no dot-netrc files, that sort of thing.

In your experience, is it possible for an LDAP-authenticating login to have a 
user resource at all ?  If not, I will have to consider a shotgun approach to 
the home-dir management.

Thanks for the information

“Sometimes I think the surest sign that intelligent life exists elsewhere in the 
universe is that none of it has tried to contact us.”  (Bill Waterson: Calvin & 
Hobbes)

 

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/23d54e89-0106-43eb-812a-50c450d95fa2%40me.com.

Re: [Puppet Users] LDAP ? User type provider documentation ? Hiera Back End ?

2019-08-14 Thread 'Dan White' via Puppet Users 

I believe I am going to abandon user resources with an ldap provider, because I 
cannot get it to even attempt a connection.
I tried to create a user on the puppet server itself using "puppet apply"
The output of the run complains that
   Provider ldap is not functional on this host
and
   Could not find library 'ldap' required to enable feature 'ldap'

I tried to find what library it was missing. I installed some gems -- ruby-ldap 
and net-ldap -- but they did not help.  I found references to a ruby-ldap gem, 
but I cannot install it without creating a complete gem development environment.

It would appear that the LDAP provider has died of neglect  ;(

“Sometimes I think the surest sign that intelligent life exists elsewhere in the 
universe is that none of it has tried to contact us.”  (Bill Waterson: Calvin & 
Hobbes)

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/10d837b0-3a1b-46b2-94fe-407c2c1c4d91%40me.com.

Re: [Puppet Users] Accessing the list of classes assigned to a node from within puppet

2019-08-07 Thread 'Dan White' via Puppet Users 
How about a variation on this :
# In site.pp, outside of any node definitions and below any top-scope 
variables: lookup('classes', Array[String], 'unique').include

Lose the “include” and you have :
$class_list = lookup('classes', Array[String], 'unique')
—-
"Sometimes I think the surest sign that intelligent life exists elsewhere in 
the universe is that none of it has tried to contact us."
Bill Waterson (Calvin & Hobbes)

> On Aug 7, 2019, at 9:48 PM, John Warburton  wrote:
> 
> Hi Everyone
> 
> Back in the day of 2.x/3.x, I used to access the "classes" top scope variable 
> and dump into templates - like this.
> 
> I can't see to find the equivalent in puppet 6.x. Nothing in the built in 
> variables doc
> 
> Am I looking in the wrong place or do I have to try and access through the 
> internal API?
> 
> Thanks
> 
> John
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/puppet-users/230b487d-b9ae-42c3-a686-826a5c8caa89%40googlegroups.com.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/6E44817D-4C94-4800-BDA0-EE89DF2B0405%40icloud.com.

Re: [Puppet Users] Puppet Module Best Practice (Roles/Profiles)

2019-07-18 Thread 'Dan White' via Puppet Users 
There appears to be contradiction here. 
If “one-off” changes for “new functionality” are needed, why are the changes 
going into a base/profile module ?
Would some more specific and detailed examples be possible ?

—
"Sometimes I think the surest sign that intelligent life exists elsewhere in 
the universe is that none of it has tried to contact us."
Bill Waterson (Calvin & Hobbes)

> On Jul 18, 2019, at 8:59 PM, Lesley Kimmel  wrote:
> 
> Hi all;
> I'm a Linux engineer who went through a typical growth period with Puppet and 
> finally landed on the Roles and Profiles pattern which generally works well.
> 
> I have a coworker that started on after me and doesn't like this pattern and 
> having to update profiles or base modules when new functionality is needed; 
> especially for quick one-off things.
> 
> So he's basically started creating one class containing 'create_resource' 
> declarations for the standard Puppet resource types (file, user, group, exec, 
> etc.). Then he just adds all of the appropriate parameters in hashes in 
> Hiera. He's convinced this is the right way to do it since he hasn't yet ran 
> into a scenario where this doesn't work easily.
> 
> I told him if it was the right way then all the smart people working with and 
> developing Puppet would have put it out as the best practice. However, I 
> can't seem to come up with a really great scenario that will convince him. 
> Can anyone share thoughts on scenarios where this patter will blow up [hard]?
> 
> Thanks!
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/puppet-users/c46b1e54-f3c1-4429-b270-68189e6937f0%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/D0AB5B8B-A154-4300-805D-71CE593C3F02%40icloud.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] [Glitch with a Workaround] From behind a proxy, "puppet-code deploy" cannot pull in any Forge modules

