[Puppet Users] Re: puppet enterprise free eval hardware requirements
PE version is a robust, monolithic turnkey install. They used to have a community based test VM pair which had much lighter requirements (albeit with less services) but I haven't checked in a long time so it may not be available any longer. On Monday, March 30, 2015 at 3:32:52 PM UTC-7, Vince Skahan wrote: geez puppet needs a 'lot' of oomph to spin up the first node Evaluation Environment An evaluation environment is run on a monolithic installation and is suitable for evaluating PE on 250 or fewer nodes. We recommend that your hardware meets the following: - A 4-core server with 6 GB of RAM - At least 100 GB of free storage in /opt for PuppetDB We strongly recommend that users on systems with 4 GB of RAM upgrading or migrating to PE 3.7 from PE 3.3 or earlier upgrade to 6 GB of RAM before attempting to upgrade or migrate their PE installation. I have a 16-GB ram Intel NUC ( http://www.intel.com/content/dam/www/public/us/en/documents/product-briefs/nuc-kit-d54250wyk-product-brief.pdf) running Centos7 and was thinking of spinning up some VMs to try this out. Does this system have enough oomph to run the 10-node-max free eval, or am I going to be stuck with running masterless perhaps ? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/266a2353-55cb-406e-b47c-bb682a505825%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Re: Puppet agent environment
why not let puppet manage puppet.conf and thus changes in foreman make changes to puppet.conf? On Friday, January 23, 2015 at 1:04:22 AM UTC-7, Evgeniy Troitskiy wrote: Hello all! I have a directory environments configured in Puppet (production and development) and I use the Foreman as an ENC. When I try to set development environment for the host in Foreman, then Puppet agent execute module from right environment. But if agent try to access to *files* folder (puppet:///modules/$module_name/testfile), it gets testfile from same directory from production not from development. And if I change environment to development in Puppet agent config file - puppet:///modules/$module_name/testfile links to right place in development environment. How can I correct this? Additional info: *part of puppet.conf* [master] environment = production environmentpath = /etc/puppet/environments *part of fileserver.conf* [development] path /etc/puppet/environments/development/files allow * [production] path /etc/puppet/environments/production/files allow * */etc/puppet/environments/* ├── production │ ├── files │ ├── manifests │ └── modules └── development ├── files ├── manifests └── modules Thanks for advice! -- Regards, Evgeniy Troitskiy -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/0666388b-a27e-4abb-ad3f-a867acf3c4d8%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Re: Error: Failed to parse template . Detail: Could not find value for 'serveraliases' at
Testing for errors is part of the erb game. Comment all of that out and put in just %= serveraliases -% just to see what is written to the file. In your case above, it seems you have accounted for whether serveraliases is an array or empty but not a simple string which is probably what it is. On Friday, January 9, 2015 at 8:41:20 AM UTC-7, Spriya wrote: Hi, I am having this issue: *Error: Failed to parse template otrs/vhost-otrs.conf.erb:* * Filepath: /opt/puppet/lib/ruby/site_ruby/1.9.1/puppet/parser/templatewrapper.rb* * Line: 81* * Detail: Could not find value for 'serveraliases' at /etc/puppetlabs/puppet/modules/otrs/templates/vhost-otrs.conf.erb:7* * at /etc/puppetlabs/puppet/modules/otrs/manifests/apache.pp:10 on node dot-pap-spr-t03.ddc.dot.state.ma.us http://dot-pap-spr-t03.ddc.dot.state.ma.us* Here is my code manifests code: class otrs::apache { include apache apache::vhost { $otrs::sitename: priority= '01', docroot = '/var/www', port= '80', serveraliases = [ $::fqdn ], } } Here is my template: * cat vhost-otrs.conf.erb* *# OTRS Config* *# MaxRequestsPerChild (so no apache child will be to big!)* *MaxRequestsPerChild 4000* *VirtualHost *:%= scope.lookupvar(otrs::apache::port) %* * ServerName %= @name %* *%if serveraliases.is_a? Array -%* *% serveraliases.each do |name| -%%= ServerAlias #{name}\n %% end -%* *% elsif serveraliases != '' -%* *%= ServerAlias #{serveraliases} -%* *% end -%* Do any one knows answer? I could not find the answer for this? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/3d6e89bc-f8e9-4708-89d2-6f3408f14299%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Re: facter external-dir
Not really a puppet question or a puppet answer man alias (bash command) You should be able to alias the command and put into bash_profile for all users when they login. On Wednesday, December 24, 2014 10:28:09 AM UTC-7, guymatz wrote: Is there any way to get facter to return facts from /etc/facter/facts.d when not run as root? I would like to centralize my facts and not have to remember to add --external-dir when checking facts. Thank you all!! And Happy Holidays! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/5be7866d-8c64-4e14-b03d-3bfff1bb83cc%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Re: setting folders to different permissions
The answer may actually depend on the OS you are using but I agree with John that this actually requires 2 separate directives... On a Red Hat system... # cat /etc/default/useradd # useradd defaults file GROUP=100 HOME=/home INACTIVE=-1 EXPIRE= SHELL=/bin/bash SKEL=/etc/skel CREATE_MAIL_SPOOL=yes the /home/$USER would have 755 permissions by default though you could use puppet to ensure that if a $USER changes his $HOME directory permissions, they are changed back. Likewise, you could set /home to 750 permissions to ensure that any changes are overridden. Obviously if you set /home to 750 permissions, then the 'group' would have to be set to a group that all users belong to so there's something lacking in the question (i.e. 'users' on a Red Hat system). On Thursday, December 18, 2014 8:35:57 AM UTC-7, Brian Keating wrote: Hi, I want to set /home dir to chmod 750 but all dirs included to 755. Anyone have a solution? Thanks, Brian. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/134655cd-bc95-4615-aa17-5f63ef32e17f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Re: conditionally running apt-get update
I tend to create a directory with a minimal class /etc/puppet/deployfiles and then another class for custom apt stuff and I have a file in modules/apt/files where cron does a date thingy (/bin/date /etc/puppet/modules/apt/files/apt_update_time) and then I have this module watch for a change which notifies an Exec in my apt module to trigger an apt-get update. It's convoluted but it works. Similarly I have an apt_upgrade_time file too but I don't have a cron job updating that one - I just run the date command manually to get machines to perform the apt-get upgrade but I do have machines run apt-get update daily triggered by the updated file from cron. On Monday, December 15, 2014 2:27:24 PM UTC-7, Vince Skahan wrote: In trying to spin up on puppet in a Vagrant environment, one of the things I have to do to my VM is 'apt-get update' at least once to catch the base box's understanding of what packages are where up to current. That takes a long enough time that I'd like to do it just once, or very rarely rather than every time I run 'vagrant provision' Right now, my toplevel manifest does the update once before trying to install anything. exec { run apt-get update: path= '/usr/bin', command = 'apt-get update', } # install and configure nginx class {'nginx': } Ansible has a nice feature where you can specify how long you want the cache valid for, and it skips doing everything if the cache isn't that old (yet) - name: update apt cache apt: update_cache=yes cache_valid_time=84600 Is there something similar for Puppet, or can somebody suggest a reasonable workaround ? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/15545aa5-36dc-403a-aa1b-bd68c3376edc%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] basic hiera question
getting very frustrated and have covered the 7 or so pages on puppet's documentation on hiera several times. # cat hiera.yaml --- :backends: - yaml :hierarchy: - defaults - %{clientcert} - %{environment} - global - common - ldap :yaml: :datadir: /etc/puppetlabs/puppet/hieradata # cat hieradata/ldap.yaml --- ldap: rootdn: cn=admin,dc=wl,dc=com rootpw: mySuperSecretPassword dn: dc=wl,dc=com directory: /var/lib/ldap # hiera ldap {rootdn=cn=admin,dc=wl,dc=com, rootpw=mySuperSecretPassword, dn=dc=wl,dc=com, directory=/var/lib/ldap} # head -n 5 modules/wl/manifests/config.pp # script to setup OpenLDAP class wl::config () inherits wl { $rootpw = hiera('ldap::rootpw') but unfortunately... # puppet agent --test --debug results in the error... Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Could not find data item ldap::rootpw in any Hiera data file and no default supplied at /etc/puppetlabs/puppet/modules/wl/manifests/config.pp:5 on node $obscured Warning: Not using cache on failed catalog Error: Could not retrieve catalog; skipping run what am I doing wrong? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/c07cb7bf-3aa3-4757-a900-da3bc05021d9%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] basic hiera question
awesome - thanks On Wednesday, November 19, 2014 11:55:51 AM UTC-7, Ramin K wrote: On 11/19/14 10:42 AM, Craig White wrote: getting very frustrated and have covered the 7 or so pages on puppet's documentation on hiera several times. # cat hiera.yaml --- :backends: - yaml :hierarchy: - defaults - %{clientcert} - %{environment} - global - common - ldap :yaml: :datadir: /etc/puppetlabs/puppet/hieradata # cat hieradata/ldap.yaml --- ldap: rootdn: cn=admin,dc=wl,dc=com rootpw: mySuperSecretPassword dn: dc=wl,dc=com directory: /var/lib/ldap # hiera ldap {rootdn=cn=admin,dc=wl,dc=com, rootpw=mySuperSecretPassword, dn=dc=wl,dc=com, directory=/var/lib/ldap} # head -n 5 modules/wl/manifests/config.pp # script to setup OpenLDAP class wl::config () inherits wl { $rootpw = hiera('ldap::rootpw') but unfortunately... # puppet agent --test --debug results in the error... Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Could not find data item ldap::rootpw in any Hiera data file and no default supplied at /etc/puppetlabs/puppet/modules/wl/manifests/config.pp:5 on node $obscured Warning: Not using cache on failed catalog Error: Could not retrieve catalog; skipping run what am I doing wrong? 1. Your hierarchy isn't. You can call it common, global, default, or whatever else but you only get one and it goes at the bottom. If it's not at the bottom, it's not common, default or global. Clientcert goes at the top because it's the most specific. :hierarchy: - %{clientcert} - %{environment} - common https://ask.puppetlabs.com/question/3146/how-to-build-a-proper-hiera-hierarchy/ 2. You're using a hash as your data. If you want to query for key ldap::rootpw, it'll look like the following. ldap::rootdn:'cn=admin,dc=wl,dc=com' ldap::rootpw:'mySuperSecretPassword' ldap::dn:'dc=wl,dc=com' ldap::directory: '/var/lib/ldap' Note this has nothing to do with hiera_hash or hiera_array. http://ask.puppetlabs.com/question/13592/when-to-use-hiera-hiera_array-and-hiera_hash/ 3. You're not using hiera-eyaml. Don't put clear txt passwords in your yaml files, use hiera-eyaml instead. It's really nice. https://github.com/TomPoulton/hiera-eyaml Ramin -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/fa294a8b-516c-452b-bd57-cdbf12bbe216%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Re: trying to use a puppet forge module that uses a different style
It seems that node inheritance is deprecated in Puppet 4 so this is a no go (role/profiles). I suppose I should have mentioned that I will be using an ENC so I am trying to keep the cruft inside node definitions to a minimum which is why I am struggling to find a way to create a class - certainly I can create a new wl class for this but then I am struggling to make these things work inside a class. On Tuesday, November 18, 2014 5:32:54 AM UTC-7, Steven Post wrote: Hi Craig, If you scroll down on the website you mentioned, you'll see some usage instructions. I recommend *not* to change the module (not even adding your own wl.pp file inside), but to set up your wl.pp file elsewhere. You can use your own class (wl.pp, located outside this module) to set up the LDAP configuration using the module. I use the roles/profile setup, but you can leave the roles out if that is easier for you, it takes some time getting to really know it all. That said, the ldap module controls ldap, but not your node. your node should have some other class assigned to it (such as wl.pp), which then uses the ldap module, unchanged. More info about the roles/profile pattern: http://www.craigdunn.org/2012/05/239/ One of the ideas here is that you should never need to change a module you download from the forge (with some rare exceptions) Regards, Steven On Monday, November 17, 2014 11:40:28 PM UTC+1, Craig White wrote: Not that it matters, but I am trying to use a module out of puppet forge - camptocamp-openldap https://github.com/camptocamp/puppet-openldap There's no hint of using it anywhere It has an unusual style. There isn't any init.pp and the structure looks like this... ├── client │ ├── config.pp │ ├── install.pp │ ├── ldapvi.pp │ └── utils.pp ├── client.pp ├── server │ ├── access.pp │ ├── config.pp │ ├── database.pp │ ├── dbindex.pp │ ├── globalconf.pp │ ├── install.pp │ ├── module.pp │ ├── overlay.pp │ ├── service.pp │ └── slapdconf.pp ├── server.pp └── wl.pp The last file - wl.pp is my own file and it looks like this... $ensure= present $directory = '/var/lib/ldap' $rootdn= 'cn=admin,dc=wl,dc=com' $rootpw= 'password' $dn= 'dc=wl,dc=com' # Install openldap server class { 'openldap::server': } openldap::server::database { $dn: ensure = present, rootdn = cn=admin,${dn}, rootpw = $rootpw, } and if I use 'puppet apply -vd --modulepath /etc/puppet/modules wl.pp it works fine but I can't put those variables into the server.pp file or any of the files in the /server subdirectory because they don't work. I need a method - I thought a class openldap::wl class but I can't make that work either. How do I structure this so I can use one class to configure clients without resorting to re-writing the module completely so it comports to a style that I understand? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/0650309b-198f-4680-acce-07df346b9440%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Re: trying to use a puppet forge module that uses a different style
On Tuesday, November 18, 2014 7:27:20 AM UTC-7, jcbollinger wrote: On Monday, November 17, 2014 4:40:28 PM UTC-6, Craig White wrote: The last file - wl.pp is my own file and it looks like this... $ensure= present $directory = '/var/lib/ldap' $rootdn= 'cn=admin,dc=wl,dc=com' $rootpw= 'password' $dn= 'dc=wl,dc=com' # Install openldap server class { 'openldap::server': } openldap::server::database { $dn: ensure = present, rootdn = cn=admin,${dn}, rootpw = $rootpw, } Oh no, no, no. You should not add code to a module in order to *use* the module. Moreover, you should have top-level declarations only in your site manifest. Your wl.pp is in fact functioning as a site manifest when you name it in a 'puppet apply' run, so it's not necessarily wrong in itself, it just doesn't belong in the module (and putting it there confers no particular advantage). As usual, John has identified what I am trying to do. Yes, I want to have an assignable class to what is essentially site manifest coding in anticipation of using an ENC and Hiera. and if I use 'puppet apply -vd --modulepath /etc/puppet/modules wl.pp it works fine but I can't put those variables into the server.pp file or any of the files in the /server subdirectory because they don't work. I'm not clear on what you're trying to do. When you say it works do you mean that wl.pp achieves everything you're after, or just that it runs without error? works as in installs openldap-servers package, configures it per the database instructions I have provided. I need a method - I thought a class openldap::wl class but I can't make that work either. How do I structure this so I can use one class to configure clients without resorting to re-writing the module completely so it comports to a style that I understand? Well, it *looks* like you configure clients by declaring instances of class openldap::client, which sounds like what you want. The module seems actually to have reasonably good documentation, including examples, at the URL you provided. No - just looking for a way to create a class (or obviously now that everyone is suggesting modifying a 3rd party module is bad form), a new module that is basically site manifest code. I do have more that I want to do and just provided the two things that I just can't make work properly inside of a class but I will try doing it in a new class/module and see if that makes a difference. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/74926f2a-90ad-463a-b34f-743d4d5b068f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Re: trying to use a puppet forge module that uses a different style
OK - but I still need to figure out how to call one class with parameters from another class... class wl::config { : class openldap::server::database { $dn: ensure = present, rootdn = cn=admin,${dn}, rootpw = $rootpw, } } On Tuesday, November 18, 2014 9:06:34 AM UTC-7, Steven Post wrote: The roles/profile pattern does not use node inheritance, only class inheritance. Strictly speaking, this isn't even necessary, it can just make some things easier. At my company, we don't even use any real node definition, everything is done with an ENC and hiera. The roles/profile model still fits here, and we use it actively, as do many other people. A role is just a simple class, that includes roles (mostly), there is only 1 'node' definition in the manifests: default. It goes something like this: ENC assigns a node to a role (regular class), a role includes 1 or more profiles and sometimes some extra stuff such as packages (RPM) the profile does the actual modules. Also there is still hiera in all this, mostly using the automatic class parameters. A node actually gets both the 'default' node definition and the 'role'. On Tuesday, November 18, 2014 4:50:33 PM UTC+1, Craig White wrote: It seems that node inheritance is deprecated in Puppet 4 so this is a no go (role/profiles). I suppose I should have mentioned that I will be using an ENC so I am trying to keep the cruft inside node definitions to a minimum which is why I am struggling to find a way to create a class - certainly I can create a new wl class for this but then I am struggling to make these things work inside a class. On Tuesday, November 18, 2014 5:32:54 AM UTC-7, Steven Post wrote: Hi Craig, If you scroll down on the website you mentioned, you'll see some usage instructions. I recommend *not* to change the module (not even adding your own wl.pp file inside), but to set up your wl.pp file elsewhere. You can use your own class (wl.pp, located outside this module) to set up the LDAP configuration using the module. I use the roles/profile setup, but you can leave the roles out if that is easier for you, it takes some time getting to really know it all. That said, the ldap module controls ldap, but not your node. your node should have some other class assigned to it (such as wl.pp), which then uses the ldap module, unchanged. More info about the roles/profile pattern: http://www.craigdunn.org/2012/05/239/ One of the ideas here is that you should never need to change a module you download from the forge (with some rare exceptions) Regards, Steven On Monday, November 17, 2014 11:40:28 PM UTC+1, Craig White wrote: Not that it matters, but I am trying to use a module out of puppet forge - camptocamp-openldap https://github.com/camptocamp/puppet-openldap There's no hint of using it anywhere It has an unusual style. There isn't any init.pp and the structure looks like this... ├── client │ ├── config.pp │ ├── install.pp │ ├── ldapvi.pp │ └── utils.pp ├── client.pp ├── server │ ├── access.pp │ ├── config.pp │ ├── database.pp │ ├── dbindex.pp │ ├── globalconf.pp │ ├── install.pp │ ├── module.pp │ ├── overlay.pp │ ├── service.pp │ └── slapdconf.pp ├── server.pp └── wl.pp The last file - wl.pp is my own file and it looks like this... $ensure= present $directory = '/var/lib/ldap' $rootdn= 'cn=admin,dc=wl,dc=com' $rootpw= 'password' $dn= 'dc=wl,dc=com' # Install openldap server class { 'openldap::server': } openldap::server::database { $dn: ensure = present, rootdn = cn=admin,${dn}, rootpw = $rootpw, } and if I use 'puppet apply -vd --modulepath /etc/puppet/modules wl.pp it works fine but I can't put those variables into the server.pp file or any of the files in the /server subdirectory because they don't work. I need a method - I thought a class openldap::wl class but I can't make that work either. How do I structure this so I can use one class to configure clients without resorting to re-writing the module completely so it comports to a style that I understand? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/9680b0ca-496e-4c66-a69d-e5ba91866ac3%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Re: trying to use a puppet forge module that uses a different style
On Tuesday, November 18, 2014 9:18:33 AM UTC-7, Steven Post wrote: If you use hiera and puppet 3 (or later), you can use the automatic class parameters for that, and just 'include openldap::server::database'. Of cause you can set up some class parameters on your own class if you want to and do that. Typically, this is where I would use hiera for. I understand that but now I have to have a whole lot of instructions for people to spin up a server with ENC parameters without even getting into the fact that I will still need a class to do all of the things I have to do with this (post install scripts) after it is installed. That is why I am so eager to not have this code anywhere in a site manifest or anything resembling a site manifest but rather in its own class. No matter how I try, I simply cannot figure out how to have this work... class wl::config { : class openldap::server::database { $dn: ensure = present, rootdn = cn=admin,${dn}, rootpw = $rootpw, } } -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/a38fcf95-b6cc-4a2b-987e-25bdbccbdf5f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Re: trying to use a puppet forge module that uses a different style
yes that was all ;-) Got it - thanks yes, the intent is to use hiera on all of this but I have to knock down one hurdle at a time. Now that I can have made it work, I can start fooling with hiera which I never used before. Thanks so much On Tuesday, November 18, 2014 10:51:51 AM UTC-7, jcbollinger wrote: On Tuesday, November 18, 2014 10:09:32 AM UTC-6, Craig White wrote: OK - but I still need to figure out how to call one class with parameters from another class... class wl::config { : class openldap::server::database { $dn: ensure = present, rootdn = cn=admin,${dn}, rootpw = $rootpw, } } Oh, is THAT all? You are mixing the syntax for defining a class with that for declaring one. A resource-style class declaration looks like this: class { 'mymodule::myclass': param1 = value1, param2 = value2 } HOWEVER, your specific example also seems to imply that you think openldap::server::database is a class, whereas it's actually a resource type (specifically, a defined type). You would declare instances of that type just like you declare instances of any other resource type: openldap::server::database { $dn: ensure = present, rootdn = cn=admin,${dn}, rootpw = $rootpw, } The docs of the openldap module provide additional examples of both. Do note, however, that an ENC cannot emit resource declarations, only class declarations and global variables. Moreover, be aware that for most purposes it is poor form to use resource-like class declarations. They do have their purposes, but it is usually better form to bind data to classes via Hiera than to bind it explicitly in the class declaration (whether via node block or via ENC). Use the 'include' family of functions to declare classes wherever it is feasible to do so. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/6346d74c-2415-4e40-9c5d-bbaf0d6e5abd%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] trying to use a puppet forge module that uses a different style
Not that it matters, but I am trying to use a module out of puppet forge - camptocamp-openldap https://github.com/camptocamp/puppet-openldap There's no hint of using it anywhere It has an unusual style. There isn't any init.pp and the structure looks like this... ├── client │ ├── config.pp │ ├── install.pp │ ├── ldapvi.pp │ └── utils.pp ├── client.pp ├── server │ ├── access.pp │ ├── config.pp │ ├── database.pp │ ├── dbindex.pp │ ├── globalconf.pp │ ├── install.pp │ ├── module.pp │ ├── overlay.pp │ ├── service.pp │ └── slapdconf.pp ├── server.pp └── wl.pp The last file - wl.pp is my own file and it looks like this... $ensure= present $directory = '/var/lib/ldap' $rootdn= 'cn=admin,dc=wl,dc=com' $rootpw= 'password' $dn= 'dc=wl,dc=com' # Install openldap server class { 'openldap::server': } openldap::server::database { $dn: ensure = present, rootdn = cn=admin,${dn}, rootpw = $rootpw, } and if I use 'puppet apply -vd --modulepath /etc/puppet/modules wl.pp it works fine but I can't put those variables into the server.pp file or any of the files in the /server subdirectory because they don't work. I need a method - I thought a class openldap::wl class but I can't make that work either. How do I structure this so I can use one class to configure clients without resorting to re-writing the module completely so it comports to a style that I understand? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/7c11cfda-2e63-4742-bf9d-62bc53c200bd%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] parameterized values displaying tooltip on ENC
I believe the ENC already has access to the node's stored value and would display that after assignment if assigned. I didn't consider 'cost' but it would seem that loading 'params.pp' values is not a large cost in terms of server but perhaps just in programming. I am just gathering that the primary thinking is that if you don't know the values you want to use to override, then don't override. Myself, I am trying not to longhand some of the variables and am choosing to use ns1 rather than nameserver1 On Monday, November 3, 2014 3:03:51 PM UTC-7, Felix.Frank wrote: Hi, sounds like a complex problem. Here's a simple counter case that shows why I don't think that any ENC out there does this. class resolv::params { if $ipaddress =~ /^192/ { $ns1 = '192.168.0.1' } else { $ns1 = '8.8.8.8' } } The raison d'etre (as far as I know it - never used this pattern myself) for params classes is their ability to centrally define defaults that are derived from fact values. The ENC would have to interpret the manifest for the params class in question, using the node's stored data as the basis. Doing this on the fly does not sound feasible to me - this is quite an expensive operation. So the ENC would have to maintain some kind of cache for all those values. This, in turn, sounds like a lot of work. The it probably would be a cool feature to add to the ENC of your choice :-) Cheers, Felix On 10/14/2014 11:17 PM, Craig White wrote: I am trying to figure out if parameterized variables can be displayed when hovering over the appropriate section in an ENC. At the moment, I am playing with PE 3.3 with it's console/dashboard and my previous experience was with puppet 2.6.x and Foreman. Simplified example, module resolv # resolv/manifests/init.pp class resolv ( $ns1 = $resolv::params::ns1, ) inherits resolv::params { include resolv::config } # resolv/manifests/params.pp class resolv::params { $ns1 = '192.168.0.1' } So when I am editing a node and adding an override in the puppet dashboard (ENC), I hover over the box $ns1 where I can override the value and it shows me what I will get if I don't override, which is 'default: $ns1::params::ns1' which is absolutely meaningless at that point and I was hoping it would show the assignment from params.pp Is this just something I can't fix or am I misunderstanding how to use parameterized variables? Craig -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/34216231-6e0b-4635-99c1-2cf3f8e0aa85%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Re: Custom fact that requires inifile
It would seem to me that I would not eagerly use another gem to obtain information from a file when ruby has File and vast string compare options but the choice is yours. Then there are tools like augeas (sp?). Gems can be managed as a package using the gem provider so it's fairly easy to get puppet clients to install gems and note that facts run first so the first pass, the fact will not have information as the gem would likely have to be installed and the second pass, the fact can be derived. On Friday, October 17, 2014 8:03:36 AM UTC-7, Mark Rosedale wrote: Hello, I'm looking to implement a custom fact that tells my puppet config if a machine is configured a certain way. What I want to do is parse the configuration's ini file and see if a certain setting is turned on or off. I'm looking at using the ruby gem inifile https://rubygems.org/gems/inifileto do this. Couple of questions. I'm assuming that facts, unlike functions, are run on the node, correct? So if that is the case what is the best way to distribute this gem to all hosts? Final question. Am I barking up the wrong tree trying to use this library to parse an ini file? Has anyone else done this type of thing? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/f38be6ad-2d2f-40b9-a5e9-a3e9d94b2dc9%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Re: certificate verify failed: [unable to get local issuer certificate
did you make some changes because of Poodle? state=SSLv3 as for Firefox - probably just need to go into Firefox preferences and delete the certificate that you stored already but it does seem strange that you have 2 certificates with the same serial # On Friday, October 17, 2014 10:28:39 AM UTC-7, Stella wrote: Hi all, When I run puppet agent --test, I got this error: Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Failed to submit 'replace facts' command for example.com to PuppetDB at example.com:8081: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [unable to get local issuer certificate for /CN=example.com] It was working before and I don't know what has changed to cause this problem. Also if I try to access puppet master (https://example.com:8140) on local machine from Firefox, I got error as below, but remote access is working: Your certificate contains the same serial number as another certificate issued by the certificate authority. Please get a new certificate containing a unique serial number. (Error code: sec_error_reused_issuer_and_serial) thanks, Stacey -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/d9e8f371-bc2c-406f-9557-efefbdf2e70a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Re: LoadError: no such file to load -- facter/util/file_read
OK - so am I at the moment anyway... # puppet -V 3.6.2 (Puppet Enterprise 3.3.2) I was rather frustrated by not having a system ruby so I did the following... # ln -s /opt/puppet/bin/ruby /opt/puppet/bin/irb /opt/puppet/bin/gem /usr/local/bin which made ruby/gem/irb available to any user any where. Before you do that though, make sure you don't have another ruby installed - 'which ruby' will tell you if it finds a ruby anywhere on your $PATH You should be able to do this - if you can't, there's something wrong with your install of puppet/ruby/etc. # irb irb(main):001:0 require 'facter' = true irb(main):002:0 On Wednesday, October 15, 2014 6:50:41 AM UTC-7, Spriya wrote: Hi Craig, I am using PE. My installation was all in one(master,database,console). Yes i have more than one ruby installed. *ruby -v* *ruby 1.8.7 (2011-06-30 patchlevel 352) [x86_64-linux]* *$ cd /opt/puppet/bin* *./ruby -v* *ruby 1.9.3p484 (2013-11-22 revision 43786) [x86_64-linux]* let me know how to troubleshoot this issue. On Tuesday, October 14, 2014 7:54:04 PM UTC-4, Craig White wrote: how did you install puppet? Do you have more than one install of ruby on your system? Is it possible that when you invoke the interactive ruby console (irb) that it starts a ruby binary that has nothing to do with your puppet install? On Tuesday, October 14, 2014 4:41:07 PM UTC-7, Spriya wrote: Hi Craig, even if i do require facter. It is throwing me error. *irb(main):002:0 require 'facter'* *LoadError: no such file to load -- facter* *from (irb):2:in `require'* *from (irb):2* *from :0* On Tuesday, October 14, 2014 5:22:26 PM UTC-4, Craig White wrote: I don't see a 'file_read' method for Factor::Util Facter::Util.methods = [:freeze, :===, :==, :=, :, :=, :, :=, :to_s, :included_modules, :include?, :name, :ancestors, :instance_methods, :public_instance_methods, :protected_instance_methods, :private_instance_methods, :constants, :const_get, :const_set, :const_defined?, :const_missing, :class_variables, :remove_class_variable, :class_variable_get, :class_variable_set, :class_variable_defined?, :public_constant, :private_constant, :module_exec, :class_exec, :module_eval, :class_eval, :method_defined?, :public_method_defined?, :private_method_defined?, :protected_method_defined?, :public_class_method, :private_class_method, :autoload, :autoload?, :instance_method, :public_instance_method, :psych_yaml_as, :yaml_as, :psych_to_yaml, :to_yaml_properties, :to_yaml, :nil?, :=~, :!~, :eql?, :hash, :class, :singleton_class, :clone, :dup, :initialize_dup, :initialize_clone, :taint, :tainted?, :untaint, :untrust, :untrusted?, :trust, :frozen?, :inspect, :methods, :singleton_methods, :protected_methods, :private_methods, :public_methods, :instance_variables, :instance_variable_get, :instance_variable_set, :instance_variable_defined?, :instance_of?, :kind_of?, :is_a?, :tap, :send, :public_send, :respond_to?, :respond_to_missing?, :extend, :display, :method, :public_method, :define_singleton_method, :object_id, :to_enum, :enum_for, :psych_y, :equal?, :!, :!=, :instance_eval, :instance_exec, :__send__, :__id__] Craig On Tuesday, October 14, 2014 2:01:15 PM UTC-7, Spriya wrote: Hi, I am am trying to execute my puppet facts using irb. so when i use irb. It is throwing me error. No such file to load -- facter/util/file_read *$irb* *irb(main):001:0 require 'facter/util/file_read'* *LoadError: no such file to load -- facter/util/file_read* *from (irb):1:in `require'* *from (irb):1* *from :0* *irb(main):002:0 require 'facter'* *LoadError: no such file to load -- facter* *from (irb):2:in `require'* *from (irb):2* *from :0* Anyone help me -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/cf7b7c15-bc30-42b5-ab45-1e1a545add64%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] parameterized values displaying tooltip on ENC
I am trying to figure out if parameterized variables can be displayed when hovering over the appropriate section in an ENC. At the moment, I am playing with PE 3.3 with it's console/dashboard and my previous experience was with puppet 2.6.x and Foreman. Simplified example, module resolv # resolv/manifests/init.pp class resolv ( $ns1 = $resolv::params::ns1, ) inherits resolv::params { include resolv::config } # resolv/manifests/params.pp class resolv::params { $ns1 = '192.168.0.1' } So when I am editing a node and adding an override in the puppet dashboard (ENC), I hover over the box $ns1 where I can override the value and it shows me what I will get if I don't override, which is 'default: $ns1::params::ns1' which is absolutely meaningless at that point and I was hoping it would show the assignment from params.pp Is this just something I can't fix or am I misunderstanding how to use parameterized variables? Craig -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/00163866-f938-41bd-a64a-143ea2b9840f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Re: LoadError: no such file to load -- facter/util/file_read
I don't see a 'file_read' method for Factor::Util Facter::Util.methods = [:freeze, :===, :==, :=, :, :=, :, :=, :to_s, :included_modules, :include?, :name, :ancestors, :instance_methods, :public_instance_methods, :protected_instance_methods, :private_instance_methods, :constants, :const_get, :const_set, :const_defined?, :const_missing, :class_variables, :remove_class_variable, :class_variable_get, :class_variable_set, :class_variable_defined?, :public_constant, :private_constant, :module_exec, :class_exec, :module_eval, :class_eval, :method_defined?, :public_method_defined?, :private_method_defined?, :protected_method_defined?, :public_class_method, :private_class_method, :autoload, :autoload?, :instance_method, :public_instance_method, :psych_yaml_as, :yaml_as, :psych_to_yaml, :to_yaml_properties, :to_yaml, :nil?, :=~, :!~, :eql?, :hash, :class, :singleton_class, :clone, :dup, :initialize_dup, :initialize_clone, :taint, :tainted?, :untaint, :untrust, :untrusted?, :trust, :frozen?, :inspect, :methods, :singleton_methods, :protected_methods, :private_methods, :public_methods, :instance_variables, :instance_variable_get, :instance_variable_set, :instance_variable_defined?, :instance_of?, :kind_of?, :is_a?, :tap, :send, :public_send, :respond_to?, :respond_to_missing?, :extend, :display, :method, :public_method, :define_singleton_method, :object_id, :to_enum, :enum_for, :psych_y, :equal?, :!, :!=, :instance_eval, :instance_exec, :__send__, :__id__] Craig On Tuesday, October 14, 2014 2:01:15 PM UTC-7, Spriya wrote: Hi, I am am trying to execute my puppet facts using irb. so when i use irb. It is throwing me error. No such file to load -- facter/util/file_read *$irb* *irb(main):001:0 require 'facter/util/file_read'* *LoadError: no such file to load -- facter/util/file_read* *from (irb):1:in `require'* *from (irb):1* *from :0* *irb(main):002:0 require 'facter'* *LoadError: no such file to load -- facter* *from (irb):2:in `require'* *from (irb):2* *from :0* Anyone help me -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/d21fe09d-b49a-46a8-96e9-e8da91a866eb%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Re: LoadError: no such file to load -- facter/util/file_read
I don't see a 'file_read' method for Factor::Util Facter::Util.methods = [:freeze, :===, :==, :=, :, :=, :, :=, :to_s, :included_modules, :include?, :name, :ancestors, :instance_methods, :public_instance_methods, :protected_instance_methods, :private_instance_methods, :constants, :const_get, :const_set, :const_defined?, :const_missing, :class_variables, :remove_class_variable, :class_variable_get, :class_variable_set, :class_variable_defined?, :public_constant, :private_constant, :module_exec, :class_exec, :module_eval, :class_eval, :method_defined?, :public_method_defined?, :private_method_defined?, :protected_method_defined?, :public_class_method, :private_class_method, :autoload, :autoload?, :instance_method, :public_instance_method, :psych_yaml_as, :yaml_as, :psych_to_yaml, :to_yaml_properties, :to_yaml, :nil?, :=~, :!~, :eql?, :hash, :class, :singleton_class, :clone, :dup, :initialize_dup, :initialize_clone, :taint, :tainted?, :untaint, :untrust, :untrusted?, :trust, :frozen?, :inspect, :methods, :singleton_methods, :protected_methods, :private_methods, :public_methods, :instance_variables, :instance_variable_get, :instance_variable_set, :instance_variable_defined?, :instance_of?, :kind_of?, :is_a?, :tap, :send, :public_send, :respond_to?, :respond_to_missing?, :extend, :display, :method, :public_method, :define_singleton_method, :object_id, :to_enum, :enum_for, :psych_y, :equal?, :!, :!=, :instance_eval, :instance_exec, :__send__, :__id__] Craig On Tuesday, October 14, 2014 2:01:15 PM UTC-7, Spriya wrote: Hi, I am am trying to execute my puppet facts using irb. so when i use irb. It is throwing me error. No such file to load -- facter/util/file_read *$irb* *irb(main):001:0 require 'facter/util/file_read'* *LoadError: no such file to load -- facter/util/file_read* *from (irb):1:in `require'* *from (irb):1* *from :0* *irb(main):002:0 require 'facter'* *LoadError: no such file to load -- facter* *from (irb):2:in `require'* *from (irb):2* *from :0* Anyone help me -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/9a3e640b-d969-4694-91f1-315ca9741732%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Re: LoadError: no such file to load -- facter/util/file_read
how did you install puppet? Do you have more than one install of ruby on your system? Is it possible that when you invoke the interactive ruby console (irb) that it starts a ruby binary that has nothing to do with your puppet install? On Tuesday, October 14, 2014 4:41:07 PM UTC-7, Spriya wrote: Hi Craig, even if i do require facter. It is throwing me error. *irb(main):002:0 require 'facter'* *LoadError: no such file to load -- facter* *from (irb):2:in `require'* *from (irb):2* *from :0* On Tuesday, October 14, 2014 5:22:26 PM UTC-4, Craig White wrote: I don't see a 'file_read' method for Factor::Util Facter::Util.methods = [:freeze, :===, :==, :=, :, :=, :, :=, :to_s, :included_modules, :include?, :name, :ancestors, :instance_methods, :public_instance_methods, :protected_instance_methods, :private_instance_methods, :constants, :const_get, :const_set, :const_defined?, :const_missing, :class_variables, :remove_class_variable, :class_variable_get, :class_variable_set, :class_variable_defined?, :public_constant, :private_constant, :module_exec, :class_exec, :module_eval, :class_eval, :method_defined?, :public_method_defined?, :private_method_defined?, :protected_method_defined?, :public_class_method, :private_class_method, :autoload, :autoload?, :instance_method, :public_instance_method, :psych_yaml_as, :yaml_as, :psych_to_yaml, :to_yaml_properties, :to_yaml, :nil?, :=~, :!~, :eql?, :hash, :class, :singleton_class, :clone, :dup, :initialize_dup, :initialize_clone, :taint, :tainted?, :untaint, :untrust, :untrusted?, :trust, :frozen?, :inspect, :methods, :singleton_methods, :protected_methods, :private_methods, :public_methods, :instance_variables, :instance_variable_get, :instance_variable_set, :instance_variable_defined?, :instance_of?, :kind_of?, :is_a?, :tap, :send, :public_send, :respond_to?, :respond_to_missing?, :extend, :display, :method, :public_method, :define_singleton_method, :object_id, :to_enum, :enum_for, :psych_y, :equal?, :!, :!=, :instance_eval, :instance_exec, :__send__, :__id__] Craig On Tuesday, October 14, 2014 2:01:15 PM UTC-7, Spriya wrote: Hi, I am am trying to execute my puppet facts using irb. so when i use irb. It is throwing me error. No such file to load -- facter/util/file_read *$irb* *irb(main):001:0 require 'facter/util/file_read'* *LoadError: no such file to load -- facter/util/file_read* *from (irb):1:in `require'* *from (irb):1* *from :0* *irb(main):002:0 require 'facter'* *LoadError: no such file to load -- facter* *from (irb):2:in `require'* *from (irb):2* *from :0* Anyone help me -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/7167ec34-bfc8-4811-8812-9dde213bad1a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Re: Error: Could not retrieve local facts: undefined method `split' for [1, 2, 3, 4, 5]:Array
split is a string function your ary is an array as you defined it This will give you ruby functions for the Array class http://www.ruby-doc.org/core-2.1.3/Array.html Craig On Friday, October 10, 2014 7:39:05 AM UTC-7, Spriya wrote: Hi, when i am trying to do puppet custom facts to split [1,2,3,4,5] to 1 2 3 4 5 *It is throwing me error:* *Error: Could not retrieve local facts: undefined method `split' for [1, 2, 3, 4, 5]:Array* *Here is my facts* *require 'facter'ary = [1,2,3,4,5]ary.map { |i| ' + i.to_s + '}.join(,)#str = ary.each do |i|#id,val = row[i] val = ary.split ,Facter.add(base) do setcode doiendendendAnyone, help me* -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/3633db6e-d1cf-409e-8489-35073c05b23b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Re: Error: Could not retrieve local facts: undefined method `split' for [1, 2, 3, 4, 5]:Array
Facter is basically a hash. You would want to name each specific 'fact' with a unique name as it would have one value - hash is a key = value pair. On Friday, October 10, 2014 10:57:02 AM UTC-7, Spriya wrote: Hi, require 'facter' ary = [1,2,3,4,5] ary.each do |numbers| Facter.add(base) do setcode do #{numbers} end end end In the fact it is returning only 1 value. In the fact it is returning base = 1 only not returning 2 3 4 Help me On Friday, October 10, 2014 1:38:41 PM UTC-4, Craig White wrote: split is a string function your ary is an array as you defined it This will give you ruby functions for the Array class http://www.ruby-doc.org/core-2.1.3/Array.html Craig On Friday, October 10, 2014 7:39:05 AM UTC-7, Spriya wrote: Hi, when i am trying to do puppet custom facts to split [1,2,3,4,5] to 1 2 3 4 5 *It is throwing me error:* *Error: Could not retrieve local facts: undefined method `split' for [1, 2, 3, 4, 5]:Array* *Here is my facts* *require 'facter'ary = [1,2,3,4,5]ary.map { |i| ' + i.to_s + '}.join(,)#str = ary.each do |i|#id,val = row[i] val = ary.split ,Facter.add(base) do setcode doiendendendAnyone, help me* -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/894bdfab-fa4c-4c42-aa22-8d487144b281%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Workaround for Puppet 3 not working in Fedora 18
It would seem that the puppet package has been removed/changed. Reinstall it again. Craig On May 20, 2013, at 3:36 PM, Tom Poulton wrote: Wait... spoke too soon: Error: Could not start Service[puppet]: Execution of '/sbin/service puppet start' returned 6: Error: /Stage[main]/Puppet/Service[puppet]/ensure: change from stopped to running failed: Could not start Service[puppet]: Execution of '/sbin/service puppet start' returned 6: If I do sudo service puppet start: Redirecting to /bin/systemctl start puppet.service Failed to issue method call: Unit puppet.service failed to load: No such file or directory. See system logs and 'systemctl status puppet.service' for details. The only puppet service files are below and there's no puppet file in /etc/init.d/: /usr/lib/systemd/system/puppetagent.service /usr/share/puppet/ext/systemd/puppetagent.service /usr/share/puppet/ext/systemd/puppetmaster.service Any ideas? Is this just another stupid mistake? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out. -- Craig White ~ craig.wh...@ttiltd.com 1.800.869.6908 ~~ www.ttiassessments.com Using Assessments to Create Agile Organizations Webinar https://www4.gotomeeting.com/register/480934271 March 21, 2013, 12pm EDT Transform your company into a thriving, agile organization that is able to respond immediately to changing customer demands. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Any working module for LDAP client authentication?