2019-11-15 Thread 'Dan White' via Puppet Users 

I had an issue where "puppet module install" worked, but "puppet-code deploy" 
would not pull in Forge modules.
Between the Slack channel and opening a ticket, I got information and a 
workaround:

Unfortunately, PE 2019.2.0 and 2019.2.1 have a regression in r10k proxy 
handling that we just found the root cause of yesterday.
Downgrading the faraday gem should fix the problem.
Here are the commands:

/opt/puppetlabs/puppet/bin/gem install faraday -v 0.12.2
/opt/puppetlabs/puppet/bin/gem uninstall faraday -v 0.13.1
puppet resource service pe-puppetserver ensure=stopped
puppet resource service pe-puppetserver ensure=running

Then re-try the "puppet-code deploy"

And it worked !
So, I am sharing it with the Puppet Community

Dan White | d_e_wh...@icloud.com

“Sometimes I think the surest sign that intelligent life exists elsewhere in the 
universe is that none of it has tried to contact us.”  (Bill Waterson: Calvin & 
Hobbes)

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/5d73ad2f-1dae-43c2-b655-c4274d2a147f%40me.com.

Re: [Puppet Users] PE 2019.2 with Puppet Agent 5.x (CA issue?)

2019-11-16 Thread 'Dan White' via Puppet Users 
Use 2018.1.11 (LTS)

It clearly says that pre-6 agents won’t play with a 6 server.

—-
"Sometimes I think the surest sign that intelligent life exists elsewhere in 
the universe is that none of it has tried to contact us."
Bill Waterson (Calvin & Hobbes)

> On Nov 16, 2019, at 6:50 AM, A Manzer  wrote:
> 
> 
> I've been using Puppet Enterprise at work quite successfully for a long time. 
>  So I finally decided to take advantage of the "Run 10 nodes for free" offer 
> and run PE at home.
> 
> I've set up my PE server using the latest 2019.2.1.  My desktop computer runs 
> Ubuntu 18.04, and I was able to `curl | sudo bash` to install version 6.10.1 
> of the agent.
> 
> But I'm really interested in running Puppet on my other Raspberry Pi servers 
> around the house.  So I installed Puppet version 5.5.10 from the Raspbian 
> archive and pointed it at my PE server.
> 
> I'm able to see an unsigned certificate in my PE console, and sign it, but 
> then when I run puppet on my node, I get "Error: Could not request 
> certificate: SSL_connect returned=1 errno=0 state=error: certificate verify 
> failed: [unable to get issuer certificate for /CN=Puppet Enterprise CA 
> generated at +2019-MM-DD HH:MM:SS]"
> 
> I think this is due to the fact that Puppet Server 6 now generates an 
> Intermediate Cert to sign Agent certs, rather than the older self-signed root 
> style.  The Component versions in recent PE releases document says 
> 
>> You can use pre-6.x agents with a Puppet 6.x or PE 2019.0 or later master, 
>> but this combination doesn't take advantage of the new intermediate 
>> certificate authority architecture introduced in Puppet Server 6.0. To adopt 
>> the new CA architecture, both your master and agents must be upgraded to at 
>> least 6.x/2019.0, and you must regenerate certificates. If you don't upgrade 
>> all of your nodes to 6.x, do not regenerate your certificates, because 
>> pre-6.x agents won't work with the new CA architecture. 
> 
> I think this is exactly the case I'm in.  I think my PE 2019.2.1 installation 
> generated an intermediate cert architecture and my Puppet 5.5 agents don't 
> understand it.
> 
> My question is: How do I turn this off?  How do I revert to a pre-puppet 6.0 
> self-signed root?  A pe.conf setting with a fresh install is fine because I 
> don't have anything yet configured in this installation.
> 
> Thanks.
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/puppet-users/2eb9336e-7f31-4917-9e7f-838e8739955d%40googlegroups.com.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CCABF5E8-099B-42CE-8E79-971ABDC03A2C%40icloud.com.