On May 15, 2013, at 3:45 AM, Federico Bonelli wrote: Hi folks, I can't find a _working_ module for setting LDAP authentication through nsswitch and PAM for Ubuntu. Does anybody know if such a module exists? I'm trying to set up at work a Puppet infrastructure to manage the whole of our workstations: I previously configured by hand LDAP authentication, and there is a lot of configuration to be done, therefore I'd really need Puppet to do it for me. Thank you guys, Never made it into a module but here is my relatively complete solution to Ubuntu LDAP client configuration. (note that I'm going to leave the contents of /etc/ldap.conf, /etc/ldap/ldap.conf and all of the affected pam.d files to you as well as the implementation of log rotation) cat -n client_install.pp 1 # ldap::client_install class 2 # 3 # Last update 03/02/2012 4 # 5 # Craig White 6 # 7 # ensures sufficient changes to permit users to authenticate via TTI's LDAP server 8 # 9 class ldap::client_install { 10include ldap::configure 11include nscd 12case $operatingsystem { 13 centos, redhat: { 14package { [ openldap-clients, openldap, openldap-devel ]: 15 ensure = present, 16 require = Class[nscd::install, apt::updates], 17 notify = Class[nscd::service], 18} 19 } 20 debian, ubuntu: { 21package { [ ldap-utils, libnss-ldap, auth-client-config ]: 22 ensure = present, 23 require = Class[nscd::install, apt::updates], 24 notify = Class[nscd::service], 25} 26 } 27} 28 } cat -n configure.pp 1 # ldap::configure class 2 # 3 # Last update 03/02/2012 4 # 5 # Craig White 6 # 7 # ensures sufficient changes to permit users to authenticate via TTI's LDAP server 8 # 9 class ldap::configure { 10include ldap::client_install 11if (tagged(ldap::server_install)) { 12 case $hostname { 13default: { 14 $ldap_servers_nss = ldap://ldap.example.com ldap://ldap2.example.com; 15 $ldap_servers = ldap://ldap.example.com ldap://ldap2.example.com; 16} 17ldap3: { 18 $ldap_servers_nss = ldap://ldap3.example.com ldap://ldap4.example.com; 19 $ldap_servers = ldap://ldap3.example.com ldap://ldap4.example.com; 20} 21ldap4: { 22 $ldap_servers_nss = ldap://ldap4.example.com ldap://ldap3.example.com; 23 $ldap_servers = ldap://ldap4.example.com ldap://ldap3.example.com; 24} 25ldap2: { 26 $ldap_servers_nss = ldap://ldap2.example.com ldap://ldap.example.com; 27 $ldap_servers = ldap://ldap2.example.com ldap://ldap.example.com; 28} 29ldap5: { 30 $ldap_servers_nss = ldap://ldap5.example.com ldap://ldap6.example.com; 31 $ldap_servers = ldapi://ldap5.example.com ldap://ldap6.example.com; 32} 33ldap6: { 34 $ldap_servers_nss = ldap://ldap6.example.com ldap://ldap5.example.com; 35 $ldap_servers = ldap://ldap6.example.com ldap://ldap5.example.com; 36} 37 } 38} else { 39 case $datacenter { 40default: { 41 $ldap_servers_nss = ldap://ldap2.example.com ldap://ldap.example.com; 42 $ldap_servers = ldap://ldap2.example.com ldap://ldap.example.com; 43} 44Pacesetter-DynamicIPAddr: { 45 $ldap_servers_nss = ldap://ldap2.example.com ldap://ldap.example.com; 46 $ldap_servers = ldap://ldap2.example.com ldap://ldap.example.com; 47} 48Pacesetter-FixedIPAddr: { 49 $ldap_servers_nss = ldap://ldap2.example.com ldap://ldap.example.com; 50 $ldap_servers = ldap://ldap2.example.com ldap://ldap.example.com; 51} 52Pacesetter-DMZ: { 53 $ldap_servers_nss = ldap://ldap2.example.com ldap://ldap.example.com; 54 $ldap_servers = ldap://ldap2.example.com ldap://ldap.example.com; 55} 56IO: { 57 $ldap_servers_nss = ldap://ldap6.example.com ldap://ldap5.example.com; 58 $ldap_servers = ldap://ldap5.example.com ldap://ldap6.example.com; 59} 60Canada: { 61 $ldap_servers_nss = ldap://ldap2.example.com ldap://ldap.example.com; 62 $ldap_servers = ldap://ldap2.example.com ldap://ldap.example.com; 63} 64Amsterdam: { 65 $ldap_servers_nss = ldap://ldap4.example.com ldap://ldap3.example.com; 66 $ldap_servers = ldap://ldap4.example.com ldap://ldap3.example.com; 67} 68 } 69} 70
Re: [Puppet Users] Using Facter to find the Java version running on the machine
On Feb 21, 2013, at 1:27 PM, Camerodity wrote: Hello all, I am currently trying to setup a Custom Fact that will can be used to determine the version of the Java JRE running on a machine, in order to use it in my manifests to ensure the proper JARS are distribured based on environment. I'm trying to use the java -version command and then capture the JRE release (eg 1.6.0_37). No matter what I have tried, the output is always the full display from the Java -version command. Has anyone done this or something similar before? Any suggestions? don't know about the java command but I suspect some variation of this will do it. (%x[ ] captures the output of command(s) executed within the square brackets) Facter.add(ruby_version) do setcode do ruby_version = unknown rubypath = %x[facter rubysitedir] ruby_version = %x[ruby -v | cut -f2 -d ' '] ruby_version end end Craig -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Best practice for updating puppet modules?
On Dec 7, 2012, at 9:07 AM, Schofield wrote: I am accepting the fact that the initial version of a module will not be perfect and that it will be need to be updated in the future. I am looking for ideas on how to manage the development life cycle of modules and to control the roll out of the module being applied to managed nodes. Please share your insight on what works and what doesn't. Any reference to published documentation on this topic would be helpful too. Pro Puppet (James Turnbull and Jeffry McCune) Craig -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] pasenger does not start puppet master under nginx
On Dec 6, 2012, at 3:17 AM, Anadi Misra wrote: On the server [root@bangvmpllDA02 logs]# ruby -v ruby 1.8.7 (2011-06-30 patchlevel 352) [x86_64-linux] [root@bangvmpllDA02 logs]# puppet --version 3.0.1 and [root@bangvmpllDA02 logs]# service nginx configtest nginx: the configuration file /apps/nginx/nginx.conf syntax is ok nginx: configuration file /apps/nginx/nginx.conf test is successful [root@bangvmpllDA02 logs]# service nginx status nginx (pid 25923 25921 25920 25917 25908) is running... [root@bangvmpllDA02 logs]# however none of my agents are able to connect to the master, they all fail with errors like so [amisr1@blramisr195602 ~]$ puppet agent --test --verbose --server bangvmpllda02.X.com Info: Creating a new SSL certificate request for blramisr195602.X.com Info: Certificate Request fingerprint (SHA256): 26:EB:08:1F:82:32:E4:03:7A:64:8E:30:A3:99:93:26:E6:66:B9:B0:49:B6:08:F9:67:CA:1B:0C:00:B9:1D:41 Error: Could not request certificate: Error 405 on SERVER: html headtitle405 Not Allowed/title/head body bgcolor=white centerh1405 Not Allowed/h1/center hrcenternginx/center /body /html Exiting; failed to retrieve certificate and waitforcert is disabled when I check logs on puppet master [root@bangvmpllDA02 logs]# tail puppet_access.log [05/Dec/2012:17:45:18 +0530] GET /production/certificate/ca? HTTP/1.1 404 162 - Ruby [05/Dec/2012:18:32:23 +0530] PUT /production/certificate_request/sl63anadi.X.com HTTP/1.1 405 166 - - [05/Dec/2012:18:33:33 +0530] GET /production/certificate/sl63anadi.X.com? HTTP/1.1 404 162 - - [05/Dec/2012:18:33:33 +0530] GET /production/certificate_request/sl63anadi.X.com? HTTP/1.1 404 162 - - [05/Dec/2012:18:33:33 +0530] PUT /production/certificate_request/sl63anadi.X.com HTTP/1.1 405 166 - - and the error logs show that nginx is not really able to process the request well 2012/12/05 18:33:33 [error] 25920#0: *23 open() /etc/puppet/rack/public/production/certificate/sl63anadi.X.com failed (2: No such file or directory), client: 10.209.47.26, server: , request: GET /production/certificate/sl63anadi.X.com? HTTP/1.1, host: bangvmpllda02.X.com:8140 2012/12/05 18:33:33 [error] 25920#0: *24 open() /etc/puppet/rack/public/production/certificate_request/sl63anadi.X.com failed (2: No such file or directory), client: 10.209.47.26, server: , request: GET /production/certificate_request/sl63anadi.X.com? HTTP/1.1, host: bangvmpllda02.X.com:8140 2012/12/05 18:47:56 [error] 25923#0: *27 open() /etc/puppet/rack/public/production/certificate/ca failed (2: No such file or directory), client: 10.209.47.31, server: , request: GET /production/certificate/ca? HTTP/1.1, host: bangvmpllda02.X.com:8140 2012/12/05 18:47:56 [error] 25923#0: *28 open() /etc/puppet/rack/public/production/certificate_request/blramisr195602.X.com failed (2: No such file or directory), client: 10.209.47.31, server: , request: GET /production/certificate_request/blramisr195602.X.com? HTTP/1.1, host: bangvmpllda02.X.com:8140 Passenger does not show any application groups either [root@bangvmpllDA02 nginx]# passenger-status --- General information --- max = 15 count= 0 active = 0 inactive = 0 Waiting on global queue: 0 --- Application groups --- [root@bangvmpllDA02 nginx]# here's my nginx configuration user puppet; worker_processes 4; #error_log logs/error.log; #error_log logs/error.log notice; error_log logs/error.log info; #pidlogs/nginx.pid; events { use epoll; worker_connections 1024; } http { include mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] $request ' '$status $body_bytes_sent $http_referer ' '$http_user_agent $http_x_forwarded_for'; access_log logs/access.log main; sendfileon; #tcp_nopush on; server_tokens off; #keepalive_timeout 0; keepalive_timeout 120; gzip on; gzip_http_version 1.1; gzip_disable msie6; gzip_vary on; gzip_min_length 1100; gzip_buffers 64 8k; gzip_comp_level 3; gzip_proxied any; gzip_types text/plain text/css application/x-javascript text/xml application/xml; server { listen 80; server_name bangvmpllda02.XX.com; charset utf-8; #access_log logs/http.access.log main; location / { root html; index index.html index.htm index.php; } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html
Re: [Puppet Users] Agent error with class (puppet server)
On Dec 4, 2012, at 2:16 PM, Kazor wrote: I have declared in my puppet server my class lab , this class create one archive in the agent but when i sync from agent throws error: .. info: Applying configuration version '1354468151' err: /Stage[main]/Lab/File[/root/date.txt]: Could not evaluate: Could not retrieve information from source(s) puppet:///modules/lab/files/date.txt at /etc/puppet/modules/lab/manifests/init.pp:10 .. My structure in puppet master is: /etc/puppet/manifests/site.pp /etc/puppet/modules/lab/manifests/init.pp /etc/puppet/modules/lab/files/date.txt My init.pp is: class lab { file { /root/date.txt: ensure = file, mode = 640, owner = root, group = root, source = puppet:///modules/lab/files/date.txt, } } My site.pp node 'lab1.example.com' { include lab } looks good, try replacing source = puppet:///modules/lab/files/date.txt, with source = puppet:///modules/lab/date.txt, Craig -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] How to do release managment integration with puppet?
On Nov 30, 2012, at 10:37 AM, Schofield wrote: I am at the beginning of merging the traditional OS/Middleware update process with application development release process. The goal is to be able to test a complete versioned OS/Middleware/Application stack as it moves through dev/test/qa/prod environments. The key here is that entire stack is labeled under a single version. In other terms, the node and everything on it is aligned under a single version. Right now the OS/Middleware is managed by puppet. The application release process is not. I'm hoping some folks would like to comment on the following questions I am pondering. • How to best version puppet classes and control the classification of nodes based on the version of the node? • Are there ENC's that integrate with SVN/GIT that make this easy? • Should application deployment be brought under the control of puppet? • If so how do you easily do this without burdening applications developers with having to learn something about or have access to puppet? • Is there a puppet API that an existing application release processes can leverage to trigger OS/Middleware updates when an application version is updated? Looking forward to your comments. I think the general consensus is that puppet is less than optimal for most software deployments and there are better tools for the job (for example, we use capistrano here). Puppet is more of a configuration management tool and I suspect that even if you could shoehorn your software deployment needs into something that puppet could manage, it would probably be slow and confusing. As for ENC's and 'developer' access, I use foreman (http://theforeman.org) to provide 'other' user access and I can contain their rights/access within foreman and yet still, allow them to say install NGINX (with all of it's pre-requisite packages) from a web based GUI. Again, seriously look at capistrano for handling software deployments and I'm sure that there's others that can do the job too. Craig -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] RHEL 5: Stuck on Puppet 2.7
If you install ruby from one source, you can't use rpm's from another source and expect them to always work. Chances are that the libraries use to build ruby are not the same libraries to build passenger. If you want to ensure a working passenger when using a non-official CentOS ruby, then just use gem to install passenger (ie… 'gem install passenger') and once passenger is installed, you can use passenger's installer scripts for apache or nginx ('passenger-install-apache-module') Craig On Oct 8, 2012, at 2:44 PM, Dan White wrote: I think you miss the point. I do not need to hand-build Ruby -- it is available from the puppetlabs-deps repo It is a chicken-egg dilemma with Ruby and Passenger. Passenger depends on the installed version of Ruby. Trying to update Ruby causes a dependency error from Passenger. I tried re-building Passenger from SRPM, but ran into problems. It would be nice if the maintainer of the Passenger RPM's would surface and help out, but ...? If I force Ruby to update to 1.8.7.x, will yum continue to complain about a dependency problem with Passenger or will it re-examine the system and see the currently installed version ? On Oct 8, 2012, at 3:13 PM, Jo Rhett wrote: Actually, it's not specified in the source RPM. And just recompiling the source RPM solves the problem. I ran into the same thing, just grabbed the On Oct 6, 2012, at 3:39 PM, Dan White wrote: Actually, it is. https://github.com/erikogan/passenger/blob/master/rpm/passenger.spec ruby_version_patch -- lines 55-67, line 86, and line 238 It looks for the version that is already installed. Saying use the current version generally means not specified ;-) Especially when I was responding to your query about what to fix. So how do I update ruby ? https://groups.google.com/d/msg/puppet-users/CQTHj9nIYCw/b2Cr7-BxAwkJ I am trying to be helpful, but all of this is very google-able. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Craig White ~ craig.wh...@ttiltd.com 1.800.869.6908 ~~ www.ttiassessments.com Register Now! TTI Winners' Conference 2013 January 20th - 22nd The Earlier You Register the More FREE Product You Receive Click here for more information! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] RHEL 5: Stuck on Puppet 2.7
different strokes for different folks. ruby and the various gem packages move so fast that no packaging system really has a chance of keeping up. It's also extremely likely that what we are talking about is a puppet master where you will have to resort to gem packaging anyway to install rails/rack and other things anyway. Craig On Oct 9, 2012, at 9:02 AM, Jakov Sosic wrote: On 10/09/2012 05:26 PM, Craig White wrote: If you install ruby from one source, you can't use rpm's from another source and expect them to always work. Chances are that the libraries use to build ruby are not the same libraries to build passenger. If you want to ensure a working passenger when using a non-official CentOS ruby, then just use gem to install passenger (ie… 'gem install passenger') and once passenger is installed, you can use passenger's installer scripts for apache or nginx ('passenger-install-apache-module') It is maybe the easiest way, but I would strongly suggest against it. It is unwise to mix up two package managers like that, it's better to built your own packages. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Error 403 on SERVER: Forbidden request: (HOSTNAME) access to (path_to_file) [find] authenticated at line 73 at /etc/puppet/modules/nginx/manifests/init.pp:97
Seems like you need to edit auth.conf on your puppet server to allow access which is currently being denied. See the comments in the file (and the messages below) which should give you clues as to which rules need to be enabled. Craig On Oct 8, 2012, at 5:42 AM, Mantas Klasavičius wrote: Hi, I can't download file using: source = 'puppet:///modules/mymodule/myfile', Got this error in puppet client: err: /Stage[main]/Nginx/File[server_key]: Could not evaluate: Error 403 on SERVER: Forbidden request: (HOSTNAME) access to /file_metadata/modules/mymodule/myfile [find] authenticated at line 73 Could not retrieve file metadata for puppet:///modules/mymodule/myfile: Error 403 on SERVER: Forbidden request:(HOSTNAME) access to /file_metadata/modules/mymodule/myfile [find] authenticated at line 73 at /etc/puppet/modules/nginx/manifests/init.pp:97 on puppet master I have: err: /usr/lib/ruby/1.8/puppet/network/rest_authconfig.rb:51:in `check_authorization' /usr/lib/ruby/1.8/puppet/network/rest_authorization.rb:19:in `check_authorization' /usr/lib/ruby/1.8/puppet/network/http/handler.rb:66:in `process' /usr/lib/ruby/1.8/puppet/network/http/webrick/rest.rb:24:in `service' /usr/lib/ruby/1.8/webrick/httpserver.rb:104:in `service' /usr/lib/ruby/1.8/webrick/httpserver.rb:65:in `run' /usr/lib/ruby/1.8/puppet/network/http/webrick.rb:45:in `listen' /usr/lib/ruby/1.8/webrick/server.rb:173:in `call' /usr/lib/ruby/1.8/webrick/server.rb:173:in `start_thread' /usr/lib/ruby/1.8/webrick/server.rb:162:in `start' /usr/lib/ruby/1.8/webrick/server.rb:162:in `start_thread' /usr/lib/ruby/1.8/webrick/server.rb:95:in `start' /usr/lib/ruby/1.8/webrick/server.rb:92:in `each' /usr/lib/ruby/1.8/webrick/server.rb:92:in `start' /usr/lib/ruby/1.8/webrick/server.rb:23:in `start' /usr/lib/ruby/1.8/webrick/server.rb:82:in `start' /usr/lib/ruby/1.8/puppet/network/http/webrick.rb:42:in `listen' /usr/lib/ruby/1.8/puppet/network/http/webrick.rb:41:in `initialize' /usr/lib/ruby/1.8/puppet/network/http/webrick.rb:41:in `new' /usr/lib/ruby/1.8/puppet/network/http/webrick.rb:41:in `listen' /usr/lib/ruby/1.8/puppet/network/http/webrick.rb:38:in `synchronize' /usr/lib/ruby/1.8/puppet/network/http/webrick.rb:38:in `listen' /usr/lib/ruby/1.8/puppet/network/server.rb:126:in `listen' /usr/lib/ruby/1.8/puppet/network/server.rb:141:in `start' /usr/lib/ruby/1.8/puppet/daemon.rb:124:in `start' /usr/lib/ruby/1.8/puppet/application/master.rb:202:in `main' /usr/lib/ruby/1.8/puppet/application/master.rb:146:in `run_command' /usr/lib/ruby/1.8/puppet/application.rb:309:in `run' /usr/lib/ruby/1.8/puppet/application.rb:416:in `hook' /usr/lib/ruby/1.8/puppet/application.rb:309:in `run' /usr/lib/ruby/1.8/puppet/application.rb:407:in `exit_on_fail' /usr/lib/ruby/1.8/puppet/application.rb:309:in `run' /usr/lib/ruby/1.8/puppet/util/command_line.rb:69:in `execute' /usr/bin/puppet:4 err: Forbidden request:(HOSTNAME) access to /file_metadata/modules/mymodule/myfilet [find] authenticated at line 73 info: access[/]: defaulting to no access for (HOSTNAME) warning: Denying access: Forbidden request: (HOSTNAME) access to /report/(HOSTNAME) [save] authenticated at line 73 both client and master are at 2.7.19 version any help, would be appreciated -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/9OIFXWze2r4J. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Craig White ~ craig.wh...@ttiltd.com 1.800.869.6908 ~~ www.ttiassessments.com Register Now! TTI Winners' Conference 2013 January 20th - 22nd The Earlier You Register the More FREE Product You Receive Click here for more information! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] How to set DNS on Ubuntu 12.04 clients?