Re: [Puppet Users] Puppetforge Selinux Module Not Working

2019-10-07 Thread 'Dan White' via Puppet Users 
That  example is found here:
https://forge.puppet.com/puppet/selinux#usage

I think you need puppet-selinux 

—-
"Sometimes I think the surest sign that intelligent life exists elsewhere in 
the universe is that none of it has tried to contact us."
Bill Waterson (Calvin & Hobbes)

> On Oct 7, 2019, at 3:43 PM, Becca Robinson  
> wrote:
> 
> 
> I do not see examples of that use case in the docs.
> Please review https://forge.puppet.com/puppetlabs/selinux_core to validate 
> your code against examples.
> 
> -- 
> Becca Robinson
> 
> 
>> On Oct 7, 2019, at 6:58 AM, Dan Crisp  wrote:
>> 
>> Hello all,
>> 
>> I've download the selinux module from Puppet forge:
>> 
>>  puppet module list
>> /etc/puppetlabs/code/environments/production/modules
>> └── fixnetix-base (v0.1.0)
>> /etc/puppetlabs/code/modules
>> ├── puppetlabs-selinux_core (v1.0.2)
>> └── puppetlabs-stdlib (v6.1.0)
>> /opt/puppetlabs/puppet/modules (no modules installed)
>> 
>> 
>> # ll /etc/puppetlabs/code/modules
>> total 16
>> drwxr-xr-x.  4 root root 4096 Oct  3 15:38 ./
>> drwxr-xr-x.  4 root root 4096 Oct  4 12:29 ../
>> drwxr-xr-x.  6 root root 4096 Aug 14 07:55 selinux/
>> drwxr-xr-x. 10 root root 4096 Sep 26 16:17 stdlib/
>> 
>> I created a manifest like so:
>> 
>> # cat 
>> /etc/puppetlabs/code/environments/production/modules/base/manifests/selinux.pp
>> class base::selinux {
>> 
>> class { selinux:
>>   mode => 'permissive',
>>   type => 'targeted',
>>   }
>> 
>> }
>> 
>> 
>> Perms etc. all look good:
>> 
>> # ll /etc/puppetlabs/code/environments/production/modules
>> total 16
>> drwxr-xr-x.  4 root root 4096 Oct  4 11:48 ./
>> drwxr-xr-x.  5 root root 4096 Sep 27 10:40 ../
>> drwxr-xr-x. 10 root root 4096 Oct  4 11:48 base/
>> 
>> 
>> # ll 
>> /etc/puppetlabs/code/environments/production/modules/base/manifests/selinux.pp
>> -rw-r--r--. 1 root root 242 Oct  7 13:47 
>> /etc/puppetlabs/code/environments/production/modules/base/manifests/selinux.pp
>> 
>> However, the agent is failing:
>> 
>> # puppet agent --no-daemonize --verbose --onetime
>> Info: Using configured environment 'production'
>> Info: Retrieving pluginfacts
>> Info: Retrieving plugin
>> Info: Retrieving locales
>> Info: Loading facts
>> Error: Could not retrieve catalog from remote server: Error 500 on SERVER: 
>> Server Error: Evaluation Error: Error while evaluating a Resource Statement, 
>> Could not find declared class selinux (file: 
>> /etc/puppetlabs/code/environments/production/modules/base/manifests/selinux.pp,
>>  line: 9, column: 5) on node lhcadvdeveye05.com
>> Info: Using cached catalog from environment 'production'
>> Info: Applying configuration version '1570455621'
>> Notice: Applied catalog in 1.22 seconds
>> 
>> Any help here would be appreciated.
>> 
>> Thanks,
>> Dan.
>> 
>> 
>> 
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to puppet-users+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/puppet-users/cb7dd9d8-d0ac-41ba-bfa8-d3316259bc2d%40googlegroups.com.
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/puppet-users/D6C2FB9F-9EDA-47B5-B269-35CFC5DDFD59%40puppet.com.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/A2102A3D-D98F-4D96-8D10-96B75C3EC95B%40icloud.com.