On Sep 11, 2012, at 10:08 AM, Joe Topjian wrote: if /etc/resolv.conf is a puppet maintained file, even if resolvconf package is updated, it will be replaced by the puppet asserted file anyway. Very true, but I would hate to have two services fighting with each other in that way. well, I upgraded a 10.04 test server to 12.04 and noticed the messaging about the dynamic nature of /etc/resolv.conf in the Ubuntu server list but it hasn't been a problem at all so I have left it alone (with puppet fully managing /etc/resolv.conf). There's been no contention so I gather that if /etc/resolv.conf isn't a symlink, it isn't mucked with by the Ubuntu/Debian packaging. I am however starting to gear up for testing puppet 3, on a test server and ruby 1.93 clients with puppet 3 and even though the current estimate is another year of 10.04 for new deploys, I have an eye on this issue but so far, it's not been a problem. Craig -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Installing packages that require user input (e.g. NIS) ?
On Sep 12, 2012, at 7:40 AM, Sandra Schlichting wrote: Hi all I would like to install NIS, but how do I handle such a package which prompts for user input, when apt-get install nis is done on Ubuntu? figure out if nis packages support having an 'answer' file available to provide the input for those questions and if so, have puppet put the file into place prior to installing the packages. Also, fwiw - I don't use NIS but I do use LDAP everywhere and I have found that asserting control and content over the configuration files (/etc/nsswitch.conf and others - primarily /etc/pam.d files), that the answers to the post-install configuration script are already handled. Craig -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] package handling in puppet?
On Aug 21, 2012, at 9:05 AM, lamour wrote: I'm starting to feel like, maybe, I have a fundamentally flawed concept of how puppet is intended to be used. (new to puppet. setting up initial puppet environment. blah blah) so, I've got most of the pieces worked out, but I've hit a major roadblock with the way packages are handled in puppet. (according to my limited understanding of puppet, that is) The problem starts with the fact that including the following in two different classes: package { 'perl': ensure = installed } causes this error: Duplicate definition: Package[perl] is already defined This is pretty unfortunate, but we can try to work around it by doing this: package { 'test-perl': ensure = installed, alias = 'perl' } which gives us this error: Parameter alias failed: test-perl can not create alias perl: object already exists Ok, can't even get around it like that. I've found two ways around this so far, both are kinda gross, so I'm starting to wonder if I'm working against some prime directive of puppet. if you have packages that are pre-requisites for more than one other package, create a separate class and include the class where desired. Done. One pretty kludgey way around it is to wrap each package definition in a class and then just include the classes where I want the packages defined. I mean, I can write a perl script to generate a class for each package that is in my packaging system and just do it this way, but it just feels like I'm cheating, and I have no idea what kind of overhead that would put on puppet. Another, less gross, way to do it is to do something like this: if !defined(Package['perl']) { package { 'perl': ensure = installed, } } This is kinda what I expected ensure = installed to mean. The big problem with this method is that it's so verbose that to do this for every package I want to include would make it somewhat difficult to see which packages I was including in a class if I had more than a few. I can fix a bit of the bulkiness by reformatting the expression, but it's still pretty verbose. The obvious answer to this mess is a defined type, and yet, using a simple defined type brings us full circle to collisions again. lol (yes, I can create a defined type that avoids the collision, but then the invocation starts to get pretty verbose again, and really, it just starts to feel like I'm not doing any of this the right way) We also stumbled across the Singleton puppet module, which does almost kind of exactly what we want, except it has a dependency on hiera. We haven't really decided whether to use hiera or not. Efforts to rip the hiera dependencies out of Singleton and also getting it to run even with hiera installed have both failed. I'll probably keep looking into modifying the ruby code to behave in some useful manner for us, but for now, I'm running out of good options. So...what am I doing wrong? Does the puppet philosophy not really allow for maintaining package lists in classes? Do people pretty much define classes down at the host level to get around this limitation? Does everyone use some external DB or something to track which classes require which packages and just manually avoid the collision problem? Is there some magic syntax that I just haven't found yet? Am I just totally on the wrong track? To describe what I'm trying to accomplish, I have a baseline class which defines things I want everywhere and I want to be able to define classes like mail_server, web_server, samba_server, etc, and then just include whichever of those classes on a box I need to define the machine's configuration. I think I've figured out how to do every piece of this except the packages. I saved this until last, because, honestly, I never imagined that it was going to work this way. sigh Hiera will be part and parcel of puppet 3 so you would be better off designing to live with it rather than try to force life without it long term. I'm sort of suspicious that you are trying to use Singleton as a means to avoid a full implementation of puppet. It seems that trying to shortcut understanding of puppet leads to frustration. Craig -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] access facts in ENC
On Jul 23, 2012, at 4:07 PM, Hai Tao wrote: Hi, As the only paramater we can pass to the ENC is the hostname, I wonder if there is a way to access a node's fact in the ENC script? I know a workaround is to query my Fact database ( I am using Mysql), but I like to know if I can use a variable directly, for example, $ipaddress? $hostname should work $fqdn is an option but that will likely carry a domain name with it. Craig -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] puppet host tagging
On Jul 16, 2012, at 11:46 PM, Yaniv Fine wrote: Hi all . i am running puppet version 2.6.16 and foreman Version 0.4.2 . my question is as follows . i would like to know if there is a way to tag server with a group tagging . for example . let say i am running apache with a unique configuration and network architecture and want to tag in with tag1 and a i have few more apache installation with the a new unique configuration and architecture that i want to tag them with tag2 . and so on and so on . lets say i have would like to perform some action (run service -insure = latest ) only on tag1 . is there a way to perform this action within foreman ? i know i can do do group actions with Hostgroup but a host can belong to only one hostgroup . what happens if i want a host to belong to more that 1 group ? . i hope that my question is clean . thank you for any help perhaps these questions relate more to foreman than puppet and your terminology is a bit strange but... Foreman allows you to set top scope variables as parameters and you can tailor your manifests to do specific things based upon the values of the top scoped variables (or lack of them) which should solve your first question. The second question relates more to your imagination in that Foreman allows nested hostgroups so you could have a hostgroup that shares other hostgroups with others and has distinctly different hostgroups. Craig -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: ENC questions
On Jul 12, 2012, at 2:42 PM, jcbollinger wrote: On Thursday, July 12, 2012 8:27:16 AM UTC-5, llo...@oreillyauto.com wrote: I've been trying to wrap my head around ENCs. Kelsey Hightower gave me some very useful info in IRC the other day, but there are still some things I can't quite get my head around. From what I can tell, an ENC allows you to assign classes and parameters (top scope variables) to a given node or group of nodes. They cannot declare/define relationships (chain classes together to order them) or declare individual resources. The purpose is to help separate data and configuration. From reading what documentation I could find on the puppet site (some of which is potentially inaccurate / outdated from the wiki), the only way to get around these limits is to build your modules, then define a series of wrapper classes and super classes and assign these to the nodes. We've got 2 dozen or so systems that we manage with puppet, and so far have done it all just using node defs. What benefits would there be in using an ENC, from an admin side of things? Is it something that would be worth my time in setting up? I'm trying to understand this, and my long term goal is to maximize the benefit we get from puppet. If your node definitions contain only class and maybe variable declarations -- a good practice -- then you would not have much trouble doing the same thing with an ENC. With that said, I don't think there are very many sites that would benefit from writing their own ENCs. If you are using Foreman or the Puppet Dashboard, however, then you already have an ENC available to you, with a spiffy UI and everything. Overall, as long as you're satisfied with writing node definitions in Puppet DSL, I don't think it's worth the time and effort to change. Just to further this discussion, I would recommend that the OP take a good look at Foreman since it not only provides an funcational ENC but also provides a listing of puppet classes that can be observed/inspected (another thread). There are a few instances where I have found Foreman's ENC useful to designate a top scoped variable on specific nodes which is then deduced by manifests to provide alternate configurations, create 'hostgroups' of grouping of classes so I can assign a node to a hostgroup to configure the node and also note that these 'hostgroups' are nestable. Lastly, the WebUI of Foreman provides the opportunity for others to participate in the configuration of specific nodes (or at least view the configuration). Craig -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Problems installing dashboard.
On Jul 10, 2012, at 1:14 PM, llow...@oreillyauto.com wrote: I'm trying to install dashboard. I'm using: Ubuntu 12.04 LTS (32bit), Puppet 2.7.17. ruby 1.8.7 (2011-06-30 patchlevel 352) [i686-linux] rubygems 1.8.15 When I run the db:migrate task, I get the following: root@puppet-master-local:/usr/share/puppet-dashboard# rake RAILS_ENV=production db:migrate --trace NOTE: Gem.source_index is deprecated, use Specification. It will be removed on or after 2011-11-01. Gem.source_index called from /usr/share/puppet-dashboard/config/../vendor/rails/railties/lib/rails/gem_dependency.rb:21. NOTE: Gem::SourceIndex#initialize is deprecated with no replacement. It will be removed on or after 2011-11-01. Gem::SourceIndex#initialize called from /usr/share/puppet-dashboard/config/../vendor/rails/railties/lib/rails/vendor_gem_source_index.rb:100. NOTE: Gem::SourceIndex#add_spec is deprecated, use Specification.add_spec. It will be removed on or after 2011-11-01. Gem::SourceIndex#add_spec called from /usr/lib/ruby/vendor_ruby/1.8/rubygems/source_index.rb:91. NOTE: Gem::SourceIndex#add_spec is deprecated, use Specification.add_spec. It will be removed on or after 2011-11-01. Gem::SourceIndex#add_spec called from /usr/lib/ruby/vendor_ruby/1.8/rubygems/source_index.rb:91. NOTE: Gem::SourceIndex#add_spec is deprecated, use Specification.add_spec. It will be removed on or after 2011-11-01. Gem::SourceIndex#add_spec called from /usr/lib/ruby/vendor_ruby/1.8/rubygems/source_index.rb:91. NOTE: Gem::SourceIndex#add_spec is deprecated, use Specification.add_spec. It will be removed on or after 2011-11-01. Gem::SourceIndex#add_spec called from /usr/lib/ruby/vendor_ruby/1.8/rubygems/source_index.rb:91. NOTE: Gem::SourceIndex#add_spec is deprecated, use Specification.add_spec. It will be removed on or after 2011-11-01. Gem::SourceIndex#add_spec called from /usr/lib/ruby/vendor_ruby/1.8/rubygems/source_index.rb:91. NOTE: Gem::SourceIndex#add_spec is deprecated, use Specification.add_spec. It will be removed on or after 2011-11-01. Gem::SourceIndex#add_spec called from /usr/lib/ruby/vendor_ruby/1.8/rubygems/source_index.rb:91. NOTE: Gem::SourceIndex#add_spec is deprecated, use Specification.add_spec. It will be removed on or after 2011-11-01. Gem::SourceIndex#add_spec called from /usr/lib/ruby/vendor_ruby/1.8/rubygems/source_index.rb:91. NOTE: Gem::SourceIndex#add_spec is deprecated, use Specification.add_spec. It will be removed on or after 2011-11-01. Gem::SourceIndex#add_spec called from /usr/lib/ruby/vendor_ruby/1.8/rubygems/source_index.rb:91. NOTE: Gem::SourceIndex#add_spec is deprecated, use Specification.add_spec. It will be removed on or after 2011-11-01. Gem::SourceIndex#add_spec called from /usr/lib/ruby/vendor_ruby/1.8/rubygems/source_index.rb:91. NOTE: Gem::SourceIndex#add_spec is deprecated, use Specification.add_spec. It will be removed on or after 2011-11-01. Gem::SourceIndex#add_spec called from /usr/lib/ruby/vendor_ruby/1.8/rubygems/source_index.rb:91. NOTE: Gem::SourceIndex#add_spec is deprecated, use Specification.add_spec. It will be removed on or after 2011-11-01. Gem::SourceIndex#add_spec called from /usr/lib/ruby/vendor_ruby/1.8/rubygems/source_index.rb:91. NOTE: Gem::SourceIndex#add_spec is deprecated, use Specification.add_spec. It will be removed on or after 2011-11-01. Gem::SourceIndex#add_spec called from /usr/lib/ruby/vendor_ruby/1.8/rubygems/source_index.rb:91. NOTE: Gem::SourceIndex#add_spec is deprecated, use Specification.add_spec. It will be removed on or after 2011-11-01. Gem::SourceIndex#add_spec called from /usr/lib/ruby/vendor_ruby/1.8/rubygems/source_index.rb:91. NOTE: Gem::SourceIndex#add_spec is deprecated, use Specification.add_spec. It will be removed on or after 2011-11-01. Gem::SourceIndex#add_spec called from /usr/lib/ruby/vendor_ruby/1.8/rubygems/source_index.rb:91. NOTE: Gem::SourceIndex#add_spec is deprecated, use Specification.add_spec. It will be removed on or after 2011-11-01. Gem::SourceIndex#add_spec called from /usr/lib/ruby/vendor_ruby/1.8/rubygems/source_index.rb:91. NOTE: Gem::SourceIndex#add_spec is deprecated, use Specification.add_spec. It will be removed on or after 2011-11-01. Gem::SourceIndex#add_spec called from /usr/lib/ruby/vendor_ruby/1.8/rubygems/source_index.rb:91. NOTE: Gem::SourceIndex#add_spec is deprecated, use Specification.add_spec. It will be removed on or after 2011-11-01. Gem::SourceIndex#add_spec called from /usr/lib/ruby/vendor_ruby/1.8/rubygems/source_index.rb:91. NOTE: Gem::SourceIndex#add_spec is deprecated, use Specification.add_spec. It will be removed on or after 2011-11-01. Gem::SourceIndex#add_spec called from /usr/lib/ruby/vendor_ruby/1.8/rubygems/source_index.rb:91. rake aborted! no such file to load -- rdoc/task /usr/lib/ruby/vendor_ruby/1.8/rubygems/custom_require.rb:36:in `gem_original_require'
Re: [Puppet Users] problem using apache passenger to run dashboard
On Jul 10, 2012, at 4:39 PM, Hai Tao wrote: Hi, My puppetmaster is running through apache, and now I am setting up dashboard to be run by apache too. I followed docs in http://docs.puppetlabs.com/dashboard/manual/1.2/bootstrapping.html#starting-and-managing-delayed-job-workers, but after I restarted httpd, I see a apache welcome page. I set documentroot to be: DocumentRoot /usr/share/puppet-dashboard/public/ Directory /usr/share/puppet-dashboard/public/ Options None Order allow,deny allow from all /Directory but /usr/share/puppet-dashboard/public/ seems does not have my dashboard content: ]# ll /usr/share/puppet-dashboard/public total 28 -rw-r--r-- 1 apache apache 947 Jun 13 14:49 404.html -rw-r--r-- 1 apache apache 930 Jun 13 14:49 422.html -rw-r--r-- 1 apache apache 1112 Jun 13 14:49 500.html drwxr-xr-x 3 apache apache 4096 Jul 6 12:12 images drwxr-xr-x 2 apache apache 4096 Jul 10 16:09 javascripts -rw-r--r-- 1 apache apache 26 Jun 13 14:49 robots.txt drwxr-xr-x 4 apache apache 4096 Jul 10 16:09 stylesheets can someone help on this? that would seem to be right (though I have my puppet-dashboard directory owned by puppet:puppet) you might want to check log files for apache and for /usr/share/puppet-dashboard/log/production.log for hints/clues Craig -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Next Problem: Puppet 2.7 + Passenger won't connect
On Jun 26, 2012, at 11:43 AM, Dan White wrote: OK. What did I booger up this time ? agent.myexample.org and puppetmaster.myexample.org are the same server. # puppetd --no-daemonize --onetime --debug --noop debug: Puppet::Type::User::ProviderUser_role_add: file roleadd does not exist debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/dscl does not exist debug: Puppet::Type::User::ProviderPw: file pw does not exist debug: Puppet::Type::User::ProviderLdap: true value when expecting false debug: Failed to load library 'ldap' for feature 'ldap' debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/state/resources.txt]: Autorequiring File[/var/lib/puppet/state] debug: /File[/var/lib/puppet/facts]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/ssl/private_keys/agent.myexample.org.pem]: Autorequiring File[/var/lib/puppet/ssl/private_keys] debug: /File[/var/lib/puppet/ssl/certs]: Autorequiring File[/var/lib/puppet/ssl] debug: /File[/var/lib/puppet/state/state.yaml]: Autorequiring File[/var/lib/puppet/state] debug: /File[/var/lib/puppet/state/last_run_summary.yaml]: Autorequiring File[/var/lib/puppet/state] debug: /File[/var/lib/puppet/ssl/certificate_requests]: Autorequiring File[/var/lib/puppet/ssl] debug: /File[/var/lib/puppet/client_data]: Autorequiring File[/var/lib/puppet] debug: /File[/etc/puppet/puppet.conf]: Autorequiring File[/etc/puppet] debug: /File[/var/lib/puppet/ssl/public_keys]: Autorequiring File[/var/lib/puppet/ssl] debug: /File[/var/lib/puppet/state/last_run_report.yaml]: Autorequiring File[/var/lib/puppet/state] debug: /File[/var/lib/puppet/ssl/crl.pem]: Autorequiring File[/var/lib/puppet/ssl] debug: /File[/var/lib/puppet/ssl/public_keys/agent.myexample.org.pem]: Autorequiring File[/var/lib/puppet/ssl/public_keys] debug: /File[/var/lib/puppet/state/graphs]: Autorequiring File[/var/lib/puppet/state] debug: /File[/var/lib/puppet/ssl/private_keys]: Autorequiring File[/var/lib/puppet/ssl] debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/clientbucket]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/ssl]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/ssl/certs/agent.myexample.org.pem]: Autorequiring File[/var/lib/puppet/ssl/certs] debug: /File[/var/lib/puppet/ssl/private]: Autorequiring File[/var/lib/puppet/ssl] debug: /File[/var/lib/puppet/client_yaml]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/state/classes.txt]: Autorequiring File[/var/lib/puppet/state] debug: /File[/var/lib/puppet/ssl/certs/ca.pem]: Autorequiring File[/var/lib/puppet/ssl/certs] debug: Finishing transaction 23912129611220 debug: /File[/var/lib/puppet/ssl/public_keys]: Autorequiring File[/var/lib/puppet/ssl] debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/ssl/certs/agent.myexample.org.pem]: Autorequiring File[/var/lib/puppet/ssl/certs] debug: /File[/var/lib/puppet/ssl/private_keys]: Autorequiring File[/var/lib/puppet/ssl] debug: /File[/var/lib/puppet/ssl/private]: Autorequiring File[/var/lib/puppet/ssl] debug: /File[/var/lib/puppet/ssl/crl.pem]: Autorequiring File[/var/lib/puppet/ssl] debug: /File[/var/lib/puppet/ssl/certificate_requests]: Autorequiring File[/var/lib/puppet/ssl] debug: /File[/var/lib/puppet/facts]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/ssl/certs]: Autorequiring File[/var/lib/puppet/ssl] debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/ssl/public_keys/agent.myexample.org.pem]: Autorequiring File[/var/lib/puppet/ssl/public_keys] debug: /File[/var/lib/puppet/ssl]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/ssl/private_keys/agent.myexample.org.pem]: Autorequiring File[/var/lib/puppet/ssl/private_keys] debug: /File[/var/lib/puppet/ssl/certs/ca.pem]: Autorequiring File[/var/lib/puppet/ssl/certs] debug: Finishing transaction 23912128448160 debug: Using cached certificate for ca debug: Using cached certificate for agent.myexample.org debug: Finishing transaction 23912127941800 debug: Loaded state in 0.02 seconds info: Retrieving plugin debug: file_metadata supports formats: b64_zlib_yaml marshal pson raw yaml; using pson debug: Using cached certificate for ca debug: Using cached certificate for agent.myexample.org debug: Using cached certificate_revocation_list for ca err: /File[/var/lib/puppet/lib]: Failed to generate additional resources using 'eval_generate: Connection refused - connect(2) debug: file_metadata supports formats: b64_zlib_yaml marshal pson raw yaml; using pson err: /File[/var/lib/puppet/lib]: Could not evaluate: Connection refused - connect(2) Could not
Re: [Puppet Users] Next Problem: Puppet 2.7 + Passenger won't connect
On Jun 26, 2012, at 1:20 PM, Dan White wrote: “Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us.” Bill Waterson (Calvin Hobbes) - Craig White craig.wh...@ttiltd.com wrote: On Jun 26, 2012, at 11:43 AM, Dan White wrote: OK. What did I booger up this time ? agent.myexample.org and puppetmaster.myexample.org are the same server. # puppetd --no-daemonize --onetime --debug --noop debug: Puppet::Type::User::ProviderUser_role_add: file roleadd does not exist -SNIP-- err: Could not send report: Connection refused - connect(2) something wrong with your apache/passenger setup I think. what do you get from... ps aux|grep apache netstat -ntulp ? Craig This is a RHEL5 box. The package/service is httpd # ps aux | grep httpd root 12698 0.0 0.0 61192 760 pts/0S+ 16:14 0:00 grep httpd root 18111 0.0 0.0 191532 4720 ?Ss 14:13 0:00 /usr/sbin/httpd apache 18128 0.0 0.0 191664 2856 ?S14:13 0:00 /usr/sbin/httpd apache 18129 0.0 0.0 191664 2852 ?S14:13 0:00 /usr/sbin/httpd apache 18130 0.0 0.0 191664 2852 ?S14:13 0:00 /usr/sbin/httpd apache 18131 0.0 0.0 191664 2852 ?S14:13 0:00 /usr/sbin/httpd apache 18132 0.0 0.0 191664 2852 ?S14:13 0:00 /usr/sbin/httpd apache 18133 0.0 0.0 191664 2852 ?S14:13 0:00 /usr/sbin/httpd apache 18134 0.0 0.0 191664 2852 ?S14:13 0:00 /usr/sbin/httpd apache 18135 0.0 0.0 191664 2852 ?S14:13 0:00 /usr/sbin/httpd # netstat -ntulp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp0 0 127.0.0.1:32000 0.0.0.0:* LISTEN 4008/java tcp0 0 0.0.0.0:514 0.0.0.0:* LISTEN 2718/rsyslogd tcp0 0 127.0.0.1:199 0.0.0.0:* LISTEN 2738/snmpd tcp0 0 0.0.0.0:22 0.0.0.0:* LISTEN 2756/sshd tcp0 0 127.0.0.1:250.0.0.0:* LISTEN 2798/sendmail tcp0 0 127.0.0.1:6010 0.0.0.0:* LISTEN 12622/sshd tcp0 0 :::514 :::* LISTEN 2718/rsyslogd tcp0 0 :::9898 :::* LISTEN 4008/java tcp0 0 :::80 :::* LISTEN 18111/httpd tcp0 0 :::22 :::* LISTEN 2756/sshd tcp0 0 ::1:6010:::* LISTEN 12622/sshd tcp0 0 :::443 :::* LISTEN 18111/httpd udp0 0 0.0.0.0:514 0.0.0.0:* 2718/rsyslogd udp0 0 0.0.0.0:514 0.0.0.0:* 2718/rsyslogd udp0 0 127.0.0.1:25375 0.0.0.0:* 2738/snmpd udp0 0 127.0.0.1:25376 0.0.0.0:* 3219/cmapeerd udp0 0 0.0.0.0:161 0.0.0.0:* 2738/snmpd udp0 0 127.0.0.1:25393 0.0.0.0:* 3469/cmanicd udp0 0 :::514 :::* 2718/rsyslogd udp0 0 :::514 :::* 2718/rsyslogd I am guessing there should be an 8140 in that netstat, right ? yes, if you have passenger properly configured as a puppetmaster, it would be listening on port 8140 Craig -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet Configuration - Running --configprint generates long list of values
On Jun 20, 2012, at 12:38 PM, Mike Reed wrote: Hello all, I fairly new to puppet and google groups so I'll apologize in advance for not conforming to normal posting methods. I've recently installed puppetmaster on a fresh copy of Ubuntu 10.04LTS and after running: sudo puppet --configprint all, I get a long list of parameters and values echoed back to my shell. My question is where do these parameters and values come from? I've taken a look at my puppet.conf file (which I believe is located in the proper place of: /etc/puppet/puppet.conf) and it looks like this: [main] logdir=/var/log/puppet vardir=/var/lib/puppet ssldir=/var/lib/puppet/ssl rundir=/var/run/puppet factpath=$vardir/lib/facter templatedir=$confdir/templates [master] # These are needed when the puppetmaster is run by passenger # and can safely be removed if webrick is used. ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY Clearly these values of the ''--configprint -all command are coming from somewhere else and I can't seem to find the answer. I've read that puppet will read values from a users home directory if the puppet service is not running as root but I'm not sure that's something I should be concerned with at the moment. --configprint will supplement anything not specifically configured in puppet.conf with its own defaults. Thus you can 'override' any of the defaults by specifically declaring them in the appropriate section of puppet.conf Craig -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Request a way for passing simple info to a package installation
On Jun 14, 2012, at 1:24 AM, Brian Gupta wrote: I need to install postfix on a a debian system with puppet. Unfortunately there are a lot of prompts. One way to deal with this is, is: http://projects.puppetlabs.com/projects/1/wiki/Debian_Preseed_Patterns. Another way (apparently) is to give an answerfile in the package resource declaration. (I have no idea how to do this) e.g.: echo postfix postfix/main_mailer_typeselect No configuration | debconf-set-selections apt-get install -y postfix However, I'd just like to deal with this stuff from within the package resource declaration. Is there something simple I am missing? I just want to install a single package install with noconfig, and have puppet handle the rest. I don't have an issue with postfix on Ubuntu which I am sure is the Debian packages... (note that for postfix, I use what I describe as a 'one-shot' configuration setup which doesn't actually maintain the configuration files once they are dropped into place). I never have had an issue with interactive configuration. # cat configure.pp # postfix::configure class # # Last update 07/20/2011 # # Craig White # # configures postfix # class postfix::configure { file{/etc/puppet/deployment_files/postfix-main.cf: ensure= present, owner = postfix, group = postfix, mode = 0664, content = template(postfix/main.cf.erb), require = Class[postfix::install], } exec{Deploy postfix/main.cf from template: command = /bin/cp /etc/postfix/main.cf /etc/postfix/main.cf-backup; /bin/cat /etc/puppet/deployment_files/postfix-main.cf /etc/postfix/main.cf; /bin/touch /etc/puppet/deployment_files/postfix-main.cf-deployed, unless= /bin/ls -l /etc/puppet/deployment_files/postfix-main.cf-deployed, require = [ File[/etc/puppet/deployment_files/postfix-main.cf], Exec[/etc/mailname] ], notify= Class[postfix::service], } exec { /etc/mailname: command = '/bin/echo `/bin/hostname`.ttiltd.com /etc/mailname', unless= '/bin/ls -l /etc/puppet/deployment_files/postfix-main.cf-deployed', require = Class[postfix::install], notify= Class[postfix::service], } } # cat install.pp # postfix::install class # # Last update 07/20/2011 # # Craig White # # ensures postfix package is installed # class postfix::install { package { [postfix]: ensure = present, } package { [mailutils]: ensure = present, } package { [mailx]: ensure = absent, } } # cat service.pp # postfix::service class # # Last update 07/20/2011 # # Craig White # # ensures postfix is running # class postfix::service { service { postfix : ensure = running, hasstatus = true, hasrestart = true, enable = true, require= Class[postfix::configure], } } -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Thoughts on job listings?
+1 On May 30, 2012, at 1:49 PM, Michael Stahnke wrote: How do folks feel about getting Puppet job listings on this list? I've rejected a few that we quite spammy, but when the subject matter really is a system admin with puppet experience, the decision becomes a bit different. I'm looking for general feelings. A simple +1 or -1 would be great. Mike -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Craig White ~ craig.wh...@ttiltd.com 1.800.869.6908 ~~ www.ttiassessments.com Need help communicating between generations at work to achieve your desired success? Let us help! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Foreman and default configs for all nodes
On May 10, 2012, at 10:43 AM, Miles Monteleone wrote: I'm having some issues applying a default set of modules to all of my nodes managed by Foreman. I have around 20 nodes split among 4 environments. I have a node {default...} stanza in site.pp, but due to the way puppet handles ENCs, nothing from this is applied to my nodes. I have looked at host groups in Foreman, but they don't seem to do what I want, since they are applied per-environment. Basically I just want to duplicate the behavior of node {default} in Foreman. I don't care which environment they are in. Any ideas? the 'per environment' only means that you define the same host group and note that Foreman's host groups can be nested. Craig -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] puppet-dashboard issue using apache/passenger
On May 8, 2012, at 2:10 PM, Sans wrote: aahh... that's what I was wondering. So, does it also mean there is no need for reports, reportdir and reporturl in the puppet.conf as well? Cheers!! On Tuesday, May 8, 2012 10:01:02 PM UTC+1, Walter Heck wrote: don't start the puppet-dashboard service anymore. Once you have defined your vhost in apache properly, starting apache will make it start serving your dashboard. - No - you will still want to have configuration for reporting but you should note that if you used specific port notations such as port 3000 for the webrick server that it isn't needed. Craig -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: transitioning a file resource
On May 3, 2012, at 6:09 AM, jcbollinger wrote: On May 2, 6:10 pm, Craig White craig.wh...@ttiltd.com wrote: for reasons probably not important to the discussion, I am trying to transition my Ubuntu setups from using libnss-ldap / libpam-ldap over to the libnss-ldapd / libpam-ldapd. There some files that have minor differences such as /etc/pam.d/common-session. So I have my ldap module which manages this file and all my servers are currently using this setup. I have essentially duplicated the ldap module into ldap_alt module which I thought could peaceably coexist with the ldap module as long as both weren't assigned but alas... Indeed they could and should. I was thinking that this shouldn't be a problem as long as both classes weren't configured for the same node. Perhaps this is a problem because the 'previous' class was used on this node and thus puppet still believes that it is maintaining the files even though I've removed the previous class from the node (using foreman ENC). Thus I removed all the ldap configuration from the foreman ENC for this node, successfully did a puppet run, then enabled the 'ldap_alt' and it failed sort of disputing this theory of mine. notice: Ignoring --listen on onetime run info: Retrieving plugin info: Loading facts in passenger_version info: Loading facts in datacenter info: Loading facts in passenger_version info: Loading facts in datacenter err: Could not retrieve catalog from remote server: Error 400 on SERVER: Duplicate definition: File[/etc/pam.d/common-session] is already defined in file /etc/puppet/modules/ldap/manifests/configure.pp at line 103; cannot redefine at /etc/puppet/modules/ldap_alt/manifests/configure.pp:103 on node nxpc.ttinet warning: Not using cache on failed catalog err: Could not retrieve catalog; skipping run which makes me think that I will have to have to do all of the package management within a single module unless I am missing something. Very likely you are missing something. Puppet should not even be reading both the configure.pp files unless the classes therein are both assigned to your node, directly or indirectly. Since you created one module by duplicating the other, my guess would be that you missed changing one or more namespaces in the copy, leaving them referring to the original module. For example, you might have something like this: ldap_alt/manifests/foo.pp: --- class ldap_alt::foo { # oops: include 'ldap::configure' ... } did extensive checking for this before mailing the list. All of the classes template references reference the new module but the files being managed (and there are a few of them to be sure) are necessarily the same such as /etc/ldap.conf /etc/ldap.secret /etc/nsswitch.conf /etc/pam.d/common-password /etc/pam.d/common-session and this is the latest error... err: Could not retrieve catalog from remote server: Error 400 on SERVER: Duplicate definition: File[/etc/ldap/ldap.conf] is already defined in file /etc/puppet/modules/ldap/manifests/configure.pp at line 94; cannot redefine at /etc/puppet/modules/ldap_alt/manifests/configure.pp:94 on node nxpc.ttinet where the original (/etc/puppet/modules/ldap/manifests/configure starting at line 87) file {/etc/ldap/ldap.conf: content = template(ldap/openldap_ldap.conf.erb), owner = root, group = root, mode= 0644, require = Class[ ldap::client_install ], notify = Class[ nscd::service ], } and the new module (/etc/puppet/modules/ldap_alt/manifests/configure.pp starting at line 87) file {/etc/ldap/ldap.conf: content = template(ldap_alt/openldap_ldap.conf.erb), owner = root, group = root, mode= 0644, require = Class[ ldap_alt::client_install ], notify = Class[ nscd::service ], } You could try grepping ldap_alt's manifest for the string ldap::. already did before mailing the list but anyway... root@polonium:/etc/puppet/modules/ldap_alt/manifests# grep ldap:: * root@polonium:/etc/puppet/modules/ldap_alt/manifests# grep ldap:: * root@polonium:/etc/puppet/modules/ldap_alt/manifests# nada ;-( So it seems obvious that even though the classes ldap::client_install and ldap::configure are not in the ENC, not currently being assigned to this system, the past inclusion is somehow hanging on causing the conflict (and indeed they are there in /var/lib/puppet/state/classes.txt). So I manually edit this file, remove the references to them with vi and the next puppet run they return. ;-( Thanks Craig -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group
Re: [Puppet Users] Re: transitioning a file resource
On May 3, 2012, at 8:55 AM, Craig White wrote: On May 3, 2012, at 6:09 AM, jcbollinger wrote: Very likely you are missing something. Puppet should not even be reading both the configure.pp files unless the classes therein are both assigned to your node, directly or indirectly. Since you created one module by duplicating the other, my guess would be that you missed changing one or more namespaces in the copy, leaving them referring to the original module. For example, you might have something like this: So it seems obvious that even though the classes ldap::client_install and ldap::configure are not in the ENC, not currently being assigned to this system, the past inclusion is somehow hanging on causing the conflict (and indeed they are there in /var/lib/puppet/state/classes.txt). So I manually edit this file, remove the references to them with vi and the next puppet run they return. ;-( out of sight - out of mind. Even though I'm using foreman as ENC and I would think that /etc/puppet/manifests/nodes.pp (default node) shouldn't have any impact, it clearly did as was doing the dirty deed of adding the classes back in each catalog run. Thanks - solved Craig -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] transitioning a file resource
for reasons probably not important to the discussion, I am trying to transition my Ubuntu setups from using libnss-ldap / libpam-ldap over to the libnss-ldapd / libpam-ldapd. There some files that have minor differences such as /etc/pam.d/common-session. So I have my ldap module which manages this file and all my servers are currently using this setup. I have essentially duplicated the ldap module into ldap_alt module which I thought could peaceably coexist with the ldap module as long as both weren't assigned but alas... notice: Ignoring --listen on onetime run info: Retrieving plugin info: Loading facts in passenger_version info: Loading facts in datacenter info: Loading facts in passenger_version info: Loading facts in datacenter err: Could not retrieve catalog from remote server: Error 400 on SERVER: Duplicate definition: File[/etc/pam.d/common-session] is already defined in file /etc/puppet/modules/ldap/manifests/configure.pp at line 103; cannot redefine at /etc/puppet/modules/ldap_alt/manifests/configure.pp:103 on node nxpc.ttinet warning: Not using cache on failed catalog err: Could not retrieve catalog; skipping run which makes me think that I will have to have to do all of the package management within a single module unless I am missing something. -- Craig White ~ craig.wh...@ttiltd.com 1.800.869.6908 ~~ www.ttiassessments.com Need help communicating between generations at work to achieve your desired success? Let us help! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Migrate installation to different directory
On Apr 19, 2012, at 12:56 PM, JA wrote: Hi Everyone; I want puppet to be installed in /app/puppet instead of the default /etc. I cannot figure out how to get the puppetmasterd to look for the config file (puppet.conf) in /app/puppet instead of /etc/puppet. If anyone can help, I would really appreciate it! not exactly responsive to your question as I suspect that the path is hard coded but... If you're hard pressed for disk space why not make a symlink from /app/puppet to /etc/puppet so that puppetmasterd would never know the difference? Craig -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Supported Ruby Versions for Telly
enterprise ruby (1.8.7 only) http://www.rubyenterpriseedition.com/download.html Craig On Apr 14, 2012, at 8:53 PM, Dan White wrote: Great to hear this, but I am now looking for a reliable way to get Ruby 1.8.7 or 1.9.3 onto a RHEL-5 system. The environment I am working still has RHEL 3 and 4 machines running, and I would not hold my breath waiting for transition to RHEL 6 (which does have ruby 1.8.7 in it) One more thing: When I say reliable, it has to be able to convince a non-technical PHB type. Suggestions ? On Apr 13, 2012, at 2:59 PM, Michael Stahnke wrote: Puppet Labs is happy to announce full support for Ruby 1.9.3 will be part of the next major release of Puppet, codenamed Telly. Ruby 1.8.7 and 1.9.3 are considered the primary supported Ruby versions, on all platforms including Unix, Linux, Windows, and MacOS-X. Ruby 1.8.5 is also supported, on the agent only. The Puppet 2.7 series featured initial support for the Ruby 1.9 series, and we are happy to see that work completed and brought forward to full production support in the forthcoming release. Other Ruby versions including 1.8.6, 1.9.1, and 1.9.2 are not officially supported. Ruby implementations other than the MRI series are not officially supported. We will accept patches that fix issues on other (non MRI) Ruby systems. 1.9.3 was selected due to its inclusion in Fedora 17 (Beefy Miracle) and Ubuntu Precise Pangolin. Previews of Telly should be available in May. If you'd like to see some of the changes happening today, you are also welcome to run Puppet's master branch. If you have questions or concerns, feel free to respond here. Mike Stahnke Community Manager -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Craig White ~ craig.wh...@ttiltd.com 1.800.869.6908 ~~ www.ttiassessments.com Need help communicating between generations at work to achieve your desired success? Let us help! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet master on Centos 5.4 box
On Mar 19, 2012, at 1:36 PM, thinkwell wrote: Hello everyone, I'm trying to setup a Puppetmaster on a Centos 5.4 box, following James Turnbull's Pro Puppet book. Everything's working fine, until I get to the part about running Passenger, which I'll need to do. However, to install rake, I had to upgrade ruby from the default 1.8.5. I tried uninstalling 1.8.5 puppet altogether, installed 1.8.7 successfully. So, now I'm using RVM running ruby 1.8.7. When I went to re-install puppet, yum insisted ruby 1.8.1 was a dependency and refused to installed without also installing the old system ruby. I thought I had things configured correctly, but when I connect via a client, I get the following error: Ruby (Rack) application could not be started A source file that the application requires, is missing. It is possible that you didn't upload your application files correctly. Please check whether all your application files are uploaded. A required library may not installed. Please install all libraries that this application requires. Further information about the error may have been written to the application's log file. Please check it in order to analyse the problem. Error message: no such file to load -- puppet/application/master Exception class: LoadError Application root: /etc/puppet/rack/puppetmaster Backtrace: # FileLineLocation 0 /usr/local/rvm/rubies/ruby-1.8 36 in `gem_original_require' 1 /usr/local/rvm/rubies/ruby-1.8 36 in `require' 2 config.ru 13 3 /usr/local/rvm/gems/ruby-1.8.7 51 in `instance_eval' 4 /usr/local/rvm/gems/ruby-1.8.7 51 in `initialize' 5 config.ru 1 in `new' 6 config.ru 1 This is not terribly surprising, since yum installed puppet to /usr/lib/ruby/site_ruby/1.8/puppet/ I tried moving that directory /usr/lib/ruby/site_ruby/1.8/puppet.rb to /opt/puppet/lib/ with the same error message resulting. It's infuriating. Is it possible to run puppet with multiple versions of ruby installed? at the point you install rvm and with it various ruby versions then all of the ruby gems that you install cannot be from centOS packaging but rather would have to be using the specific ruby version and gem version. Thus you should do things like... gem install puppet gem install passenger etc. Craig -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Fetch ldap authorized_keys from ldap, copy to puppets local filesystem for needed users