Re: [Puppet Users] Update SSH Config File With Different Values

2020-01-08 Thread 'Dan White' via Puppet Users 
I have had good luck with this Forge module. 

https://forge.puppet.com/saz/ssh

Try it out and see if it meets your needs. 
And, absolutely use Hiera.  Just set up a hierarchy that includes a node level, 
and your node-specific settings are handled. 

"Sometimes I think the surest sign that intelligent life exists elsewhere in 
the universe is that none of it has tried to contact us."
Bill Waterson (Calvin & Hobbes)

> On Jan 8, 2020, at 8:28 AM, Dan Crisp  wrote:
> 
> 
> Hi,
> 
> I'm looking for some advice on a best approach on a topic that I'm know where 
> near an expert in.  Should the following be dealt with via a template, hera 
> or something else?
> 
> Our goal is to deploy a standard SSH configuration across all servers albeit 
> some minor alternations to a handful.  All of our servers have the following 
> line:
> 
> ListenAddress xx.xx.xx
> 
> No problem there I can alter this simply enough on a per server/per IP bases.
> 
> The advise I'm looking for is how to handle the following scenario.  In some 
> cases, we allow password-less SSH access between servers via the following:
> 
> Match Address xx.xx.xx.xx
>  PermitRootLogin without-password
> 
> However in all instances where we declare the above, all IP addresses are 
> different.  For example: 
> 
> Server A:
>   Allows access from Server B via:
>Match Address Server B IP ADDR
>PermitRootLogin without-password
> 
> Server B:
>   Allows access from Server A via:
>Match Address Server A IP ADDR
>PermitRootLogin without-password
> 
> Is this achievable?  Looking forward to any advise that can help me out here.
> 
> Thanks

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/BEBF0F92-2CF0-4192-AAAE-DB7101037199%40icloud.com.

Re: [Puppet Users] Beaker - what’s your perspective?

2020-04-20 Thread 'Dan White' via Puppet Users 
Well put, Trevor. 
I have never used it because I have found it impossible to set up from scratch. 

"Sometimes I think the surest sign that intelligent life exists elsewhere in 
the universe is that none of it has tried to contact us."
Bill Waterson (Calvin & Hobbes)