On Mar 6, 2012, at 3:24 AM, Emilien wrote: Hello, I'm trying to set up the following environment: Ldap containing users as posixaccount (uid, home directory, and an attribute containing their ssh public key). machines with an attribute indicating which users or user groups are allowed to ssh to the box What I'd like to do is the following: From puppetmaster, browse the ldap and loop on each machine Fetch the users allowed to login Loop on each user Fetch their uid, etc Fetch their ssh public key create the /home/$username/.ssh/authorized_keys file End loop Delete /home/$username for all users having no longer access to the box End loop This is needed because ssh server on machines is configured only with publickey auth so I need to put the authorized_keys file for them to be able to connect to the box. I don't really know where to start... I can manually create the authorized_key file on my puppet nodes but by manually specifying the user and the public key, I have to idea how to get the information from ldap and then loop in my script... I've tried looking at the documentation but don't really know where to start. I've found the wiki page on defining nodes inside ldap but I'm not sure that this is what I need. Thanks for your time, I don't think that puppet is really the best tool for the job and that you should probably reexamine the mission and you will find that there are better implementations within LDAP (host based access). I suppose if you were really determined to go down your path, you could write some custom fact that gave you the output of 'ls /home' to get an overview of who had home directories on each server but the puppet way would be to have each server to put everyone's home directory (with public keys) and allow LDAP (PAM/PADL/LDAP) to handle whether a particular user access a particular host. Craig -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Developers having access to deploy
On Mar 5, 2012, at 11:51 PM, Thomas Rasmussen wrote: Thanks for the replies, I can see that there is no easy setup to allow what I'm looking for :-( I will be looking a bit more on the External Node Classifier to see if this will solve my problem. We will be using puppet to fully automate everything that has to be performed on servers, so I will not be interested in using a different system to do the app-deployment than to do the OS deployment. I was hoping that maybe it was possible to do this task through the Dashboard, but I discovered that it was only a standard htpassword setup without any group knowledge or ACLs on nodes. theforeman has a fairly sophisticated users/groups/roles and also servers can 'belong' to individual users and would probably give you everything you want including a very useful ENC Craig -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Duplicate definition + parameterized classes + class scope
On Mar 6, 2012, at 7:51 AM, chris_sny...@sra.com wrote: Crap. I'm trying to dump Bcfg2 and move to something reasonable. But so far, all my initial assumptions and patterns for Puppet fail. I think in terms of heirarchy and inheritence for my systems (all nodes install a core set of packages, some have exceptions for those core set of packages, etc) and as best as I can understand it Puppet's DSL really wants me to create a set of flat, non-hierarchial, non-inheritable set of nodes/classes. And for me that's completely un-managable. I'm reviewing the Puppet-user archives now and I'm seeing a lot of people with similar problems but no good patterns for solutions. I want to be able do something like this (hierarchial, inheritance with overloading): class base { package { 'sshd' : ensure = present } package {'ntp: ensure = present } } node a,b,c { class { 'base' : } } node d { class { 'base' : } Package{'sshd': ensure = false } } What I'm afraid I have to do is this (flat, redefine lots of nodes and duplicate data): class base package {'ntp: ensure = present } # More common packages defined } node a,b,c { class { 'base' : } package { 'sshd' : ensure = present } } node d { class { 'base' : } package { 'sshd' : ensure = false} } or worse (sometype of parameter passing in the worst, un-managable way): class base ( # list ever possible ensure parameter, etc ) { package { 'sshd' : ensure = $ssh_ensure } package {'ntp: ensure = $ntp_ensure } # More common packages defined } node a,b,c { class { 'base' : }} } node d { class { 'base' : ssh_ensure = false} } I'm open to any and all suggestions. I use theforeman which has an ENC that allows nested classes (called hostgroups in Foreman) so I have a 'base' class and many 'groups' which are pre-defined collections of what you call the flat modules. Nesting is definitely permitted and useful in Foreman. Craig -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: puppet 2.7.11 requires ruby = 1.8.5
On Mar 2, 2012, at 5:19 PM, Russell Van Tassell wrote: The gem includes everything you will need... the (basic) difference is simply running puppet agent versus puppet master -- some packages just hide the simplicity (probably a legacy thing?). Note: I do not believe things like the sysconfig, logrotate and startup scripts get installed by default with the gem (it's been a while since I've done a fresh/virgin install in an environment) ... but those should be easy enough to find. Many folks seem to run things out of cron, anyway... I think you will find the various bits in the gem/conf directory (init/sysconfig/logrotate/etc.) Craig -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: puppet 2.7.11 requires ruby = 1.8.5
On Mar 2, 2012, at 3:43 PM, rjl wrote: Thanks Michael, I have a working environment using ruby 1.8.5 (The Centos 5 default). However, I want to change my puppet framework to be database driven. For that, I would like to use rails activerecord. Now the problem is that rails is not supported in 1.8.5. Any suggestions would be greatly appreciated. you're on the right track but on CentOS 5, you pretty much should forget about using ruby/gems from rpm packages. Ruby 1.8.5 isn't going to get you anywhere with a Rails application. Use gems... gem install puppet gem install rails Craig -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] persistent facts
Object: to get a custom fact that lets me know the last time a Ubuntu system had run 'upgrade' (ie apt-get upgrade or aptitude [safe-|full-]upgrade) One-liner: (will probably still need some adaptation but so far, I am doing) tac /var/log/apt/history.log | \ awk '{if (substr($0,1,8)==Upgrade:) { getline; print }}' \ | head -n 1 which will return something like: 'Start-Date: 2011-11-21 23:51:47' which I can cut the date out of and store as a custom fact - ie... last_upgrade: The problem is that the logs rotate and now this may be in /var/log/apt/history.2.gz or possibly get rotated out of existence altogether and while I can loop and search for the last time an upgrade was run, I may not actually be able to get that date and would want the last_upgrade to persist. Now I could conceivably store this value in say /var/lib/puppet/last_upgrade so I always have a fallback, I'm wondering if there isn't a better way. Comments - Ideas? -- Craig White ~ craig.wh...@ttiltd.com 1.800.869.6908 ~~ www.ttiassessments.com Need help communicating between generations at work to achieve your desired success? Let us help! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Can not retrieve file from puppet master linux to puppet agent windows
On Feb 27, 2012, at 2:41 AM, Shirley wrote: Hello, As the subject described, I tried to retrieve a file from linux master to windows agent with the init.pp below : class test { file { “C:/ProgramData/testfile.txt”: ensure = present, mode = 0644, owner = test, group = Administrators, source = “puppet:///modules/test/testfile.txt”, } } In the windows agent, I got the follow error message : ‘err: /Stage[main]/Test/File[C:ProgramData/testfile.txt]: Could not evaluate: Could not intern from pson: Paths must be fully qualified Could not retrieve file metadata for puppet:///modules/test/testfile.txt: Could not intern from pson: Paths must be fully qualified at /etc/ puppet/modules/test/manifests/init.pp:27′ Linux master : ubuntu 11.10, puppet 2.7.1 Windows agent : 2008 r2 x64, puppet 2.7.1 I have google a lot, but didn't find out the solution. somebody has an idea for this problem ? does the file exist? ls -l /etc/puppet/modules/test/files/test.txt ? Craig -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] file and user permissions on the puppet master, best practice
On Feb 21, 2012, at 2:52 AM, paulS wrote: Hi all. New puppet developer. Very excited. I have the agents communicating with the puppet master. I'm wondering now about best practice for file and user permissions on the puppet master. Most of my wonder probably stems from general lack of understanding in this area. I'd like to get it right though to avoid refactoring later. 1. What's the best practice, or your practice, for directory and file permissions on the puppet master? 2. What's the best practice, or your practice, for users and their permissions on the puppet master? Feel free to point me to posts, articles, or chapters in books. I haven't found much so far on this topic; just that the agent should be run as root so that it has permission to make any changes, and the puppetmaster can be run as non root. Thanks for any discussion here. Here's my setup so far. = server OS and puppet versions = Ubuntu 10.04.3 LTS (Lucid) on puppet master and clients/agents puppet-master$ dpkg -l | grep puppet ii facter 1.6.4-1puppetlabs1 Ruby module for collecting simple facts abou ii puppet 2.7.9-1puppetlabs1 Centralized configuration management - agent ii puppet-common2.7.9-1puppetlabs1 Centralized configuration management ii puppetmaster 2.7.9-1puppetlabs1 Centralized configuration management - maste ii puppetmaster-common 2.7.9-1puppetlabs1 Puppet master common scripts puppet-agent$ dpkg -l | grep puppet ii facter 1.6.4-1puppetlabs1 Ruby module for collecting simple facts abou ii puppet 2.7.9-1puppetlabs1 Centralized configuration management - agent ii puppet-common2.7.9-1puppetlabs1 Centralized configuration management === directory and file permissions on the puppet master === puppet.conf shows default 'moduledir = /etc/puppet/modules:/var/lib/ puppet/modules:/opt/modules' These directories are normally root:root so I've been making all sudirectories and files for puppet manifests, modules, and files as root:root. = users and permissions = puppet user upon install I have a puppet user. grep puppet /etc/group puppet:x:113: grep puppet /etc/passwd puppet:x:108:113:Puppet configuration management daemon,,,:/var/lib/ puppet:/bin/false grep puppet /etc/group puppet:x:113: 'sudo -s su puppet' does not switch the user to puppet, so I haven't been doing anything as puppet. other users puppetadmin to store just a couple things in /home/puppetadmin that don't belong in any one employees account. puppetadmin is a member of its own group and of the admin group Individual user acccounts for a few ops engineer who will need access to make changes to configuration files in /etc/puppet/files and /opt/ stacks/configuration files. These users are members of their own group and of the admin group. They generally switch user to root to work on the puppet files since the files are root:root. I think that the ownership of the files relates more to the services that use these files and you don't really say if you are still using webrick, apache, nginx to serve these files as that may have some impact. I myself have all the files and folders owned by puppet:puppet (/etc/puppet, /var/lib/puppet, /var/www/foreman, /var/www/puppet-dashboard) and use nginx to serve forman, puppet puppet-dashboard. I think if you want to change to user puppet, you probably only need to 'su - puppet' but if /var/lib/puppet isn't owned by puppet:puppet then switching to user puppet is probably going to be difficult. Also, it seems that if you have multiple users doing configuration, you probably should have multiple environments (ie, development testing and not just a production) and also a version control system (git or subversion) and perhaps a separate puppet server for development testing to avoid inflicting errors into running configurations. I found the book Pro Puppet very useful for defining the all of these best practices. Craig -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: file and user permissions on the puppet master, best practice
On Feb 21, 2012, at 11:46 AM, paulS wrote: (By the way, I should have referred to myself as a new Puppet _user_. I certainly didn't mean to imply that I'm a developer of Puppet open source software. I'm obviously not up to that challenge.) Thanks a lot, Craig. I'm using Webrick now, and will move to Apache before release to production. I did see the chapter 4 in Pro Puppet, Turnbull, on making the puppet master scalable. I also have Pulling strings with Puppet, Turbull, and have ordered Puppet 2.7 Cookbook, Arundel. It sounds like you're suggesting a good practice is for users to su to the puppet user and do their work as puppet. That's what I've read and that's why it's bugging me that I can't seem to switch to the puppet user. I'll be the primary developer of modules, manifests, etc, with a backup person. Also a few other ops people would make changes to configuration files that get served out as updates to the clients. I get the part about separate environments and puppet masters for dev and test. Thanks for that. I need to read and understand about environments. As I mentioned, I'm having trouble switching to the puppet user. Maybe this is an Ubuntu sys admin question, but it pertains specifically to the puppet user. The user is set up during install. I installed from the following debians: facter_1.6.4-1puppetlabs1_all.deb puppet_2.7.9-1puppetlabs1_all.deb puppet-common_2.7.9-1puppetlabs1_all.deb puppet-dashboard_1.2.4-1puppetlabs1_all.deb puppetmaster_2.7.9-1puppetlabs1_all.deb puppetmaster-common_2.7.9-1puppetlabs1_all.deb # sam (not the real user name) has admin rights. # the password required here isn't the one for sam and I don't have a password for puppet since it was set up during install. sam@puppetmaster:~$ su - puppet Password: adding 'puppet ALL=(ALL) NOPASSWD:ALL' to the sudoers file didn't help. 'su - puppet' still wants a password. sudo password puppet # lets me create a password for puppet The command line now accepts 'su - puppet' with the password for puppet, but the prompt still says 'sam@puppetmaster:~$' and puppet won't create a subdirectory from a directory owned by puppet:puppet. Also I still have admin rights form the command line. I don't think switch user to puppet is actually occurring. The command line accepts 'sudo su - puppet' without a password, but same behavior as immediately above. I could blow away the puppet user and re-create it as a member of puppet group and not of admin. Does that seem like a good idea? I'm curious about the nature of the puppet user that's created during install, and whether I'm losing anything important if I blow it away and recreate with: sudo useradd puppet --create-home --user-group --shell /bin/bash the one thing I have always appreciated about Linux/UNIX is that the config files are always text files and can be fixed and thus you don't have to resort to things like uninstalling/re-installing, deleting/recreating users because everything is relatively easily fixed - at least assuming that you know how. su - puppet # if done by root doesn't require a password. # Root user doesn't need a password for anything # if done by a user, needs puppet user's password /etc/sudoers - 'puppet ALL=(ALL) NOPASSWD:ALL' # Can't imagine a good reason to do this but will only # allow user 'puppet' to sudo anything without a password if 'su - puppet' doesn't give you the bash shell as user puppet then perhaps you don't have a good shell set up for user puppet. getent passwd | grep puppet # will list things like the shell # which should be /bin/bash but if not, use chsh sudo chsh puppet -s /bin/bash # will set puppet users shell to /bin/bash It's also possible that user puppet's home directory is wrongly set or the permissions are bad... # getent passwd | grep puppet puppet:x:1001:1001:Puppet,,,:/var/lib/puppet:/bin/bash sudo chown puppet:puppet /var/lib/puppet -R Craig -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] white space in fileservers.conf file causes 'connection refused - connect(2)' error
On Feb 21, 2012, at 12:59 PM, paulS wrote: This is a heads up. I didn't see this particular root cause to the 'connection refused' error upon google search, so thought I'd pass it on. I tried to make a bug report, but couldn't figure out how to do that. I may not have permission. Arguably it's a 'sensitivity,' though an undocumented one. ### Error seen root@puppet-client-1:~# puppet agent --no-daemonize --verbose -- onetime # returned the error: err: Could not retrieve catalog from remote server: Connection refused - connect(2) ### Troubleshooting # Cleaned certificates and keys from the puppetmaster and certificates from the agent. # Restarted the puppetmaster to re-create certificates and keys on the puppetmaster. # to request a new signed certificate from the puppetmaster. root@puppet-client-1:~# puppet agent --no-daemonize --verbose -- onetime # Returned the error: err: Could not request certificate: Connection refused - connect(2) # Also getting the following errors upon puppetmaster restart. root@puppetmaster # puppet master --no-daemonize --verbose notice: Starting Puppet master version 2.7.9 err: Removing mount files: /etc/puppet/files does not exist info: mount[stacks]: allowing * access Could not run: Invalid pattern * at /etc/puppet/fileserver.conf:5 ### Root cause Traced the problem to an extra space after [files] mountpoint path statement in in fileservers.conf I did in fact edit that file to add a custom mountpoint. I don’t think I got the connect error right away, however, because I used the custom mountpoint successfully in a connect from the agent to install the configuration package. Perhaps it occurs after restart of the puppetmaster. The error is reproducible. I can take the space in and out and reproduce and repair the error. ':set list' will show the extra space. Note the extra space between 'path /etc/puppet/files' and '$' in the files mountpoint, and between 'allow *' and '$' in the custom mountpoint. The first one cased the problem. user@puppetmaster:/etc/puppet# vi fileserver.conf :set list -- snip --- [files]$ path /etc/puppet/files $ # allow *.example.com # deny *.evil.example.com # allow 192.168.0.0/24 [stacks] path /opt/stacks allow * $ -- snip -- not sure what you are trying to accomplish here but if you don't have something specific in mind at this point just comment everything out in /etc/puppet/fileserver.conf Craig -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Anyone seeing odd agent behaviour with 2.7.10?
to my knowledge puppetd always runs as root because it needs the permissions in order to perform its magic. puppetmaster runs as user:puppet, group:puppet but not puppetd Craig On Feb 10, 2012, at 4:14 PM, Will S. G. wrote: I was browsing the group to see if anyone else was experiencing the issue. I'm having the same with CentOS 6.2 x86_64. From what I see, puppetd should be running with the user puppet. However, the pid is now owned by root, which is obviously the issue. Someone made a mistake on the puppet RPM spec somewhere. On Jan 26, 4:00 am, Steph Gosling st...@chuci.org wrote: Hi all, Upgraded a master and a couple of clients to 2.7.10 and now see the following when running an agent if the daemon is also running: [steph@somehost ~]$ sudo puppet agent --onetime --verbose --no-daemonize info: Caching catalog for somehost.example.com info: Applying configuration version '1327578407' notice: /Stage[main]/Mysql-server/Package[mysql-server]/ensure: created notice: /Stage[main]/Mysql-server/Service[mysqld]/ensure: ensure changed 'stopped' to 'running' notice: Finished catalog run in 20.11 seconds err: Could not remove PID file /var/run/puppet/agent.pid [steph@somehost ~]$ I see that 2.7.10 fixed a bughttp://projects.puppetlabs.com/issues/5246and wonder if they're related? in 2.7.9 this would run without throwing the error, indeed in .10 the onetime run completes and the agent daemon is happy too: It's just unnerving to see pink messages :) Environment is CentOS 6.2 fwiw. -- Steph Gosling st...@chuci.org -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Craig White ~ craig.wh...@ttiltd.com 1.800.869.6908 ~~ www.ttiassessments.com Need help communicating between generations at work to achieve your desired success? Let us help! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Error 400 on SERVER: No support for http method POST
On Feb 8, 2012, at 9:40 AM, rjl wrote: Thanks everyone. Seems like having an older version of Master causes this problem but I do not have an older version. My clients and Master are both 2.7.10. I'm thinking that perhaps you have more than 1 version of ruby/puppet installed on the server or possibly you never restarted the puppet master after the upgrade. Craig -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Best sequence for building/managing servers with Puppet?