> On Apr 20, 2020, at 10:46 AM, Trevor Vaughan  wrote:
> 
> 
> So, I chimed in over in Slack but wanted to go ahead and respond here with a 
> summary of what we've been talking about there so that it'll be preserved for 
> the future and searchable.
> 
> This is a summary of multiple views and anyone participating in that 
> discussion should feel free to correct my biased opinions in here (I like 
> Beaker). I have a presentation that I did on exactly what I use Beaker for 
> and why I like it from last year's conference at 
> https://www.youtube.com/watch?v=4iBEIMQkBCk. The associated repository can be 
> found at https://github.com/trevor-vaughan/puppetize_2019_multi_node_beaker 
> for those that want a full working example.
> 
> Who Uses it (module count is just modules, not necessarily modules with tests 
> though the vast majority of the SIMP modules have tests):
> Voxpupuli
> 127 Forge Modules
> The System Integrity Management Project
> 106 Forge Modules
> A handful of other community folks
> I'd love to see a full analysis of all forge modules and what type of testing 
> they use but I don't have time to dig into that right now (Gene?)
> The Pros:
> Beaker generally works as it is for both single node and multi-node (my main 
> use case) testing.
> See the video as to why multi-node testing is important
> It preserves the rspec syntax that makes the output of the tests easy to 
> understand for non-technical folks as well as easy to trace for technical 
> folks.
> It has the ability to be extended relatively easily in Ruby
> It works with most major cloud providers (and Vagrant)
> It hasn't really taken a lot of care and feeding recently to keep it chugging 
> along
> The Cons:
> It's not well documented (at all)
> When the project was modularized a couple of years ago, the documentation was 
> thrown to the four winds with each of the modules and the care and feeding of 
> the docs pretty much dried up.
> The DSL is inconsistent. Some methods are 'on(host)' others are 
> 'host.thing()' which is pretty darn confusing
> Since it hasn't had a ton of internal care and feeding, it hasn't kept up 
> with all of the things that Bolt can do. On the other hand, it also seems to 
> have solved some issues that are currently being faced by the next generation 
> of proposed testing tech.
> 
> Thanks,
> 
> Trevor
> 
>> On Fri, Apr 17, 2020 at 7:40 AM Gene Liverman  
>> wrote:
>> Hi friends! I’m trying to better understand the community perspective on 
>> Beaker and its supplemental gems. I’m particularly interested in hearing 
>> your thoughts on the state of its maintenance and what, if anything, you’d 
>> like to see change in that regard. I’m looking for both positive and 
>> negative opinions and impressions. 
>> -- 
>> 
>> 
>> 
>> Gene Liverman
>> Sr. Site Reliability Engineer
>> gene.liver...@puppet.com
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to puppet-users+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/puppet-users/CA%2BmGaMcuF0OrPjjkSqJdb%2Bd_Nq9vSN0c3k8wP4L1v2SSZ-7Htw%40mail.gmail.com.
> 
> 
> -- 
> Trevor Vaughan
> Vice President, Onyx Point, Inc
> (410) 541-6699 x788
> 
> -- This account not approved for unencrypted proprietary information --
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/puppet-users/CANs%2BFoXCtGHEbo8ENO9Cd_RcAJBjKKHqg67OTpUDvUMoF69kaA%40mail.gmail.com.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/62A0053C-FE8E-44F4-9883-AB9918DE418B%40icloud.com.

Re: [Puppet Users] Facter 4.0.19 is now available

2020-04-29 Thread 'Dan White' via Puppet Users 
Those look like beagle pups.
Yours ?
Super cute.

I love all animals, especially if they are well behaved, but I am a Cat Person.
___
Dan White : d_e_wh...@icloud.com
“Sometimes I think the surest sign that intelligent life exists elsewhere in 
the universe is that none of it has tried to contact us.” 
Bill Waterson (Calvin & Hobbes)

> On Apr 29, 2020, at 10:56 AM, Florin Dragos  wrote:
> 
> Hello,
> 
> The Facter team is happy to announce the release of Facter 4.0.19 
> .
> 
> 
> 
> Best regards,
> Florin Dragos

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/5294C38F-3F9F-4E3E-8C2B-CAE73E4369C9%40icloud.com.

Re: [Puppet Users] Bad security pratices in manifests

2020-07-17 Thread 'Dan White' via Puppet Users 
As one needs to be a member of IEEE to read the paper, it is tough to provide 
feedback. 

—-
"Sometimes I think the surest sign that intelligent life exists elsewhere in 
the universe is that none of it has tried to contact us."
Bill Waterson (Calvin & Hobbes)

> On Jul 17, 2020, at 1:43 AM, Lucas Augusto Mota de Alcantara 
>  wrote:
> 
> Hello everyone!
> 
> Recently, I've found an academic research about bad coding practices in
> manifests which can lead to security issues. I found it interesting, but I
> notice that the practices that the researchers pointed out aren't specific to
> Puppet nor even to infrastructure as code applications. So I wonder if is 
> there
> any material available, specially to the newcomers, talking about bad 
> practices
> in manifests, specially about the ones that can lead to security weakness.
> 
> The research was this one: https://ieeexplore.ieee.org/document/8812041
> 
> Does anyone knows about the existence of such material?
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/puppet-users/c282c833-95f2-4d1d-9b58-7b5ce1fb16dcn%40googlegroups.com.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/EA0AD224-6D84-4A83-B100-F359AE104054%40icloud.com.

Re: [Puppet Users] CustomFacts: Can we pass the credentials in custom facts in secure way?

2021-01-22 Thread 'Dan White' via Puppet Users 
Have you considered “orapwd” ?
https://docs.oracle.com/database/121/ADMIN/dba.htm#ADMIN12478
___
Dan White : d_e_wh...@icloud.com
“Sometimes I think the surest sign that intelligent life exists elsewhere in 
the universe is that none of it has tried to contact us.” 
Bill Waterson (Calvin & Hobbes)

> On Jan 22, 2021, at 3:02 AM, Vinay Korrapati  wrote:
> 
> 
> puppet enterprise : 2019.8.1
> Oracle: 12c
> 
> On Friday, January 22, 2021 at 1:10:42 PM UTC+5:30 Vinay Korrapati wrote:
> Hi Team,
> 
> Can we pass the credentials in custom facts in secure way?
> 
> Use case : I have to write a fact which , executes a Query on Oracle DB's and 
> returns the output. 
> 
> To execute the query it requires the credentials ($oralogin). 
> Eg:
> 
> $OracleUserName="username"
> $OraclePassword="password"
> $OraLogin = "$OracleUserName/$OraclePassword@" + $oraInstance + " as sysdba"
> 
> $Query | sqlplus -silent $OraLogin
> 
> Any thoughts/suggestions to pass the credentials in secure way ?
> 
> Regards
> Vinay
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to puppet-users+unsubscr...@googlegroups.com 
> .
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/puppet-users/149bea7f-2cf8-4e38-8fd6-225b34e90912n%40googlegroups.com
>  
> .

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/878F026D-4F0B-4970-8AC1-CDB9086462CF%40icloud.com.

Re: [Puppet Users] Puppet for RHEL 9 - when will it be available?

2021-12-06 Thread 'Dan White' via Puppet Users 
Do the el8 packages work for CentOS 8 Stream ?

—-
"Sometimes I think the surest sign that intelligent life exists elsewhere in 
the universe is that none of it has tried to contact us."
Bill Waterson (Calvin & Hobbes)

> On Dec 6, 2021, at 8:05 PM, Yasmin Rajabi  wrote:
> 
> 
> Hello!
> 
> We are currently working on the rhel 9 beta agent, hoping to have that in the 
> nightlies soon. Centos stream support is tentative for early next year.
> 
>> On Mon, Dec 6, 2021 at 12:00 PM Tim Skirvin  wrote:
>> CentOS Stream 9 was released on Friday.  Before I start doing test
>> installs, I'd like to get a working version of puppet for it.  When can we
>> expect Puppet Agent RPMs for RHEL 9 and its derivatives, and its
>> associated yum repos, e.g. ?
>> 
>> - Tim Skirvin (tskir...@fnal.gov)
>> -- 
>> HPC Systems Administrator / Developer  
>> http://www.linkedin.com/in/tskirvin
>>Fermilab SCF-SSI +  USCMS-T1  He, Him, His
>> 
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to puppet-users+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/puppet-users/20211206170010.n2imxqoqvnk3mb34%40fnal.gov.
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/puppet-users/CAMcdC9SB%2Bm4m8vi4FL%2Be52sSN26dKvG-CYi6jiVizWma_9qDEA%40mail.gmail.com.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/ED2747D7-8E2E-469E-A011-429C87B9B325%40icloud.com.

Re: [Puppet Users] hiera, template and array

2023-03-29 Thread 'Dan White' via Puppet Users 
Silly question:  Why not use https://forge.puppet.com/modules/puppetlabs/ntp  ?
___
Dan White : d_e_wh...@icloud.com
“Sometimes I think the surest sign that intelligent life exists elsewhere in 
the universe is that none of it has tried to contact us.” 
Bill Waterson (Calvin & Hobbes)