On Feb 7, 2012, at 1:46 PM, weloki wrote: I need to both build some new servers and rebuild some existing ones keeping in mind I want to use Puppet. The question is which is the best sequence to proceed with? A) Develop modules one by one and make sure each component works, then assemble and test modules that need to talk to each other and make sure those work together, all *before* building the servers. Then once all the modules are completed and tested for each piece of configuration and functionality needed at the systems level they can be used to build each server automatically. B) Build the servers manually first and retrofit them with pre- existing Puppet modules, hoping that the modules will just work AND match how each system should be for your particular needs. C) Build the servers manually first and then develop the modules needed to manage each one. Is there one way that saves more time? Is there one that lends a higher degree of confidence everything will work as expected at the end? I don't think there's an easy answer and it probably relates more to the way you operate. At some point you will get a core set of modules and then you can put it into action. I found it easiest to use VMPlayer on my desktop (Macintosh) and setup the puppet master (always running) and spin up new VM installs time and again until I got everything fairly well tuned and my need to refactor diminished to almost none. I think the refactoring thing is key. When you start with puppet, you will want to refactor pretty much everything for a while as your understanding becomes deeper. Once you have deployed modules, refactoring becomes a much more difficult task. But it will become obvious when you are ready to start deploying. Craig -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: class inheritance question
On Feb 7, 2012, at 2:13 PM, jimbob palmer wrote: 2012/2/7 Jan Ivar Beddari jan.ivar.bedd...@uib.no: On 02/07/2012 03:54 PM, jimbob palmer wrote: # The right way class foo::specific { include 'foo::common' # specific stuff } So can I be sure that the include will run first, before the specific stuff here? Kind of, but you need to change your thinking. The include does not _run_ before the specific stuff, it _declares_ foo::common. The result is not a sequential run of something, but a graph - a catalog of resources and relationships :) Yikes so how can I be sure that the included stuff gets included before I need it? Say it pulls in some variables and package requirements. require [ Class[some_class], Package[some_package] ] And a related question: if I have a case statement at the top of my class that sets a variable, how can I be sure the variable will be set before I need it lower down in the same class? leap of faith Craig -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Exported and Collected Resource With User Defined Resource Broken?
On Feb 6, 2012, at 11:10 AM, Clay B. wrote: I have found that using Puppet 2.6.2 on my master and running Puppet 2.6.12 on my clients seems to have resolved this issue, while 2.7 was failing. Perhaps Puppet defined resources have different semantics in 2.7? I can't answer that but your 'master' should always be at least equal to or higher than the version of all clients. Craig -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Now that we have puppet node install....
On Jan 26, 2012, at 12:06 PM, Juri Rischel Jensen wrote: I've been playing a bit with the puppet node install command, and I was wondering if I should change to using puppet installed as a gem instead of deb/rpm/whatever? That would allow me to use the very latest puppet versions, without building my own deb/rpm packages or waiting for them to become available upstream. What's your thoughts on this...? that's what I do (use the gem) Craig -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Considering LDAP ENC
On Jan 25, 2012, at 8:44 AM, Brian Wong wrote: I have been reading about the LDAP ENC at the wiki http://projects.puppetlabs.com/projects/puppet/wiki/LDAP_Nodes. I am considering using the LDAP ENC, but I have a couple of concerns when it comes to the implementation. - It seems that the example using the entry attribute 'ipHostNumber' as a puppet variable is not really viable, for the LDAP schema would have to be updated to support arbitrary LDAP attributes such as this. Or perhaps this is an attribute that is part of the 'core' LDAP schema? ipHost is an objectClass in the 'nis' schema of OpenLDAP so it is essentially 'core' but you don't say which LDAP server you are dealing with so YMMV. - To support arrays it would require puppet parser functions and extraneous code in manifests to expand the LDAP arrays to puppet arrays. - It is not clear how parameterized classes can be handled. these things become fairly obvious as you start to investigate One of the important advantages of the LDAP ENC in my opinion is that modification can be tied directly to LDAP authorization. I want developers to be able to modify the classes pulled in by their development hosts and the write access to a specific LDAP OU containing these hosts can be granted. Another LDAP OU containing the configuration of productions hosts will only be writable by a select few. In addition, there are many tools available which can modify LDAP entries. This lowers the entry barrier to using such the LDAP backend. Can someone confirm or dispel my concerns? Are there any other ENC backends which would be appropriate given my goals? Thanks. personally, I gave up on using LDAP ENC from early struggles but that was made easy because I was able to get more functionality from the foreman and it too uses LDAP Authentication and even allows granular access to specific systems for specific users if you want to go there. I have also found it useful to assign parameters within the foreman Web UI. Craig -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] node parameters
I've been using foreman as an ENC and assigning node parameters for some time and it was clearly working but it apparently broke somewhere along the way and I can't tell why. Here's part of the modules/sudoers/manifests/sudoers_hostgroup.pp class sudoers::hostgroup { case hostgroup { default: { file{/etc/sudoers.d/admins_web: ensure = present, owner = root, group = root, mode= 0440, source = puppet:///modules/sudoers/admins_web, } # Puppet maintained file /etc/puppet/deployment_files/ldap_admins_web file{/etc/puppet/deployment_files/ldap_admins_web: ensure = present, owner = root, group = root, mode= 0644, content = generate(/etc/puppet/scripts/ldap-add-host.sh, $fqdn, admins_web), require = Class[mod_puppet::deployment_files], } } 'database server': { file{/etc/sudoers.d/admins_database: ensure = present, owner = root, group = root, mode= 0440, source = puppet:///modules/sudoers/admins_database, } # Puppet maintained file /etc/puppet/deployment_files/ldap_admins_database file{/etc/puppet/deployment_files/ldap_admins_database: ensure = present, owner = root, group = root, mode= 0644, content = generate(/etc/puppet/scripts/ldap-add-host.sh, $fqdn, admins_database), require = Class[mod_puppet::deployment_files], } } } } and FWIW, some of the nodes that I set up in October and earlier have the files (puppet/deployment_files/admins_web, /etc/sudoers.d/admins_web) but the new nodes clearly do not. I'm not sure if it was migrating from puppet 2.6.8 or foreman from 0.3 to 0.4 but I can clearly see the 'hostgroup' parameters are attached to the host's yaml file in /var/lib/puppet/yaml/foreman and just in case, I have tried changing the 'hostgroup' top scope to $hostgroup and $::hostgroup to no avail. What am I missing or how can I troubleshoot this? -- Craig White ~ craig.wh...@ttiltd.com 1.800.869.6908 ~~ www.ttiassessments.com Need help communicating between generations at work to achieve your desired success? Let us help! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Having a group for a node
I think that Foreman has a terrific implementation of 'group' mechanics (Hostgroup) Craig On Jan 6, 2012, at 9:17 AM, Kevin Pelletier wrote: Hi all, I'm currently looking out to implement puppet in our network. I've done a lot of reading (Pro Puppet book) and tested some of it's features, which are working. Right now, I'm trying to find out a way to create a group for a node, here's an example of what I would like : node default { include sssd } node 'group of members' inherits default{ } Instead of declaring it for each nodes, is it possible to create a group? Excuse my low knowledge of puppet, but I can't find a way to do it. Thanks! KP -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Craig White ~ craig.wh...@ttiltd.com 1.800.869.6908 ~~ www.ttiassessments.com Need help communicating between generations at work to achieve your desired success? Let us help! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] In CentOS 6, puppet Unresponsive
On Dec 30, 2011, at 3:31 AM, Juan-Francisco Diez wrote: Thank to all. We try to put the server in the newest version. But with ruby in CentOS it's a bit more complicated because the new version is not packaged in the 5.x version. I think you will find it much easier to remove any puppet packages installed on your CentOS 5.x server and just use the puppet gem instead Craig -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] In CentOS 6, puppet Unresponsive
On Dec 30, 2011, at 3:36 AM, Russell Van Tassell wrote: You can use RVM, or getting a ruby 1.8.7 build/rpm shouldn't be that difficult (I will have to look at our source, tomorrow, but we store a similar thing in our own local EL repo, pretty much for puppet and one or two other things ... At this hour I can't remember if we compiled it or grabbed it from a reputable upstream repository, however). OP is talking about puppet version, you are talking about ruby version... two different things. Craig -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] In CentOS 6, puppet Unresponsive
On Dec 30, 2011, at 6:59 AM, Dan White wrote: Consider downgrading the CentOS 6 clients. Might be an easier solution. probably not the best idea. his server is 2.7.1 and there's been a lot of bug fixes between 2.7.1 and 2.7.9 thus bringing his server up to speed makes more sense long term. Craig -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Can Puppet be configured to one-time deployment for modules?
On Dec 20, 2011, at 9:49 AM, Swampcritter wrote: We are developing in-house RHEL VM provisioning (similar to Satellite/ Spacewalk) along with a customized kickstart template, but also including Puppet to handle the actual configuration of the environment. One thing we need to see is does Puppet have a variable that will deploy one module only once and not check against it just in case the configuration file it has created has been altered or not and try to revert back. Example: Boot using PXEBoot w/ DHCP, build RHEL VM using custom kickstart configuration, create local repo file with pointers to in- house repository and comment out the variables to use the RHN driven one, download from the repo and apply the RHN/Errata updates, then reconfigure the rc.local to install Puppet on the reboot and apply the actual environment requirements (i.e. check to see if its a Apache web server, Oracle database, Weblogic/JBoss portal, etc). The last part is the deciding factor -- as this part of the requirements are quite possibly going to change via the developers that are actually using the environment for testing and tweaking the RHEL OS memory and TCP communication needs (/etc/sysctl.conf) or the Apache /etc/httpd/httpd.conf code. We don't want Puppet to revert back the code variables as these are being modified by hand and not using SVN or any other type of code version control at this time. Anyone know if module exclusion is possible for a deploy once, don't touch again scenario? this sort of goes against the grain of what puppet intends but this is what I do for a few things... (watch out for mail driven line wrapping) class mod_puppet::deployment_files { exec{ Make /etc/puppet/deployment_files: command = /bin/mkdir /etc/puppet/deployment_files, unless = /bin/ls -l /etc/puppet/deployment_files, } } class postfix::configure { include mod_puppet::deployment_files file{/etc/puppet/deployment_files/postfix-main.cf: ensure = present, owner = postfix, group = postfix, mode= 0664, content = template(postfix/main.cf.erb), require = Class[postfix::install, mod_puppet::deployment_files], notify= Class[postfix::service], } exec{Deploy postfix/main.cf from template: command = /bin/cp /etc/postfix/main.cf /etc/postfix/main.cf-backup; /bin/cat /etc/puppet/deployment_files/postfix-main.cf /etc/postfix/main.cf; /bin/touch /etc/puppet/deployment_files/postfix-main.cf-deployed, unless = /bin/ls -l /etc/puppet/deployment_files/postfix-main.cf-deployed, require = File[/etc/puppet/deployment_files/postfix-main.cf] , } } -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Quoting 'true' and 'false'
perhaps not puppet but facter which I think always returns things as strings - definitely a point of confusion but understandable when you think about it. Craig On Dec 16, 2011, at 1:15 PM, Trevor Vaughan wrote: I tend to quote all used of 'false' and 'true' mainly because sometimes the guts of puppet seem to give me back a string no matter what I want and a bareword won't work. I don't have examples offhand and it's possible that this was fixed some time in the past. Trevor On Fri, Dec 16, 2011 at 2:16 PM, Brice Figureau brice-pup...@daysofwonder.com wrote: On 16/12/11 19:48, Tim Mooney wrote: In regard to: Re: [Puppet Users] new user: need Conditional statement...: Obviously I had a syntax error here because case statement is not happy within the resource. That's why the documentation says to use a selector. So, what's a recommended puppet way to do something like this? thx in advance. file { somefile : ensure = $hasfile ? { true = present, default = absent }, source = puppet:///somefile, owner = root, } Please note that true is not strictly equivalent to the bareword true in the puppet language :) Ah, perfect segue. I had been meaning to follow up to John Bollinger when he earlier posted something similar that also had 'true' quoted. I've been through the style guide and several other areas in the documentation and I can't find any recommendations on whether it's better to use bare true false or whether it's better to quote them. This is specifically for use in parameterized classes. For example: foo.bar.edu.pp: node 'foo.bar.edu' { class {'rhel': version = '5', ipv6_enabled = true, } } rhel/manifests/init.pp: class rhel($version, $ipv6_enabled='default') { include rhel::common case $ipv6_enabled { true: { class {'network': ipv6 = true } } false: { class {'network': ipv6 = false } } default: { case $version { '5': { class {'network': ipv6 = false } } '6': { class {'network': ipv6 = true } } default: { fail(only version 5 and 6 of rhel are currently supported)} } } } } In other words, our default for RHEL 5 is ipv6 disabled, on RHEL 6 it's ipv6 enabled, but the default can be overridden for either. The problem is that we had to be very careful to make certain that we didn't quote true or false in some places and leave them as barewords elsewhere, or it just wouldn't work. Mixing quoted nonquoted gave us unreliable and unexpected results. Exactly. If you intend your options to be boolean use the barewords true and false. This brings me back to the questions: where in the docs is this covered, and what are the recommendations for whether we should (or shouldn't) be quoting true false when passing them around into parameterized classes and testing them in selectors? I don't know if it's covered in the documentation. Puppet has the notion of true/false (ie the boolean). Any puppet conditional expression can evaluate to either true or false. On the other hande true is a string containing the word true. false is a string containing the word false. It is not a boolean. But that's where things get difficult: if false { notice(false is true) } This will print false is true. The same for $str = false if $str { notice(false is true) } But, case $str { true: { notice(true) } false: { notice(false as bool) } false: { notice(false as str) } } will print false as str. So false != false and is not == to true. But when converted as a boolean any strings becomes true, and that's what happen in our if example. We track this issue in the following ticket: http://projects.puppetlabs.com/issues/5648 -- Brice Figureau My Blog: http://www.masterzen.fr/ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Trevor Vaughan Vice President, Onyx Point, Inc (410) 541-6699 tvaug...@onyxpoint.com -- This account not approved for unencrypted proprietary information -- -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Craig White
Re: [Puppet Users] Another case of auto loader issues...
On Dec 1, 2011, at 8:19 AM, Peter Berghold wrote: Here is a module layout: tomcat |-- facter |-- files | `-- cleanTomcatLogs.pl |-- lib | `-- puppet | |-- parser | |-- provider | `-- type |-- manifests | |-- classes | |-- defines | |-- init.pp | |-- scripts | | `-- cleanlogs.pp | `-- scripts.pp `-- templates the content of the init.pp is such: class tomcat { notify {class tomcat:} } This class is a placeholder for a much more complete class later on. I have a class tomcat::scripts such that: class tomcat::scripts { } which is another placeholder, but the real meat of all this (for now) is: class tomcat::scripts::cleanlogs inherits tomcat::scripts { @file { clean-tomcat-logs-script: path=/usr/local/sbin/cleanTomcatLogs.pl, source=puppet://puppet/modules/tomcat/cleanTomcatLogs.pl, owner = root, group= root, mode = 0755, } realize File[clean-tomcat-logs-script] cron { clean-tomcat-logs-crontab: minute = 15, hour = 23, command = /usr/local/sbin/cleanTomcatLogs.pl } } which is the tomcat/manifests/scripts/cleanlogs.pp I have a pair of nodes that use this, I'll pick the lesser complicated of the two: node chicweb1.chi.sharkrivertech.com { include tomcat::scripts::cleanlogs } Whenpuppet agent is run we get: ]# puppetd --test err: Could not retrieve catalog from remote server: Error 400 on SERVER: Could not find class tomcat::scripts::cleanlogs for chicweb1.chi.sharkrivertech.com at /etc/puppet/manifests/nodes/chicweb1.pp:2 on node chicweb1.chi.sharkrivertech.com warning: Not using cache on failed catalog err: Could not retrieve catalog; skipping run So.. what gives? Unless my aged tired weak eyes are missing a typo, this should work... no? Thoughts? what are the contents of init.pp? Does it have ?? include tomcat, ... tomcat::scripts::cleanlogs Craig -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Is there a way...
On Dec 1, 2011, at 8:49 AM, Peter Berghold wrote: ... to invoke a template from multiple modules? Here is what I mean: I have a module called postfix which handles the installation and base configuration of the postfix MTA. I have another module called spamassassin which deals with the download and installation of the Mail::SpamAssassin Perl module which incidently adds the init scripts for SpamAssassin and the clamd binary. I'd like that spamassassin module to modify both the master.cf and main.cf file of postfix to enable its own functionality. Rather than make SpamAssassin part of the postfix module I separated it out since not all machines running postfix need to have the overhead of SpamAssassin (eg. mailers behind the firewall that don't accept outside email) but my border MX machines do. There's another module that needs to modify postfix's config files to be enabled as well and that's the ClamAV module, I won't go into detail here. The problem I see is if each of them modify the configs, the postfix module is going to remove the changes the other modules made. Is there a slick way of doing this? I found this solution to be quite useful a few months ago http://groups.google.com/group/puppet-users/browse_thread/thread/ea991b26562db42f/8660340196074a9f?lnk=gstq=is+class%3F#8660340196074a9f Craig -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Puppet client port to be open
I hope that you were having a dyslexic moment and really meant to say 8139 instead of 1839 because then I would have to wonder how it's been working for me the past few months. Craig On Nov 29, 2011, at 1:18 PM, Denmat wrote: Hi, Just further clarifying what Nan has already said, the client initiates the connection to the master when it polls in. The master listens on 8140 for those connections. This is all you need for puppet to compile and apply the manifest on the client. If you use the 'puppet kick' command (where the master initiates the connection to the client) then you need 1839 open on the client. Otherwise you don't need 1839 open on the client at all. Den On 30/11/2011, at 5:29, Namrata namratakulka...@gmail.com wrote: Thanks Nan. So, my puppetmaster should be able to install modules on puppet client if the port 8139 is open? On Nov 29, 10:24 am, Nan Liu n...@puppetlabs.com wrote: On Tue, Nov 29, 2011 at 6:19 PM, Namrata namratakulka...@gmail.com wrote: Just a quick question. In order for puppet run to execute successfully on puppet client (ubuntu 10.04), the port 8139 on puppet client should be open and listening correct? Do we also require that port 8140 be open and running on puppet client? You don't need that port unless you plan to enable listen and use puppet kick. 8140 is the default puppet master port and not for the agent. Nan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Craig White ~ craig.wh...@ttiltd.com 1.800.869.6908 ~~ www.ttiassessments.com Need help communicating between generations at work to achieve your desired success? Let us help! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] New user looking for some guidance
On Nov 18, 2011, at 2:07 AM, Jonathan van der Watt wrote: Good day, I'd like to ask the Puppet community for some help with a few problems I've been having... Suggest that you purchase Pro Puppet book and all will be revealed. Craig -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Could not render to b64_zlib_yaml after 2.6.12 upgrade
On Nov 8, 2011, at 8:21 PM, Corey Osman wrote: Hi, I just reinstalled puppet to version 2.6.12 to patch the security bug. Now all of my RHEL4 clients are getting this error: Puppet master is running 2.7.6 Clients are running 2.6.12 puppet-agent[11444]: Starting Puppet client version 2.6.12 slcdbnops1 puppet-agent[11444]: Could not run Puppet configuration client: Could not render to b64_zlib_yaml: uninitialized constant Base64 Any ideas? Is this a ruby problem? sure sounds like a ruby problem - which version of ruby? (RHELv4 has a really ancient version of ruby and clearly you would be better served by installing something like enterprise ruby or rvm to manage a separate ruby install) Craig -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] nss_ldap breaks puppet
On Nov 7, 2011, at 4:18 PM, Raymond wrote: I have installed and configured the puppet client nodes to use LDAP to authenicate users. LDAP connection is OK and user can be authenicated via LDAP. I use nscd and with my ldap config setting specify on /etc/ldap.conf However, puppet is not happy; and in the /var/log/messages it gives tons of puppet-agent[27499]: nss_ldap: could not search LDAP server puppet-agent[27499]: nss_ldap: reconnecting to LDAP server I guess LDAP server connection is slow or timeout, but could we configure puppet client NOT to use LDAP specify on nsswitch.conf I search previous post; and somebody suggests to fix LDAP locally. I think that is the ideal way; but if I don't have control on LDAP. Give up Puppet or LDAP? I think should have way to configure puppet not to use the host setting set on nsswitch.conf. /etc/sysconfig/puppet or /etc/puppet/puppet.conf --- anywhere we can tell puppet to use alternative auth way other than the default system /etc/nsswitch.conf first of all, it's just a log entry that isn't necessarily a problem but indicates that perhaps some LDAP reconfiguration is probably a good idea. Doesn't puppet-agent use root? Why is puppet-agent looking to LDAP for root user credentials? You probably should be looking at (or adding) these types of entries in /etc/ldap.conf timelimit 10 bind_timelimit 4 bind_policy soft nss_initgroups_ignoreusers \ openldap,bind,named,ldap,backup,bin,daemon,games,gnats,\ irc,landscape,libuuid,list,lp,mail,man,news,openldap,proxy,\ root,sshd,sync,sys,syslog,uucp,www-data though you should check the man pages and test for your optimal settings and the nss_initgroups_ignoreusers list I am presenting is sort of a hybrid ubuntu/centos list and your list of 'local' (not LDAP) users would likely be different. Also FWIW, I have always found nscd to be a bit painful and perhaps you can get better utility from nlscd if it's available for your distribution. nsswitch.conf is an all or none proposition. Craig -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Ruby Code in Puppet Class.....