> On Mar 28, 2023, at 10:30 AM, Laci D  wrote:
> 
> I tried both epp and erb templates.
> 
> This is the manifest file:
> 
> class site::profiles::ntp {
> $ntp = hiera_hash('ntp')
> 
> case $::operatingsystem {
> 'freebsd': {
>file { "/etc/ntp.conf":
>ensure  => file,
>recurse => true,
>purge   => true,
>force   => true,
>owner   => "root",
>group   => 0,
>mode=> "0644",
>content => template('site/ntp/ntp.conf.epp'),
>#content => template('site/ntp/ntp.conf.erb'),
>}
>service { 'ntpd':
>ensure => 'running',
>enable => true,
>}
>service { 'ntpdate':
>enable => true,
>}
> }
> default: {
> 
>  class { 'ntp':
>servers => $ntp['servers'],
>  }
> 
>}
>}
> }
> 
> 
> The template:
> 
> templates/ntp/ntp.conf.epp
> <% @ntp[’servers’].each { |server| -%>
> server: <%= server %>
> <% } -%>
> 
> And this is the hiera (as of now there is only one ntp server but there'll be 
> more in the future):
> ntp:
>   servers:
> - 169.254.169.123
> 
> Martin with the latest change I'm getting:
> Error: Could not retrieve catalog from remote server: Error 500 on SERVER: 
> Server Error: Evaluation Error: Error while evaluating a Resource Statement, 
> Evaluation Error: Error while evaluating a Function Call, Failed to parse 
> template site/ntp/ntp.conf.epp:
>   Filepath: /etc/puppetlabs/code/modules/site/templates/ntp/ntp.conf.epp
>   Line: 3
>   Detail: undefined local variable or method `’servers’' for 
> #
>  (file: /etc/puppetlabs/code/modules/site/manifests/profiles/ntp.pp, line: 
> 14, column: 31) 
> Warning: Not using cache on failed catalog
> Error: Could not retrieve catalog; skipping run
> On Tuesday, March 28, 2023 at 10:08:43 AM UTC-4 Martin Alfke wrote:
>> My example is an epp template.
>> 
>> What name does the variable have? $ntp? And: is this a hash with servers key 
>> set to an array?
>> 
>> In this case your erb (!) template can look like the following:
>> 
>> <% @ntp[’servers’].each { |server| -%>
>> server: <%= server %>
>> <% } -%>
>> 
>> 
>>> On 28. Mar 2023, at 14:37, Laci D > wrote:
>>> 
>> 
>>> Thank you Martin!
>>> 
>>> I used your example and I think something is missing.
>>> Since "servers" is under "ntp" in the hiera file (see example in my 
>>> original email) maybe we need to define that in the erb file?
>>> 
>>> 
>>> Error: Could not retrieve catalog from remote server: Error 500 on SERVER: 
>>> Internal Server Error: org.jruby.exceptions.SyntaxError: (SyntaxError) 
>>> /etc/puppetlabs/code/modules/site/templates/ntp/ntp.conf.erb:6: syntax 
>>> error, unexpected tSTRING_BEG
>>> _erbout.<< "server: ".freeze; _erbout.<<((...
>>>^
>>> Warning: Not using cache on failed catalog
>>> Error: Could not retrieve catalog; skipping run
>>> 
>>> On Tuesday, March 28, 2023 at 2:57:23 AM UTC-4 Martin Alfke wrote:
 You must iterate as servers is an array:
 
 <% $servers.each |$server| { -%>
 server: <%= $server %>
 <%- } -%>
 
 
> On 27. Mar 2023, at 22:21, Laci D > wrote:
> 
 
> I'm working on defining NTP servers from Hiera.
> 
> For Linux servers I have been using puppetlabs-ntp, which has been 
> working nicely. Now I need to add support for FreeBSD. Above module 
> doesn't support FreeBSD but I can edit ntp.conf with file resource type. 
> 
> This is where things got complicated, file adds extra ["..."] around the 
> value form hiera, since it's an array. Array type is required for 
> puppetlabs-ntp
> Question is how can I get rid of the extra squarely braces and double 
> quotes?
> Rather than using a static file I'd like to stick to hiera since the ntp 
> can very based on datacenter.
> 
> /etc/ntp.conf
> server ["169.254.169.123"]
> 
> Desired /etc/ntp.conf
> server 169.254.169.123
> 
> hieradata/site.yaml
> ntp:
>   servers:
> - 169.254.169.123
> 
> templates/ntp/ntp.conf.erb
> server <%= @ntp['servers'] %>
> 
 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to puppet-users...@googlegroups.com <>.
> To view this