On Nov 4, 2011, at 11:42 AM, Arenstar wrote: Simply put.. I need the reverse of an ipaddress for a in-addr.arpa.. Puppet has a function i can find that will simply execute ruby code, nor bash.. $ipaddress comes from facter $reversenetwork = $ipaddress.split('.')[0,3].reverse.join('.') file { /opt/lp/dnscache-internal/root/servers/$reversenetwork.in- addr.arpa: owner = root, group = root, mode= 644, content = 127.0.0.1 \n, require = Exec[dnscache-internal-setup], } Can anyone help.. ive tried, inline_templates and now working with facter.. Its much too overly complicated for my needs.. i dont want to have to manage facter unless its absolutely neccessary and for a simple line of ruby, i cant see why it will not work.. Suggestions... facter - should be about as simple as (untested)... /etc/puppet/modules/custom/lib/facter/in_arpa.rb Facter.add(reversenetwork) do setcode do reversenetwork = Facter.value(:ipaddress).split('.')[0,3].reverse.join('.') reversenetwork end end and then you have $reversenetwork fact that you can use easily Craig -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] vmware player interference - no support for http method POST
cached certificate for ca debug: Using cached certificate for development.domain debug: Using cached certificate_revocation_list for ca debug: Finishing transaction 89860050 info: Loading facts in passenger_version info: Loading facts in datacenter info: Loading facts in passenger_version info: Loading facts in datacenter debug: catalog supports formats: b64_zlib_yaml dot marshal pson raw yaml; using pson err: Could not retrieve catalog from remote server: Error 400 on SERVER: No support for http method POST warning: Not using cache on failed catalog err: Could not retrieve catalog; skipping run debug: Value of 'preferred_serialization_format' (pson) is invalid for report, using default (b64_zlib_yaml) debug: report supports formats: b64_zlib_yaml marshal raw yaml; using b64_zlib_yaml Anyone stumble into this before? Fix? $ cat /etc/lsb-release DISTRIB_ID=Ubuntu DISTRIB_RELEASE=10.04 DISTRIB_CODENAME=lucid DISTRIB_DESCRIPTION=Ubuntu 10.04.3 LTS -- Craig White ~ craig.wh...@ttiltd.com 1.800.869.6908 ~~ www.ttiassessments.com Need help communicating between generations at work to achieve your desired success? Let us help! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] vmware player interference - no support for http method POST
On Nov 2, 2011, at 12:50 PM, Nigel Kersten wrote: On Wed, Nov 2, 2011 at 12:13 PM, Craig White craig.wh...@ttiltd.com wrote: err: Could not retrieve catalog from remote server: Error 400 on SERVER: No support for http method POST warning: Not using cache on failed catalog You must be running a newer version agent than your master is. indeed - someone must have run a generalized 'gem update' because it wasn't me. The worst part about that is that I actually stumbled into this before (perhaps in August). I have a terrific memory but it seems to be very short in duration. ;-) Thanks Craig -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Fwd: How does an ENC find the client's enviromement?
On Oct 18, 2011, at 8:07 AM, Nigel Kersten wrote: On Tue, Oct 18, 2011 at 6:57 AM, R.I.Pienaar r...@devco.net wrote: - Original Message - On Oct 17, 10:23 am, Mohamed Lrhazi lrh...@gmail.com wrote: - When the master calls my ENC, it knows what the environment of the client is, regardless of where it got it from, right? No, it doesn't, and it can't. That's one of the things the ENC is permitted to decide. The master knows what environment the client *claims* to be in, if any, and it knows the default environment, but it cannot predict what environment the ENC will assert for the node, if any. If the ENC asserts an environment then that wins. on paper yes, but it doesnt work that way. there's a bug, the only place to reliably put the environment now is on the node in puppet.conf. Note that an agent-side fact $environment also works here. tastes great, less filling Being able to definitively set the environment at the ENC and actually have it work is a very desirable concept. Craig -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Puppet on Centos 6.0
On Oct 18, 2011, at 6:19 AM, jcbollinger wrote: On Oct 17, 3:03 pm, Russell Van Tassell russel...@gmail.com wrote: Personally, I've had better luck letting gem managed its own gems, rather than depending on Yum repositories (specifically on CentOS). I'd take a list of the Ruby gems you've installed via rpm (rpm -q -a | grep ruby) and then consider installing them directly, as so: % sudo gem install mysql % sudo gem list I, on the other hand, would recommend avoiding gems altogether if you're using the system's Ruby (i.e. one you installed from an RPM, whether via yum or otherwise). Ruby modules installed via RPM are not (should not be) gems. Using both gem and rpm to manage the same Ruby installation is begging for trouble. probably depends upon your ruby needs. If all you need is puppet then this might be reasonable but if you are actually doing anything else with ruby, you are going to need access to many gems that aren't going to be available in rpm packages or like many other things with OS distribution packages, may be very outdated. The ruby community has been extremely active in solving the complexities involved in deploying all things ruby and things like bundler and gem clearly are more versatile on virtually every platform. Craig -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] How-To Question: Installing a service that does not come in an RPM ?
I've always thought that if you wanted, consistent, repeatable methodology for install/remove/upgrade that the native packaging is always the way to go and rpm-build does exactly that with tarballs. I don't think Puppet is the way to drop tarballs config make make install because so many things will break along the way. Craig On Oct 18, 2011, at 1:56 PM, Dan White wrote: RHEL 5, and the packages in question come as tar-balls that have to be unrolled into place and then compiled/configured. Not your simple yum install..., sad to say. - Russell Van Tassell russel...@gmail.com wrote: It might be helpful to include the O/S you're asking about, possibly with the package... sometimes it's a matter of just changing/adding a respository. Sometimes it might be a little more involved. On Tue, Oct 18, 2011 at 1:21 PM, Dan White y...@comcast.net wrote: Are there any exapmples out there that show an intelligent way to do this ? My searches are not turning up anything useful “Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us.” Bill Waterson (Calvin Hobbes) -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Craig White ~ craig.wh...@ttiltd.com 1.800.869.6908 ~~ www.ttiassessments.com Need help communicating between generations at work to achieve your desired success? Let us help! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet cant find a class
On Oct 12, 2011, at 2:31 PM, Boskey wrote: Hi, I am having trouble getting puppet to find a class thats defined in one of the modules.I have a module/folder called 'webserver' in /etc/ puppet/modules/, which has a init.pp file with the below content class webserver{ file {'test.txt': path = '/etc/test.txt', ensure = present, mode = 0640, source = puppet:///webserver/test.txt } } I have a nodes.pp file with node basenode { include webserver } node 'puppet-client02.eng.xyz.com'inherits basenode { } node 'puppet-client.eng.xyz.com'inherits basenode { And the site.pp, file has -SNIP- import modules import nodes -SNIP- when I run the puppet on the client i get an error message: err: /File[/var/lib/puppet/lib]: Failed to retrieve current state of resource: Could not retrieve information from source(s) puppet://puppet/plugins err: Could not retrieve catalog from remote server: Error 400 on SERVER: Could not find class webserver at /etc/puppet/manifests/ nodes.pp:3 on node puppet-client.eng.xyz.com warning: Not using cache on failed catalog err: Could not retrieve catalog; skipping run Whats wrong here?, why cant puppet find the class 'webserver', i have checked with puppet--chkconfig modulepath, and the path is /etc/puppet/ modules Do these files exist in this path? /etc/puppet/modules/webserver/manifests/init.pp /etc/puppet/modules/webserver/files/test.txt also, source? source = puppet:///modules/webserver/test.txt Craig -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Issues switching over to using environments
storeconfigs=true dbadapter=postgresql dbuser=foreman dbpassword=foreman dbserver=localhost dbname=foreman reports=log, foreman certname=lou1 server=lou1 To: [main] logdir=/var/log/puppet vardir=/var/lib/puppet ssldir=/etc/puppet/ssl rundir=/var/run/puppet factpath=$vardir/lib/facter templatedir=$confdir/prod/templates prerun_command=/etc/puppet/etckeeper-commit-pre postrun_command=/etc/puppet/etckeeper-commit-post server = lou1 certname = lou1 [master] # These are needed when the puppetmaster is run by passenger # and can safely be removed if webrick is used. ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY modulepath=/etc/puppet/prod/modules storeconfigs=true dbadapter=postgresql dbuser=foreman dbpassword=foreman dbserver=localhost dbname=foreman reports=log, foreman certname=lou1 server=lou1 [production] manifest = $confdir/prod/manifests/site.pp manifestdir = $confdir/prod/manifests modulepath = $confdir/prod/modules templatedir = $confidr/prod/templates [staging] manifest = $confdir/staging/manifests/site.pp manifestdir = $confdir/staging/manifests modulepath = $confdir/staging/modules templatedir = $confidr/staging/templates [dev] manifest = $confdir/dev/manifests/site.pp manifestdir = $confdir/dev/manifests modulepath = $confdir/dev/modules templatedir = $confidr/dev/templates Puppet Master is running 2.7.3 and the agents are a mix of 2.6.x versions. Any suggestions would be greatly appreciated... Thanks, Deven Phillips Senior Systems Administrator DNS.com, A Comodo Company -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Craig White ~ craig.wh...@ttiltd.com 1.800.869.6908 ~~ www.ttiassessments.com Need help communicating between generations at work to achieve your desired success? Let us help! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Issues switching over to using environments
On Oct 11, 2011, at 10:30 AM, Deven Phillips wrote: Hello all, I have been searching through the list archives, but I have yet to find an answer to my question. The problem I am having is this: 1. I have been using puppet without environments for some time now and it works properly 2. I am trying to reconfigure to use environments, and I am getting errors with plugins not getting sync'd. To: [main] logdir=/var/log/puppet vardir=/var/lib/puppet ssldir=/etc/puppet/ssl rundir=/var/run/puppet factpath=$vardir/lib/facter templatedir=$confdir/prod/templates prerun_command=/etc/puppet/etckeeper-commit-pre postrun_command=/etc/puppet/etckeeper-commit-post server = lou1 certname = lou1 [master] # These are needed when the puppetmaster is run by passenger # and can safely be removed if webrick is used. ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY modulepath=/etc/puppet/prod/modules storeconfigs=true dbadapter=postgresql dbuser=foreman dbpassword=foreman dbserver=localhost dbname=foreman reports=log, foreman certname=lou1 server=lou1 [production] manifest = $confdir/prod/manifests/site.pp manifestdir = $confdir/prod/manifests modulepath = $confdir/prod/modules templatedir = $confidr/prod/templates [staging] manifest = $confdir/staging/manifests/site.pp manifestdir = $confdir/staging/manifests modulepath = $confdir/staging/modules templatedir = $confidr/staging/templates [dev] manifest = $confdir/dev/manifests/site.pp manifestdir = $confdir/dev/manifests modulepath = $confdir/dev/modules templatedir = $confidr/dev/templates Puppet Master is running 2.7.3 and the agents are a mix of 2.6.x versions. I myself am suspicious of the $confdir variable since I never see it explicitly defined anywhere. You might want to explicitly define it but I don't think you want a modulepath defined in both [master] and in [production] but you might want a default environment defined in [master] Craig -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Official puppetlabs position on cron vs puppet as a service?
that always seems to redirect me to 'login' (even though I am passing the -u username:password) Craig On Oct 10, 2011, at 6:32 AM, Ohad Levy wrote: On Mon, Oct 10, 2011 at 2:05 PM, Jonathan Gazeley jonathan.gaze...@bristol.ac.uk wrote: On 08/10/11 21:22, Chris Phillips wrote: What better way to monitor the puppet runs than by executing that run as part of the check? I assume your Nagios plugin execution timeout must be insanely long? :) In the past I have considered using Nagios for things other than monitoring, and likewise using Puppet for things other than configuration. On both counts I decided it was probably best to set a boundary and not wilfully abuse these tools, since it's likely to go wrong sooner or later! In my organisation we use Nagios only to monitor, and Puppet only to configure. Have fun! Jonathan If you are using foreman, its very easy to query the last puppet report state, e.g. curl -k -u $user:$pass https://foreman/hosts/`hostname -f`/reports/last?format=json |prettify_json.rb { report: { reported_at: 2011-10-10T13:03:02Z, metrics: { time: { group: 0.001799, class: 0.002389, config_retrieval: 2.4686119556427, cron: 0.00056, schedule: 0.002556, service: 0.702501, yumrepo: 0.081921, total: 4.6954209556427, mailalias: 0.000351, package: 0.012924, exec: 0.336481, file: 1.079741, filebucket: 0.000226, user: 0.00536 }, events: { total: 0 }, resources: { total: 212 }, changes: { total: 0 } }, id: 269755, summary: Success, host: super.tlv.redhat.com, logs: [ ], status: { failed: 0, restarted: 0, applied: 0, skipped: 0, failed_restarts: 0 } } } Ohad -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Craig White ~ craig.wh...@ttiltd.com 1.800.869.6908 ~~ www.ttiassessments.com Need help communicating between generations at work to achieve your desired success? Let us help! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Official puppetlabs position on cron vs puppet as a service?
On Oct 10, 2011, at 11:13 AM, Ohad Levy wrote: On Mon, Oct 10, 2011 at 5:16 PM, Craig White craig.wh...@ttiltd.com wrote: that always seems to redirect me to 'login' (even though I am passing the -u username:password) I'm guessing you have ssl redirection turned on and you are using http instead of https? strange... just tried again and it worked and an fyi for anyone trying to use nginx/foreman, this seems to work fairly well.. passenger_pre_start https://$SERVER:8142/; server { server_name $SERVER; listen 8142; root /var/www/foreman/public; passenger_enabled on; passenger_min_instances 1; rails_env production; rails_spawn_method smart; passenger_user puppet; passenger_use_global_queue off; error_log logs/foreman_error.log error; access_log logs/foreman_access.log combined; ssl on; ssl_certificate /etc/puppet/ssl/certs/$SERVER.pem; ssl_certificate_key /etc/puppet/ssl/private_keys/$SERVER.pem; ssl_crl /etc/puppet/ssl/ca/ca_crl.pem; ssl_session_timeout 5m; ssl_protocols SSLv3 TLSv1; ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:!kEDH:+EXP:-SSLv2; ssl_prefer_server_ciphers on; ssl_verify_client off; ssl_verify_depth 1; ssl_session_cache builtin:1000 shared:SSL:10m; } Craig -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] perltidy workalike to tidy up Puppet manifests
On Oct 6, 2011, at 7:19 AM, Philip Durbin wrote: There's a wonderful tool called perltidy that can clean up Perl scripts, enforcing certain style guidelines by default but allowing lots of customization. Does Puppet have a tool like perltidy to enforce a certain style in Puppet manifests? I don't see any mention of such a tool at http://docs.puppetlabs.com/guides/style_guide not the same but certainly in the neighborhood... https://github.com/rodjek/puppet-lint/ Craig -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Applying policy based on network address
On Oct 5, 2011, at 7:38 PM, CZACHOR, KRISTOPHER wrote: Hi all, I’m trying to wrap my brain around this one and could use a little help/guidance. I have need to deploy software based on the network a system is in. Has anyone had need or been able to do the following?: (Pseudo code) If 123.123.123.123 is in 123.123.123.0/24 or 234.234.234.234.0/24 (list/array of networks it could belong to) then ensure package is present. -or- If 123.123.123.123 is in 123.123.123.0/255.255.255.0 then ensure package is present. Yes I suppose a case statement would work better. Now I know from Facter I have the following _easily_ at my disposal: ipaddress and netmask. As easy as it would be to use the network_eth0 to get what network the host is in I’m a little hesitant to go down that route since I can’t rely on the eth0 part network_eth0 being consistent. Fedora 15, for example, is using a new naming convention for their Ethernet interfaces. Mine is em1. I suppose I could figure out the eth0/em1 part by using the ipaddress and interfaces fact and use it to figure out the network_eth0/em1 and that would give me the network address. But this just seems like really too much freakin’ work. Anyone have anything simple and elegant? Is there some glaring feature of puppet/facter that I’ve overlooked that says …”Duh!” As always any help in advance is appreciated, create a custom fact... Facter.add(datacenter) do setcode do datacenter = unknown # Get current ip address from Facter's own database ipaddr = Facter.value(:ipaddress) # A data center if ipaddr.match(^10\.3\.) datacenter = A # C data center elsif ipaddr.match(^10\.1\.) datacenter = C # D data center elsif ipaddr.match(^10\.0\.) datacenter = D # E data center elsif ipaddr.match(^10\.2\.) datacenter = E # F data center elsif ipaddr.match(^10\.10\.) datacenter = F end datacenter end end deploy based on custom fact... case $datacenter { default: { $ldap_servers = ldap://ldap2.example.com ldap://ldap1.example.com; } A: { $ldap_servers = ldap://ldap1.example.com ldap://ldap2.example.com; } B: { $ldap_servers = ldap://ldap1.example.com ldap://ldap2.example.com; } Craig -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Could not find a default provider for ... should not fail the agent run?
On Oct 5, 2011, at 7:25 AM, Matthias Pigulla wrote: Hi all, I have repeatedly encountered the problem that I would like Puppet to install a particular piece of software, for example git, and then use a provider like https://github.com/puppetlabs/puppet-vcsrepo to check out a repository. This fails with a message like Could not run Puppet configuration client: Could not find a default provider for ... unless the tool (git, to stick with my example) is already installed. This chicken and egg problem applies to some other install-stuff-and-do-more-stuff-with-it situations as well. I understand that it would be way too complicated for puppet to be able to handle all this in a single run. But isn't failing due to the lack of a particular (default) provider too hard? If Puppet would carry on and just fail on the vcsrepo {} (or whatever type of resource), things would probably sort out after two or three agent runs. In IRC they pointed me to either using environments, which I think is too complicated (having to maintain bootstrap and production manifests). Another tip was to have a look at the way the pip package provider (https://github.com/puppetlabs/puppet/blob/master/lib/puppet/provider/package/pip.rb) works, see lazy_pip at the end. But to me it seems as if that would be out of line with the rest of providers and working against the API provided by Puppet. Suggestions? I suspect that I must be missing something here but it seems rather obvious to me that in this specific example... require = Package[git] would mean that git is installed first and then it should just work. As for 'fail' and continue on, that's clearly not the puppet way and any tolerance of failures seems inappropriate on just about any level. Craig -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] sshkey resource type in Ubuntu 10.04
On Oct 3, 2011, at 7:39 AM, Evan Stachowiak wrote: Hi, I'm attempting to distribute a known host ssh key (for github) to an Ubuntu 10.04 host. Puppet is distributing the key into /etc/ssh/ ssh_known_hosts as: github.com ssh-rsa [really long ssh-rsa key] However, Ubuntu seems to expect the key in this format: |1|[really long ssh-rsa key] (note all the keys in my known_hosts and ssh_known_hosts not managed by puppet are prepended with '|1|' on my Ubuntu boxes). Am i missing something here? Or does Ubuntu just handle these files differently and I have to come up with a workaround? I think you are missing something and actually Ubuntu handles ssh - authorized_keys/known_hosts/public keys, etc. just the same as every other type of Linux/Macintosh/Windows OpenSSH implementation. Start with the man page... man authorized_keys |1| is actually a hashed format. Craig -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.